We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Google redirecting
Options
Comments
-
think I understand a little but more...
my account has administration rights but is not the administrator account - which I have never used/heard of/or got a clue as to its password!
But if my account has administration rights isn't that enough?0 -
I have used my account's administration rights to reset a password for "administrator".
I have now run hostsXpert as administrator and got the same error message.0 -
We shall have to wait for alienRIK to reply...0
-
thanks for your help today0
-
Download GLARY UTILITIES
http://www.glaryutilities.com/download/gusetup_slim.exe
Run the ONE CLICK scan
Goto MODULES / SYSTEM TOOLS / WINDOWS STANDARD TOOLS / then run SYSTEM FILE CHECKER
............................................................................................
Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive):idea:0 -
thanks.
I did loads of random googles last night - no problem...
.....wife googled "bbc weather" this morning and ended up at a music site.
When I get chance I am going to run my memeo back up and try latest advice.
Thanks0 -
update...
google still randomly redirecting - not all of the time.
tried glaryutilities but it kept asking for windows disk- this is dell laptop which came with windows installed but don't think I ever had a disk???
Am trying to find my external hard disk to run my memeo back up before combofix - unless any other ideas?0 -
posting combofix log - as I can't post links have replaced any www's with xxx's in text
ComboFix 10-06-21.03 - 23/06/2010 21:43:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.389 [GMT 1:00]
Running from: c:\documents and settings\user1\Desktop\ComboFix.exe
AV: avast! Internet Security *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\st325602.dll
.
((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.
2010-06-22 06:43 . 2010-06-22 06:44
d
w- C:\9bb173bfb99b51356307babc
2010-06-15 17:33 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-06-15 17:33 . 2008-02-12 03:04 2188928 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-06-15 17:21 . 2010-06-15 17:21
d
w- c:\documents and settings\user1\Application Data\GlarySoft
2010-06-15 17:15 . 2010-06-15 17:15
d
w- c:\program files\Glary Utilities
2010-06-14 20:56 . 2010-06-14 20:56
d
w- c:\program files\iPod
2010-06-14 20:56 . 2010-06-14 20:57
d
w- c:\program files\iTunes
2010-06-14 20:56 . 2010-06-14 20:57
d
w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-14 20:45 . 2010-06-14 20:47
d
w- c:\program files\QuickTime
2010-06-14 20:32 . 2010-06-14 20:32
d
w- c:\program files\Bonjour
2010-06-14 13:02 . 2010-06-14 13:02
d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-14 10:35 . 2010-06-14 10:35
d
w- c:\program files\Trend Micro
2010-06-14 09:38 . 2010-06-14 09:38
d
w- c:\documents and settings\user\Local Settings\Application Data\Threat Expert
2010-06-13 13:31 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-13 13:31 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-13 13:31 . 2010-05-06 20:41 307280 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-06-13 13:31 . 2010-05-06 20:41 99280 ----a-w- c:\windows\system32\drivers\aswFW.sys
2010-06-13 13:30 . 2010-05-06 20:40 190416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2010-06-13 13:30 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-13 13:30 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-13 13:30 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-13 13:30 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-13 13:30 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-13 13:29 . 2010-03-19 19:10 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2010-06-13 13:29 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-13 13:29 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-13 13:29 . 2010-06-13 13:29
d
w- c:\program files\Alwil Software
2010-06-13 13:29 . 2010-06-13 13:29
d
w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-13 12:28 . 2010-06-13 12:28 63488 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-13 12:28 . 2010-06-13 12:28 52224 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-13 12:28 . 2010-06-13 12:28 117760 ----a-w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-13 12:26 . 2010-06-13 12:26
d
w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
.0 -
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 18:23 . 2009-07-11 14:49
d
w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-23 13:32 . 2009-01-28 16:50
d
w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-06-14 20:56 . 2009-11-24 22:15
d
w- c:\program files\Common Files\Apple
2010-06-14 20:40 . 2008-10-10 17:10
d
w- c:\program files\Apple Software Update
2010-06-14 20:18 . 2008-10-11 20:15
d
w- c:\program files\CCleaner
2010-06-14 13:46 . 2009-04-29 13:09
d
w- c:\program files\Spyware Doctor
2010-06-14 13:44 . 2009-04-29 13:09
d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-14 13:21 . 2009-10-28 22:13
d
w- c:\program files\Spybot - Search & Destroy
2010-06-14 13:21 . 2009-10-28 22:13
d
w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-14 09:42 . 2010-04-11 21:38
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-06-08 13:17 . 2009-11-24 20:37
d
w- c:\program files\Windows Live Safety Center
2010-06-08 08:06 . 2010-04-11 07:13 439816 ----a-w- c:\documents and settings\user\Application Data\Real\Update\setup3.10\setup.exe
2010-06-05 19:22 . 2009-02-17 09:51
d
w- c:\program files\Microsoft Silverlight
2010-05-24 15:21 . 2010-05-24 15:21 69120 --sha-r- c:\windows\system32\firewallp.dll
2010-05-21 13:14 . 2010-03-13 20:21 221568
w- c:\windows\system32\MpSigStub.exe
2010-05-16 18:22 . 2009-07-11 14:49
d
w- c:\program files\Google
2010-05-12 13:26 . 2010-05-12 13:21
d
w- c:\program files\Common Files\Adobe
2010-04-29 14:39 . 2010-04-11 21:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-04-11 21:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 17:35 . 2009-09-22 19:28
d
w- c:\program files\Common Files\Adobe AIR
2010-04-25 17:35 . 2010-06-14 21:31 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\xxx.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-25 17:35 . 2009-09-22 19:31 38784 ----a-w- c:\documents and settings\user\Application Data\Macromedia\Flash Player\xxx.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-24 17:33 . 2010-04-24 17:33 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-12 05:33 . 2010-04-12 05:33 50354 ----a-w- c:\documents and settings\user\Application Data\Facebook\uninstall.exe
2010-04-12 05:33 . 2010-04-12 05:33 2114184 ----a-w- c:\documents and settings\user\Application Data\Facebook\Install_Facebook_Plug-In_1.0.3.exe
2010-04-08 22:01 . 2009-10-20 19:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.0 -
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-05-06 21:02 151648 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-11 39408]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-03-03 155648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-20 149280]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
c:\documents and settings\user\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - c:\program files\Memeo\AutoBackup\MemeoLauncher.exe [2007-1-9 199704]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [6/13/2010 2:29 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [6/13/2010 2:30 PM 190416]
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [7/4/2009 6:28 PM 19478]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [6/13/2010 2:31 PM 99280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/13/2010 2:31 PM 307280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/13/2010 2:31 PM 164048]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [7/4/2009 6:28 PM 635012]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [7/4/2009 6:28 PM 431236]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/13/2010 2:31 PM 19024]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [6/13/2010 2:29 PM 119200]
S2 gupdate1ca02372d73c8a0;Google Update Service (gupdate1ca02372d73c8a0);c:\program files\Google\Update\GoogleUpdate.exe [7/11/2009 3:52 PM 133104]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [10/10/2008 12:08 PM 20160]
S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [11/23/2009 11:58 PM 23096]
S3 TfBulk;TfBulk;c:\windows\system32\drivers\TfBulk.SYS [5/31/2007 10:11 PM 13312]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [11/23/2009 9:28 AM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [11/23/2009 9:28 AM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [11/23/2009 9:29 AM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [11/23/2009 9:29 AM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [11/23/2009 9:29 AM 25704]
.
Contents of the 'Scheduled Tasks' folder
2010-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
2010-06-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-06-15 09:01]
2010-06-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-11 14:49]
2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 14:52]
2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 14:52]
2010-06-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{E9BB3528-F175-4F8A-9845-5FB44061DADE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.2K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599.1K Mortgages, Homes & Bills
- 177K Life & Family
- 257.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards