We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Trojan - Hijack This log

Options
2»

Comments

  • sufcjam
    sufcjam Posts: 39 Forumite
    aliEnRIK wrote: »
    Id guess spyhunter is a BS program. Id get rid of it if I were you. Anything that scans then asks you to pay is usually dodgy as hell

    To check more thoroughly have a scan with COMBOFIX
    Post the log here afterwards

    Cheers, yeah got shut of spyhunter. Spybot had it coming up as malware!

    here's the combofix log:

    ComboFix 09-03-06.02 - Compaq_Owner 2009-03-08 20:28:32.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.539 [GMT 0:00]
    Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
    AV: Norton Internet Security *On-access scanning disabled* (Updated)
    FW: Norton Internet Security *enabled*
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\kmd.exe
    .
    ((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 )))))))))))))))))))))))))))))))
    .
    2009-03-08 19:45 . 2009-03-08 19:51 <DIR> d
    c:\documents and settings\All Users\Application Data\avg8
    2009-03-08 19:23 . 2008-06-10 21:22 81,288
    c:\windows\system32\drivers\iksyssec.sys
    2009-03-08 19:23 . 2008-06-02 15:19 66,952
    c:\windows\system32\drivers\iksysflt.sys
    2009-03-08 19:23 . 2008-06-02 15:19 42,376
    c:\windows\system32\drivers\ikfilesec.sys
    2009-03-08 19:23 . 2008-06-02 15:19 29,576 --a
    c:\windows\system32\drivers\kcom.sys
    2009-03-08 19:22 . 2009-03-08 20:26 <DIR> d
    c:\program files\Spyware Doctor
    2009-03-08 19:22 . 2009-03-08 19:22 <DIR> d
    c:\documents and settings\Compaq_Owner\Application Data\PC Tools
    2009-03-07 00:56 . 2009-03-07 00:56 1,355 --a
    c:\windows\imsins.BAK
    2009-03-07 00:50 . 2009-01-09 19:19 1,089,593
    c:\windows\system32\dllcache\ntprint.cat
    2009-03-07 00:34 . 2009-03-08 19:54 1,065 --a
    c:\windows\system32\BIN_STRSBW.SPT
    2009-03-06 19:39 . 2009-03-06 19:39 <DIR> d
    c:\documents and settings\Compaq_Owner\Application Data\TrojanHunter
    2009-03-06 17:48 . 2009-03-06 17:50 <DIR> d
    c:\program files\WinClamAVShield
    2009-03-05 21:59 . 2009-03-05 21:59 <DIR> d
    c:\program files\Trend Micro
    2009-03-05 21:30 . 2009-03-05 21:30 <DIR> d
    c:\program files\Malwarebytes' Anti-Malware
    2009-03-05 21:30 . 2009-03-05 21:30 <DIR> d
    c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
    2009-03-05 21:30 . 2009-03-05 21:30 <DIR> d
    c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-05 21:30 . 2009-02-11 10:19 38,496 --a
    c:\windows\system32\drivers\mbamswissarmy.sys
    2009-03-05 21:30 . 2009-02-11 10:19 15,504 --a
    c:\windows\system32\drivers\mbam.sys
    2009-03-05 21:05 . 2009-03-05 21:05 <DIR> d
    c:\windows\system32\XPSViewer
    2009-03-05 21:05 . 2009-03-05 21:05 <DIR> d
    c:\program files\MSBuild
    2009-03-05 21:04 . 2009-03-05 21:04 <DIR> d
    c:\program files\Reference Assemblies
    2009-03-05 21:02 . 2009-03-05 21:04 <DIR> d
    C:\2962eded6c0d0d716e37
    2009-03-05 21:02 . 2008-07-06 12:06 1,676,288
    c:\windows\system32\xpssvcs.dll
    2009-03-05 21:02 . 2008-07-06 12:06 1,676,288
    c:\windows\system32\dllcache\xpssvcs.dll
    2009-03-05 21:02 . 2008-07-06 10:50 597,504
    c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-03-05 21:02 . 2008-07-06 12:06 575,488
    c:\windows\system32\xpsshhdr.dll
    2009-03-05 21:02 . 2008-07-06 12:06 575,488
    c:\windows\system32\dllcache\xpsshhdr.dll
    2009-03-05 21:02 . 2008-07-06 12:06 117,760
    c:\windows\system32\prntvpt.dll
    2009-03-05 21:02 . 2008-07-06 12:06 89,088
    c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-03-05 21:01 . 2009-03-05 21:23 <DIR> d
    c:\windows\SxsCaPendDel
    2009-03-05 20:09 . 2009-03-05 20:09 <DIR> d
    c:\program files\Norton Support
    2009-03-05 17:07 . 2009-03-05 17:11 <DIR> d
    c:\program files\devolo
    2009-03-04 19:46 . 2009-03-04 20:22 <DIR> d
    C:\Netgear
    2009-03-02 23:49 . 2006-02-14 16:02 32,768 -ra
    c:\windows\system32\drivers\sisnicxp.sys
    2009-03-02 22:24 . 2009-03-02 17:51 15,688 --a
    c:\windows\system32\lsdelete.exe
    2009-03-02 17:51 . 2009-03-02 17:50 64,160 --a
    c:\windows\system32\drivers\Lbd.sys
    2009-03-02 17:48 . 2009-03-02 17:48 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\!!83C91755-2546-441D-AC40-9A6B4B860800}
    2009-02-28 14:52 . 2009-02-28 15:00 <DIR> d
    c:\program files\sisagp
    2009-02-28 14:51 . 2009-02-28 14:52 <DIR> d
    c:\program files\SiS VGA Utilities V3.85
    2009-02-28 14:51 . 2006-03-22 21:53 337,320 -ra
    c:\windows\difxapi.dll
    2009-02-28 14:51 . 2006-04-12 19:35 208,896 -ra
    c:\windows\Progress.exe
    2009-02-27 21:24 . 2009-02-27 21:25 <DIR> d
    c:\program files\QuickTime
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-08 20:26
    d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-03-08 20:02
    d
    w c:\program files\Google
    2009-03-08 19:26
    d
    w c:\documents and settings\Compaq_Owner\Application Data\Spyware Terminator
    2009-03-08 19:25 141,312 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
    2009-03-08 19:25
    d
    w c:\program files\Spyware Terminator
    2009-03-08 18:57
    d
    w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-03-07 00:39
    d
    w c:\documents and settings\All Users\Application Data\Spyware Terminator
    2009-03-07 00:24
    d
    w c:\program files\SpywareBlaster
    2009-03-06 17:45 142,592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys.old
    2009-03-06 06:36
    d
    w c:\program files\SuperAntiSpyware
    2009-03-06 06:35
    d
    w c:\program files\Common Files\Wise Installation Wizard
    2009-03-05 20:41
    d--h--w c:\program files\InstallShield Installation Information
    2009-03-02 17:58
    d
    w c:\program files\Spybot - Search & Destroy
    2009-03-02 17:48
    d
    w c:\program files\Lavasoft
    2009-03-02 17:42
    d
    w c:\program files\CCleaner
    2009-02-28 15:21
    d
    w c:\documents and settings\Compaq_Owner\Application Data\Uniblue
    2009-01-16 21:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
    2008-12-22 21:16 184 ----a-w C:\setuplog.exe
    2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
    2008-12-19 09:10 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
    2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
    2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
    2008-12-11 10:57 333,952
    w c:\windows\system32\dllcache\srv.sys
    2008-12-09 20:42 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-06-14 12:59 8 ----a-w c:\documents and settings\Compaq_Owner\Application Data\usb.dat.bin
    2005-10-05 20:38 22 --sha-w c:\windows\SMINST\HPCD.sys
    2008-12-01 23:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008120120081202\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "<NO NAME>"="c:\program files\Internet Explorer\IEXPLORE.EXE" [2008-12-19 634024]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-02 509784]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-03-08 1809408]
    "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-07-16 1166216]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 11:05 356352 c:\program files\SuperAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
    backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
    2006-06-12 14:32 700416 c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    --a
    2007-03-23 13:20 227328 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a
    2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\devolo\\easyshare\\easyshare.exe"=
    "c:\\Program Files\\devolo\\informer\\devinf.exe"=
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-02 64160]
    R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2008-12-16 255536]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2008-12-16 362544]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\!!0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090303.001\IDSxpx86.sys [2009-03-05 276344]
    R1 SASDIFSV;SASDIFSV;c:\program files\SuperAntiSpyware\sasdifsv.sys [2009-02-17 8944]
    R1 SASKUTIL;SASKUTIL;c:\program files\SuperAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-04-04 141312]
    R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2003-12-01 53248]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
    R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2008-12-16 115560]
    R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2007-02-07 35840]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-08 356920]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
    R3 SASENUM;SASENUM;c:\program files\SuperAntiSpyware\SASENUM.SYS [2009-02-17 7408]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-09-09 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-09-09 8320]
    --- Other Services/Drivers In Memory ---
    *NewlyCreated* - MCHINJDRV
    *Deregistered* - mchInjDrv
    .
    Contents of the 'Scheduled Tasks' folder
    2009-03-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-02 17:50]
    2009-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    2009-03-08 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
    2009-02-13 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Compaq_Owner.job
    - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []
    .
    - - - - ORPHANS REMOVED - - - -
    MSConfigStartUp-4oD - c:\program files\Kontiki\KHost.exe
    MSConfigStartUp-kdx - c:\program files\Kontiki\KHost.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
    MSConfigStartUp-lich - lich.exe

    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=presario&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=presario&pf=desktop
    uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
    DPF: {E56347B0-6C2B-4C2E-939F-EE513EAC80BC} - hxxps://register.creative.com/register/OCXs/CtORWebClientNoMFC.cab
    .
    **************************************************************************
    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-08 20:31:17
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'winlogon.exe'(772)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    Completion time: 2009-03-08 20:33:32
    ComboFix-quarantined-files.txt 2009-03-08 20:33:29
    Pre-Run: 117,211,631,616 bytes free
    Post-Run: 117,362,704,384 bytes free
    225 --- E O F --- 2009-03-07 00:57:16
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Reluctant_spender wrote: »
    Run a full scan with Malwarebytes - make sure you update the definitions tho.

    I 2nd that advice
    :idea:
  • sufcjam
    sufcjam Posts: 39 Forumite
    Cheers for the replies,

    I'll post the scan logs later today as I've had to leaving it scanning whilst I'm at work, as previuosly forgot to update database.

    probably a dumb question - should I be scanning in safe mode as currently not?

    how's the combofix log look?
  • sufcjam
    sufcjam Posts: 39 Forumite
    Hi,

    Completed full scan in normal operating mode for malwarebytes and no infections found!

    Malwarebytes' Anti-Malware 1.34
    Database version: 1828
    Windows 5.1.2600 Service Pack 3
    09/03/2009 16:49:28
    mbam-log-2009-03-09 (16-49-28).txt
    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 161239
    Time elapsed: 1 hour(s), 57 minute(s), 39 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)

    Also did a scan with spywaredoctor which has found this:

    Threat: info & PUA's
    Application.Nircmd (1 infection)
    file: C:\System Volume Information\_restore{8696F73-2D76-412A-A981-4300C43EF86F}\RP8\A0002567.exe

    Thanks
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    If you want to check further

    Scan with DRWEB
    http://www.freedrweb.com/

    It auto scans on a 'quick' scan. After thats run select a FULL scan
    :idea:
  • sufcjam
    sufcjam Posts: 39 Forumite
    aliEnRIK wrote: »
    If you want to check further

    Scan with DRWEB
    http://www.freedrweb.com/

    It auto scans on a 'quick' scan. After thats run select a FULL scan

    Cheers ran that no infections found, malwarebytes clear and Superantispyware clear as well so hopefully system should be secure.
  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    I see that you have the following installed;

    c:\program files\WinClamAVShield

    This comes bundled with spyware terminator and means that you have 2 anti virus programmes running - ytou should be able to remove it via the add/remove programmes section of the control panel.
  • sufcjam
    sufcjam Posts: 39 Forumite
    Thanks for all the help on here.

    I've reinstalled spyware terminator without the AV shield.

    All seem well with the system at the minute.

    ONe final question - I've just bought the netgear DG834 modem/router with buit in firewall, With this now installed should I be running the Norton Internet Security firewall as well?

    Cheers
  • gaming_guy
    gaming_guy Posts: 6,128 Forumite
    1,000 Posts Combo Breaker
    sufcjam wrote: »
    ONe final question - I've just bought the netgear DG834 modem/router with buit in firewall, With this now installed should I be running the Norton Internet Security firewall as well?

    Cheers

    yes

    i would keep it that way as it is more secure.
  • hethmar
    hethmar Posts: 10,678 Forumite
    Part of the Furniture 10,000 Posts Combo Breaker Car Insurance Carver!
    Oh God, I wish I could understand what all that meant - you guys are amazing.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.8K Banking & Borrowing
  • 253K Reduce Debt & Boost Income
  • 453.4K Spending & Discounts
  • 243.7K Work, Benefits & Business
  • 598.5K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 257K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture