We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

Threat detected - help!

24

Comments

  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    Yes but do you use Firefox or Internet Explorer?
  • dawnb1
    dawnb1 Posts: 18 Forumite
    we have both installed and the problem has happened on both
  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    try this;

    Please download GooredFix and save it to your Desktop.
    • Double-click GooredFix.exe on your Desktop to run it.
    • Select "2. Fix Goored" by typing 2 and pressing Enter.
    • Make sure all instances of Firefox are closed at this point.
    • Type y at the prompt and press Enter again.
    • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
    Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

    Then fire up firefox and see if you still get the redirects
  • dawnb1
    dawnb1 Posts: 18 Forumite
    When I double clicked on GooredFix it just asked me if I wanted it to scan automatically, I said yes and this is what appeared:

    GooredFix by jpshortstuff (08.01.10.1)
    Log created at 19:46 on 27/02/2010 (steve rosbrook)
    Firefox version 3.6 (en-GB)
    ========== GooredScan ==========

    ========== GooredLog ==========
    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [11:21 01/11/2009]
    {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [20:02 12/01/2010]
    C:\Documents and Settings\steve rosbrook\Application Data\Mozilla\Firefox\Profiles\haf13358.default\extensions\
    {20a82645-c095-46ed-80e3-08825760534b} [13:19 19/11/2009]
    {73a6fe31-595d-460b-a920-fcc0f8843232} [09:42 27/02/2010]
    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [21:36 16/11/2009]
    "{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [09:52 28/11/2009]
    "[EMAIL="avg@igeared"="C:\Program"]avg@igeared"="C:\Program[/EMAIL] Files\AVG\AVG9\Toolbar\Firefox\avg@igeared" [13:52 17/12/2009]
    "[EMAIL="jqs@sun.com"="C:\Program"]jqs@sun.com"="C:\Program[/EMAIL] Files\Java\jre6\lib\deploy\jqs\ff" [20:02 12/01/2010]
    -=E.O.F=-


    Started Firefox and still redirects
  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2
    Link 3

    CF_download_FF.gif


    CF_download_rename.gif

    Double click on Combo-Fix.exe & follow the prompts.
      When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.


    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall
  • dawnb1
    dawnb1 Posts: 18 Forumite
    sorry, combofix is asking me to disable AVG - how do I do that?
  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    Sorry I dont use AVG - can you right click the icon by your clock and disable it there
  • dawnb1
    dawnb1 Posts: 18 Forumite
    Combofix log:

    ComboFix 10-02-27.04 - steve rosbrook 27/02/2010 21:01:27.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2550.1809 [GMT 0:00]
    Running from: c:\documents and settings\steve rosbrook\Desktop\Combo-Fix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    c:\windows\EventSystem.log
    c:\windows\system32\lowsec
    c:\windows\system32\lowsec\local.ds
    c:\windows\system32\lowsec\user.ds
    c:\windows\system32\lowsec\user.ds.lll
    c:\windows\system32\sdra64.exe
    .
    ((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
    .
    2010-02-27 21:00 . 2010-02-27 21:00
    d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2010-02-27 13:27 . 2010-02-27 13:27 388096 ----a-r- c:\documents and settings\steve rosbrook\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-02-27 12:04 . 2010-02-27 13:07
    d
    w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-02-27 12:04 . 2010-02-27 12:07
    d
    w- c:\program files\Spybot - Search & Destroy
    2010-02-27 10:37 . 2010-02-27 10:37 52224 ----a-w- c:\documents and settings\steve rosbrook\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-02-27 10:37 . 2010-02-27 10:37 117760 ----a-w- c:\documents and settings\steve rosbrook\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-02-27 10:34 . 2010-02-27 10:34
    d
    w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-02-27 10:32 . 2010-02-27 10:32
    d
    w- c:\program files\SUPERAntiSpyware
    2010-02-27 10:32 . 2010-02-27 10:32
    d
    w- c:\documents and settings\steve rosbrook\Application Data\SUPERAntiSpyware.com
    2010-02-23 21:32 . 2010-02-23 21:32 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-02-20 19:46 . 2010-02-23 13:14
    d
    w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-02-19 17:39 . 2010-02-19 17:39
    d
    w- c:\documents and settings\steve rosbrook\Application Data\ArcSoft
    2010-02-19 15:53 . 2010-02-19 15:53
    d
    w- c:\documents and settings\All Users\Application Data\UDL
    2010-02-19 15:53 . 2003-07-02 01:00 131072 ----a-w- c:\windows\system32\Epcmlib.dll
    2010-02-19 15:50 . 2001-08-23 16:25 1706800 ----a-w- c:\windows\system32\gdiplus.dll
    2010-02-19 15:50 . 1995-07-31 12:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
    2010-02-19 15:46 . 2004-02-01 02:00 413696 ----a-w- c:\windows\system32\PICSDK.dll
    2010-02-19 15:46 . 2004-02-01 02:00 34782 ----a-w- c:\windows\system32\EPPICPrinterDB.dat
    2010-02-19 15:46 . 2004-02-01 02:00 27030 ----a-w- c:\windows\system32\EPPICPattern1.dat
    2010-02-19 15:46 . 2002-11-15 00:00 65536 ----a-w- c:\windows\system32\EPPicMgr.dll
    2010-02-19 15:46 . 2002-11-15 00:00 114688 ----a-w- c:\windows\system32\EpPicPrt.dll
    2010-02-19 15:43 . 2004-04-20 05:03 79654 ----a-w- c:\windows\system32\E_FLM9CE.DLL
    2010-02-19 15:43 . 2000-06-07 01:01 34304 ----a-w- c:\windows\system32\E_FBCH9CE.DLL
    2010-02-19 15:43 . 2003-05-21 02:27 64000 ----a-w- c:\windows\system32\E_FBCB9CE.DLL
    2010-02-19 15:43 . 2003-04-10 05:40 31744 ----a-w- c:\windows\system32\E_DCINST.DLL
    2010-02-19 15:42 . 2010-02-23 21:43
    d
    w- c:\program files\epson
    2010-02-19 15:32 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2010-02-19 15:32 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
    2010-02-19 15:32 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2010-02-19 15:32 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
    2010-02-18 19:31 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2010-02-18 19:31 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
    2010-02-12 21:39 . 2010-02-12 21:39
    d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-02-02 17:10 . 2010-02-02 17:10
    d
    w- c:\program files\iPod
    2010-02-02 17:10 . 2010-02-02 17:14
    d
    w- c:\program files\iTunes
    2010-02-02 16:57 . 2010-02-02 16:57 72488
    w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
    2010-02-01 13:04 . 2009-08-06 19:23 274288
    w- c:\windows\system32\mucltui.dll
    2010-02-01 13:04 . 2009-08-06 19:23 215920
    w- c:\windows\system32\muweb.dll
    2010-01-31 09:14 . 2010-01-31 09:14
    d
    w- c:\program files\Microsoft Silverlight
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-27 18:40 . 2004-08-04 06:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
    2010-02-27 10:30 . 2007-07-18 19:19
    d
    w- c:\program files\Common Files\Wise Installation Wizard
    2010-02-23 21:49 . 2010-01-12 20:09 1 ----a-w- c:\documents and settings\steve rosbrook\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-02-23 21:32 . 2009-03-01 15:34
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-23 21:26 . 2006-12-01 01:30
    d--h--w- c:\program files\InstallShield Installation Information
    2010-02-23 21:22 . 2007-03-03 14:50
    d
    w- c:\program files\Java
    2010-02-21 00:00 . 2006-12-01 01:55 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2010-02-04 19:04 . 2006-12-01 01:55
    d
    w- c:\program files\Google
    2010-02-02 17:10 . 2009-10-19 17:02
    d
    w- c:\program files\Common Files\Apple
    2010-01-30 18:39 . 2009-11-07 08:35
    d
    w- c:\program files\Common Files\Adobe AIR
    2010-01-26 20:07 . 2007-02-21 19:56 24440 -c----w- c:\documents and settings\steve rosbrook\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-01-26 20:04 . 2010-01-26 20:04 20600 ---h--w- c:\windows\system32\mlfcache.dat
    2010-01-26 20:03 . 2008-06-19 21:09
    d
    w- c:\documents and settings\steve rosbrook\Application Data\Apple Computer
    2010-01-12 20:08 . 2010-01-12 20:08
    d
    w- c:\documents and settings\steve rosbrook\Application Data\OpenOffice.org
    2010-01-12 20:06 . 2010-01-12 20:06
    d
    w- c:\program files\JRE
    2010-01-12 20:06 . 2010-01-12 20:06
    d
    w- c:\program files\OpenOffice.org 3
    2010-01-12 20:05 . 2008-06-19 20:36
    d
    w- c:\program files\OpenOffice.org 2.4
    2010-01-12 20:02 . 2010-01-12 20:02 411368
    w- c:\windows\system32\deploytk.dll
    2010-01-12 19:49 . 2007-11-21 19:53
    d
    w- c:\documents and settings\steve rosbrook\Application Data\OpenOffice.org2
    2010-01-12 19:49 . 2007-11-21 19:57 1
    w- c:\documents and settings\steve rosbrook\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
    2010-01-07 16:07 . 2009-03-01 15:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 16:07 . 2009-03-01 15:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-31 16:50 . 1980-01-01 08:00 353792
    w- c:\windows\system32\drivers\srv.sys
    2009-12-21 19:14 . 1980-01-01 08:00 916480
    w- c:\windows\system32\wininet.dll
    2009-12-19 13:21 . 2009-11-18 21:12 150600
    w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-12-19 10:18 . 2009-12-19 10:17 60696384
    w- c:\documents and settings\All Users\Application Data\Sony Corporation\AutoUpdateClient\CT\ContentTransferSetup.exe
    2009-12-16 18:43 . 2004-08-09 21:22 343040
    w- c:\windows\system32\mspaint.exe
    2009-12-14 07:08 . 1980-01-01 08:00 33280
    w- c:\windows\system32\csrsrv.dll
    2009-12-08 19:27 . 1980-01-01 08:00 2189184
    w- c:\windows\system32\ntoskrnl.exe
    2009-12-08 18:43 . 2004-08-04 06:59 2066048
    w- c:\windows\system32\ntkrnlpa.exe
    2009-12-05 11:49 . 2009-12-05 11:49 664
    w- c:\windows\system32\d3d9caps.dat
    2009-12-04 18:22 . 1980-01-01 08:00 455424
    w- c:\windows\system32\drivers\mrxsmb.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-11-25 13:01 1230080
    w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-29 761945]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPHKMGR.exe" [2005-12-21 94208]
    "TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2005-12-10 24064]
    "PMHandler"="c:\windows\system32\PMHandler.exe" [2006-05-20 24576]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88204]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-15 1236992]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
    "suScheduler"="c:\program files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-02 40960]
    "AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2005-11-23 507904]
    "LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2005-12-07 106496]
    "cssauthe"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2005-12-22 1988144]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-12 149280]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    c:\documents and settings\steve rosbrook\Start Menu\Programs\Startup\
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-12-21 04:46 24576
    w- c:\windows\system32\tphklock.dll
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
    2009-11-19 18:15 583016
    w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-01-22 19:16 141608
    w- c:\program files\iTunes\iTunesHelper.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
    2009-11-06 16:00 2090272
    w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    2006-11-24 01:06 487424
    r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/06/2008 18:53 333192]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22/06/2008 18:53 360584]
    R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [21/12/2005 22:09 10240]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 66632]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [28/11/2009 09:52 906520]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [28/11/2009 09:52 285392]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [22/12/2005 00:45 3968]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 12872]
    S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    Supplementary Scan
    .
    uStart Page =
    uSearchMigratedDefaultURL =
    uInternet Connection Wizard,ShellNext =
    uInternet Settings,ProxyOverride = *.local
    IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} -
    DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} -
    DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} -
    FF - ProfilePath - c:\documents and settings\steve rosbrook\Application Data\Mozilla\Firefox\Profiles\haf13358.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage -
    FF - prefs.js: keyword.URL -
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", ".");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -
    MSConfigStartUp-CTFMON - (no file)

