We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

hijack this log help please

chardonnay_2
chardonnay_2 Posts: 2,201 Forumite
1,000 Posts Combo Breaker
in Techie Stuff
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:00:29, on 22/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll/206 (file missing)
O9 - Extra button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O20 - AppInit_DLLs: C:\Windows\System32\BdInstHk.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
--
End of file - 10416 bytes
:love: married to the man of my dreams! 9-08-09:love:
«1345

Comments

  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
    Fix this and reboot.

    What's the problem exactly?
  • debitcardmayhem
    debitcardmayhem Posts: 12,392 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Oh and that scan is from 22/07/2010
    4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 + Octopus Flux leccy
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Lol, I'd been back through their previous posts right back to 2009 and not noticed that! :D
  • debitcardmayhem
    debitcardmayhem Posts: 12,392 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    waddler_8 wrote: »
    Lol, I'd been back through their previous posts right back to 2009 and not noticed that! :D
    Back to the future young man
    4.8kWp 12x400W Longhi 9.6 kWh battery Giv-hy 5.0 Inverter, WSW facing Essex . Aint no sunshine ☀️ Octopus gas fixed dec 24 @ 5.74 + Octopus Flux leccy
  • chardonnay_2
    chardonnay_2 Posts: 2,201 Forumite
    1,000 Posts Combo Breaker
    oops sorry posted the wrong one. every time i save the log it says its the 2010 one. i've used cc cleaner, spybot, adaware and malwarebytes today. managed to get rid of some viruses. but it won't let microsoft security essentials work, so i tried to reinstall it but it won't even let me go to the page comes up with

    404. That’s an error.The requested URL /en-gb/security/pc-security/mse.aspx was not found on this server. That’s all we know.

    thanks
    :love: married to the man of my dreams! 9-08-09:love:
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Download DDS from the link below and save it to your desktop:

    Link

    After you've downloaded it and saved it to your desktop:
    • Double click DDS to run it.
    • When it's finished, DDS will open two logs:
    1. DDS.txt
    2. Attach.txt
    Save both reports to your desktop.

    Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)
  • chardonnay_2
    chardonnay_2 Posts: 2,201 Forumite
    1,000 Posts Combo Breaker
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by CLAIRE at 13:24:16 on 2012-08-17
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3326.1869 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Motive\McciCMService.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\AD-AWA~1\AdAware.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Steam\steam.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Steam\SteamService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_1&u=934CE3D6C73BBBB941042D502C71E0A6
    uDefault_Page_URL = hxxp://www.aldi.com
    uInternet Settings,ProxyOverride = <local>
    mSearchAssistant = about:blank
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ilpls] rundll32.exe "c:\users\claire\appdata\roaming\ilpls.dll",CreateInfoWindow
    uRun: [Noyxihiw] c:\users\claire\appdata\roaming\nyuxu\sogo.exe
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [monvr] "c:\windows\system32\rundll32.exe" "c:\users\claire\appdata\roaming\monvr.dll",ASTFromString
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
    mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
    StartupFolder: c:\users\claire\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{41F7FE4E-A70E-44B8-AC55-918EBB5131C5} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{BDDC99B0-4EDC-48E6-B469-296634C8C094} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{C825B473-3946-4E91-A7D8-73E6D78655EF} : DhcpNameServer = 192.168.1.254
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: c:\windows\system32\bdinsthk.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
    R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-7-12 1239952]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-16 172032]
    R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-2-16 5191168]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-2-16 125440]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-16 230912]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-2-16 579072]
    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-2-16 27320]
    S2 BsMain;BullGuard main service;c:\windows\system32\SvcHost.exe -k BullGuard_Main [2009-7-14 20992]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-13 135664]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-23 1153368]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-4 250056]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-8-2 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-13 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
    S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-8-16 93816]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-17 1343400]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-08-16 19:52:16 450048 ----a-w- c:\users\claire\appdata\roaming\monvr.dll
    2012-08-16 17:13:56 388096 ----a-r- c:\users\claire\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-08-16 16:25:15 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{68638b91-9c80-45c3-beb4-446661c91d00}\offreg.dll
    2012-08-16 13:55:38
    d
    w- c:\users\claire\appdata\local\adaware
    2012-08-16 13:32:44 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{68638b91-9c80-45c3-beb4-446661c91d00}\mpengine.dll
    2012-08-16 13:26:04
    d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-16 13:23:34
    d
    w- c:\users\claire\appdata\local\{E7C40AFE-DE6F-482B-8798-15EA93CF574F}
    2012-08-16 13:23:21
    d
    w- c:\users\claire\appdata\local\{A69DDF7C-363E-4B81-B059-E335D833DEB6}
    2012-08-16 04:08:03 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
    2012-08-16 04:07:57
    d
    w- c:\windows\system32\drivers\VDD
    2012-08-16 04:07:14
    d
    w- c:\users\claire\appdata\local\adawarebp
    2012-08-16 04:07:12
    d
    w- c:\programdata\Ad-Aware Browsing Protection
    2012-08-16 04:07:06
    d
    w- c:\program files\Toolbar Cleaner
    2012-08-16 04:06:59
    d
    w- c:\program files\adawaretb
    2012-08-16 02:48:32
    d
    w- c:\users\claire\appdata\roaming\PerformerSoft
    2012-08-16 02:48:30 17464 ----a-w- c:\windows\system32\roboot.exe
    2012-08-16 02:25:36
    d
    w- c:\program files\Ad-Aware Antivirus
    2012-08-16 02:25:33
    d
    w- c:\users\claire\appdata\local\Downloaded Installations
    2012-08-16 02:24:06
    d
    w- c:\windows\system32\searchplugins
    2012-08-16 02:24:06
    d
    w- c:\windows\system32\Extensions
    2012-08-16 02:23:49
    d
    w- c:\users\claire\appdata\roaming\Ad-Aware Antivirus
    2012-08-16 02:23:45
    d
    w- c:\users\claire\appdata\local\Wajam
    2012-08-16 02:20:16
    d
    w- c:\program files\Microsoft Security Essentials
    2012-08-16 00:25:28
    d
    w- c:\users\claire\appdata\local\{3A225966-CD13-462C-8CD3-3E5F9B100647}
    2012-08-16 00:25:16
    d
    w- c:\users\claire\appdata\local\{86093429-C84D-4E5B-8C23-634192658CD9}
    2012-08-15 16:20:18
    d
    w- c:\users\claire\appdata\local\{9072D81A-8D47-48AB-A5E0-2D2FCDA72BF8}
    2012-08-14 19:55:45
    d
    w- c:\program files\Steam
    2012-08-14 19:50:29
    d
    w- c:\users\claire\appdata\local\{57184BE8-BE52-4DF6-B3F5-4BA3C77084BC}
    2012-08-14 19:50:18
    d
    w- c:\users\claire\appdata\local\{00F69F15-5D78-4948-B32C-B240EE7BE896}
    2012-08-14 19:34:37
    d
    w- c:\users\claire\appdata\roaming\Nyuxu
    2012-08-14 19:34:37
    d
    w- c:\users\claire\appdata\roaming\Lyzot
    2012-08-14 19:34:37
    d
    w- c:\users\claire\appdata\roaming\Huvu
    2012-08-14 19:34:31 160256 --sha-w- c:\users\claire\appdata\roaming\ilpls.dll
    2012-08-13 23:12:50
    d
    w- c:\users\claire\appdata\local\{9C047566-B27B-4CF4-9360-36A01316FBF1}
    2012-08-13 23:12:39
    d
    w- c:\users\claire\appdata\local\{496B6F88-DB22-407B-A0BB-C6306B8CD84F}
    2012-08-13 07:53:07
    d
    w- c:\users\claire\appdata\local\{DB6418BA-921C-4B80-B6D9-551C5406DBF4}
    2012-08-13 07:52:54
    d
    w- c:\users\claire\appdata\local\{44E1F387-DC56-4422-A61F-A74B6450EAE1}
    2012-08-12 14:03:04
    d
    w- c:\users\claire\appdata\local\{9D4681EE-8C5D-40FF-A0C4-830E600A5C2F}
    2012-08-12 14:02:52
    d
    w- c:\users\claire\appdata\local\{8BEEE432-FF0D-4102-B491-C626E0839B9E}
    2012-08-10 11:54:55
    d
    w- c:\users\claire\appdata\local\{34E0C860-B438-4C01-B61B-67E4B4734B5B}
    2012-08-10 11:54:44
    d
    w- c:\users\claire\appdata\local\{4748137F-8677-48C0-B4DE-26811F5285E5}
    2012-08-08 13:06:45
    d
    w- c:\users\claire\appdata\local\{8F6790C4-76B9-48CC-87C9-A149B36C3E68}
    2012-08-07 11:08:52
    d
    w- c:\users\claire\appdata\local\{34219BEB-5F7B-443F-89FF-E957D9B37333}
    2012-08-07 11:08:40
    d
    w- c:\users\claire\appdata\local\{6D2B450B-114E-4A78-AE1E-FF00F3D0C3CB}
    2012-08-05 15:52:46
    d
    w- c:\users\claire\appdata\local\{6AC720F4-E474-400E-87A8-8D79A7D5C20F}
    2012-08-04 18:10:17
    d
    w- c:\users\claire\appdata\local\{1095F0E3-769B-4DBF-B36F-5EEDC568F571}
    2012-08-04 18:10:06
    d
    w- c:\users\claire\appdata\local\{1776B4C8-2F2F-4447-8F06-B40A92B2873D}
    2012-08-04 11:53:08
    d
    w- c:\users\claire\appdata\local\{993458B0-AE38-4C86-9BF4-B9617DF4DE2B}
    2012-08-03 15:53:13
    d
    w- c:\users\claire\appdata\local\{9028E595-03F0-470E-B1CB-23B7713B7C19}
    2012-08-03 15:53:02
    d
    w- c:\users\claire\appdata\local\{EBA75563-D87F-4C6E-A8FE-B3699755FE47}
    2012-08-02 11:58:03
    d
    w- c:\windows\en
    2012-08-02 11:57:15 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2012-08-02 11:49:43 15712 ----a-w- c:\program files\common files\windows live\.cache\e7dc47271cd70a404\MeshBetaRemover.exe
    2012-08-02 11:49:42 89944 ----a-w- c:\program files\common files\windows live\.cache\e723a2d31cd70a403\DSETUP.dll
    2012-08-02 11:49:42 537432 ----a-w- c:\program files\common files\windows live\.cache\e723a2d31cd70a403\DXSETUP.exe
    2012-08-02 11:49:42 1801048 ----a-w- c:\program files\common files\windows live\.cache\e723a2d31cd70a403\dsetup32.dll
    2012-08-02 11:08:07
    d
    w- c:\users\claire\appdata\local\{219D9627-659A-4BAE-898A-4C10D9FAC6D9}
    2012-08-02 11:07:55
    d
    w- c:\users\claire\appdata\local\{F17739C9-BE6B-417E-8180-0AD5237300EC}
    2012-08-01 19:11:14
    d
    w- c:\users\claire\appdata\local\{D26E9E48-55EC-4BC5-90B4-6C3475400BB8}
    2012-08-01 19:11:01
    d
    w- c:\users\claire\appdata\local\{97FB74C1-072B-410D-81CE-9D9A1E6125D8}
    2012-07-29 15:36:07
    d
    w- c:\users\claire\appdata\local\{D5C58781-1EE6-4AB4-96A1-19D922801C8D}
    2012-07-29 15:35:57
    d
    w- c:\users\claire\appdata\local\{BE3D9F2F-5F21-4426-BCD7-7CEC77EE20BE}
    2012-07-29 03:26:10
    d
    w- c:\users\claire\appdata\local\{BD20A7A5-56F5-42DB-AE9A-2F632CCD5EA1}
    2012-07-29 03:25:56
    d
    w- c:\users\claire\appdata\local\{7DA76FBA-A7B2-4B8C-9689-4D9756CF8FC7}
    2012-07-28 07:38:27
    d
    w- c:\users\claire\appdata\local\{A88D5105-7931-45D2-BB3E-961F6F5ECED9}
    2012-07-28 07:38:16
    d
    w- c:\users\claire\appdata\local\{FF79F81A-0892-4544-AF9D-9232F91DE41C}
    2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2012-07-27 20:12:09
    d
    w- c:\users\claire\appdata\local\{9148BE28-D460-4124-B9D2-947B72D46B5E}
    2012-07-27 20:11:56
    d
    w- c:\users\claire\appdata\local\{F03B1AEF-402E-45AE-B915-79CDDAD57F7F}
    2012-07-27 15:52:00
    d
    w- c:\users\claire\appdata\local\{EA0A7D44-34D4-45CC-B063-9CCA6BF42E57}
    2012-07-27 15:51:44
    d
    w- c:\users\claire\appdata\local\{62AB310C-324E-4C0E-9EA4-601918BD6466}
    2012-07-26 16:45:14
    d
    w- c:\users\claire\appdata\local\{1177E38E-AE97-4D1E-B5B4-DB837F128BB6}
    2012-07-26 16:45:02
    d
    w- c:\users\claire\appdata\local\{8BFD3A84-B510-4AFB-9413-20D55CEF24D0}
    2012-07-26 04:32:36
    d
    w- c:\users\claire\appdata\local\{5BE828BC-EB0C-4823-90B2-B95088627224}
    2012-07-26 04:32:25
    d
    w- c:\users\claire\appdata\local\{FCCB50A1-B19D-4796-887B-35CE2EF29A4A}
    2012-07-23 08:15:03
    d
    w- c:\users\claire\appdata\local\{E2CE9961-9F9A-4B8B-863A-A2C01CE583FD}
    2012-07-23 08:10:23
    d
    w- c:\users\claire\appdata\local\{88B4FB0A-A488-4DD6-9CF5-0ADB7BFED9AB}
    2012-07-21 19:34:37
    d
    w- c:\users\claire\appdata\local\{99B13B7C-7C94-4128-AA7E-FF8979EAA39A}
    2012-07-21 19:34:22
    d
    w- c:\users\claire\appdata\local\{BC14CE77-21B0-4D3C-9324-7899A3E45943}
    2012-07-20 15:53:02
    d
    w- c:\users\claire\appdata\local\{42A07A8A-7AD0-4C29-9316-3D4F5AE5A83E}
    2012-07-20 15:52:51
    d
    w- c:\users\claire\appdata\local\{C6BD1381-C816-41A3-A04A-9B9A8F5859B4}
    2012-07-20 10:13:43
    d
    w- c:\users\claire\appdata\local\{2D556E37-9503-475B-88CB-D33D8C8E25AE}
    2012-07-20 10:13:29
    d
    w- c:\users\claire\appdata\local\{2EE75FDB-C05F-469E-8BB2-A892F9CDD85F}
    2012-07-19 07:13:07
    d
    w- c:\users\claire\appdata\local\{EF785077-C9B6-4DBE-9F1E-086362F2F5D7}
    2012-07-19 07:12:57
    d
    w- c:\users\claire\appdata\local\{E954BABE-914E-4F66-B593-0CC800DEF28C}
    .
    ==================== Find3M ====================
    .
    2012-08-14 19:35:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-14 19:35:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-12 02:44:03 2344448 ----a-w- c:\windows\system32\win32k.sys
    2012-06-06 05:09:46 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:09:46 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 14:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 14:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 04:51:16 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:51:16 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:50:00 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:48:35 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:47:31 219136 ----a-w- c:\windows\system32\ncrypt.dll
    .
    ============= FINISH: 13:25:16.11 ===============
    :love: married to the man of my dreams! 9-08-09:love:
  • chardonnay_2
    chardonnay_2 Posts: 2,201 Forumite
    1,000 Posts Combo Breaker
    it's also now blocked facebook again, which i had been able to finally access after 2 days yesteday. it comes up with a page saying i've been blocked for sending spam and wants lots of details plus c/c details:rotfl:obvs i didn't fill it in.

    thanks for all your help
    :love: married to the man of my dreams! 9-08-09:love:
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Thanks.

    Go here and read through the instructions for downloading and running ComboFix:

    Bleeping Computer ComboFix Tutorial
    • Ensure you temporarily turn off your antivirus before running. Instructions here
    • Double click combofix.exe & follow the prompts closely.
    • When it's finished, it'll produce a log. Post the contents of that log.
    • It'll be found on your C:\ drive named combofix.txt
    Above all, BE PATIENT! and let it run it's course.
  • chardonnay_2
    chardonnay_2 Posts: 2,201 Forumite
    1,000 Posts Combo Breaker
    ComboFix 12-08-17.02 - CLAIRE 17/08/2012 17:25:54.4.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3326.1740 [GMT 1:00]
    Running from: c:\users\CLAIRE\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\prefs.js
    c:\users\CLAIRE\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCDE9.tmp
    c:\users\CLAIRE\AppData\Roaming\ilpls.dll
    c:\users\CLAIRE\AppData\Roaming\monvr.dll
    c:\users\CLAIRE\AppData\Roaming\Nyuxu
    c:\users\CLAIRE\AppData\Roaming\Nyuxu\sogo.exe
    c:\users\CLAIRE\Documents\~WRL0005.tmp
    c:\windows\system32\roboot.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-17 16:31 . 2012-08-17 16:34
    d
    w- c:\users\CLAIRE\AppData\Local\temp
    2012-08-17 16:31 . 2012-08-17 16:31
    d
    w- c:\users\Public\AppData\Local\temp
    2012-08-17 16:31 . 2012-08-17 16:31
    d
    w- c:\users\Default\AppData\Local\temp
    2012-08-17 16:31 . 2012-08-17 16:31
    d
    w- c:\users\admin\AppData\Local\temp
    2012-08-16 17:13 . 2012-08-16 17:13 388096 ----a-r- c:\users\CLAIRE\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-08-16 16:25 . 2012-08-16 16:43 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68638B91-9C80-45C3-BEB4-446661C91D00}\offreg.dll
    2012-08-16 13:55 . 2012-08-16 14:03
    d
    w- c:\users\CLAIRE\AppData\Local\adaware
    2012-08-16 13:32 . 2012-07-16 01:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68638B91-9C80-45C3-BEB4-446661C91D00}\mpengine.dll
    2012-08-16 13:26 . 2012-08-16 13:26
    d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-16 04:08 . 2011-12-19 11:44 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
    2012-08-16 04:07 . 2012-08-16 04:07
    d
    w- c:\windows\system32\drivers\VDD
    2012-08-16 04:07 . 2012-08-17 12:10
    d
    w- c:\programdata\Ad-Aware Browsing Protection
    2012-08-16 04:07 . 2012-08-16 04:07
    d
    w- c:\program files\Toolbar Cleaner
    2012-08-16 04:06 . 2012-08-16 04:07
    d
    w- c:\program files\adawaretb
    2012-08-16 02:48 . 2012-08-16 02:53
    d
    w- c:\users\CLAIRE\AppData\Roaming\PerformerSoft
    2012-08-16 02:25 . 2012-08-16 14:00
    d
    w- c:\program files\Ad-Aware Antivirus
    2012-08-16 02:25 . 2012-08-16 02:25
    d
    w- c:\programdata\Lavasoft
    2012-08-16 02:25 . 2012-08-16 04:07
    d
    w- c:\users\CLAIRE\AppData\Local\Downloaded Installations
    2012-08-16 02:24 . 2012-08-16 02:24
    d
    w- c:\windows\system32\searchplugins
    2012-08-16 02:24 . 2012-08-16 02:24
    d
    w- c:\windows\system32\Extensions
    2012-08-16 02:23 . 2012-08-16 02:23 319 ----a-w- C:\user.js
    2012-08-16 02:23 . 2012-08-16 16:12
    d
    w- c:\users\CLAIRE\AppData\Roaming\Ad-Aware Antivirus
    2012-08-16 02:23 . 2012-08-16 02:23
    d
    w- c:\users\CLAIRE\AppData\Local\Wajam
    2012-08-16 02:20 . 2012-08-16 03:44
    d
    w- c:\program files\Microsoft Security Essentials
    2012-08-16 01:03 . 2012-08-16 01:03
    d
    w- c:\users\admin\AppData\Roaming\Malwarebytes
    2012-08-16 00:57 . 2012-08-16 00:57
    d
    w- c:\users\admin\AppData\Roaming\Motive
    2012-08-14 19:55 . 2012-08-17 16:34
    d
    w- c:\program files\Steam
    2012-08-14 19:34 . 2012-08-17 14:24
    d
    w- c:\users\CLAIRE\AppData\Roaming\Huvu
    2012-08-14 19:34 . 2012-08-14 19:34
    d
    w- c:\users\CLAIRE\AppData\Roaming\Lyzot
    2012-08-02 11:58 . 2012-08-02 11:58
    d
    w- c:\windows\en
    2012-08-02 11:57 . 2012-03-08 17:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2012-08-02 11:49 . 2012-08-02 11:49 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\e7dc47271cd70a404\MeshBetaRemover.exe
    2012-08-02 11:49 . 2012-08-02 11:49 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\e723a2d31cd70a403\DSETUP.dll
    2012-08-02 11:49 . 2012-08-02 11:49 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\e723a2d31cd70a403\DXSETUP.exe
    2012-08-02 11:49 . 2012-08-02 11:49 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\e723a2d31cd70a403\dsetup32.dll
    2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-14 19:35 . 2012-05-04 01:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-14 19:35 . 2011-11-21 18:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-03 12:46 . 2010-07-21 22:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-12 02:44 . 2012-07-11 01:28 2344448 ----a-w- c:\windows\system32\win32k.sys
    2012-06-06 05:09 . 2012-07-10 23:34 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:09 . 2012-07-10 23:34 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-02 22:19 . 2012-06-21 04:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 04:49 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 04:49 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 04:49 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 04:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-21 04:49 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-21 04:49 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 14:19 . 2012-06-21 04:48 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 14:12 . 2012-06-21 04:48 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 08:33 . 2012-07-11 01:31 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25 . 2012-07-11 01:31 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25 . 2012-07-11 01:31 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20 . 2012-07-11 01:31 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16 . 2012-07-11 01:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 04:51 . 2012-07-10 23:34 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:51 . 2012-07-10 23:34 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:50 . 2012-07-10 23:34 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:48 . 2012-07-10 23:34 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:47 . 2012-07-10 23:34 219136 ----a-w- c:\windows\system32\ncrypt.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Steam"="c:\program files\Steam\Steam.exe" [2012-08-14 1353080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-08 98304]
    "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488]
    "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
    .
    c:\users\CLAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-7-28 142848]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\BdInstHk.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
    @="Ad-Aware Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    R2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [x]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
    S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [x]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    BullGuard_Main REG_MULTI_SZ BsMain
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-16 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
    - c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-07-12 17:32]
    .
    2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 19:35]
    .
    2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 19:09]
    .
    2012-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 19:09]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_1&u=934CE3D6C73BBBB941042D502C71E0A6
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    HKCU-Run-ilpls - c:\users\CLAIRE\AppData\Roaming\ilpls.dll
    HKCU-Run-Noyxihiw - c:\users\CLAIRE\AppData\Roaming\Nyuxu\sogo.exe
    HKCU-Run-monvr - c:\users\CLAIRE\AppData\Roaming\monvr.dll
    SafeBoot-BsScanner
    .
    .
    .
    LOCKED REGISTRY KEYS
    .
    [HKEY_USERS\S-1-5-21-156472762-2403522986-494797692-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-156472762-2403522986-494797692-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-156472762-2403522986-494797692-1001\Software\SecuROM\License information*]
    "datasecu"=hex:29,37,79,53,82,d8,ee,7c,5e,b0,c2,f9,3a,ac,98,93,46,d3,f8,5f,b1,
    f5,c1,9f,16,a3,65,b1,68,69,7c,74,72,aa,a4,dd,b0,0c,48,f7,36,3b,e7,17,08,87,\
    "rkeysecu"=hex:32,f3,02,4f,a5,df,b0,32,7a,27,c6,63,ca,cd,4e,99
    .
    DLLs Loaded Under Running Processes
    .
    - - - - - - - > 'Explorer.exe'(5592)
    c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
    .
    Other Running Processes
    .
    c:\program files\Microsoft Security Essentials\MsMpEng.exe
    c:\windows\system32\atieclxx.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\taskhost.exe
    c:\windows\System32\rundll32.exe
    c:\windows\system32\conhost.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\progra~1\AD-AWA~1\AdAware.exe
    c:\windows\system32\DllHost.exe
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-17 17:37:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-17 16:37
    ComboFix2.txt 2010-07-22 15:02
    ComboFix3.txt 2010-07-22 02:27
    .
    Pre-Run: 873,115,119,616 bytes free
    Post-Run: 872,962,048,000 bytes free
    .
    - - End Of File - - 03CF01C84411F149E2466BB66351BA08
    :love: married to the man of my dreams! 9-08-09:love:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 348.6K Banking & Borrowing
  • 252.3K Reduce Debt & Boost Income
  • 452.5K Spending & Discounts
  • 241.3K Work, Benefits & Business
  • 617.8K Mortgages, Homes & Bills
  • 175.8K Life & Family
  • 254.5K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture