We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Virus help needed - please?

Options
nicks
nicks Posts: 386 Forumite
Part of the Furniture Combo Breaker
in Techie Stuff
My laptop has a virus & I can't get rid of it. I have tried McAfee full scan, Spybot & CCleaner & it's still there.

My Lloyds TSB log on screen is showing that I need to input information which I know is not required (checked this with the bank) & the screen appears normal on my son's laptop.

I don't know what else to do. Can anyone please offer me further help/advice?

Many thanks

Nicks
«13

Comments

  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    download Malwarebytes Anti-Malware and save it to your desktop.
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Quick Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
    Ex forum ambassador

    Long term forum member
  • nicks
    nicks Posts: 386 Forumite
    Part of the Furniture Combo Breaker
    Many thank - will give it a try just now.

    Should I do it in Safe Mode?

    Nicks
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    no , fine in normal mode

    if you get problems getting the installer to run right clcik on it and change the name to niks.exe

    same with the main program when installed , if it fails to run right clck and rename to mse.exe
    Ex forum ambassador

    Long term forum member
  • nicks
    nicks Posts: 386 Forumite
    Part of the Furniture Combo Breaker
    Here is the LOG copied - really means nothing to me - the problem is still on my Bank page:

    Malwarebytes' Anti-Malware 1.46
    https://www.malwarebytes.org

    Database version: 4245

    Windows 6.0.6000
    Internet Explorer 7.0.6000.17037

    26/06/2010 21:42:41
    mbam-log-2010-06-26 (21-42-41).txt

    Scan type: Quick scan
    Objects scanned: 129702
    Time elapsed: 9 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 43
    Registry Values Infected: 8
    Registry Data Items Infected: 0
    Folders Infected: 7
    Files Infected: 27

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijacker) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bxhewvgm (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lrwuhtyb (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Users\Nickie\AppData\Roaming\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Users\Nickie\AppData\Roaming\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
    C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Please now runa FULL scan with malwarebytes and post that log

    Then ~


    Please run COMBOFIX
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Shut down your anti virus
    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out

    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
    (If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)
    :idea:
  • nicks
    nicks Posts: 386 Forumite
    Part of the Furniture Combo Breaker
    Running a FULL SCAN now. Will post that log once completed.

    Thanks

    Nicks
  • nicks
    nicks Posts: 386 Forumite
    Part of the Furniture Combo Breaker
    Here is the FULL SCAN LOG:
    Malwarebytes' Anti-Malware 1.46
    https://www.malwarebytes.org

    Database version: 4245

    Windows 6.0.6000
    Internet Explorer 7.0.6000.17037

    27/06/2010 15:50:04
    mbam-log-2010-06-27 (15-50-04).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 262013
    Time elapsed: 1 hour(s), 28 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  • The_Grandmaster
    The_Grandmaster Posts: 1,424 Forumite
    Part of the Furniture Combo Breaker
    Now the combofix
  • nicks
    nicks Posts: 386 Forumite
    Part of the Furniture Combo Breaker
    Just doing that now...

    Nicks
  • nicks
    nicks Posts: 386 Forumite
    Part of the Furniture Combo Breaker
    Here is the final log from COMBOFIX:

    ComboFix 10-06-26.03 - Nickie 27/06/2010 16:05:26.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2038.972 [GMT 1:00]
    Running from: c:\users\Nickie\Downloads\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
    SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
    SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Nickie\AppData\Roaming\9D2993EE52BBAF197CBB74C1C1916D1C
    c:\users\Nickie\AppData\Roaming\9D2993EE52BBAF197CBB74C1C1916D1C\enemies-names.txt
    c:\users\Nickie\AppData\Roaming\Desktopicon
    c:\users\Nickie\AppData\Roaming\Desktopicon\config.ini
    c:\users\Nickie\AppData\Roaming\inst.exe
    c:\users\Nickie\AppData\Roaming\Miongy
    c:\users\Nickie\AppData\Roaming\Miongy\usave.exe
    c:\windows\jestertb.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-05-27 to 2010-06-27 )))))))))))))))))))))))))))))))
    .

    2010-06-27 15:13 . 2010-06-27 15:13
    d
    w- c:\users\Nickie\AppData\Local\temp
    2010-06-27 15:13 . 2010-06-27 15:13
    d
    w- c:\users\Default\AppData\Local\temp
    2010-06-26 20:29 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-26 20:29 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-26 12:42 . 2010-06-26 16:14
    d
    w- c:\programdata\Spybot - Search & Destroy
    2010-06-26 12:42 . 2010-06-26 12:43
    d
    w- c:\program files\Spybot - Search & Destroy
    2010-06-26 12:40 . 2010-06-26 12:40
    d
    w- c:\users\Nickie\AppData\Roaming\Malwarebytes
    2010-06-26 12:40 . 2010-06-26 12:40
    d
    w- c:\programdata\Malwarebytes
    2010-06-26 12:40 . 2010-06-26 20:29
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-26 00:54 . 2010-06-26 00:54
    dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-06-23 05:42 . 2010-06-23 05:42
    d
    w- c:\users\Nickie\AppData\Local\udrypscbg
    2010-06-22 05:06 . 2010-06-22 05:07
    d
    w- c:\users\Nickie\AppData\Local\ryjnqtbdi
    2010-06-19 20:42 . 2010-06-19 20:42 50354 ----a-w- c:\users\Nickie\AppData\Roaming\Facebook\uninstall.exe
    2010-06-19 20:42 . 2010-06-19 20:42
    d
    w- c:\users\Nickie\AppData\Roaming\Facebook
    2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\users\Nickie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    2010-06-08 00:11 . 2010-06-08 00:11
    d
    w- c:\program files\Common Files\Windows Live
    2010-06-06 21:03 . 2010-06-06 21:03 15256 ----a-w- c:\users\Nickie\AppData\Roaming\Microsoft\IdentityCRL\ppcrlconfig.dll
    2010-06-06 21:01 . 2010-06-06 21:01
    d
    w- c:\program files\MSN Messenger
    2010-06-06 21:00 . 2010-06-06 21:00
    d
    w- c:\program files\Conduit
    2010-06-06 21:00 . 2010-06-06 21:00
    d
    w- c:\program files\Softonic-Eng7
    2010-06-06 21:00 . 2010-03-16 10:33 52224 ----a-w- c:\users\Nickie\AppData\Roaming\Mozilla\Firefox\Profiles\axwmvn4s.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
    2010-06-06 21:00 . 2010-03-16 10:33 101376 ----a-w- c:\users\Nickie\AppData\Roaming\Mozilla\Firefox\Profiles\axwmvn4s.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
    2010-06-06 12:37 . 2010-06-06 12:37
    d
    w- c:\program files\Common Files\Steam
    2010-06-06 12:37 . 2010-06-27 12:30
    d
    w- c:\program files\Steam
    2010-05-31 15:35 . 2010-05-31 15:35
    d
    w- c:\users\Nickie\AppData\Roaming\AVS4YOU
    2010-05-31 15:34 . 2010-06-26 18:52
    d
    w- c:\program files\Common Files\AVSMedia
    2010-05-31 15:34 . 2008-08-13 10:22 974848 ----a-w- c:\windows\system32\mfc70.dll
    2010-05-31 15:34 . 2008-08-13 10:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
    2010-05-31 15:34 . 2008-08-13 10:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
    2010-05-31 15:34 . 2010-06-26 18:52
    d
    w- c:\program files\AVS4YOU
    2010-05-31 15:34 . 2010-05-31 15:35
    d
    w- c:\programdata\AVS4YOU
    2010-05-31 15:34 . 2008-08-13 10:22 24576 ----a-w- c:\windows\system32\msxml3a.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-27 14:58 . 2010-02-13 01:03
    d
    w- c:\users\Nickie\AppData\Roaming\Emqoku
    2010-06-27 12:30 . 2009-01-25 13:24
    d
    w- c:\users\Nickie\AppData\Roaming\Skype
    2010-06-26 20:42 . 2008-10-29 13:36
    d
    w- c:\program files\Applications
    2010-06-26 18:57 . 2008-12-24 19:20
    d
    w- c:\programdata\Google Updater
    2010-06-26 18:52 . 2009-07-20 08:56
    d--h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
    2010-06-26 18:52 . 2008-07-11 18:53
    d
    w- c:\program files\Infogrames Interactive
    2010-06-26 18:52 . 2008-04-11 18:51
    d--h--w- c:\program files\InstallShield Installation Information
    2010-06-26 15:51 . 2008-11-19 21:15 6324 ----a-w- c:\users\Nickie\AppData\Local\d3d9caps.dat
    2010-06-26 00:54 . 2009-07-20 08:56
    d
    w- c:\program files\Lavasoft
    2010-06-23 09:35 . 2008-04-11 18:34
    d
    w- c:\programdata\DVD Shrink
    2010-06-23 05:08 . 2008-07-12 19:25
    d
    w- c:\program files\McAfee
    2010-06-09 18:49 . 2008-04-11 11:53 148136 ----a-w- c:\users\Nickie\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-06-06 12:56 . 2008-11-15 21:19
    d
    w- c:\programdata\Sports Interactive
    2010-06-06 12:55 . 2008-07-08 09:25
    d
    w- c:\users\Nickie\AppData\Roaming\Sports Interactive
    2010-06-06 12:36 . 2008-07-08 09:21
    d
    w- c:\program files\Sports Interactive
    2010-05-27 14:27 . 2008-04-11 18:37
    d
    w- c:\users\Nickie\AppData\Roaming\Vso
    2010-05-11 15:06 . 2009-01-23 16:10
    d
    w- c:\users\Nickie\AppData\Roaming\skypePM
    2010-05-09 15:20 . 2008-04-11 19:01
    d
    w- c:\program files\Google
    2010-05-06 01:24 . 2008-04-11 18:56
    d
    w- c:\program files\QuickTime
    2010-05-06 01:24 . 2008-04-11 18:51
    d
    w- c:\program files\Napster
    2010-05-06 01:24 . 2008-04-11 18:13
    d
    w- c:\program files\Unlocker
    2010-05-01 12:47 . 2010-05-01 12:47
    d
    r- c:\program files\Skype
    2010-05-01 12:47 . 2010-05-01 12:47
    d
    w- c:\program files\Common Files\Skype
    2010-05-01 12:46 . 2009-01-23 16:06
    d
    w- c:\programdata\Skype
    2008-04-25 19:24 . 2008-04-25 19:22 24 --sh--w- c:\windows\S467A282C.tmp
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

    [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
    2010-03-17 14:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]

    [HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-11 1232896]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
    "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 57344]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
    "Steam"="c:\program files\Steam\Steam.exe" [2010-06-06 1238352]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-18 1006264]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-03-01 15872]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-07 136600]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-13 4399104]
    "recinfo256"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 133912]
    "OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 40960]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "NapsterShell"="c:\program files\Napster\napster.exe" [2009-02-03 323216]
    "MediaFace Integration"="c:\program files\Fellowes\MediaFACE 5.0\SetHook.exe" [2009-02-02 53248]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
    "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392]
    "EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
    "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 57344]
    "BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 135664]
    R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-06-30 18912]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-15 1029456]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
    S2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [2007-06-05 202280]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 09:58]

    2010-06-27 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 07:01]

    2010-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 19:10]

    2010-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 19:10]

    2008-07-12 c:\windows\Tasks\McDefragTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2009-10-21 11:22]

    2009-02-01 c:\windows\Tasks\McQcTask.job
    - c:\program files\mcafee\mqc\QcConsol.exe [2009-10-21 11:22]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
    IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
    IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Trusted Zone: o2.co.uk\*.broadband
    FF - ProfilePath - c:\users\Nickie\AppData\Roaming\Mozilla\Firefox\Profiles\axwmvn4s.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - component: c:\users\Nickie\AppData\Roaming\Mozilla\Firefox\Profiles\axwmvn4s.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
    FF - component: c:\users\Nickie\AppData\Roaming\Mozilla\Firefox\Profiles\axwmvn4s.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
    FF - plugin: c:\users\Nickie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\Nickie\AppData\Roaming\Mozilla\Firefox\Profiles\axwmvn4s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\users\Nickie\AppData\Roaming\Mozilla\Firefox\Profiles\axwmvn4s.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-{9C8E0B0C-8E92-5DD1-CF6E-7EAED1489E37} - c:\users\Nickie\AppData\Roaming\Miongy\usave.exe
    HKLM-Run-NWEReboot - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-27 16:13
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    LOCKED REGISTRY KEYS

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{40f4e25a-fa42-41fc-b400-812bfd5879ac}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:0800030d
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{7f5b3a69-8990-450a-9fe2-38533103095f}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:11020054
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:07001422
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d039210b-81e5-4ae2-96d0-2ab20e55c59a}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:09001b77
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:06001422
    "Dhcpv6State"=dword:00000000
    .
    Completion time: 2010-06-27 16:18:11
    ComboFix-quarantined-files.txt 2010-06-27 15:18

    Pre-Run: 35,206,541,312 bytes free
    Post-Run: 35,146,616,832 bytes free

    - - End Of File - - 7724AB22E0F0088E3A9DEFB7BC19F687
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.8K Work, Benefits & Business
  • 598.7K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 257.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture