We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
can someone look at this hijack log please
Comments
-
no still cant download it ??0
-
Copy the text below in red
File::
c:\windows\MF_C421.lfa
c:\windows\MF_C420.lfa
c:\windows\imsins.BAK
c:\windows\system32\deploytk.dll
C:\StiImg.dat
Open NOTEPAD and paste the text inside
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply:idea:0 -
ComboFix 09-03-22.01 - tina 2009-03-23 13:58:51.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.549 [GMT 0:00]
Running from: c:\documents and settings\tina\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\tina\My Documents\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
C:\StiImg.dat
c:\windows\imsins.BAK
c:\windows\MF_C420.lfa
c:\windows\MF_C421.lfa
c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\StiImg.dat
c:\windows\imsins.BAK
c:\windows\MF_C420.lfa
c:\windows\MF_C421.lfa
c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.
2009-03-22 21:39 . 2009-03-22 21:39 <DIR> d
c:\windows\system32\TRAYRES
2009-03-22 21:39 . 2009-03-22 21:39 <DIR> d
c:\program files\SiS VGA Utilities V3.68
2009-03-11 16:27 . 2009-03-11 16:27 <DIR> d--hs---- C:\FOUND.038
2009-03-03 21:14 . 2009-03-03 21:14 <DIR> d
c:\program files\Mozilla Thunderbird
2009-03-03 19:12 . 2009-03-03 19:12 <DIR> d
c:\program files\Registry_Cleaner_Pro
2009-02-28 11:52 . 2009-02-28 11:52 <DIR> d
c:\program files\Common Files\Wise Installation Wizard
2009-02-27 12:21 . 2009-02-27 12:21 <DIR> d
c:\program files\OpenOffice.org 3
2009-02-27 12:21 . 2009-02-27 12:21 <DIR> d
c:\program files\JRE
2009-02-26 21:58 . 2009-02-26 21:58 754 --a
c:\windows\WORDPAD.INI
2009-02-25 20:48 . 2009-02-25 20:48 <DIR> d
c:\program files\VS Revo Group
2009-02-25 07:57 . 2009-01-09 19:19 1,089,593
c:\windows\system32\dllcache\ntprint.cat
2009-02-23 20:37 . 2009-02-23 20:37 <DIR> d
c:\documents and settings\katie-louise\Application Data\SUPERAntiSpyware.com
2009-02-23 17:52 . 2009-02-23 17:52 <DIR> d
c:\program files\Glary Utilities
2009-02-23 15:39 . 2009-02-23 15:39 <DIR> d
c:\program files\NCH Swift Sound
2009-02-23 15:39 . 2009-02-23 15:39 <DIR> d
c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-02-23 12:46 . 2009-02-23 12:46 <DIR> d
c:\program files\Avira
2009-02-23 12:46 . 2009-02-23 12:46 <DIR> d
c:\documents and settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 23:01
d
w c:\program files\SUPERAntiSpyware
2009-02-22 23:01
d
w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-22 22:30
d
w c:\program files\Trend Micro
2009-02-22 20:33
d
w c:\program files\Virtools
2009-02-22 20:33
d
w c:\program files\Malwarebytes' Anti-Malware
2009-02-22 20:33
d
w c:\program files\Common Files\Napster Shared
2009-02-22 20:33
d
w c:\program files\Common Files\Adobe AIR
2009-02-22 20:33
d
w c:\program files\Common Files\Adobe
2009-02-22 20:33
d
w c:\program files\BroadJump
2009-02-22 20:33
d
w c:\program files\3DGroove
2009-02-17 09:37
d
w c:\documents and settings\All Users\Application Data\HipSoft
2009-02-16 19:04
d
w c:\documents and settings\Kieran\Application Data\Oberon Games
2009-02-16 19:04
d
w c:\documents and settings\All Users\Application Data\Oberon Games
2009-02-15 11:07
d
w c:\documents and settings\Kieran\Application Data\HP
2009-02-15 11:07
d
w c:\documents and settings\Kieran\Application Data\alot
2009-02-15 11:06
d
w c:\documents and settings\Kieran\Application Data\Virgin Broadband
2009-02-11 17:28
d
w c:\documents and settings\katie-louise\Application Data\alot
2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 13:50
d
w c:\program files\Bonjour
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\WIN32K.SYS
2009-02-09 11:13 1,846,784
w c:\windows\system32\dllcache\win32k.sys
2009-02-05 20:33
d
w c:\program files\Reference Assemblies
2009-02-05 20:33
d
w c:\program files\MSBuild
2009-02-05 19:44
d
w c:\program files\Windows Installer Clean Up
2009-02-05 19:43
d
w c:\program files\MSECACHE
2009-02-05 16:37
d
w c:\program files\iTunes
2009-02-05 16:37
d
w c:\program files\iPod
2009-02-05 16:37
d
w c:\documents and settings\All Users\Application Data\!!3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-05 15:38
d
w c:\program files\iTunes(2)
2009-02-05 15:38
d
w c:\program files\iPod(2)
2009-01-16 21:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2006-10-10 16:10 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-09-08 08:09 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090820080909\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-23_ 6.44.49.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-23 06:51:52 16,384 ----a-w c:\windows\temp\Perflib_Perfdata_5a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-01-24 2037240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 148888]
"SiSPower"="SiSPower.dll" [2005-07-13 c:\windows\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 c:\windows\soundman.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-06-06 c:\windows\sm56hlpr.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\tina\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
broadband medic.lnk - c:\program files\ntl\broadband medic\bin\matcli.exe [2006-09-06 217088]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-09-01 262144]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 DOSMEMIO;MEMIO;\??\e:\memio.sys --> e:\MEMIO.SYS [?]
S3 PAC207;SoC [email]PC-Camer@;c:\windows\system32\drivers\PFC027.sys[/email] [2005-02-24 162176]
S4 !!!!!!!!!! Monthly Subscription Service;!!!!!!!!!! Monthly Subscription Service;c:\program files\Common Files\!!!!!!!!!! Shared\Service\!!!!!!!!!! Monthly Subscription Service File.exe [2006-11-07 68096]
S4 !!!!!!!!!! Subscription Service;!!!!!!!!!! Subscription Service;c:\program files\Common Files\!!!!!!!!!! Shared\Service\!!!!!!!!!! Subscription Service File.exe [2006-11-07 68096]
S4 Hprtfeh3ahive;Hprtfeh3ahive; [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder
2009-03-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUp.exe [2007-10-19 11:20]
2009-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-02-12 17:10]
.
.
Supplementary Scan
.
uInternet Connection Wizard,ShellNext = iexplore
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 13:59:48
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(500)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-23 14:00:52
ComboFix-quarantined-files.txt 2009-03-23 14:00:50
ComboFix4.txt 2009-03-23 06:45:42
ComboFix3.txt 2009-03-23 13:39:50
ComboFix2.txt 2009-03-23 13:53:26
Pre-Run: 45,852,557,312 bytes free
Post-Run: 45,842,726,912 bytes free
190 --- E O F --- 2009-03-22 21:34:150 -
Copy the following text in red
Folder::
C:\FOUND.038
Then do the same as above ~
Open NOTEPAD and paste the text inside
Save this as "CFScript" etc:idea:0 -
ComboFix 09-03-22.01 - tina 2009-03-23 16:11:25.5 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.519 [GMT 0:00]
Running from: c:\documents and settings\tina\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\tina\My Documents\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\FOUND.038
c:\found.038\FILE0000.CHK
.
((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.
2009-03-22 21:39 . 2009-03-22 21:39 <DIR> d
c:\windows\system32\TRAYRES
2009-03-22 21:39 . 2009-03-22 21:39 <DIR> d
c:\program files\SiS VGA Utilities V3.68
2009-03-03 21:14 . 2009-03-03 21:14 <DIR> d
c:\program files\Mozilla Thunderbird
2009-03-03 19:12 . 2009-03-03 19:12 <DIR> d
c:\program files\Registry_Cleaner_Pro
2009-02-28 11:52 . 2009-02-28 11:52 <DIR> d
c:\program files\Common Files\Wise Installation Wizard
2009-02-27 12:21 . 2009-02-27 12:21 <DIR> d
c:\program files\OpenOffice.org 3
2009-02-27 12:21 . 2009-02-27 12:21 <DIR> d
c:\program files\JRE
2009-02-26 21:58 . 2009-02-26 21:58 754 --a
c:\windows\WORDPAD.INI
2009-02-25 20:48 . 2009-02-25 20:48 <DIR> d
c:\program files\VS Revo Group
2009-02-25 07:57 . 2009-01-09 19:19 1,089,593
c:\windows\system32\dllcache\ntprint.cat
2009-02-23 20:37 . 2009-02-23 20:37 <DIR> d
c:\documents and settings\katie-louise\Application Data\SUPERAntiSpyware.com
2009-02-23 17:52 . 2009-02-23 17:52 <DIR> d
c:\program files\Glary Utilities
2009-02-23 15:39 . 2009-02-23 15:39 <DIR> d
c:\program files\NCH Swift Sound
2009-02-23 15:39 . 2009-02-23 15:39 <DIR> d
c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-02-23 12:46 . 2009-02-23 12:46 <DIR> d
c:\program files\Avira
2009-02-23 12:46 . 2009-02-23 12:46 <DIR> d
c:\documents and settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 23:01
d
w c:\program files\SUPERAntiSpyware
2009-02-22 23:01
d
w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-22 22:30
d
w c:\program files\Trend Micro
2009-02-22 20:33
d
w c:\program files\Virtools
2009-02-22 20:33
d
w c:\program files\Malwarebytes' Anti-Malware
2009-02-22 20:33
d
w c:\program files\Common Files\Napster Shared
2009-02-22 20:33
d
w c:\program files\Common Files\Adobe AIR
2009-02-22 20:33
d
w c:\program files\Common Files\Adobe
2009-02-22 20:33
d
w c:\program files\BroadJump
2009-02-22 20:33
d
w c:\program files\3DGroove
2009-02-17 09:37
d
w c:\documents and settings\All Users\Application Data\HipSoft
2009-02-16 19:04
d
w c:\documents and settings\Kieran\Application Data\Oberon Games
2009-02-16 19:04
d
w c:\documents and settings\All Users\Application Data\Oberon Games
2009-02-15 11:07
d
w c:\documents and settings\Kieran\Application Data\HP
2009-02-15 11:07
d
w c:\documents and settings\Kieran\Application Data\alot
2009-02-15 11:06
d
w c:\documents and settings\Kieran\Application Data\Virgin Broadband
2009-02-11 17:28
d
w c:\documents and settings\katie-louise\Application Data\alot
2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-10 13:50
d
w c:\program files\Bonjour
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\WIN32K.SYS
2009-02-09 11:13 1,846,784
w c:\windows\system32\dllcache\win32k.sys
2009-02-05 20:33
d
w c:\program files\Reference Assemblies
2009-02-05 20:33
d
w c:\program files\MSBuild
2009-02-05 19:44
d
w c:\program files\Windows Installer Clean Up
2009-02-05 19:43
d
w c:\program files\MSECACHE
2009-02-05 16:37
d
w c:\program files\iTunes
2009-02-05 16:37
d
w c:\program files\iPod
2009-02-05 16:37
d
w c:\documents and settings\All Users\Application Data\!!3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-05 15:38
d
w c:\program files\iTunes(2)
2009-02-05 15:38
d
w c:\program files\iPod(2)
2009-01-16 21:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2006-10-10 16:10 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-09-08 08:09 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090820080909\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-23_ 6.44.49.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-23 06:51:52 16,384 ----a-w c:\windows\temp\Perflib_Perfdata_5a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-09 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-01-24 2037240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-22 148888]
"SiSPower"="SiSPower.dll" [2005-07-13 c:\windows\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 c:\windows\soundman.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-06-06 c:\windows\sm56hlpr.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\tina\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
broadband medic.lnk - c:\program files\ntl\broadband medic\bin\matcli.exe [2006-09-06 217088]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-09-01 262144]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 DOSMEMIO;MEMIO;\??\e:\memio.sys --> e:\MEMIO.SYS [?]
S3 PAC207;SoC [email]PC-Camer@;c:\windows\system32\drivers\PFC027.sys[/email] [2005-02-24 162176]
S4 !!!!!!!!!! Monthly Subscription Service;!!!!!!!!!! Monthly Subscription Service;c:\program files\Common Files\!!!!!!!!!! Shared\Service\!!!!!!!!!! Monthly Subscription Service File.exe [2006-11-07 68096]
S4 !!!!!!!!!! Subscription Service;!!!!!!!!!! Subscription Service;c:\program files\Common Files\!!!!!!!!!! Shared\Service\!!!!!!!!!! Subscription Service File.exe [2006-11-07 68096]
S4 Hprtfeh3ahive;Hprtfeh3ahive; [x]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - INT15.SYS
.
Contents of the 'Scheduled Tasks' folder
2009-03-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUp.exe [2007-10-19 11:20]
2009-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-02-12 17:10]
.
.
Supplementary Scan
.
uInternet Connection Wizard,ShellNext = iexplore
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-23 16:12:23
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(500)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-23 16:13:27
ComboFix-quarantined-files.txt 2009-03-23 16:13:26
ComboFix4.txt 2009-03-23 13:39:50
ComboFix3.txt 2009-03-23 13:53:26
ComboFix5.txt 2009-03-23 16:11:06
ComboFix2.txt 2009-03-23 14:00:54
Pre-Run: 45,777,321,984 bytes free
Post-Run: 45,766,737,920 bytes free
181 --- E O F --- 2009-03-22 21:34:150 -
Ok ~ I dont suppose any of this has helped sort out any of the original problems has it?:idea:0
-
no it hasn't
0 -
I suspect the infections have caused all this. Any chance you can try one last restore?:idea:0
-
yesterday i restored right back to 3rd march if a go back anymore on the 28th feb i installed malware and installed windows programmes etc......will i lose all this what i did ??
and on the 25th feb i used revo to uninstall loads of stuff will this be effected ??0 -
Best leave the restore just in case
Can you update and run a FULL malwarebytes scan please?
(Full AVIRA one wouldnt go amiss either):idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.2K Banking & Borrowing
- 254.3K Reduce Debt & Boost Income
- 455.3K Spending & Discounts
- 247.2K Work, Benefits & Business
- 603.8K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards