We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

A Slow Vista Laptop - Hijack log attached

13»

Comments

  • jasmin10
    jasmin10 Posts: 905 Forumite
    ok, so what would you suggest I do Alienrik?

    (I will update Java too)
    TopCashback £1792.63
    My Little World
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Give it a COMPLETE SCAN with superantispyware
    Then goto console and LOGS and post the log it created

    then ~
    * Download DDS and save it to your desktop.

    http://download.bleepingcomputer.com/sUBs/dds.scr

    * Double click on the DDS icon, allow it to run.
    * A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    * Notepad will open with the results.
    * Follow the instructions that pop up for posting the results.
    * Close the program window, and delete the program from your desktop.
    :idea:
  • jasmin10
    jasmin10 Posts: 905 Forumite
    I had already done Superantispyware this morning. This is the log


    Generated 04/19/2009 at 01:38 AM
    Application Version : 4.15.1000
    Core Rules Database Version : 3793
    Trace Rules Database Version: 1749
    Scan type : Quick Scan
    Total Scan Time : 00:40:23
    Memory items scanned : 212
    Memory threats detected : 0
    Registry items scanned : 416
    Registry threats detected : 0
    File items scanned : 23567
    File threats detected : 0


    I will now do DDS.
    TopCashback £1792.63
    My Little World
  • jasmin10
    jasmin10 Posts: 905 Forumite
    DDS log:

    DDS (Ver_09-03-16.01) - NTFSx86
    Run by abc at 18:17:47.46 on 19/04/2009
    Internet Explorer: 7.0.6001.18000
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1042 [GMT 1:00]
    AV: COMODO Antivirus *On-access scanning enabled* (Updated)
    FW: COMODO Firewall *enabled*
    ============== Running Processes ===============
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\BigFix\bigfix.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\CSHelper.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\SJF Office Solutions\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.co.uk/ig?hl=en
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MT6839B
    mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MT6839B
    mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=MT6839B
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [eyeBeam SIP Client]
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
    mRun: [BigFix] c:\program files\bigfix\bigfix.exe /atstartup
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: three.co.uk\my3
    DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    ============= SERVICES / DRIVERS ===============
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-4-8 108560]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-4-8 28688]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 55024]
    R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-4-11 266240]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    =============== Created Last 30 ================
    2009-04-19 10:54 318,976 a
    c:\windows\system32\CF26931.exe
    2009-04-19 10:53 318,976 a
    c:\windows\system32\cmd.execf
    2009-04-19 10:51 318,976 a
    c:\windows\system32\CF26219.exe
    2009-04-19 10:49 <DIR> --d
    C:\32788R22FWJFW.2.tmp
    2009-04-19 10:48 190 a
    C:\Start_.cmd
    2009-04-19 10:48 318,976 a
    c:\windows\system32\CF25863.exe
    2009-04-19 10:47 <DIR> --d
    C:\32788R22FWJFW.1.tmp
    2009-04-19 10:42 318,976 a
    c:\windows\system32\CF24759.exe
    2009-04-19 10:42 <DIR> --d
    C:\32788R22FWJFW.0.tmp
    2009-04-19 10:41 318,976 a
    c:\windows\system32\CF24508.exe
    2009-04-19 01:46 <DIR> --d
    c:\windows\pss
    2009-04-19 00:27 96,760 a
    c:\windows\system32\dfshim.dll
    2009-04-19 00:27 282,112 a
    c:\windows\system32\mscoree.dll
    2009-04-19 00:27 41,984 a
    c:\windows\system32\netfxperf.dll
    2009-04-19 00:26 158,720 a
    c:\windows\system32\mscorier.dll
    2009-04-19 00:26 83,968 a
    c:\windows\system32\mscories.dll
    2009-04-18 22:32 <DIR> --d
    c:\users\sjfoff~1\appdata\roaming\Malwarebytes
    2009-04-18 22:32 15,504 a
    c:\windows\system32\drivers\mbam.sys
    2009-04-18 22:32 38,496 a
    c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-18 22:31 <DIR> --d
    c:\programdata\Malwarebytes
    2009-04-18 22:31 <DIR> --d
    c:\progra~2\Malwarebytes
    2009-04-18 22:31 <DIR> --d
    c:\program files\Malwarebytes' Anti-Malware
    2009-04-18 17:54 <DIR> --d
    c:\program files\Trend Micro
    2009-04-15 23:04 <DIR> --d
    c:\users\sjf office solutions\Tracing
    2009-04-15 22:58 <DIR> --d
    c:\program files\common files\Windows Live
    2009-04-11 11:41 225,280 a
    c:\windows\system32\CSInstru.DLL
    2009-04-11 11:41 266,240 a
    c:\windows\system32\CSHelper.exe
    2009-04-08 17:02 155,384 a
    c:\windows\system32\guard32.dll
    2009-04-08 17:02 108,560 a
    c:\windows\system32\drivers\cmdguard.sys
    2009-04-08 17:02 28,688 a
    c:\windows\system32\drivers\cmdhlp.sys
    2009-04-08 17:02 <DIR> --d
    c:\programdata\Comodo
    2009-04-08 17:02 <DIR> --d
    c:\progra~2\Comodo
    2009-04-08 16:36 <DIR> --d
    c:\windows\PCHEALTH
    2009-03-29 11:19 <DIR> --d
    c:\program files\Unity
    ==================== Find3M ====================
    2009-04-19 14:08 1,660 a
    c:\windows\bthservsdp.dat
    2009-04-08 17:03 143,360 a
    c:\windows\inf\infstrng.dat
    2009-04-08 17:03 51,200 a
    c:\windows\inf\infpub.dat
    2009-04-08 17:03 86,016 a
    c:\windows\inf\infstor.dat
    2009-03-17 04:38 40,960 a
    c:\windows\apppatch\apihex86.dll
    2009-03-17 04:38 13,824 a
    c:\windows\system32\apilogen.dll
    2009-03-17 04:38 24,064 a
    c:\windows\system32\amxread.dll
    2009-03-03 05:46 3,599,328 a
    c:\windows\system32\ntkrnlpa.exe
    2009-03-03 05:46 3,547,632 a
    c:\windows\system32\ntoskrnl.exe
    2009-03-03 05:40 827,392 a
    c:\windows\system32\wininet.dll
    2009-03-03 05:39 183,296 a
    c:\windows\system32\sdohlp.dll
    2009-03-03 05:39 551,424 a
    c:\windows\system32\rpcss.dll
    2009-03-03 05:39 26,112 a
    c:\windows\system32\printfilterpipelineprxy.dll
    2009-03-03 05:37 78,336 a
    c:\windows\system32\ieencode.dll
    2009-03-03 05:37 98,304 a
    c:\windows\system32\iasrecst.dll
    2009-03-03 05:37 54,784 a
    c:\windows\system32\iasads.dll
    2009-03-03 05:37 44,032 a
    c:\windows\system32\iasdatastore.dll
    2009-03-03 04:04 666,624 a
    c:\windows\system32\printfilterpipelinesvc.exe
    2009-03-03 03:38 17,408 a
    c:\windows\system32\iashost.exe
    2009-03-03 03:28 26,624 a
    c:\windows\system32\ieUnatt.exe
    2009-02-13 09:49 72,704 a
    c:\windows\system32\secur32.dll
    2009-02-13 09:49 1,255,936 a
    c:\windows\system32\lsasrv.dll
    2009-02-09 04:10 2,033,152 a
    c:\windows\system32\win32k.sys
    2008-12-17 18:31 174 a--sh--- c:\program files\desktop.ini
    2008-12-17 18:14 665,600 a
    c:\windows\inf\drvindex.dat
    2008-04-22 16:24 100,952 a
    c:\users\sjfoff~1\appdata\roaming\GDIPFONTCACHEV1.DAT
    2008-03-05 09:43 136 a
    c:\users\sjfoff~1\appdata\roaming\wklnhst.dat
    2007-09-25 23:10 6,468 a
    c:\program files\netgear.cfg
    2006-11-02 13:42 287,440 a
    c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 13:42 287,440 a
    c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 13:42 30,674 a
    c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 13:42 30,674 a
    c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 10:20 287,440 a
    c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:20 287,440 a
    c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:20 30,674 a
    c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:20 30,674 a
    c:\windows\inf\perflib\0000\perfc.dat
    2009-01-01 19:26 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2009-01-01 19:26 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2009-01-01 19:26 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
    ============= FINISH: 18:19:30.71 ===============
    TopCashback £1792.63
    My Little World
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    jasmin10 wrote: »
    I had already done Superantispyware this morning. This is the log


    Generated 04/19/2009 at 01:38 AM
    Application Version : 4.15.1000
    Core Rules Database Version : 3793
    Trace Rules Database Version: 1749
    Scan type : Quick Scan
    Total Scan Time : 00:40:23
    Memory items scanned : 212
    Memory threats detected : 0
    Registry items scanned : 416
    Registry threats detected : 0
    File items scanned : 23567
    File threats detected : 0


    I will now do DDS.

    I did ask for a COMPLETE scan
    :idea:
  • jasmin10
    jasmin10 Posts: 905 Forumite
    oh was that not the right log. When I stayed up last night and did a full scan that lasted over an hour. I then go to view log file and that was what was there, am I looking in the wrong place? Is the DDS one ok.

    Sorry just noticed that it was the wrong log as it says quick scan on it. I obviously selectedc the wrong one. I will do it now.
    TopCashback £1792.63
    My Little World
  • jasmin10
    jasmin10 Posts: 905 Forumite
    Heres the complete scan for antiwotsit.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 04/19/2009 at 08:35 PM
    Application Version : 4.15.1000
    Core Rules Database Version : 3793
    Trace Rules Database Version: 1749
    Scan type : Complete Scan
    Total Scan Time : 00:50:28
    Memory items scanned : 431
    Memory threats detected : 0
    Registry items scanned : 6569
    Registry threats detected : 0
    File items scanned : 27068
    File threats detected : 0


    It did come back saying nothing found.
    TopCashback £1792.63
    My Little World
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    I cant see anything in the log. Id say your ok to go (Though im still curious as to why combofix fails to run)
    :idea:
  • jasmin10
    jasmin10 Posts: 905 Forumite
    Great thank you for all your help
    TopCashback £1792.63
    My Little World
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.5K Banking & Borrowing
  • 253.7K Reduce Debt & Boost Income
  • 454.5K Spending & Discounts
  • 245.5K Work, Benefits & Business
  • 601.5K Mortgages, Homes & Bills
  • 177.6K Life & Family
  • 259.5K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture