We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Google Redirect Virus - HELP!!!
babybug
Posts: 657 Forumite
in Techie Stuff
Hi guys, I'm hoping someone can help me.
I have a google redirecting virus (I think - it seems to have replaced all google searches with crappy spam sites)
I looked at some previous threads and tried using mbam, but although it found some other issues, it didn't sort this out. Have used ComboFix as recommended by a techie-minded friend, but still have a problem. I have the log from the ComboFix scan if that would help
Would really appreciate any advice! Thanks
I have a google redirecting virus (I think - it seems to have replaced all google searches with crappy spam sites)
I looked at some previous threads and tried using mbam, but although it found some other issues, it didn't sort this out. Have used ComboFix as recommended by a techie-minded friend, but still have a problem. I have the log from the ComboFix scan if that would help
Would really appreciate any advice! Thanks
Nobody I'd rather be 
0
Comments
-
yes, post both the mbam log ( run the program and click on the Logs tab) and the combifix logEx forum ambassador
Long term forum member0 -
also do a hijackthis log for me
please click the button below.
Ex forum ambassador
Long term forum member0 -
Wow that was quick!
Here's the ComboFix Log:
ComboFix 09-01-01.02 - Splat & Jim 2009-01-03 15:34:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.471 [GMT 0:00]
Running from: c:\documents and settings\Splat & Jim\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\SPLAT&~1\LOCALS~1\Temp\install_flash_player.exe
.
((((((((((((((((((((((((( Files Created from 2008-12-03 to 2009-01-03 )))))))))))))))))))))))))))))))
.
2009-01-03 13:12 . 2009-01-03 13:12 <DIR> d--h
C:\$AVG8.VAULT$
2009-01-03 11:38 . 2009-01-03 11:38 <DIR> d
c:\program files\Malwarebytes' Anti-Malware
2009-01-03 11:38 . 2009-01-03 11:38 <DIR> d
c:\documents and settings\Splat & Jim\Application Data\Malwarebytes
2009-01-03 11:38 . 2009-01-03 11:38 <DIR> d
c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-03 11:38 . 2008-12-03 19:52 38,496 --a
c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-03 11:38 . 2008-12-03 19:52 15,504 --a
c:\windows\system32\drivers\mbam.sys
2009-01-03 11:34 . 2009-01-03 11:34 0 --a
c:\windows\nsreg.dat
2009-01-03 10:16 . 2009-01-03 10:16 97,928 --a
c:\windows\system32\drivers\avgldx86.sys
2009-01-03 10:16 . 2009-01-03 10:16 76,040 --a
c:\windows\system32\drivers\avgtdix.sys
2009-01-03 10:16 . 2009-01-03 10:16 10,520 --a
c:\windows\system32\avgrsstx.dll
2009-01-03 10:15 . 2009-01-03 10:19 <DIR> d
c:\windows\system32\drivers\Avg
2009-01-03 10:15 . 2009-01-03 10:15 <DIR> d
c:\program files\AVG
2009-01-03 10:15 . 2009-01-03 10:20 <DIR> d
c:\documents and settings\Splat & Jim\Application Data\AVGTOOLBAR
2009-01-03 10:15 . 2009-01-03 10:15 <DIR> d
c:\documents and settings\All Users\Application Data\avg8
2009-01-02 21:03 . 2009-01-02 21:03 <DIR> d
c:\program files\a-squared Free
2009-01-02 19:20 . 2009-01-02 19:20 <DIR> d
c:\windows\LastGood
2009-01-01 11:52 . 2009-01-01 11:52 <DIR> d
c:\windows\system32\scripting
2009-01-01 11:52 . 2009-01-01 11:52 <DIR> d
c:\windows\l2schemas
2009-01-01 11:51 . 2009-01-01 11:51 <DIR> d
c:\windows\system32\en
2009-01-01 11:51 . 2009-01-01 11:51 <DIR> d
c:\windows\system32\bits
2009-01-01 11:46 . 2009-01-01 11:53 <DIR> d
c:\windows\ServicePackFiles
2009-01-01 11:27 . 2009-01-01 11:27 <DIR> d
c:\windows\EHome
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-03 15:33
d
w c:\documents and settings\Splat & Jim\Application Data\StumbleUpon
2009-01-03 09:50
d
w c:\program files\Common Files\Symantec Shared
2008-12-07 19:44
d
w c:\documents and settings\All Users\Application Data\Tesco Photobook Creator
2008-11-25 18:19
d
w c:\program files\Alwil Software
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-24 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Splat & Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-03 1261336]
"VTTimer"="VTTimer.exe" [2006-08-02 c:\windows\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2006-07-10 c:\windows\system32\S3Trayp.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-03 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-20 c:\windows\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-01-15 614400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"= wdmaud.sys
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2009-01-03 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-03 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-03 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2009-01-03 76040]
R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2008-01-14 659456]
*Newly Created Service* - AVG8EMC
*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - AVGTDIX
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-287218729-725345543-1005.job
- c:\documents and settings\Splat & Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 16:59]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
FF - ProfilePath - c:\documents and settings\Splat & Jim\Application Data\Mozilla\Firefox\Profiles\1hn3xv0p.default\
FF - plugin: c:\documents and settings\Splat & Jim\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-03 15:35:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-01-03 15:37:30
ComboFix-quarantined-files.txt 2009-01-03 15:36:53
Pre-Run: 13,730,205,696 bytes free
Post-Run: 14,496,804,864 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
138 --- E O F --- 2009-01-02 21:38:25Nobody I'd rather be
0 -
And here's mbam's
Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3
03/01/2009 14:11:59
mbam-log-2009-01-03 (14-11-59).txt
Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 92630
Time elapsed: 1 hour(s), 28 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 30
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008420.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008421.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008429.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008430.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008431.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008432.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008433.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008434.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008435.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008436.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008438.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008439.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008440.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008441.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008442.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008444.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008445.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008446.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008447.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008449.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008450.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008451.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008452.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008453.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008454.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008520.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008521.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008522.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008527.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{819FFD18-D79A-4A79-B002-79BF71AEBF01}\RP237\A0008437.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.Nobody I'd rather be
0 -
Just done Hijack This,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:38, on 03/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Splat & Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - !!145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - !!3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - !!2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: StumbleUpon Toolbar - !!5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Splat & Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: StumbleUpon - !!75C9223A-409A-4795-A3CA-08DE6B075B4B} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 6256 bytesNobody I'd rather be
0 -
hijackthis log looks clearEx forum ambassador
Long term forum member0 -
Its above mate!:idea:0
-
I thought I'd put it in post 5 - but I could be wrong, I'm not very good at this stuff!
Is that what you meant or do I need to put something else up?Nobody I'd rather be
0 -
mbam seems to have deleted all it found
was me ...missed the log...lolEx forum ambassador
Long term forum member0 -
Is this where I become a complete moron and ask if rebooting my computer would be a good plan at this point *blushes furiously at the realisation that I forgot to do this*Nobody I'd rather be
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.3K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601.1K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards