Thanks for the reply.
I spent a lot of time running anti virus, spyware and malware programmes last night - Spyware Doctor picked up and removed a Trojan, as did Hitman Pro - and when I went online this morning the redirect had stopped. I did install Microsoft Security Essentials as another forum suggested that might find something, though as I also have AVG installed I'll removed the Microsoft programme later.
I've followed the steps though and Malwarebytes picked up and removed a Trojan. I did have trouble with GMER - I ran it in both normal and safe mode and both times the computer shut itself down and a blue screen came up saying Windows had to close to prevent damage to the computer. I went through the rest of the steps though and have included the Malwarebytes and DDS logs below, and have attached the Malwarebytes, DDS and Attach logs to this post as the text box wasn't big enough for me to be able to include them all.
Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
03/07/2010 08:12:55
mbam-log-2010-07-03 (08-12-55).txt
Scan type: Quick scan
Objects scanned: 118079
Time elapsed: 12 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hwajepixoxi (Trojan.Agent.U) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Bethan at 9:11:40.20 on 03/07/2010
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1789.853 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
SP: Microsoft Security Essentials *enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\ehome\ehtray.exe
D:\Program Files\WZQKPICK.EXE
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
D:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
D:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Bethan\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.orange.co.uk
uDefault_Page_URL = hxxp://www.orange.co.uk
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Orange Toolbar: {e97b5f2e-ca8e-4d34-bda3-44eec4ed2b12} - c:\program files\orange toolbar uk\ToolbarContainer211.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: Orange Toolbar: {e97b5f2e-ca8e-4d34-bda3-44eec4ed2b12} - c:\program files\orange toolbar uk\ToolbarContainer211.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TouchPadHotKey] c:\program files\fsc\touchpad hotkey utility\TouchPad_HotKey.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\bethan\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - d:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\users\bethan\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - d:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - d:\program files\WZQKPICK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\fsc\wireless utility\WirelessSelector.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\bethan\appdata\roaming\mozilla\firefox\profiles\tltbydfq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\bethan\appdata\roaming\mozilla\firefox\profiles\tltbydfq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\bethan\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast -
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-10 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-4 216200]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver;c:\windows\system32\drivers\avgmfx86.sys [2008-2-23 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-4 242896]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-27 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-1-4 112592]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2007-9-14 456568]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2007-10-26 47616]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
=============== Created Last 30 ================
2010-07-03 07:32:21 93056 ----a-w- C:\ugliipow.sys
2010-07-03 07:29:32 250051986 ----a-w- c:\windows\MEMORY.DMP
2010-07-02 21:43:31 0 d-----w- c:\program files\Microsoft Security Essentials
2010-07-02 19:05:19 478 ----a-w- c:\windows\system32\.crusader
2010-07-02 18:57:15 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-02 18:57:03 0 d-----w- c:\programdata\Hitman Pro
2010-07-02 18:56:52 0 d-----w- c:\program files\Hitman Pro 3.5
2010-07-02 18:23:03 0 d-----w- c:\programdata\Sun
2010-07-02 18:22:30 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 08:12:06 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2010-06-26 08:12:06 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2010-06-26 08:11:23 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-06-26 08:10:34 118520 ----a-w- c:\windows\system32\PxInsI64.exe
2010-06-26 08:10:34 115960 ----a-w- c:\windows\system32\PxCpyI64.exe
==================== Find3M ====================
2010-06-08 02:16:01 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-08 00:21:02 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-06-04 20:20:54 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-03-29 17:03:08 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-03-29 17:03:08 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-29 17:03:08 51200 ----a-w- c:\windows\inf\infpub.dat
2008-12-31 11:14:56 174 --sha-w- c:\program files\desktop.ini
2008-10-19 15:20:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-14 10:31:49 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-03-14 10:31:49 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-03-14 10:31:49 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-09-10 06:27:38 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 9:14:06.20 ===============