Unindentified malware

B

Ben Woodman

New member
My neighbour called me into his house because he picked up what AVG identified as a trojan. An unidentified "scan" would begin on his computer, finding several problems, which would then lead to a website where he could buy the software to fix it. I brough his computer back to my house, and am now unable to get it to occur. The only difference is how the computers connect to the internet, mine being over LAN, his via USB ADSL modem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:03, on 04/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 windows-shield.microsoft.com
O1 - Hosts: 91.212.127.226 windows-shield.com
O1 - Hosts: 91.212.127.226 www.windows-shield.com
O2 - BHO: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FH] C:\WINDOWS\system32\svchop.exe home
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [system tool] C:\Program Files\filvsk\pekjsysguard.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [system tool] C:\Program Files\filvsk\pekjsysguard.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJ
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - http://212.175.206.228/xplug.ocx
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://apron.bristolairport.com/codebase/AxisCamControl.ocx
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://uk.beta.bookmarks.yahoo.com/YbConvFav.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.lordoftherings.net/media/desktops/characters_aragorn_800.jpg
O24 - Desktop Component 1: (no name) - http://www.lordoftherings.net/media/desktops/rotk_aragorn_800.jpg
O24 - Desktop Component 2: (no name) - http://www.blueyonder.co.uk/blueyonder/img/home/header_top.gif
O24 - Desktop Component 3: (no name) - http://www.aircraft-photos.net/thumbs/16976.jpg

--
End of file - 13542 bytes

Thanks for any help.

Ben Woodman
 
Hello Ben

Welcome to Safer Networking.

Please read Before You Post
That said, All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

You have some nasty things going on, I would be hesitant about hooking this computer up to your lan as its possible to infected other computers on your lan also. What I would do is disconnect this computer from the internet, use your clean computer to download the programs we need and transfer them to the infected one by CD ( not a usb flash drive ) as that could get infected also.



Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
ComboFix 09-10-07.05 - Owner 08/10/2009 18:26.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.178 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\documents and settings\All Users\Application Data\Starware368
c:\documents and settings\All Users\Application Data\Starware368\buttons\503_button_1b_def.bmp
c:\documents and settings\All Users\Application Data\Starware368\buttons\503_button_1b_over.bmp
c:\documents and settings\All Users\Application Data\Starware368\buttons\512_button_1b_def.bmp
c:\documents and settings\All Users\Application Data\Starware368\buttons\512_button_1b_over.bmp
c:\documents and settings\All Users\Application Data\Starware368\buttons\513_button_1b_def.bmp
c:\documents and settings\All Users\Application Data\Starware368\buttons\513_button_1b_over.bmp
c:\documents and settings\All Users\Application Data\Starware368\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware368\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware368\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware368\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware368\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware368\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware368\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware368\contexts\related.xml
c:\documents and settings\All Users\Application Data\Starware368\contexts\travel.xml
c:\documents and settings\All Users\Application Data\Starware368\SimpleUpdate\ProductMessagingConfig.xml
c:\documents and settings\All Users\Application Data\Starware368\SimpleUpdate\ProductMessagingConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware368\SimpleUpdate\SimpleUpdateConfig.xml
c:\documents and settings\All Users\Application Data\Starware368\SimpleUpdate\SimpleUpdateConfig.xml.backup
c:\documents and settings\All Users\Application Data\Starware368\SimpleUpdate\TimerManagerConfig.xml
c:\documents and settings\All Users\Application Data\Starware368\SimpleUpdate\TimerManagerConfig.xml.backup
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Owner\Application Data\FunWebProducts
c:\documents and settings\Owner\Application Data\FunWebProducts\Data\Owner\avatar.dat
c:\documents and settings\Owner\Application Data\Starware368
c:\documents and settings\Owner\Application Data\Starware368\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Owner\Application Data\Starware368\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\Button_6\Button_6Options.xml
c:\documents and settings\Owner\Application Data\Starware368\Button_6\Button_6Options.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\Button_7\Button_7Options.xml
c:\documents and settings\Owner\Application Data\Starware368\Button_7\Button_7Options.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\Button_8\Button_8Options.xml
c:\documents and settings\Owner\Application Data\Starware368\Button_8\Button_8Options.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\Configurator\Configurator.xml
c:\documents and settings\Owner\Application Data\Starware368\Configurator\Configurator.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\Download\DownloadOptions.xml
c:\documents and settings\Owner\Application Data\Starware368\Download\DownloadOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\ErrorSearch\ErrorSearchOptions.xml
c:\documents and settings\Owner\Application Data\Starware368\ErrorSearch\ErrorSearchOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\Layouts\ToolbarLayout.xml
c:\documents and settings\Owner\Application Data\Starware368\Layouts\ToolbarLayout.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\Lyrics\LyricsOptions.xml
c:\documents and settings\Owner\Application Data\Starware368\Lyrics\LyricsOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\Manager\ManagerOptions.xml
c:\documents and settings\Owner\Application Data\Starware368\Manager\ManagerOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\Music_Search\Music_SearchOptions.xml
c:\documents and settings\Owner\Application Data\Starware368\Music_Search\Music_SearchOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\Radio_UK\Radio_UKOptions.xml
c:\documents and settings\Owner\Application Data\Starware368\Radio_UK\Radio_UKOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\RelatedSearch\RelatedSearchOptions.xml
c:\documents and settings\Owner\Application Data\Starware368\RelatedSearch\RelatedSearchOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\Toolbar\TBProductsOptions.xml
c:\documents and settings\Owner\Application Data\Starware368\Toolbar\TBProductsOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\ToolbarLogo\ToolbarLogoOptions.xml
c:\documents and settings\Owner\Application Data\Starware368\ToolbarLogo\ToolbarLogoOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\ToolbarSearch\ToolbarSearchOptions.xml
c:\documents and settings\Owner\Application Data\Starware368\ToolbarSearch\ToolbarSearchOptions.xml.backup
c:\documents and settings\Owner\Application Data\Starware368\TravelSearch\TravelSearchOptions.xml
c:\documents and settings\Owner\Application Data\Starware368\TravelSearch\TravelSearchOptions.xml.backup
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc100.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc101.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc102.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc103.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc104.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc105.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc106.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc107.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc108.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc109.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc10A.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc10B.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc10C.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc10D.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc10E.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc10F.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc110.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc111.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc112.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc113.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc114.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc115.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc116.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc117.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc118.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc119.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc11A.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc11B.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc11C.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc11D.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc11E.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc11F.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc120.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc121.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc122.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc123.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc124.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc125.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc126.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc127.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc128.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc129.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc12A.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc12B.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc12C.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc12D.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc12E.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc12F.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc130.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc131.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc132.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc133.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc134.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc135.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc136.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc137.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc138.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc139.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc13A.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc13B.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc13C.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc13D.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc13E.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc13F.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc140.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc141.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc142.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc143.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc144.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc145.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc146.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc147.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc148.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc149.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc14A.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc14B.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc14C.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc14D.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc14E.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc14F.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc150.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc151.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc152.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc153.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc154.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc155.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc156.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc157.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc158.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc159.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc15A.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc15B.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc15C.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc15D.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc15E.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc15F.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc160.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc161.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc162.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc163.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc164.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc165.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc166.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc167.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc168.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc169.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc16A.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc16B.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc16C.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc16D.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc16E.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc16F.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc170.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc171.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc172.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc173.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc174.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc175.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc176.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc177.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc178.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc179.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc3F.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc40.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc41.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc42.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc43.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc44.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc45.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc46.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc47.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc48.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc49.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc4A.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc4B.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc4C.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc4D.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc4E.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc4F.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc50.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc51.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc52.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc53.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc54.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc55.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc56.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc57.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc58.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc59.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc5A.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc5B.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc5C.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc5D.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc5E.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc5F.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc60.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc61.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc62.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc63.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc64.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc65.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc66.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc67.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc68.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc69.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc6A.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc6B.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc6C.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc6D.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc6E.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc6F.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc70.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc71.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc72.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc73.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc74.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc75.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc76.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc77.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc78.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc79.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc7A.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc7B.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc7C.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc7D.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc7E.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc7F.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc80.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc81.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc82.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc83.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc84.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc85.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc86.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc87.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc88.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc89.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc8A.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc8B.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc8C.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc8D.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc8E.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc8F.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc90.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc91.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc92.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc93.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc94.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc95.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc96.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc97.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc98.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc99.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc9A.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc9B.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc9C.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc9D.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc9E.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mcc9F.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccA0.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccA1.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccA2.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccA3.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccA4.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccA5.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccA6.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccA7.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccA8.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccA9.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccAA.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccAB.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccAC.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccAD.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccAE.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccAF.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccB0.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccB1.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccB2.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccB3.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccB4.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccB5.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccB6.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccB7.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccB8.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccB9.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccBA.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccBB.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccBC.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccBD.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccBE.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccBF.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccC0.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccC1.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccC2.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccC3.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccC4.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccC5.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccC6.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccC7.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccC8.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccC9.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccCA.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccCB.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccCC.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccCD.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccCE.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccCF.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccD0.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccD1.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccD2.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccD3.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccD4.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccD5.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccD6.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccD7.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccD8.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccD9.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccDA.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccDB.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccDC.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccDD.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccDE.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccDF.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccE0.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccE1.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccE2.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccE3.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccE4.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccE5.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccE6.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccE7.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccE8.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccE9.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccEA.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccEB.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccEC.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccED.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccEE.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccEF.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccF0.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccF1.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccF2.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccF3.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccF4.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccF5.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccF6.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccF7.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccF8.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccF9.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccFA.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccFB.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccFC.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccFD.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccFE.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\mccFF.tmp
c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
c:\program files\filvsk
c:\program files\filvsk\pekjsysguard.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\0025F846.urr
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Starware368
c:\program files\Starware368\icons\star_16.ico
c:\program files\Starware368\Starware368Config.xml
c:\program files\Starware368\Starware368Uninstall.exe
c:\recycler\S-1-5-21-1726409691-1723214923-4271176276-1003
c:\recycler\S-1-5-21-2070620897-1906211764-3376078148-1003
c:\windows\hosts
c:\windows\Installer\13c3da.msi
c:\windows\Installer\52ed7.msp
c:\windows\kl.exe
c:\windows\ms1.exe
c:\windows\secure32.html
c:\windows\tool1.exe
c:\windows\tool2.exe
c:\windows\tool3.exe
c:\windows\tool4.exe
c:\windows\tool5.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 )))))))))))))))))))))))))))))))
.

2009-10-04 15:15 . 2009-10-04 15:15 -------- d-----w- c:\program files\Trend Micro
2009-10-04 14:57 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-10-04 14:57 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-09-09 18:43 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 17:08 . 2008-11-27 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-09-10 11:17 . 2008-04-21 19:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-20 10:55 . 2008-11-27 17:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-20 10:55 . 2008-11-27 17:28 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 10:55 . 2008-11-27 17:28 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-05 09:01 . 2002-12-11 23:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 11:07 . 1999-06-01 12:41 7696 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-25 04:23 . 2008-12-11 16:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2003-10-03 19:14 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2005-01-28 12:44 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2006-12-23 12:01 . 2006-12-23 12:01 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthe0.dll" [2009-07-25 2215960]

[HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]
2009-07-25 12:55 2215960 ----a-w- c:\program files\thechatterbox.cc\tbthe0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{00b8e20c-5c71-4c2f-85a5-6ad541500df0}"= "c:\program files\thechatterbox.cc\tbthe0.dll" [2009-07-25 2215960]

[HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{00B8E20C-5C71-4C2F-85A5-6AD541500DF0}"= "c:\program files\thechatterbox.cc\tbthe0.dll" [2009-07-25 2215960]

[HKEY_CLASSES_ROOT\clsid\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-21 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2008-09-11 1517056]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"btbb_wcm_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe" [2008-08-28 1516032]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-06 180269]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-21 68592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-10-09 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2008-05-16 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 10:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 efipsk;efipsk;c:\docume~1\MARKBR~1\LOCALS~1\Temp\efipsk.sys [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-20 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-02 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-20 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-20 297752]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OutlookExpress]
c:\windows\System32\mshatma.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
mSearchURL = hxxp://s-redirect.com/?a=2&b=n-abc
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJ
Trusted Zone: motive.com\pbttbc.bt
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} - hxxp://212.175.206.228/xplug.ocx
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-FH - c:\windows\system32\svchop.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 18:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-08 18:47
ComboFix-quarantined-files.txt 2009-10-08 17:46

Pre-Run: 96,832,368,640 bytes free
Post-Run: 100,440,518,656 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

556 --- E O F --- 2009-09-09 18:59

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:56, on 08/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 windows-shield.microsoft.com
O1 - Hosts: 91.212.127.226 windows-shield.com
O1 - Hosts: 91.212.127.226 www.windows-shield.com
O2 - BHO: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJ
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - http://212.175.206.228/xplug.ocx
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://apron.bristolairport.com/codebase/AxisCamControl.ocx
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://uk.beta.bookmarks.yahoo.com/YbConvFav.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.lordoftherings.net/media/desktops/characters_aragorn_800.jpg
O24 - Desktop Component 1: (no name) - http://www.lordoftherings.net/media/desktops/rotk_aragorn_800.jpg
O24 - Desktop Component 2: (no name) - http://www.blueyonder.co.uk/blueyonder/img/home/header_top.gif
O24 - Desktop Component 3: (no name) - http://www.aircraft-photos.net/thumbs/16976.jpg

--
End of file - 12642 bytes
 
Last edited by a moderator:
Hi,

CF removed some nasty stuff, a bit more to do.

c:\program files\thechatterbox <-- This program is open to debate, if you don't use it than uninstall it via the add remove programs in the control panel.

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-abc

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZJ

O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - http://212.175.206.228/xplug.ocx





Download: DelDomains and save it to the desktop.
  • Close all open windows and your browser
  • Right Click DelDomains.inf and select > Install
  • Reboot your computer
Internet Explorer is needed to run this program properly.







Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean






Please download Malwarebytes' Anti-Malware from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    post_a4255_MBAM.PNG
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please
 
Malwarebytes' Anti-Malware 1.41
Database version: 2929
Windows 5.1.2600 Service Pack 3

09/10/2009 17:25:01
mbam-log-2009-10-09 (17-25-01).txt

Scan type: Quick Scan
Objects scanned: 123495
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1962c5bc-e475-465b-823b-133e711bceb9} (Adware.Starware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Eeshellx.ShellExt (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:54, on 09/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 windows-shield.microsoft.com
O1 - Hosts: 91.212.127.226 windows-shield.com
O1 - Hosts: 91.212.127.226 www.windows-shield.com
O2 - BHO: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://apron.bristolairport.com/codebase/AxisCamControl.ocx
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://uk.beta.bookmarks.yahoo.com/YbConvFav.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.lordoftherings.net/media/desktops/characters_aragorn_800.jpg
O24 - Desktop Component 1: (no name) - http://www.lordoftherings.net/media/desktops/rotk_aragorn_800.jpg
O24 - Desktop Component 2: (no name) - http://www.blueyonder.co.uk/blueyonder/img/home/header_top.gif
O24 - Desktop Component 3: (no name) - http://www.aircraft-photos.net/thumbs/16976.jpg

--
End of file - 11955 bytes
 
I didn't think so. I installed the .inf file, but beyond that, there weren't any instructions for anything else I had to do with it.
 
Lets run this one.

Please download HostsXpert

* Unzip HostsXpert to it's own folder a convenient place such as C:\HostsXpert
* Run HostsXpert.exe
* Click: Make Writable? in the upper left corner.
* Click: Restore MVPs Hosts
* Click: Replace
* Click: OK
* Click: Make ReadOnly
* Close HostsXpert.

Note: If a custom Hosts file was in place, you will have to run those programs again to reset detections.
If needed Tutorial


Post a new HJT log and let me know how things are running now ?
 
As I said in a earlier post, the computer hasn't been exhibiting the problems I witnessed in my neighbours house ever since I brought the computer into here. Besides that, everything appears as it always did.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14:06, on 10/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
O2 - BHO: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: thechatterbox.cc Toolbar - {00b8e20c-5c71-4c2f-85a5-6ad541500df0} - C:\Program Files\thechatterbox.cc\tbthe0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://apron.bristolairport.com/codebase/AxisCamControl.ocx
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://uk.beta.bookmarks.yahoo.com/YbConvFav.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component 0: (no name) - http://www.lordoftherings.net/media/desktops/characters_aragorn_800.jpg
O24 - Desktop Component 1: (no name) - http://www.lordoftherings.net/media/desktops/rotk_aragorn_800.jpg
O24 - Desktop Component 2: (no name) - http://www.blueyonder.co.uk/blueyonder/img/home/header_top.gif
O24 - Desktop Component 3: (no name) - http://www.aircraft-photos.net/thumbs/16976.jpg

--
End of file - 12054 bytes
 
TFC <--Yours to keep, run it about once aweek to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • CF_Cleanup.png

  • When shown the disclaimer, Select "2"

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .
Click to expand...


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.6
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.


Safe Surfn
Ken
 
You must log in or register to reply here.
Back
Top