Help with de-bugging my mums computer

Guapa1
Guapa1 Posts: 890 Forumite
in Techie Stuff
Hi there, my mums computer is really slow and I've decided to give it a good clean out. She stopped using the anti virus as it 'kept asking her things and made the computer slow (:mad: :rolleyes: )'.
I followed the malware/spyware guide (thank Browntoa) and it's running faster than before, however I cannot get spybot to immunise as there are things it can't get rid of.
I couldn't do the online virus ones either. I'm currently running Malware bytes to see if it and then will run through the removal guide again. Is there anything esle I can do?

Oh details.

Windows xp, dimension 4500 she has aol on as internet access.

Here is the superanti spyware log.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/06/2009 at 04:05 PM
Application Version : 4.24.1004
Core Rules Database Version : 3696
Trace Rules Database Version: 1672
Scan type : Complete Scan
Total Scan Time : 03:40:17
Memory items scanned : 189
Memory threats detected : 0
Registry items scanned : 5299
Registry threats detected : 160
File items scanned : 74393
File threats detected : 69
Adware.MyWebSearch
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\!!00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\!!07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\!!07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-2695072642-473866232-3689853989-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\!!00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-21-2695072642-473866232-3689853989-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\!!07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\!!00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\!!07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\!!07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-2695072642-473866232-3689853989-1007\Software\Microsoft\Internet Explorer\URLSearchHooks#!!00A6FAF6-072E-44cf-8957-5838F569A31D}
Adware.Search-Exe
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks#!!9368D063-44BE-49B9-BD14-BB9663FD38FC}
Trojan.NewDotNet
HKU\.DEFAULT\Software\New.net
HKU\S-1-5-18\Software\New.net
Adware.MyWebSearch/FunWebProducts
HKLM\SOFTWARE\Fun Web Products
HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
HKLM\SOFTWARE\Fun Web Products#CacheDir
HKLM\SOFTWARE\Fun Web Products\ScreenSaver
HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
HKLM\SOFTWARE\Fun Web Products\Settings
HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn
HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn
HKLM\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn
HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn
HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\Promos
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#iexplore.exe.pos
HKU\S-1-5-21-2695072642-473866232-3689853989-1007\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\FunWebProducts
HKLM\SOFTWARE\FunWebProducts\Installer
HKLM\SOFTWARE\FunWebProducts\Installer#Dir
HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
HKLM\SOFTWARE\FunWebProducts\Installer#sr
HKLM\SOFTWARE\FunWebProducts\Installer#pl
HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection
HKLM\SOFTWARE\FunWebProducts\Installer#CacheDir
HKLM\SOFTWARE\FunWebProducts\Installer\downloaded
HKU\.DEFAULT\SOFTWARE\MyWebSearch
HKU\S-1-5-18\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch\bar
HKLM\SOFTWARE\MyWebSearch\bar#pid
HKLM\SOFTWARE\MyWebSearch\bar#fwp
HKLM\SOFTWARE\MyWebSearch\bar#mwsask
HKLM\SOFTWARE\MyWebSearch\bar#tiec
HKLM\SOFTWARE\MyWebSearch\bar#Dir
HKLM\SOFTWARE\MyWebSearch\bar#PluginPath
HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
HKLM\SOFTWARE\MyWebSearch\bar#Id
HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
HKLM\SOFTWARE\MyWebSearch\bar#sr
HKLM\SOFTWARE\MyWebSearch\bar#pl
HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision
HKLM\SOFTWARE\MyWebSearch\bar#sscLabel
HKLM\SOFTWARE\MyWebSearch\bar#sscURL
HKLM\SOFTWARE\MyWebSearch\bar#SearchProvider
HKLM\SOFTWARE\MyWebSearch\bar#Flags
HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
HKLM\SOFTWARE\MyWebSearch\SearchAssistant
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pl
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sscEnabled
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#eintl
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fs
HKLM\SOFTWARE\MyWebSearch\SkinTools
HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
HKCR\CLSID\!!147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\CLSID\!!147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
HKCR\CLSID\!!9AFB8248-617F-460d-9366-D71CDEDA3179}
HKCR\CLSID\!!9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
HKCR\Interface\!!2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\!!2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\!!2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\!!2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\!!2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\!!741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\!!741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\!!741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\!!741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\!!741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKLM\Software\FocusInteractive
HKLM\Software\FocusInteractive\bar
HKLM\Software\FocusInteractive\bar\Switches
HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
HKLM\Software\FocusInteractive\bar\Switches#msn.exe
HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
HKLM\Software\FocusInteractive\bar\Switches#waol.exe
HKLM\Software\FocusInteractive\bar\Switches#aim.exe
HKLM\Software\FocusInteractive\bar\Switches#icq.exe
HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
HKLM\Software\FocusInteractive\bar\Switches#au
HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
HKLM\Software\FocusInteractive\bar\Switches#ps
HKLM\Software\FocusInteractive\bar\Switches#ok
HKLM\Software\FocusInteractive\bar\Switches#od
HKLM\Software\FocusInteractive\bar\Switches#nk
HKLM\Software\FocusInteractive\bar\Switches#nd
HKLM\Software\FocusInteractive\Email-IM
HKLM\Software\FocusInteractive\Email-IM\0
HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
HKLM\Software\FocusInteractive\Email-IM\0#AppName
HKLM\Software\FocusInteractive\Outlook
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\History
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch
C:\Program Files\FunWebProducts\Shared
C:\Program Files\FunWebProducts
Adware.MyWay
HKCR\MyWayToolBar.SettingsPlugin
Adware.Lop
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WEB ACE DEFAULT FRAG\INFO CORN.EXE
Adware.Tracking Cookie
C:\Documents and Settings\LocalService\Cookies\system@ads.netdok[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\LocalService\Cookies\system@bluestreak[1].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@emapadserver[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[1].txt
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\LocalService\Cookies\system@statse.webtrendslive[1].txt
C:\Documents and Settings\LocalService\Cookies\system@tradedoubler[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@112.2o7[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@2o7[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@ad.yieldmanager[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@adopt.euroclick[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@adopt.specificclick[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@adrevolver[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@ads.aol.co[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@ads.ovguide[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@ads.telegraph.co[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@ads.widgetbucks[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@adtech[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@advertising[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@adviva[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@aoluk.122.2o7[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@apmebf[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@atdmt[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@bs.serving-sys[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@content.yieldmanager[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@countrycode.sitestat[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@countrycode.sitestat[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@doubleclick[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@ehg-tfl.hitbox[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@hitbox[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@imrworldwide[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@media.adrevolver[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@media.adrevolver[3].txt
C:\Documents and Settings\Sandra\Cookies\sandra@mediaplex[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@msnportal.112.2o7[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@propertyfinderltd.122.2o7[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@propertyfinder[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@revsci[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@servedby.onlinemediadiva[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@server.iad.liveperson[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@server.iad.liveperson[3].txt
C:\Documents and Settings\Sandra\Cookies\sandra@server.lon.liveperson[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@server.lon.liveperson[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@serving-sys[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@snapfish.112.2o7[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@specificclick[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@specificmedia[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@statse.webtrendslive[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@tacoda[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@track.adform[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@track.bestbuy[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@tracking.summitmedia.co[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@tradedoubler[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@tribalfusion[2].txt
C:\Documents and Settings\Sandra\Cookies\sandra@uk.at.atwola[1].txt
C:\Documents and Settings\Sandra\Cookies\sandra@www.googleadservices[1].txt
Getting there... A deal at a time. :T
«13456712

Comments

  • Kane99uk
    Kane99uk Posts: 113 Forumite
    I'd start by rebooting the comp into safe mode and rescanning. Anything found should then be removeable.

    Try using C-Cleaner (www.ccleaner.com) to tidy up the temp. internet files and the registry as well.
    Where there's a will, there's a way to get something cheaper from somewhere else!! :D
  • GunJack
    GunJack Posts: 11,806 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Couple of things....

    1. Did you let SAS actually remove any of this stuff ??

    2. Use MBAM's Full Scan after updating it (you should be on database version 1630) and clean anything it finds (may need to reboot to kill off the last few bits). Might be useful to see the log once it's done...

    3. Download HiJackThis and run, post the log to help identify what's running on there....

    Certainly things like mywebsearch won't help..you have to be soo careful what you click on to avoid picking up such stuff...

    Just a thought, what security progs are installed on the pc ?? And you really need to get your mum NOT to turn off the AV prog...we may be able to recommend a less intrusive and less system-hungry one..
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • Guapa1
    Guapa1 Posts: 890 Forumite
    GunJack, believe me I've tried with my mum! I feel like the mum right now, I had to fight with her on Tuesday to sit down and delete everything she didn't need before I backed everything up. When I told her about viruses she immediately blamed my sister and I can see that actually it's mostly her as she opens up every single email and seems to download them. *deep sigh*

    1. I did let sas remove it, however when I rebooted it, it was still in safemode and looking at the now updated guide, maybe that was wrong?

    2. I just done the quick scan and it found some things so I've have restarted it and it has taken some off I believe. Here is the log

    Malwarebytes' Anti-Malware 1.32
    Database version: 1630
    Windows 5.1.2600 Service Pack 3
    08/01/2009 10:46:05
    mbam-log-2009-01-08 (10-46-05).txt
    Scan type: Quick Scan
    Objects scanned: 85564
    Time elapsed: 38 minute(s), 43 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Delete on reboot.
    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)

    3. I will run hijackthis now before I do another scan in safe mode and post it up.

    Until I moved back in there was only the standard windows firewall on there and an unused avast av. Now I've installed all the programmes listed in the malware removal guide.
    SAS
    CCleaner
    Windows Defence
    SpyBot
    and now malwarebytes
    Getting there... A deal at a time. :T
  • Guapa1
    Guapa1 Posts: 890 Forumite
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:17:26, on 08/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\AOL\1134656249\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\ltmsg.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Microsoft Works\WksSb.exe
    C:\WINDOWS\system32\LXSUPMON.EXE
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\AOL 9.0\aoltray.exe
    c:\program files\common files\aol\1134656249\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    c:\program files\common files\aol\1134656249\ee\aolsoftware.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thorntree.lonelyplanet.com/categories.cfm?catid=14
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - !!53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: ALOT Toolbar - !!5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
    O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - !!9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
    O3 - Toolbar: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: ALOT Toolbar - !!5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134656249\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [SurfOnGuard] C:\Program Files\SurfOnGuard\SurfOnGuard.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\found.000\dir0000.chk\reader_sl.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - !!4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: !!00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
    O16 - DPF: !!0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: !!215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: !!2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
    O16 - DPF: !!33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
    O16 - DPF: !!4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O16 - DPF: !!4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
    O16 - DPF: !!4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
    O16 - DPF: !!665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: !!6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
    O16 - DPF: !!7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
    O16 - DPF: !!8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
    O16 - DPF: {F04F4F32-6457-401A-8169-D2773DDFF930} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3uk.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C9A3FC7E-AF42-465B-B61B-2D0CE36511CB}: NameServer = 92.31.242.20 92.31.242.21
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CC32BB66-75EF-4B07-B5C2-53703EECEC0E}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O24 - Desktop Component 0: (no name) - http://model2.mvm.com/compositor?G%1CM%40OB%5BNR%07QQ%1C%0EVVV%0ELWL%0EQ%40BJ%40FDR%0EQNQTM%40UHNOR%0E%07QF%1C%0EVVV%0ELWL%0EQ%40BJ%40FDR%0EF%40SLDOUR%0ELWLINLD%0ELWLINLD%07H%1C%0EVVV%0ELWL%0EQSNKDBUR%0ELWLINLD%0ERHUD%0EIUENBR%0EHL%40FDR%0EGNOE%7EBI%40ODM%7EONHS%0FUF%40%07HQ%1C%0Eg%0E%18%0F%11%0F%11%0EGMNNSRI%40ENV%0EHL%40FDR%0EGRI%40%7Eg%7Eg%7E%10%7E%10%11urr%7E%10%7E%10%7E%10%16%18%7E%15%11%11%0FQHB%07HQ%1C%0Eg%0E%18%0F%11%0F%11%0ECNEX%0EHL%40FDR%0ECNEX%7Eg%7Eg%7E%10%11urr%7Eoj%15%7Erb%11%15%7Ecss%7Egu%10%7E%60q%10%7Emh%11%12%7E%10%7E%10%7E%10%16%18%7E%15%11%11%0FQHB%07HQ%1C%0Eg%0E%18%0F%11%0F%11%0EID%40E%0EHL%40FDR%0EID%40E%7Eg%7Eg%7Ecm%11%10%7Erb%11%15%7E%60f%13%11%7Edx%60%7Eonm%7Emqc%7Eoj%15%7Emh%11%12%7E%10%7E%10%7E%10%16%18%7E%15%11%11%0FQHB%07HF%1C%0E%0EF%40SLDOUR%0E%10%14%11%15%16%11%14%11%17%0EF%40SL%7E%10%14%11%15%16%11%14%11%17%7E%10%7E%10%11%17%7E%10%11urr%7E%10%7E%10%7E%10%16%18%7E%15%11%11%0FQHB%07HQ%1C%0Eg%0E%18%0F%11%0F%11%0EI%40HS%0EHL%40FDR%0EI%40HS%7E
    --
    End of file - 13242 bytes
    Getting there... A deal at a time. :T
  • GunJack
    GunJack Posts: 11,806 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    make sure you reboot the pc after the MBAM scan, some of the threats listed need that to be removed. Do this before HJT scan. Also, ensure firewall is on, and avast (decent AV) and all others are on and fully updated....THEN run HJT and give us the log...we'll get there :)
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • GunJack
    GunJack Posts: 11,806 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Oops ! cross-posted...give me a few minutes....
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • GunJack
    GunJack Posts: 11,806 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    I'd certainly look to fix these in HJT......

    O2 - BHO: ALOT Toolbar - !!5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
    O2 - BHO: (no name) - !!7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: ALOT Toolbar - !!5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

    Also, you've got waaay too much running on startup....use spybot's Tools/system startup utility to disable any not needed stuff from starting up on bootup. You may also want to turn off spybot's Tea timer facility for now, until you get sorted.....try this lot and re-run HJT
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Bit of a confusing mess that log!
    Did you reboot malwarebytes to delete those? Id also suggest a FULL scan with it, as your computers clearly still infected
    BEARSHARE is on the computer. Which is probably how some nasties got through. id recommend uninstalling it (or trying to 'educate' them)
    Theres one part of AVG7 on there (Which is confusing)
    use the AVG removal tool
    http://www.avg.com/download-tools

    Switch off spybots TEA TIMER mode like jack said as it can effect the programs your running

    You dont have any actual anti virus software
    Install AVAST which will check the emails AND any dodgy downloading that may be happening
    http://www.avast.com/eng/avast_4_home.html
    :idea:
  • GunJack
    GunJack Posts: 11,806 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    thanks for the backup RIK...did wonder 'bout bearshare, not one I've heard of before...
    ......Gettin' There, Wherever There is......

    I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple :D
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Its about as bad as (possibly worse than) limewire for trojans and suchlike
    :idea:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.1K Banking & Borrowing
  • 252.8K Reduce Debt & Boost Income
  • 453.1K Spending & Discounts
  • 243.1K Work, Benefits & Business
  • 597.4K Mortgages, Homes & Bills
  • 176.5K Life & Family
  • 256K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture