Please help me with Scan results - how badly infected am i?

[H0peless]

Hi,

Please can anyone help me assessing the seriousness of my Scan results. Quite a lot of stuff was found but i'm afraid due to my complete computer illiteracy it means very little to me.


The reason i did the scan is because i have been a victim of bank fraud recently and my bank account, online banking, credit card have been hacked. I have been told to take my computer to a computer specialist and have it wiped but i can't afford it at the moment. Also i haven't been given an answer [and are unlikely to be] to how i was hacked yet so before i wipe my computer and any other computers i may have used i want to try and work out the source of my fraud, if i can. I realise the original source of my fraud may have not been online also.



Here are my results:


Search results from Spybot - Search & Destroy

08/12/2011 02:06:10
Scan took 00:24:05.

Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore

Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1

Babylon.Toolbar: [SBI $554A5FF0] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1

Babylon.Toolbar: [SBI $554A5FF0] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Babylon.Toolbar: [SBI $554A5FF0] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylnApp.appCore

Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd

Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd.1

Babylon.Toolbar: [SBI $86348D5E] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd.1

Babylon.Toolbar: [SBI $86348D5E] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $86348D5E] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Babylon.dskBnd

Babylon.Toolbar: [SBI $F75ED516] IE toolbar (Registry Value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC}

Babylon.Toolbar: [SBI $07586C96] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane

Babylon.Toolbar: [SBI $07586C96] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1

Babylon.Toolbar: [SBI $07586C96] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}

Babylon.Toolbar: [SBI $07586C96] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1

Babylon.Toolbar: [SBI $07586C96] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}

Babylon.Toolbar: [SBI $07586C96] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Babylon.Toolbar: [SBI $B04483F7] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $B04483F7] Browser helper object (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Babylon.Toolbar: [SBI $B04483F7] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $B04483F7] Browser helper object (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}

Babylon.Toolbar: [SBI $B04483F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc

Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1

Babylon.Toolbar: [SBI $52C6ABB7] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}

Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1

Babylon.Toolbar: [SBI $52C6ABB7] Class ID (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}

Babylon.Toolbar: [SBI $52C6ABB7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc

DoubleClick: [SBI $7F76510F] Tracking cookie (Firefox: Charmaine (default)) (Browser: Cookie, nothing done)


Log: [SBI $7F76510F] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Properties.size=47261
Properties.md5=1328DC4A7D71CF897F599AC41F6C7365
Properties.filedate=1323271180
Properties.filedatetext=2011-12-07 15:19:40

Log: [SBI $7F76510F] Install: DtcInstall.log (File, nothing done)
C:\Windows\DtcInstall.log
Properties.size=2790
Properties.md5=26B91E0E7E8FDC29A64DD08089316F07
Properties.filedate=1292957106
Properties.filedatetext=2010-12-21 18:45:06

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Wordpad: [SBI $4C02334D] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\WinRAR\ArcHistory

WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-4054292811-2639179496-1958547070-1000\Software\WinRAR\General\LastFolder

Cookie: [SBI $49804B54] Browser: Cookie (5) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (134) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (3) (Browser: History, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (49) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.0.6.131 DLL (build: 20111005) ---




I thought i should also let you know that i had problems with the Babylon toolbar before, which is mentioned in the results alot, but i thought it had all been removed a few months ago hence my continuing to use the computer.
My friend told me everything had been removed and it was safe to be used. I have actually had Avira antivirus running in real time protection mode since then, even though i was told not to because it will slow my computer down.

I also ran a full Avira scan the other day and it found nothing at all.

I also ran a Malwarebytes scan an it only found the following:

Files Infected:
c:\$RECYCLE.BIN\s-1-5-21-4054292811-2639179496-1958547070-1000\$RTSR0FK\CSDATA\1000000600002i\svchost.exe (Rootkit.Dropper) -> No action taken.
c:\$RECYCLE.BIN\s-1-5-21-4054292811-2639179496-1958547070-1000\$RTSR0FK\CSDATA\1000000800002i\svchost.exe (Rootkit.Dropper) -> No action taken.
c:\$RECYCLE.BIN\s-1-5-21-4054292811-2639179496-1958547070-1000\$RTSR0FK\CSDATA\1000000b00002i\rundll32.exe (Rootkit.Dropper) -> No action taken.
c:\$RECYCLE.BIN\s-1-5-21-4054292811-2639179496-1958547070-1000\$RTSR0FK\CSDATA\4000002c0600002i\photoshop.exe (Rootkit.Dropper) -> No action taken.







I realise no one is obliged to help me so i am very grateful for anyone that does if they can.

Cheers.

[jeffce]

Hi H0pless,

Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.
----------

I am sorry for the delay in response but as you can see we are very busy here.
---------

Before we begin...if you believe you have been a victim of banking fraud be sure to call any and all financial institutions so that they are aware of the possibility of any problems that may arise. I would also go to a "clean" computer and immediately change all of your passwords to everything...banking sites, emails...anything.
----------

Please download DDS from one of the following links and save it to your desktop.

• • DDS.scr
  • DDS.pif
• Disable any script blocking protection (How to Disable your Security Programs)
• Double click DDS icon to run the tool (may take up to 3 minutes to run)
• When done, DDS.txt will open.
• After a few moments, attach.txt will open in a second window.
• Save both reports to your desktop.

---------------------------------------------------

• Post the contents of the DDS.txt report in your next reply
• Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

----------

Please download aswMBR to your desktop.

• Double click the aswMBR icon to run it.
  Vista and Windows 7 users right click the icon and choose "Run as administrator".
• Click the Scan button to start scan.
• When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Click the image to enlarge it
----------

In your next reply please post both of the logs created by DDS and the log created by aswMBR.exe.

[jeffce]

Hi,

Do you still need help?

[H0peless]

Hi, sorry for the late reply, yes i would please

I'm just going to follow your advice now.

I have already got everything sorted with the bank except they are not very helpful when it comes to giving me details of the case and how the hacker has managed to access my account. I would really like to try and work out the original source of the hack if at all possible or at least try and work out if it was done using malware on my computer or not. The whole thing has sent me kind of paranoid lol. I wont be using online banking again until i can prove the internet wasn't involved.

Thanks a lot for your reply i will get it done now.

[jeffce]

[H0peless]

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Charmaine at 1:36:52 on 2011-12-16
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.44.1033.18.1918.1085 [GMT 0:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search & Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.31.2\bh\BabylonToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.31.2\BabylonToolbarTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Facebook Update] "c:\users\charmaine\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9F37D89F-EF3C-4875-8A58-4C92E1E69B1C} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9F37D89F-EF3C-4875-8A58-4C92E1E69B1C}\244524573796E6563737845726D2636363 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9F37D89F-EF3C-4875-8A58-4C92E1E69B1C}\2456C6B696E6F5533353645353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9F37D89F-EF3C-4875-8A58-4C92E1E69B1C}\349727573702478656026596275737 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9F37D89F-EF3C-4875-8A58-4C92E1E69B1C}\37175796463747275656472716373616C637 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9F37D89F-EF3C-4875-8A58-4C92E1E69B1C}\6796277696E6022627F616462616E646 : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: SDWinLogon - SDWinLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components

\RadioWMPCoreGecko19.dll
FF - component: c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\charmaine\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-9 36000]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\spybot - search & destroy 2\SDHookDrv32.sys [2011-12-8 38504]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-9 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-9 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-9 74640]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\spybot - search & destroy 2\SDHookSvc.exe [2011-12-8 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-12-8 892336]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-12-8 955816]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2011-12-8 169624]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-21 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-21 136176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-2 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-21 1343400]
.
=============== Created Last 30 ================
.
2011-12-14 23:24:01 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e89abdfd-d52b-45ed-b3ec-

fc3da2287f03}\mpengine.dll
2011-12-10 16:48:30 -------- d-----w- c:\programdata\Hitman Pro
2011-12-10 14:55:50 -------- d-----w- C:\ComboFix
2011-12-08 01:35:41 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-12-08 01:35:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-12-07 22:17:51 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
==================== Find3M ====================
.
2011-12-10 16:49:37 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-09 22:58:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 04:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 03:37:56 2341888 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 1:37:46.53 ===============




aswMBR:


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-16 01:42:08
-----------------------------
01:42:08.853 OS Version: Windows 6.1.7601 Service Pack 1
01:42:08.853 Number of processors: 2 586 0x6802
01:42:08.853 ComputerName: CHARMAINE-PC UserName: Charmaine
01:42:10.009 Initialize success
01:42:40.336 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:42:40.336 Disk 0 Vendor: TOSHIBA_MK1246GSX LB212D Size: 114473MB BusType: 3
01:42:42.383 Disk 0 MBR read successfully
01:42:42.383 Disk 0 MBR scan
01:42:42.383 Disk 0 Windows 7 default MBR code
01:42:42.399 Disk 0 scanning sectors +234438656
01:42:42.477 Disk 0 scanning C:\Windows\system32\drivers
01:42:50.602 Service scanning
01:42:52.024 Modules scanning
01:42:59.540 Disk 0 trace - called modules:
01:42:59.571 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
01:42:59.571 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85561a38]
01:42:59.586 3 CLASSPNP.SYS[8879159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x847c4908]
01:42:59.586 Scan finished successfully
01:43:22.946 Disk 0 MBR has been saved successfully to "C:\Users\Charmaine\Desktop\MBR.dat"
01:43:22.961 The log file has been saved successfully to "C:\Users\Charmaine\Desktop\aswMBR.txt"




I hope i have done that right.
Cheers.

[jeffce]

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt for further review.

[H0peless]

I am really struggling to turn off Spybot to be honest. I have exited Windows defender and shut the umbrella on Avira. But even though i have unselected live protection on Spybot i can't work out a way to exit it and Combofix is telling me it is still running and will interfere. I have tried shutting everything on task manager but it wont let me and when i restarted all that happened was Windows ended up taking forever to update for some weird reason lol.

Bar uninstalling i don't know what to do. I will make sure live protection isn't selected and then run it anyway. Btw it is Spybot - Search & Destroy version: 2.0.6.131 DLL (build: 20111005).

[H0peless]

I couldn't get it to not say Spybot wasn't still running even though i went on options and unticked everything. I ran it anyway:







ComboFix 11-12-15.02 - Charmaine 16/12/2011 5:44.2.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.44.1033.18.1918.1267 [GMT 0:00]
Running from: c:\users\Charmaine\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search & Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 05:57 . 2011-12-16 05:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-16 05:57 . 2011-12-16 05:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-16 03:01 . 2011-11-03 22:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-16 03:01 . 2011-11-03 23:16 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-12-16 03:01 . 2011-11-03 22:37 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-12-16 03:00 . 2011-11-03 22:47 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-12-16 03:00 . 2011-11-03 22:39 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-16 03:00 . 2011-11-03 22:42 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-12-16 03:00 . 2011-11-03 22:40 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 23:24 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E89ABDFD-D52B-45ED-B3EC-FC3DA2287F03}\mpengine.dll
2011-12-14 23:23 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 23:23 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 23:22 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 23:22 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 23:22 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 23:22 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-10 16:48 . 2011-12-10 16:48 -------- d-----w- c:\programdata\Hitman Pro
2011-12-08 01:35 . 2009-01-25 13:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-12-08 01:35 . 2011-12-08 01:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-12-07 22:17 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 16:49 . 2011-10-09 23:12 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-08 19:08 . 2011-10-09 16:59 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-09 22:58 . 2011-08-20 16:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2010-12-28 15:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 16:03 . 2011-11-09 15:38 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-21 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Facebook Update"="c:\users\Charmaine\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-02 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-10-05 3578272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [2011-10-05 38504]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4054292811-2639179496-1958547070-1000Core.job
- c:\users\Charmaine\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 19:43]
.
2011-12-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4054292811-2639179496-1958547070-1000UA.job
- c:\users\Charmaine\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 19:43]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 22:36]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Charmaine\AppData\Roaming\Mozilla\Firefox\Profiles\iirg01fc.default\
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam10\QuickCam10.exe
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-16 06:15:26
ComboFix-quarantined-files.txt 2011-12-16 06:15
ComboFix2.txt 2011-10-10 00:03
.
Pre-Run: 59,543,056,384 bytes free
Post-Run: 59,169,984,512 bytes free




Thanks again for your help.

[jeffce]

Hi,

I couldn't get it to not say Spybot wasn't still running even though i went on options and unticked everything. I ran it anyway:

It looks like it ran just fine.
----------

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  Code:

  DDS::
  uStart Page = hxxp://www.google.co.uk/
  BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.31.2\bh\BabylonToolbar.dll
  TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.31.2\BabylonToolbarTlbr.dll
  
  Firefox::
  FF - ProfilePath - c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\
  FF - component: c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components
  \RadioWMPCoreGecko19.dll
  FF - component: c:\users\charmaine\appdata\roaming\mozilla\firefox\profiles\iirg01fc.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
  FF - Ext: Conduit Engine :  - %profile%\extensions\engine@conduit.com
  FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
  
  RegLock::
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------