'norton security scan' pop up (i havent installed norton) and in my internet explorer proxy it had this 'http://164.38.33.5/proxy.pac' googling that brought me to a site about a 'spiral virus' i have run: SUPERAntiSpyware SUPERAntiSpyware Free Edition Malwarebytes' Anti-Malware ATF-Cleaner all in the appropriate fashion as per other threads and my HJT log is as follows: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:40:12, on 06/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\dlcxcoms.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Kontiki\KService.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\SVCHOST.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://164.38.33.5/proxy.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rundll64.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe -- End of file - 6789 bytes Thanks all!
cachee, Are you having any problems? Your HJT Log is Clean… Java Runtime can be activated by websites, so if there is security vulnerability in any Java version on your machine, it can be exploited by a malicious site to infect your machine. Each new version of Java fixes security vulnerabilities, so it's extremely important to keep up to date, and it's auto-update mechanism isn't considered very reliable. So yes, it's important to regularly check for updates and if you don't use it, then its best removed from your machine. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA Then run this tool to help cleanup any left over Java Remove Old Java using JavaRa Download JavaRa and unzip it to your desktop. ***Please close any instances of Internet Explorer before continuing!*** • Double-click on JavaRa.exe to start the program • From the drop-down menu, choose English and click on Select • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK • A logfile will pop up. Save it to a convenient location • Click on Additional Tasks then tick Remove Useless JRE Files • Click Go then OK when prompted & close the program. Update Java Runtime • Go to http://java.sun.com/javase/downloads/index.jsp • Scroll down to Java Runtime Environment (JRE) 6 Update 14 and click on the Download button • In the Platform box choose Windows • Check the box to Accept License Agreement and click Continue • Click on Windows Offline Installation, click on the link under it which says "jre-6u14-windows-i586.exe" and save the downloaded file to your desktop • Install the new version by running the downloaded file with the Java icon & follow the on-screen instructions • Reboot your computer 2oG
It's about time you started charging for help you'd be a trillionaire in no time if you need any employee's i'm up for it
I just started working on my "Second Trillion"........ Gave up on the First one! LAMO My moto: Live Fast, Love Hard, Die Young and leave a good looking corpse.. Missed the boat on that one also.. If I'd known I was gonna live this damn long, I'd taken better care of myself.. : (
hi mate, java all updated. regarding the 'norton popup' and the desktop shortcut that magically got there: what do you reckon i should do ?
cachee, Yeah, I failed to get that one.. I think it was MS messenger or MS Live sign in ?.. since the file is missing it’s dead in the water… You can use HJT to fix that line and knock the dust off your Log : ) I don’t pay a lot of attention to (missing file) or (no file) lines unless it’s an 023 line and then the driver is still on the machine. Open HijackThis and choose "Do a system scan only" then check the box in front of these line items: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Close all programs but HJT and all browser windows, then click on "Fix Checked" On the Norton thing, right click the shortcut, click properties then follow the path and see if it turns up something… Norton comes on most new machines as a trial version or I guess it could be a link to Norton online scan, maybe…. ?? see what you can find.. Can you not just delete that shortcut?? 2oG
p.s. cachee, Another thing I missed, I was thinking that your NetworkAccessManager was also an AV but it’s just a chipset firewall. You really need to install an antivirus. There are some good, free ones. My Recommendations: 1=Best, 2=Very Good, 3=Good 1. -> Avira Antivir 2. -> Avast 4 3. -> AVG 8.5 Avira AntiVir is my top pick if you're looking for the best protection against viruses. It is very light on resources and the detection rate of viruses and rootkits is outstanding. However, it does not include antispyware protection or e-mail scanning; they are only available in the paid version. For Anti-Spyware use SpywareBlaster. The lack of an e-mail scanner just means that AntiVir won't warn you of infected emails before you open them. However, should you open an infected email; AntiVir will still spring into action, so it doesn't mean that you're not protected from email-based infections. Although AntiVir has advertisements that appear with every update, these ads can be disabled -> HERE! 2oG
hi mate, removed that line from HJT as requested. i searched a bit more and found these two pages: http://darfuns.com/xp-antivirus2008-removal/ http://en.kioskea.net/forum/affich-38537-you-have-a-security-problem-pop-up would you say they sound similar? if i delete the symantec entries in the registry and then delete the program files folder of 'norton' should it get rid of it?
Hi cache, You said you had ran MBAM and SAS, they will normally take care of antivirus2008 and the likes.. There were no traces in your HJT Log so I dismissed that.. Do you have any Norton or Symantec folders? Like I said, Follow the Path of the shortcut to locate them and then delete.. There shouldn’t be any registry entries if it has never been installed. If you want to do some deep digging, then do this: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference. 1. Download Combo fix from one of these locations. * IMPORTANT !!! Place combofix.exe on your Desktop http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe 2. Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK. 3. Combo will begin to run DO NOTHING while this is happening. • It will kill a few processes and disconnect you from the internet. • If by chance it stops prematurely you can re-establish your internet connection by restarting your computer. • This needs to be done so the program can work most efficiently for you. Do not attempt to use the internet or anything else while it's doing its job for you. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. If when it's completed you can not get on the internet just reboot the computer Post the log from comboFix for me located in c:\comboFix.txt 2oG
done. see below ComboFix 09-06-05.07 - Chris 06/06/2009 13:54.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.727 [GMT 1:00] Running from: c:\documents and settings\Chris\desktop\combofix.exe Command switches used :: /killall WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 ))))))))))))))))))))))))))))))) . 2009-06-06 10:10 . 2009-06-06 10:10 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-06 10:08 . 2009-06-06 10:08 152576 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-06 10:05 . 2009-06-06 10:07 -------- d-----w- c:\documents and settings\Chris\.SunDownloadManager 2009-06-06 01:56 . 2009-06-06 01:56 -------- d-----w- c:\windows\system32\scripting 2009-06-06 01:56 . 2009-06-06 01:56 -------- d-----w- c:\windows\l2schemas 2009-06-06 01:56 . 2009-06-06 01:56 -------- d-----w- c:\windows\system32\en 2009-06-06 01:56 . 2009-06-06 01:56 -------- d-----w- c:\windows\system32\bits 2009-06-06 01:40 . 2009-06-06 01:40 -------- d-----w- c:\program files\Trend Micro 2009-06-06 00:19 . 2009-06-06 00:19 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes 2009-06-06 00:19 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-06 00:19 . 2009-06-06 00:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-06 00:19 . 2009-06-06 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-06 00:19 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-06 00:12 . 2009-06-06 00:24 117760 ----a-w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-06-06 00:11 . 2009-06-06 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-06-06 00:11 . 2009-06-06 00:11 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-06-06 00:11 . 2009-06-06 00:11 -------- d-----w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com 2009-05-24 10:44 . 2009-05-24 10:44 10134 ----a-r- c:\documents and settings\Chris\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-05-24 10:44 . 2009-05-24 10:44 -------- d-----w- c:\program files\Microsoft WSE 2009-05-24 10:44 . 2008-09-05 02:22 447752 ----a-w- c:\windows\system32\vp6vfw.dll 2009-05-24 10:44 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2009-05-24 10:44 . 2009-05-24 10:44 -------- d-----w- c:\windows\Logs 2009-05-24 10:38 . 2009-05-24 10:38 -------- d-----w- c:\program files\Electronic Arts 2009-05-18 11:26 . 2009-05-18 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-05-18 11:26 . 2009-05-18 11:26 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-05-18 11:26 . 2009-05-18 11:26 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-05-18 11:22 . 2009-05-18 11:22 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-05-18 11:22 . 2009-05-18 11:28 -------- d-----w- c:\documents and settings\Vikkyyyy\Application Data\DAEMON Tools Lite 2009-05-14 20:29 . 2009-05-14 20:31 -------- d-----w- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-06 13:02 . 2009-01-11 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki 2009-06-06 11:30 . 2008-12-28 15:51 -------- d-----w- c:\program files\PokerStars 2009-06-06 10:10 . 2008-02-16 15:27 -------- d-----w- c:\program files\Java 2009-06-06 01:58 . 2008-01-21 12:39 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-06 00:11 . 2009-02-08 18:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-03 16:49 . 2008-01-21 13:32 49296 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-02 15:30 . 2008-04-20 15:45 -------- d-----w- c:\program files\Dl_cats 2009-05-24 10:38 . 2008-01-21 14:10 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-03 17:30 . 2009-05-03 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-03 17:30 . 2008-07-09 23:42 -------- d-----w- c:\program files\iTunes 2009-05-03 17:30 . 2009-05-03 17:30 -------- d-----w- c:\program files\iPod 2009-05-03 17:30 . 2008-07-09 23:41 -------- d-----w- c:\program files\Common Files\Apple 2009-05-03 17:29 . 2009-05-03 17:29 -------- d-----w- c:\program files\QuickTime 2009-05-03 17:29 . 2008-07-09 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-05-03 17:27 . 2009-05-03 17:27 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-05-03 17:26 . 2009-05-03 17:26 -------- d-----w- c:\program files\Safari 2009-05-03 17:26 . 2008-07-09 23:42 -------- d-----w- c:\program files\Bonjour 2009-05-01 17:16 . 2009-02-08 18:29 -------- d-----w- c:\program files\Steam 2009-04-23 13:15 . 2009-04-23 13:15 1134024 ----a-w- c:\documents and settings\Vikkyyyy\Application Data\Mozilla\Firefox\Profiles\ggw0tb2c.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll 2009-04-10 14:22 . 2008-04-20 20:33 48904 ----a-w- c:\documents and settings\Vikkyyyy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-05 13:42 . 2009-04-05 13:42 965344 ----a-w- c:\documents and settings\Vikkyyyy\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000006.exe 2009-03-19 15:32 . 2009-03-19 15:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys 2009-03-19 15:32 . 2008-01-29 11:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-09 10:34 . 2009-04-05 16:19 971776 ----a-w- c:\documents and settings\Vikkyyyy\Application Data\Mozilla\Firefox\Profiles\ggw0tb2c.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336] "MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008] "DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 106496] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-06 148888] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-11-11 90112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Vikkyyyy\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-1-31 344064] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Belkin Wireless USB Network Adapter Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\BearShare\\BearShare.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\WINDOWS\\system32\\dlcxcoms.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Steam\\steamapps\\i_lost_my_sheep@hotmail.com\\counter-strike\\hl.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 nvp2p;NVIDIA PCI to PCI Bridge Filter;c:\windows\system32\drivers\nvp2p.sys [1/23/2008 10:08 PM 8576] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944] R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{KEDT456S-FJKR-DG53-8427-45182378KUDG}] c:\windows\system32\winsetup.exe . Contents of the 'Scheduled Tasks' folder 2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34] . - - - - ORPHANS REMOVED - - - - SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\hefyupwh.default\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-06 14:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(772) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2448) c:\program files\SUPERAntiSpyware\SASSEH.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\dlcxcoms.exe c:\nvidia\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\nvidia\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Kontiki\KService.exe c:\nvidia\NetworkAccessManager\bin\nSvcIp.exe c:\nvidia\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\imapi.exe . ************************************************************************** . Completion time: 2009-06-06 14:06 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-06 13:06 Pre-Run: 36,120,113,152 bytes free Post-Run: 36,710,170,624 bytes free 178 --- E O F --- 2008-11-13 15:46
Hi cache, Are you having any problems???? I don't see any Norton leftovers. ComboFix didn’t find anything except maybe: c:\\Program Files\\BearShare\\BearShare.exe I have no use for P2P because you will get a lot of malware, maybe not from the program itself, but from the downloaded torrent files… Your choice.. When you dance, you must pay the fiddler! Other than that, it all looks OK. 2oG
okay mate no worries. yeah i dont download torrents from that computer so thats okay thanks for your help, next computer coming up! hehe. last one i promise.
spywareterminator has all the same functions of the bought version of superspyware except it's free,you can also let it intergrate clamwin as both get updated pretty frequently including version http://www.spywareterminator.com/
Opinions are what make Horse Racing. IMHO, I have never been a fan of Suites, when bundling programs together you may get a great firewall or anti-spyware with a poor anti-virus or vice versa.. When I repair or renovate my Home, I hire a licensed electrician, plumber, carpenter, painter, etc etc not a ‘handyman’ that tries to do everything.. The same goes for my computer. Lol 2oG, now running Windows 7 and loving it…
