We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
can someone look at this hijack log please
Comments
-
it says i cant restore to an earlyer date ???0
-
here is the log , it said at the beinging i hadnt got a "windows recovery console "so i clicked yes to insatll hope that was correct .
ComboFix 09-03-22.01 - tina 2009-03-23 6:43:21.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.498 [GMT 0:00]
Running from: c:\documents and settings\tina\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\katie-louise\Favorites\Videos.url
c:\documents and settings\tina\err.log
c:\windows\system32\MSVolume.dll
c:\windows\winhelp.ini
\install.exe
.
((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.
2024-08-13 08:52 . 2008-04-06 16:39 3,120 --a
c:\windows\MF_C421.lfa
2024-08-13 08:52 . 2008-04-06 16:39 3,120 --a
c:\windows\MF_C420.lfa
2009-03-22 21:39 . 2009-03-22 21:39 <DIR> d
c:\windows\system32\TRAYRES
2009-03-22 21:39 . 2009-03-22 21:39 <DIR> d
c:\program files\SiS VGA Utilities V3.68
2009-03-22 21:31 . 2009-03-22 21:32 1,374 --a
c:\windows\imsins.BAK
2009-03-11 16:27 . 2009-03-11 16:27 <DIR> d--hs---- C:\FOUND.038
2009-03-03 21:14 . 2009-03-03 21:14 <DIR> d
c:\program files\Mozilla Thunderbird
2009-03-03 19:12 . 2009-03-03 19:12 <DIR> d
c:\program files\Registry_Cleaner_Pro
2009-02-28 11:52 . 2009-02-28 11:52 <DIR> d
c:\program files\Common Files\Wise Installation Wizard
2009-02-27 12:21 . 2009-02-27 12:21 <DIR> d
c:\program files\OpenOffice.org 3
2009-02-27 12:21 . 2009-02-27 12:21 <DIR> d
c:\program files\JRE
2009-02-26 21:58 . 2009-02-26 21:58 754 --a
c:\windows\WORDPAD.INI
2009-02-25 20:48 . 2009-02-25 20:48 <DIR> d
c:\program files\VS Revo Group
2009-02-25 07:57 . 2009-01-09 19:19 1,089,593
c:\windows\system32\dllcache\ntprint.cat
2009-02-23 20:37 . 2009-02-23 20:37 <DIR> d
c:\documents and settings\katie-louise\Application Data\SUPERAntiSpyware.com
2009-02-23 17:52 . 2009-02-23 17:52 <DIR> d
c:\program files\Glary Utilities
2009-02-23 17:52 . 2009-02-23 17:52 <DIR> d
c:\program files\AskBarDis
2009-02-23 15:39 . 2009-02-23 15:39 <DIR> d
c:\program files\NCH Swift Sound
2009-02-23 15:39 . 2009-02-23 15:39 <DIR> d
c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-02-23 12:46 . 2009-02-23 12:46 <DIR> d
c:\program files\Avira
2009-02-23 12:46 . 2009-02-23 12:46 <DIR> d
c:\documents and settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 21:48 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-18 10:02 230,432 ----a-w C:\StiImg.dat
2009-02-22 23:01
d
w c:\program files\SUPERAntiSpyware
2009-02-22 23:01
d
w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-22 22:30
d
w c:\program files\Trend Micro
2009-02-22 20:33
d
w c:\program files\Virtools
2009-02-22 20:33
d
w c:\program files\Malwarebytes' Anti-Malware
2009-02-22 20:33
d
w c:\program files\Common Files\Napster Shared
2009-02-22 20:33
d
w c:\program files\Common Files\Adobe AIR
2009-02-22 20:33
d
w c:\program files\Common Files\Adobe
2009-02-22 20:33
d
w c:\program files\BroadJump
2009-02-22 20:33
d
w c:\program files\3DGroove
2009-02-17 09:37
d
w c:\documents and settings\All Users\Application Data\HipSoft
2009-02-16 19:04
d
w c:\documents and settings\Kieran\Application Data\Oberon Games
2009-02-16 19:04
d
w c:\documents and settings\All Users\Application Data\Oberon Games
2009-02-15 11:07
d
w c:\documents and settings\Kieran\Application Data\HP
2009-02-15 11:07
d
w c:\documents and settings\Kieran\Application Data\alot
2009-02-15 11:06
d
w c:\documents and settings\Kieran\Application Data\Virgin Broadband
2009-02-11 17:28
d
w c:\documents and settings\katie-louise\Application Data\alot
2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 13:50
d
w c:\program files\Bonjour
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\WIN32K.SYS
2009-02-09 11:13 1,846,784
w c:\windows\system32\dllcache\win32k.sys
2009-02-05 20:33
d
w c:\program files\Reference Assemblies
2009-02-05 20:33
d
w c:\program files\MSBuild
2009-02-05 19:44
d
w c:\program files\Windows Installer Clean Up
2009-02-05 19:43
d
w c:\program files\MSECACHE
2009-02-05 16:37
d
w c:\program files\iTunes
2009-02-05 16:37
d
w c:\program files\iPod
2009-02-05 16:37
d
w c:\documents and settings\All Users\Application Data\!!3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-05 15:38
d
w c:\program files\iTunes(2)
2009-02-05 15:38
d
w c:\program files\iPod(2)
2009-01-16 21:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2006-10-10 16:10 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-09-08 08:09 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090820080909\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-01-24 2037240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 148888]
"SiSPower"="SiSPower.dll" [2005-07-13 c:\windows\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 c:\windows\soundman.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-06-06 c:\windows\sm56hlpr.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\tina\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
broadband medic.lnk - c:\program files\ntl\broadband medic\bin\matcli.exe [2006-09-06 217088]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-09-01 262144]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 DOSMEMIO;MEMIO;\??\e:\memio.sys --> e:\MEMIO.SYS [?]
S3 PAC207;SoC [email]PC-Camer@;c:\windows\system32\drivers\PFC027.sys[/email] [2005-02-24 162176]
S4 !!!!!!!!!! Monthly Subscription Service;!!!!!!!!!! Monthly Subscription Service;c:\program files\Common Files\!!!!!!!!!! Shared\Service\!!!!!!!!!! Monthly Subscription Service File.exe [2006-11-07 68096]
S4 !!!!!!!!!! Subscription Service;!!!!!!!!!! Subscription Service;c:\program files\Common Files\!!!!!!!!!! Shared\Service\!!!!!!!!!! Subscription Service File.exe [2006-11-07 68096]
S4 Hprtfeh3ahive;Hprtfeh3ahive; [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder
2009-03-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUp.exe [2007-10-19 11:20]
2009-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-02-12 17:10]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
WebBrowser-{A6E4A4EB-D169-4E99-8988-250FCBAFE767} - (no file)
WebBrowser-!!3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
.
Supplementary Scan
.
uInternet Connection Wizard,ShellNext = iexplore
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 06:44:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(500)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-23 6:45:40
ComboFix-quarantined-files.txt 2009-03-23 06:45:40
Pre-Run: 45,323,845,632 bytes free
Post-Run: 45,917,765,632 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
193 --- E O F --- 2009-03-22 21:34:150 -
Manually delete ~
c:\program files\AskBarDis
Goto ~
C:\FOUND.038
And please tell me what it is? (Type of file, if its a folder whats in it etc)
Whats this? ~
e:\MEMIO.SYS
Download KILLBOX
Copy the text below in red
c:\windows\MF_C421.lfa
c:\windows\MF_C420.lfa
c:\windows\imsins.BAK
c:\windows\system32\deploytk.dll
C:\StiImg.dat
Run the KillBox and choose File -> Paste from Clipboard.
Check the Delete on Reboot option and click the X. Confirm and let it restart.:idea:0 -
aliEnrik , thankyou for you help but how do i manually delete??
if fact how do i do all you said sorry im lost ??0 -
Manually delete ~
c:\program files\AskBarDis
Goto C drive through MY COMPUTER
PROGRAMS and right click and delete the ASKBARDIS folderGoto ~
C:\FOUND.038
And please tell me what it is? (Type of file, if its a folder whats in it etc)
Simply open C drive and tell me what the file/folder DOUND.038 is all about (if you can)
Well first up ~ what IS 'E' drive (dvd player?)Whats this? ~
e:\MEMIO.SYS
And what was in E drive when you used combofixDownload KILLBOX
Copy the text below in red
c:\windows\MF_C421.lfa
c:\windows\MF_C420.lfa
c:\windows\imsins.BAK
c:\windows\system32\deploytk.dll
C:\StiImg.dat
Run the KillBox and choose File -> Paste from Clipboard.
Check the Delete on Reboot option and click the X. Confirm and let it restart.
Download KILLBOX via the link (simply click KILLBOX I originally posted)
Highlight all the files I posted in red
RIGHT click and COPY
Run KILLBOX and follow the instructions I posted
:idea:0 -
askbardis is the ASK toolbar which has presumably been uninstalled as its no longer in the log (And uses resources when it does run):idea:0
-
i tried to download this but this comes up :Goto C drive through MY COMPUTER
PROGRAMS and right click and delete the ASKBARDIS folder
Done this
Simply open C drive and tell me what the file/folder DOUND.038 is all about (if you can)
Can't find this
Well first up ~ what IS 'E' drive (dvd player?)
And what was in E drive when you used combofix
This is DVD RW nothing was in it
Download KILLBOX via the link (simply click KILLBOX I originally posted)
Highlight all the files I posted in red
RIGHT click and COPY
Run KILLBOX and follow the instructions I posted
X Component "MSCOMCTL.OCX " or one of it's depedencies not correctly registered : a file is missing or invalid.0 -
-
ment FOUND.038 by the way (spelt wrong when I posted again):idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.2K Banking & Borrowing
- 254.3K Reduce Debt & Boost Income
- 455.3K Spending & Discounts
- 247.1K Work, Benefits & Business
- 603.8K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards