virus/malware problems

dogmaryxx

1. "RTHDCPL"="RTHDCPL.EXE" [2009-08-15 18702336]
2. "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
3. "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
4. "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
5. "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
6. "BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2010-07-22 2072896]
7. c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
8. Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
9. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
10. @="Service"
11. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
12. @="Service"
13. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
14. @="Service"
15. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
16. @="Driver"
17. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
18. "EnableFirewall"= 0 (0x0)
19. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
20. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
21. "%windir%\\system32\\sessmgr.exe"=
22. "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
23. R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/08/2010 11:25 64288]
24. R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/08/2010 10:26 28552]
25. R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [08/07/2010 14:59 58832]
26. R2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe -k BullGuard_LowPriv [14/04/2008 14336]
27. R2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe -k BullGuard [14/04/2008 14336]
28. R2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe -k BullGuard [14/04/2008 14336]
29. R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe -k BullGuard [14/04/2008 14336]
30. R2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe -k BullGuard_Main [14/04/2008 14336]
31. R2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [23/07/2010 14:20 355648]
32. R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [08/07/2010 15:00 31640]
33. R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [08/07/2010 15:00 256792]
34. R3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [15/07/2010 10:26 301888]
35. S0 cerc6;cerc6; [x]
36. S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 09:55 1355416]
37. S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [23/05/2010 02:08 20160]
38. S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/05/2010 13:52 1684736]
39. S3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [08/06/2010 10:09 122688]
40. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
41. BullGuard_Main REG_MULTI_SZ BsMain
42. BullGuard REG_MULTI_SZ BsFileScan BsMailProxy BsFire
43. BullGuard_LowPriv REG_MULTI_SZ BsBrowser
44. .
45. Contents of the 'Scheduled Tasks' folder
46. 2010-08-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
47. - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 10:25]
48. 2010-08-16 c:\windows\Tasks\User_Feed_Synchronization-{9C043F6B-E190-4632-96AB-02C8CBAB9E65}.job
49. - c:\windows\system32\msfeedssync.exe [2009-03-08 16:31]
50. .
51. .

52. ---

    Supplementary Scan

    ---

53. .
54. uStart Page = hxxp://www.mytalktalk.co.uk
55. uInternet Settings,ProxyOverride = *.local
56. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
57. LSP: c:\windows\system32\BGLsp.dll
58. FF - ProfilePath - c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\it9g89aq.default\
59. FF - prefs.js: browser.startup.homepage - hxxp://www.mytalktalk.co.uk/
60. FF - component: c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\it9g89aq.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
61. FF - component: c:\documents and settings\Pam\Application Data\Mozilla\Firefox\Profiles\it9g89aq.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
62. FF - component: c:\program files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\components\BGFFComponent.dll
63. FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
64. FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
65. FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
66. FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
67. FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
68. ---- FIREFOX POLICIES ----
69. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
70. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
71. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
72. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
73. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
74. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
75. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
76. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
77. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
78. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
79. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
80. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
81. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
82. c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
83. c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
84. c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
85. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
86. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
87. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
88. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
89. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
90. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
91. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
92. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
93. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
94. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
95. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
96. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
97. .
98. - - - - ORPHANS REMOVED - - - -
99. HKLM-Run-nwiz - nwiz.exe
100. **************************************************************************
101. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
102. Rootkit scan 2010-08-16 22:13
103. Windows 5.1.2600 Service Pack 3 NTFS
104. scanning hidden processes ...
105. scanning hidden autostart entries ...
106. scanning hidden files ...
107. scan completed successfully
108. hidden files: 0
109. **************************************************************************
110. .

111. ---

     LOCKED REGISTRY KEYS

     ---

112. [HKEY_USERS\S-1-5-21-776561741-308236825-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
113. @Allowed: (Read) (RestrictedCode)
114. @Allowed: (Read) (RestrictedCode)
115. .

116. ---

     DLLs Loaded Under Running Processes

     ---

117. - - - - - - - > 'lsass.exe'(1100)
118. c:\windows\system32\BGLsp.dll
119. - - - - - - - > 'explorer.exe'(1332)
120. c:\windows\system32\WININET.dll
121. c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
122. c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
123. c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
124. c:\windows\system32\ieframe.dll
125. c:\windows\system32\webcheck.dll
126. c:\windows\system32\WPDShServiceObj.dll
127. c:\windows\system32\PortableDeviceTypes.dll
128. c:\windows\system32\PortableDeviceApi.dll
129. .
130. Completion time: 2010-08-16 22:15:04
131. ComboFix-quarantined-files.txt 2010-08-16 21:15
132. Pre-Run: 131,883,843,584 bytes free
133. Post-Run: 135,526,359,040 bytes free
134. - - End Of File - - A74F2A39FAFCDBAE893D639BD11CBF82

teleaddict

thanks dogmaryxx. T

aliEnRIK

Download HostsXpert
http://www.softpedia.com/progDownload/Hoster-Download-27041.html
and then follow the below steps.

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program

then run a fresh hijack log

teleaddict

here's a copy of the hijack log after following aliEnRIK's advice above

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:49:24, on 18/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\SvcHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\SvcHost.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Pam\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BGAntiphishingBHO - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274576967000
O20 - AppInit_DLLs: BgGamingMonitor.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7819 bytes

I hope this makes sense

aliEnRIK

Hows it running now?
id say your systems clean, BUT, id recommend removing Bullguard personally, and installing something half decent in its place

teleaddict

Thanks a lot aliEnRIK, it's been much appreciated. Things appeared to be running fine after I ran combofix, but I'm glad of the second opinion from you desyphering the logs. I found it interesting how some applications would pick up some nasties but not others.

Hopefully its now a case of prevention rather than cure. I find the last post interesting after a colleague (who works as an IT instructor) has just recommended Bullguard to me.....

Anyway thanks again
:beer:

mr-mr_2

Try NOD32 from amazon.