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
    Rootkit scan 2010-02-27 21:14
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A9AFA9A]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
    \Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
    \Driver\atapi -> atapi.sys @ 0xb9f19852
    IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
    \Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
    NDIS: -> SendCompleteHandler -> 0x0
    PacketIndicateHandler -> 0x0
    SendHandler -> 0x0
    user & kernel MBR OK
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    [HKEY_USERS\S-1-5-21-4068179109-3409195564-439472003-1006\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'winlogon.exe'(772)
    c:\windows\system32\WININET.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\tphklock.dll
    c:\windows\System32\BCMLogon.dll
    - - - - - - - > 'lsass.exe'(832)
    c:\windows\system32\WININET.dll
    - - - - - - - > 'explorer.exe'(2832)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Other Running Processes
    .
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\windows\system32\PMSveH.exe
    c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\windows\AGRSMMSG.exe
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    .
    **************************************************************************
    .
    Completion time: 2010-02-27 21:22:20 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-02-27 21:22
    Pre-Run: 24,708,861,952 bytes free
    Post-Run: 24,886,509,568 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Home Edition" /fastdetect
    - - End Of File - - DCFDD66A2D75FD0207DB1A2E1791AF31


    Had to remove web addresses again
    Now going to run hijackthis
  • dawnb1
    dawnb1 Posts: 18 Forumite
    HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 21:38:18, on 27/02/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\PMSveH.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
    C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\explorer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\HijackThis\TrendMicro\HiJackThis\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
    O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
    O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) -
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - O16 - DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} (WalkmanRegistrar Object) -
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    --
    End of file - 11413 bytes


    again without web addresses
  • dawnb1
    dawnb1 Posts: 18 Forumite
    Have tried a google search in both IE and Firefox, both were much better but still found some links redirecting, far fewer than earlier.

    However, something is turning off the firewall - it was off when the computer rebooted, I turned it on and it turned off whilst I was trying the google searches. It's been a long day, could really do without something else being wrong :sad:
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.5K Banking & Borrowing
  • 254.2K Reduce Debt & Boost Income
  • 455.1K Spending & Discounts
  • 246.6K Work, Benefits & Business
  • 603K Mortgages, Homes & Bills
  • 178.1K Life & Family
  • 260.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture