We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Hijack log can anyone help laptop that has started freezing?
Comments
-
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-03 148888]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-07 29744]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a6,49,36,3c,b0,eb,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{43597A08-21ED-471C-AE18-6998A0F6D651}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3BA6AD5F-B5C4-4A70-9B1E-DA764E2474B9}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [04/06/2009 12:50 114768]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [04/06/2009 10:25 20384]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [04/06/2009 12:50 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [04/06/2009 12:49 51792]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/04/2008 00:19 40960]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [24/04/2008 10:21 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [06/02/2008 14:12 126976]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 16:28 1533808]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [07/08/2008 17:24 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [25/08/2008 09:58 77824]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [04/06/2009 22:14 33176]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [07/08/2008 17:54 29744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [04/06/2009 10:24 954368]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 18:37
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????5`?u??P?#?x?#???#???#??
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-06 18:39
ComboFix-quarantined-files.txt 2009-07-06 17:39
ComboFix2.txt 2009-07-06 15:32
Pre-Run: 48,205,160,448 bytes free
Post-Run: 48,182,497,280 bytes free
248 --- E O F --- 2009-07-06 13:39:j Was married 2nd october 2009 to the most wonderful man possible:j
DD 1994, DS 1996 AND DS 1997
Lost 3st 5lb with Slimming world so far!!0 -
Then you need to find where combofix is stored (Presumably C\stefanie_darby\downloads\combofix):idea:0
-
I found the combofix where you said and have managed to save it to the start menu i cant find how to save it to desktop or how to save the cfscript to desktop so i can drag and drop.
I tried to open them both and minimise in to tray to see if i could do it that way but it just ran the combofix. While it was running sunbelt kept popping up saying that something was wrong with the qwerty.exe, is this correct?
If not i would appreciate help in what i am doing as i am at a total loss and have a short patience scan at best. Your help is extremely gratefully received even if i do appear to be a dim wit most of the time.:j Was married 2nd october 2009 to the most wonderful man possible:j
DD 1994, DS 1996 AND DS 1997
Lost 3st 5lb with Slimming world so far!!0 -
No need to put it on the desktop
Simply save the "CFScript" txt file (as posted above) and DRAG it ONTO the combofix (qwerty.exe) icon to start it up:idea:0 -
Well im guessing that when they were both minimised in the tray it has done what was needed, a scan has been completed however i cant post it on here as i cant access internet (am using OH's lappy) i have a box come up on screen now saying
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Illegal operation attempted on a registry key that has been marked for deletion.
Guessing at this point iv !!!!!!ed up somewhere?:j Was married 2nd october 2009 to the most wonderful man possible:j
DD 1994, DS 1996 AND DS 1997
Lost 3st 5lb with Slimming world so far!!0 -
Uninstall comodo and switch on windows firewall:idea:0
-
have searched pc and cant get anything for commodo and windows fire wall is now on.:j Was married 2nd october 2009 to the most wonderful man possible:j
DD 1994, DS 1996 AND DS 1997
Lost 3st 5lb with Slimming world so far!!0 -
Have attempted the drag and drop again and it is now saying i cant use combofix as qwerty, where as previously i had to change it to qwerty, am so confused by all this.:j Was married 2nd october 2009 to the most wonderful man possible:j
DD 1994, DS 1996 AND DS 1997
Lost 3st 5lb with Slimming world so far!!0 -
stef240377 wrote: »have searched pc and cant get anything for commodo and windows fire wall is now on.
forget the drag and drop bit (Have you not already run that anyways??)
IS comodo no longer running on your system? (It should be bottom right in the control panel):idea:0 -
No commodo in bottom ride hand screen, start menu, desktop of re/uninstall programs. Have even typed in for it to find it to no avail.:j Was married 2nd october 2009 to the most wonderful man possible:j
DD 1994, DS 1996 AND DS 1997
Lost 3st 5lb with Slimming world so far!!0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 354.3K Banking & Borrowing
- 254.4K Reduce Debt & Boost Income
- 455.3K Spending & Discounts
- 247.2K Work, Benefits & Business
- 603.9K Mortgages, Homes & Bills
- 178.4K Life & Family
- 261.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.7K Read-Only Boards