We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
google search AVAST comes up with malicious virus
cepheus
Posts: 20,053 Forumite
Almost whatever search term I type into Google, AVAST flags a malicious virus warning, for several consecutive terms. I have run a full virus check today and switched my computer on and off, still continues. (System Windows 7 IE9)
AVAST network shield has blocked a harmful site
even if I type the word google into google it does
https://www.google.co.uk/search?hl=en&rlz=1I7GGHP_en-GB&q=google&oq=google&gs_l=serp.12..35i39l2j0l8.42659.127077.0.128451.13.6.7.0.0.0.187.705.3j3.6.0...0.0...1c.KcTLkOW_aIQ
am I being redirected somewhere? strange because the Google URL is still in front
avast! saved your computer from crashing
You just dodged a bullet
You may be wondering how you ended up with a virus, especially if you were visiting a ‘normal’ site. The latest research from the avast! Virus Lab shows that more than 80% of [COLOR=inherit !important]malware[/COLOR] (viruses, [COLOR=inherit !important]spyware[/COLOR], and the like) spreads through legitimate websites, with only 1% coming from suspicious or ‘dodgy’ sites.
AVAST network shield has blocked a harmful site
even if I type the word google into google it does
https://www.google.co.uk/search?hl=en&rlz=1I7GGHP_en-GB&q=google&oq=google&gs_l=serp.12..35i39l2j0l8.42659.127077.0.128451.13.6.7.0.0.0.187.705.3j3.6.0...0.0...1c.KcTLkOW_aIQ
am I being redirected somewhere? strange because the Google URL is still in front
avast! saved your computer from crashing
You just dodged a bullet
You may be wondering how you ended up with a virus, especially if you were visiting a ‘normal’ site. The latest research from the avast! Virus Lab shows that more than 80% of [COLOR=inherit !important]malware[/COLOR] (viruses, [COLOR=inherit !important]spyware[/COLOR], and the like) spreads through legitimate websites, with only 1% coming from suspicious or ‘dodgy’ sites.
0
Comments
-
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)0 -
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by stephen at 17:26:35 on 2012-07-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3891.2430 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\SysWOW64\cryptainersrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://toshiba.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [shtbki] "C:\Windows\System32\rundll32.exe" "C:\Users\stephen\AppData\Roaming\shtbki.dll",RichCompareBool
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Download with &Shareaza - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - [URL]file://C:\Program[/URL] Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [URL]file://C:\Program[/URL] Files (x86)\ieSpell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110620094923
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7}\0756475627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7}\244584F6D65684572623D223256305 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5DC4FA5E-52D1-46E5-B4C5-AAF17B386CA7}\C456967686021427D637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9E013B8A-BE41-43B6-BEB6-85C6104005FD} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Shareaza Web Download Hook: {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
BHO-X64: Advertising Cookie Opt-out - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\stephen\AppData\Roaming\Mozilla\Firefox\Profiles\aicv56t1.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 ssoftnt4;ssoftnt4;\??\C:\Windows\system32\Drivers\ssoftnt4.sys --> C:\Windows\system32\Drivers\ssoftnt4.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-10 44808]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-3-4 1811456]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-4 2320920]
R3 CeKbFilter;CeKbFilter;C:\Windows\system32\DRIVERS\CeKbFilter.sys --> C:\Windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-30 136176]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-30 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-20 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-5-11 124368]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-29 06:24:42
d
w- C:\Users\stephen\AppData\Local\{1DDCF4C5-5F42-4A62-B1B5-4211264666E8}
2012-07-29 06:24:31
d
w- C:\Users\stephen\AppData\Local\{2AAF93CD-F996-4833-AD9A-9E947BF66FCF}
2012-07-28 20:37:42
d
w- C:\Users\stephen\AppData\Local\{132931E3-D8F4-11E1-8270-B8AC6F996F26}
2012-07-28 20:37:37 416768 ----a-w- C:\Users\stephen\AppData\Roaming\shtbki.dll
2012-07-28 14:22:44
d
w- C:\Users\stephen\AppData\Local\{4DFB0A2A-2B11-4410-BC2D-D8A21CDE081A}
2012-07-28 14:22:34
d
w- C:\Users\stephen\AppData\Local\{4E6FEA4A-FB52-43A6-8B01-D2656163D15B}
2012-07-28 05:35:20 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0275FDA2-79F4-43FA-A590-264260EC2C76}\mpengine.dll
2012-07-27 09:42:29
d
w- C:\Users\stephen\AppData\Local\{7FF2F997-B757-4236-84B0-F9D25059FFD3}
2012-07-27 09:42:17
d
w- C:\Users\stephen\AppData\Local\{6B2683DD-8362-4B19-9732-803A049880A3}
2012-07-26 21:28:00
d
w- C:\Users\stephen\AppData\Local\{4BB3C8B0-5150-4575-BE06-95234C9BE5C8}
2012-07-26 21:27:50
d
w- C:\Users\stephen\AppData\Local\{62249014-DB13-4AD7-974C-FA53A12BADC1}
2012-07-26 09:25:52
d
w- C:\Users\stephen\AppData\Local\{EC8CA9E8-0377-425D-98E5-8D8D7F1E12A2}
2012-07-26 09:25:43
d
w- C:\Users\stephen\AppData\Local\{AEB7C706-075A-47F1-98F5-3BE14BF1C8F0}
2012-07-25 20:17:16
d
w- C:\Users\stephen\AppData\Local\{617DFD8F-2CAA-4099-8E4A-C4A13A82DD72}
2012-07-25 20:17:05
d
w- C:\Users\stephen\AppData\Local\{999F628E-3F91-4D47-A77B-8FC1A43BD063}
2012-07-25 06:26:03
d
w-0 -
C:\Users\stephen\AppData\Local\{BEA36201-B2F0-46C9-8975-50CCAA8BCE0E}
2012-07-25 06:25:52
d
w- C:\Users\stephen\AppData\Local\{E164033D-C4EE-4BB7-8776-089A4A6D5E2C}
2012-07-24 08:12:43
d
w- C:\Users\stephen\AppData\Local\{890AF71F-1203-4CB8-B5BC-44ABAA01818D}
2012-07-24 08:12:33
d
w- C:\Users\stephen\AppData\Local\{5039B34C-2A42-4A89-B3B9-70387C3B89E5}
2012-07-23 20:12:04
d
w- C:\Users\stephen\AppData\Local\{9093ED4E-1799-41DB-99DA-28454163243F}
2012-07-23 20:11:54
d
w- C:\Users\stephen\AppData\Local\{8FF61BA4-80F6-4C45-953E-AD59427EF1D5}
2012-07-23 06:27:38
d
w- C:\Users\stephen\AppData\Local\{5252FBBB-2B5E-4B3B-BCCA-DE6D62F1B505}
2012-07-23 06:27:27
d
w- C:\Users\stephen\AppData\Local\{49335A93-B15C-4CE8-AB16-E801D9D97F11}
2012-07-22 18:25:28
d
w- C:\Users\stephen\AppData\Local\{5A7AC5C5-E0C0-460B-9F8D-DAB09C6B87A6}
2012-07-22 18:25:17
d
w- C:\Users\stephen\AppData\Local\{CFC12AF4-AE94-46A7-BDBD-253BDCDD66D4}
2012-07-22 06:24:48
d
w- C:\Users\stephen\AppData\Local\{5938729C-002E-474E-8B80-56428599DB17}
2012-07-22 06:24:38
d
w- C:\Users\stephen\AppData\Local\{7F0ABBE3-45AF-45C9-9FC3-9341E12EB418}
2012-07-21 06:23:37
d
w- C:\Users\stephen\AppData\Local\{41B57710-2056-40B4-B397-0A5319531805}
2012-07-21 06:23:27
d
w- C:\Users\stephen\AppData\Local\{D0F4F894-7B05-40F6-9939-8A122A411936}
2012-07-20 20:17:00
d
w- C:\Users\stephen\AppData\Local\{5429E97D-F829-49AA-BBF4-AD0CB919ABB4}
2012-07-20 06:30:25
d
w- C:\Users\stephen\AppData\Local\{95F3EC46-9AD8-48CF-BFF7-F956DD61D652}
2012-07-20 06:30:15
d
w- C:\Users\stephen\AppData\Local\{23F534B4-6666-4348-AB92-B7BBFFBE34D5}
2012-07-19 13:46:14
d
w- C:\Users\stephen\AppData\Local\{9E72B0C0-A090-451C-A873-728A1A37CB6F}
2012-07-19 13:46:03
d
w- C:\Users\stephen\AppData\Local\{DA50C083-71D8-494A-8A2B-E177E0A91F83}
2012-07-18 20:00:36
d
w- C:\Users\stephen\AppData\Local\{2720D71C-CEC8-4A1F-B312-DFEBF6E770D0}
2012-07-18 20:00:26
d
w- C:\Users\stephen\AppData\Local\{C8C2F218-5BD7-40DB-81D8-B9C104F27BEE}
2012-07-18 06:28:51
d
w- C:\Users\stephen\AppData\Local\{BC69428C-3253-45DA-9627-B1F09349B1AF}
2012-07-18 06:28:41
d
w- C:\Users\stephen\AppData\Local\{52F8E877-DD60-47BF-A739-303FC851E227}
2012-07-17 05:44:02
d
w- C:\Users\stephen\AppData\Local\{AF511A3C-9608-4BC3-9094-54E75323B944}
2012-07-17 05:43:52
d
w- C:\Users\stephen\AppData\Local\{FF4405BE-50C6-4CA4-8F39-E23B76D31A75}
2012-07-16 10:02:33
d
w- C:\Users\stephen\AppData\Local\{D380F1E5-73E7-42ED-B702-EAF1D7EE9A25}
2012-07-16 10:02:23
d
w- C:\Users\stephen\AppData\Local\{53E26D2C-92B8-40D4-9C44-BBE4A875BD2E}
2012-07-15 12:58:27
d
w- C:\Users\stephen\AppData\Local\{7FE5A034-E1F4-4190-AE79-D6F733596724}
2012-07-15 12:58:17
d
w- C:\Users\stephen\AppData\Local\{D0F70FA4-27F8-4B28-ACE6-2749BE14430D}
2012-07-14 05:29:24
d
w- C:\Users\stephen\AppData\Local\{354EB474-6AA8-4105-9244-EAC9D22E896C}
2012-07-14 05:29:14
d
w- C:\Users\stephen\AppData\Local\{AD83F098-F46A-419F-A9A0-160BF74A1B6F}
2012-07-13 08:29:22
d
w- C:\Users\stephen\AppData\Local\{DEBEE4FA-C3D5-47DC-9BAB-584CD23BBED9}
2012-07-13 08:29:11
d
w- C:\Users\stephen\AppData\Local\{ED1D8227-9361-4501-91A8-2EFD12254CBB}
2012-07-12 18:30:05
d
w- C:\Users\stephen\AppData\Local\{EA11C49D-E2E0-4B40-8434-8997B41F9EF5}
2012-07-12 18:29:55
d
w- C:\Users\stephen\AppData\Local\{4B5779F0-BC2B-4DEF-B415-7AD902A0A51E}
2012-07-12 06:02:47
d
w- C:\Users\stephen\AppData\Local\{CC2116F9-85FC-4360-9DE1-93907E3583D4}
2012-07-12 06:02:37
d
w- C:\Users\stephen\AppData\Local\{7AC33AFE-C0D6-418C-838E-F27F07238D88}
2012-07-11 22:07:31 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 08:20:42
d
w- C:\Users\stephen\AppData\Local\{EB59568B-FF0B-443B-A819-FCD91225EAB6}
2012-07-11 08:20:32
d
w- C:\Users\stephen\AppData\Local\{2956C0ED-029F-4282-BE23-F317C71A5ECA}
2012-07-11 07:57:59 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 07:57:59 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 07:57:58 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 07:57:58 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-11 07:57:58 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-11 07:57:57 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 07:57:57 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-11 07:57:57 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 07:57:56 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 07:57:56 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 07:57:56 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 07:57:56 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 07:57:55 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-10 19:35:21
d
w- C:\Users\stephen\AppData\Local\{C54B3EB3-880B-4467-B4FC-8F57B2477974}
2012-07-10 19:35:10
d
w- C:\Users\stephen\AppData\Local\{42A35032-99A1-4923-AD50-CE1751E0057C}
2012-07-10 06:45:34
d
w- C:\Users\stephen\AppData\Local\{8916449A-F960-4CF6-96E1-95DB160516E1}
2012-07-10 06:45:23
d
w- C:\Users\stephen\AppData\Local\{EFD55340-EBF0-45EB-BBBE-3F83BD5DD0DE}
2012-07-09 17:42:29
d
w- C:\Users\stephen\AppData\Local\{18C418C6-F587-4DDD-92B9-62976CEACE11}
2012-07-09 17:42:19
d
w- C:\Users\stephen\AppData\Local\{4CABC04D-0E74-4082-A5E3-23B3A9F2FF4F}
2012-07-09 05:41:51
d
w- C:\Users\stephen\AppData\Local\{092CBA4E-C71F-491E-A7D0-D5DBD12D1F01}
2012-07-09 05:41:41
d
w- C:\Users\stephen\AppData\Local\{D2FCA9B1-12C9-466C-BD9D-644129ACE447}
2012-07-08 15:24:27
d
w- C:\Users\stephen\AppData\Local\{84222767-A455-45A5-8920-74D2D8EC5EA1}
2012-07-08 15:24:17
d
w- C:\Users\stephen\AppData\Local\{9FC1C3E1-E1C7-48BD-B6E6-C71413B47D3D}
2012-07-08 12:46:25
d
w- C:\Users\stephen\AppData\Local\{E0C0F654-55DB-4CC5-92A8-FAE099810875}
2012-07-07 19:39:50
d
w- C:\Users\stephen\AppData\Local\{50A53731-E9F4-4D99-8FE2-4520196B71DB}
2012-07-07 19:39:39
d
w- C:\Users\stephen\AppData\Local\{ED8B921B-CBAE-40F6-87C5-FEA5334C5A92}
2012-07-07 07:19:46
d
w- C:\Users\stephen\AppData\Local\{34BDD62C-11DE-4C28-A655-6B1CD28392AD}
2012-07-07 07:19:36
d
w- C:\Users\stephen\AppData\Local\{D7F0EF46-F2EC-41AC-B2AE-9E06BA6F8680}
2012-07-06 07:53:31
d
w- C:\Users\stephen\AppData\Local\{7F838DD9-8883-4A5C-97E6-F8F0BEB50387}
2012-07-06 07:53:21
d
w- C:\Users\stephen\AppData\Local\{9EA2FD6F-DBB6-40A0-B86D-E2DD6D50AD4E}
2012-07-05 09:28:12
d
w- C:\Users\stephen\AppData\Local\{AD8737E0-0568-435D-9116-5084C55C5977}
2012-07-05 09:28:02
d
w- C:\Users\stephen\AppData\Local\{E2BFAB7A-D756-4506-8FA2-09A3AFB2ABC5}
2012-07-04 19:07:10
d
w- C:\Users\stephen\AppData\Local\{987F0EEE-CB24-4AFB-BED6-A25D28042376}
2012-07-04 19:07:00
d
w- C:\Users\stephen\AppData\Local\{981F2565-0C57-4877-B660-BFD531993707}
2012-07-04 05:31:22
d
w- C:\Users\stephen\AppData\Local\{1E85A754-DE6E-4B0E-8C7E-5B85B27FA4B0}
2012-07-04 05:31:12
d
w- C:\Users\stephen\AppData\Local\{8978BBAC-C11B-4F09-93D2-A95FDDFAE275}
2012-07-03 11:41:52
d
w- C:\Users\stephen\AppData\Local\{A43827E6-D0C3-4CC9-852D-23961862E7AE}
2012-07-03 11:41:41
d
w- C:\Users\stephen\AppData\Local\{AE02FE9A-2C82-473C-A073-46C736BA559A}
2012-07-02 21:42:23
d
w- C:\Users\stephen\AppData\Local\{7E7B14C4-87D8-497A-9F56-BAC573F85C2E}
2012-07-02 21:42:12
d
w- C:\Users\stephen\AppData\Local\{7C8583F3-22CA-4EB6-86EF-E7A809DA2D74}
2012-07-02 06:55:24
d
w- C:\Users\stephen\AppData\Local\{7B05E41F-5E41-409D-BF82-48F00B695D85}
2012-07-02 06:55:14
d
w- C:\Users\stephen\AppData\Local\{2FD6C067-2B46-455B-B8AF-BF96695430DC}
2012-07-01 07:53:16
d
w- C:\Users\stephen\AppData\Local\{D601DC68-3197-449E-BEA7-C71858C8F2E9}
2012-07-01 07:53:05
d
w- C:\Users\stephen\AppData\Local\{60A344EA-8F21-40BD-B560-3D2C9B962DE5}
2012-06-30 06:25:39
d
w- C:\Users\stephen\AppData\Local\{44367582-3361-4D4A-B363-86FA2D5DB6E5}
2012-06-30 06:25:28
d
w- C:\Users\stephen\AppData\Local\{C73A2B63-D1F9-493F-AA05-F352037AACAB}
.
==================== Find3M ====================
.
2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr
2012-06-21 16:00:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 16:00:41 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-04 22:07:37 0 ----a-w- C:\Windows\SysWow64\shoBB9A.tmp
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 11:25:12 279656
w- C:\Windows\System32\MpSigStub.exe
2012-05-05 15:33:35 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
.
============= FINISH: 17:27:34.57 ===============0 -
This is certainly suspicious:
uRun: [shtbki] "C:\Windows\System32\rundll32.exe" "C:\Users\stephen\AppData\Roaming\shtbki.dll",Rich CompareBool
Install the free version of MBAM and run a quick scan. see if that gets it. If not we'll use another method.
http://helpdesk.malwarebytes.org/entries/20839693-where-can-i-download-the-latest-version-of-malwarebytes-anti-malware
http://helpdesk.malwarebytes.org/entries/20840058-how-do-i-install-malwarebytes-anti-malware
http://helpdesk.malwarebytes.org/entries/20863072-how-to-run-a-quick-scan0 -
waddler_8
Nothing on quick scan0 -
Your desktop will disappear whilst it deletes temp files, it'll come back on reboot.
Download OTL from here and save it to your Desktop.- Right click OTL.exe & choose "Run as Administrator" to start the program.
- Copy and Paste the following code into the
textbox. Do not include the word Code:
:Reg [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "shtbki"=- :Files C:\Users\stephen\AppData\Roaming\shtbki.dll ipconfig /flushdns /c :Commands [CreateRestorePoint] [EmptyTemp]
- Then click the Run Fix button at the top.
- Click
. - OTL may ask to reboot the machine. Please do so if asked.
- The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
0 -
Not sure if that worked properly sice windows encountered a problem and rebooted itself. It did come up with this on reboot though
Files\Folders moved on Reboot...
C:\Users\stephen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\stephen\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...0 -
Are you still getting warnings from Avast?0
-
Waddler
I think it is working OK now, but it was a bit intermittent before. I will post later to confirm. Thanks for this.
What was happening, hijack & redirection?
Should I remove that link in the first post?
Strange AVAST itself didn't pick it up, although it has just updated.0 -
Yes, it looked as though you were being hijacked & redirected.
Click start > computer > Windows (C:) drive.
Look for the _OTL folder & click through MovedFiles etc until you reach the file: shtbki.dll
Once you know it's there, upload it to VirusTotal.
https://www.virustotal.com/ (Click on choose file > navigate to the file & scan it)
Post a link to the report here.0
This discussion has been closed.
Categories
- All Categories
- 347.2K Banking & Borrowing
- 251.6K Reduce Debt & Boost Income
- 451.8K Spending & Discounts
- 239.5K Work, Benefits & Business
- 615.3K Mortgages, Homes & Bills
- 175.1K Life & Family
- 252.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 15.1K Coronavirus Support Boards