We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Trogan horse

Options
Luk_on_the_brightside
Luk_on_the_brightside Posts: 69 Forumite
in Techie Stuff
Every time i open IE i receive a pop up warning saying

System error
Attention (it has my full name here)
a trojan horse is detected in your system

It mentions my xp files corrupted and may lead to destruction of important files in C:/windows it then ask me to download free spy ware and automatically tries to open another window:eek:

at the minute im using Firefox and all is well, it only seems to happen with IE

Has anybody else had this?? If so how can i get rid of it?

Comments

  • irrelevant
    irrelevant Posts: 257 Forumite
    Part of the Furniture Combo Breaker
    It's an advert, ignore it.
    The issue is where is it coming from? If it's only when you start up IE, then check the home page you have set - is it still what you thought it should be, or "about:blank" for no page.
    Also I'd ensure you were up to date with all your windows updates, anti-virus and anti-spyware, and do a full scan of your PC. Something somewhere somewhen changed your homepage.
  • Reluctant_spender
    Reluctant_spender Posts: 2,785 Forumite
    Part of the Furniture Combo Breaker
    Try posts 1-4 of this http://forums.moneysavingexpert.com/showthread.html?t=133269
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    your PC is already infected with a Vundo infection

    Download and run ComboFix.

    Note:
    You may not need to run ComboFix....try the rest of the fix first and if you still have a problem follow the instructions to run ComboFix including installing the Recovery Console.

    Please Check Here for information on running ComboFix......Follow ALL instructions!!

    When finished, it should produce a log, ComboFix.txt.

    Post this log in your next reply
    Ex forum ambassador

    Long term forum member
  • sillyvixen
    sillyvixen Posts: 3,642 Forumite
    Part of the Furniture 1,000 Posts Photogenic Name Dropper
    my brother built a computer for my parents but it always shows a warning about a trojan horse at the back door!! i have no ideas where he got the bits - and dont wish to know- but he is very computer literate it is his job to sort out computer problems, but he has been unable to sort this one- any ideas- my parents are too scared to switch the thing on!!
    Dogs return to eat their vomit, just as fools repeat their foolishness. There is no more hope for a fool than for someone who says, "i am really clever!"
  • Luk_on_the_brightside
    Luk_on_the_brightside Posts: 69 Forumite
    Browntoa wrote: »
    your PC is already infected with a Vundo infection

    Download and run ComboFix.

    Note:
    You may not need to run ComboFix....try the rest of the fix first and if you still have a problem follow the instructions to run ComboFix including installing the Recovery Console.

    Please Check Here for information on running ComboFix......Follow ALL instructions!!

    When finished, it should produce a log, ComboFix.txt.

    Post this log in your next reply


    ComboFix 08-06-20.4 - 2008-06-22 10:56:21.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.491 [GMT 0:00]
    Running from: C:\Documents and Settings\Desktop\ComboFix.exe
    * Created a new restore point
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\MSINET.oca

    .
    ((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
    .

    2008-06-21 14:35 . 2008-06-21 14:35 <DIR> d
    C:\Program Files\JoWood
    2008-06-20 21:35 . 2008-06-20 21:35 <DIR> d
    C:\Documents and Settings\sharon\Application Data\Leadertech
    2008-06-20 12:47 . 2008-06-20 12:47 13,824 --a
    C:\WINDOWS\system32\dadef.dll
    2008-06-16 20:40 . 2008-06-16 20:40 <DIR> d
    C:\Documents and Settings\sharon\Application Data\Acoustica
    2008-06-16 20:37 . 2007-08-07 11:32 57,344 --a
    C:\WINDOWS\system32\Wnaspint.dll
    2008-06-16 20:30 . 2008-06-16 20:40 <DIR> d
    C:\Program Files\Acoustica Mixcraft 4
    2008-06-16 20:30 . 2008-06-16 20:30 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Acoustica
    2008-06-11 17:10 . 2008-06-11 17:10 <DIR> d
    C:\Program Files\AdventNet
    2008-06-11 16:59 . 2008-06-16 20:37 <DIR> d
    C:\Program Files\Acoustica Shared Effects
    2008-06-11 16:58 . 2008-06-20 15:46 <DIR> d
    C:\Program Files\Acoustica Beatcraft
    2008-06-11 12:53 . 2008-06-13 13:10 272,128
    C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 12:53 . 2008-06-13 13:10 272,128
    C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-05 19:23 . 2008-06-05 19:23 <DIR> d
    C:\Program Files\Microsoft Silverlight
    2008-06-03 07:02 . 2008-06-03 07:02 35 --a
    C:\WINDOWS\cdplayer.ini
    2008-05-30 11:49 . 2008-05-30 11:49 <DIR> d
    C:\Documents and Settings\All Users\Application Data\LogMeIn
    2008-05-30 11:48 . 2008-05-28 12:33 83,288 --a
    C:\WINDOWS\system32\LMIRfsClientNP.dll
    2008-05-30 11:48 . 2008-03-07 13:39 45,848 --a
    C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    2008-05-30 11:48 . 2008-05-28 12:33 24,608 --a
    C:\WINDOWS\system32\LMIport.dll
    2008-05-30 11:47 . 2008-05-28 12:32 87,352 --a
    C:\WINDOWS\system32\LMIinit.dll
    2008-05-30 11:47 . 2008-05-30 11:47 1,024 --a
    C:\.rnd
    2008-05-28 12:32 . 2008-05-28 12:32 23,736 --a
    C:\WINDOWS\system32\lmimirr.dll
    2008-05-28 12:32 . 2008-05-28 12:32 10,040 --a
    C:\WINDOWS\system32\lmimirr2.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-22 10:44
    d
    w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-06-22 10:27
    d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-22 10:18
    d
    w C:\Documents and Settings\sharon\Application Data\zweitgeist
    2008-06-21 14:35
    d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-21 12:54 4,686 -c--a-w C:\Documents and Settings\sharon\Application Data\wklnhst.dat
    2008-06-21 10:15
    d
    w C:\Program Files\McAfee
    2008-06-20 16:16
    d
    w C:\Program Files\NCH Swift Sound
    2008-06-20 13:10
    d
    w C:\Program Files\Spyware Doctor
    2008-06-17 19:35
    d
    w C:\Program Files\Steam
    2008-06-17 06:04
    d
    w C:\Program Files\weblin
    2008-06-16 20:23
    d
    w C:\Program Files\Apple Software Update
    2008-06-11 07:52
    d
    w C:\Documents and Settings\sharon\Application Data\SiteAdvisor
    2008-06-10 10:01
    d
    w C:\Program Files\SUPERAntiSpyware
    2008-05-23 07:00
    d
    w C:\Program Files\SiteAdvisor
    2008-05-21 06:22
    d
    w C:\Program Files\MSN Messenger
    2008-05-21 06:21
    d
    w C:\Program Files\Messenger Plus! Live
    2008-05-17 09:36
    d
    w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    2008-05-17 09:30
    d
    w C:\Documents and Settings\Application Data\NCH Swift Sound
    2008-05-15 03:04
    d
    w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-05-11 17:27
    d
    w C:\Program Files\NCH Software
    2008-05-11 17:27
    d
    w C:\Documents and Settings\All Users\Application Data\NCH Software
    2008-05-10 09:52
    d
    w C:\Program Files\Virtual Earth 3D
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-05-05 12:32
    d
    w C:\Program Files\Lexmark 1200 Series
    2008-05-04 14:55
    d
    w C:\Documents and Settings\Application Data\SopCast
    2008-04-27 16:27
    d
    w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-24 11:27
    d
    w C:\Program Files\Picasa2
    2008-04-23 22:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-04-22 07:39 13,824
    w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
    2007-01-04 04:47 0 -c--a-w C:\Documents and Settings\jon\Application Data\wklnhst.dat
    2002-04-16 11:27 5 --sha-w C:\WINDOWS\system32\CdI5T.drv
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
    2008-03-12 11:55 1524248 --a
    C:\Program Files\isoHunt\tbisoH.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= "C:\Program Files\isoHunt\tbisoH.dll" [2008-03-12 11:55 1524248]

    [HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= C:\Program Files\isoHunt\tbisoH.dll [2008-03-12 11:55 1524248]

    [HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 06:36 68856]
    "zweitgeist Assistant"="C:\Program Files\weblin\weblinAssistant.exe" [2008-06-17 06:04 192512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" []
    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 01:15 45056]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 03:24 32768]
    "SiSPower"="SiSPower.dll" [2005-07-13 09:55 49152 C:\WINDOWS\system32\SiSPower.dll]
    "SMSERIAL"="sm56hlpr.exe" [2005-06-06 09:40 544768 C:\WINDOWS\sm56hlpr.exe]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 23:43 401408]
    "AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 19:24 110592]
    "MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 21:55 425984]
    "PCMService"="C:\Program Files\Acer TV-FM\PCMService.exe" [2006-03-30 04:50 143360]
    "HostManager"="C:\Program Files\Common Files\AOL\1161306471\ee\AOLSoftware.exe" [2006-11-17 13:21 50736]
    "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-22 00:19 129536]
    "YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-09-01 00:01 448040]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 08:47 31016]
    "Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 05:22 57344]
    "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [2006-11-23 01:45 1495123]
    "SoundMan"="SOUNDMAN.EXE" [2005-08-16 21:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-04-10 18:35 36904]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
    "D-Link AirXpert Utility"="C:\Program Files\D-Link\AirXpert Utility\AirXCFG.exe" [2003-09-19 21:42 2498560]
    "ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 16:12 32768]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-04 10:23 29744]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-24 13:39 185896]
    "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
    "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
    "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
    "LogMeIn GUI"="D:\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 16:01 437160]

    C:\Documents and Settings\jon\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 04:24:54 98632]

    C:\Documents and Settings\sharon\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 04:24:54 98632]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-10-14 00:46:17 45056]
    Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-17 03:25:14 745472]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-07 10:59:03 125624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    LMIinit.dll 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundTimestampRequest"= 1 (0x1)

    R2 LMIInfo;LogMeIn Kernel Information Provider;D:\x86\RaInfo.sys [2008-02-28 15:31]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
    R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 21:46]
    R3 PAC207;SoC pc camera 2005-02-24 19:29]
    S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\sharon\LOCALS~1\Temp\DMSKSSRh.sys []
    S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-04 10:23]
    S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-07-27 15:37]
    S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 18:07]
    S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 18:07]
    S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 18:07]
    S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 18:08]
    S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18:06]
    S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 18:09]
    S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 18:06]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 18:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!09c9cb66-a676-11dc-988a-0016ecb9f82d}]
    \Shell\AutoRun\command - J:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!2faa9bf8-a5ae-11dc-9889-0016ecb9f82d}]
    \Shell\AutoRun\command - J:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!2faa9bf9-a5ae-11dc-9889-0016ecb9f82d}]
    \Shell\AutoRun\command - J:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!2faa9bfd-a5ae-11dc-9889-0016ecb9f82d}]
    \Shell\AutoRun\command - J:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!8291ef64-b211-11dc-98a6-00038a000015}]
    \Shell\AutoRun\command - J:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\!!8291ef65-b211-11dc-98a6-00038a000015}]
    \Shell\AutoRun\command - J:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea559742-b227-11dc-98ab-00038a000015}]
    \Shell\AutoRun\command - J:\AutoRun.exe

    *Newly Created Service* - CATCHME
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-06-17 17:01:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-06-15 01:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2008-03-01 01:00:00 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    "2008-06-20 15:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    "2008-06-20 03:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
    - C:\Program Files\RegistrySmart\RegistrySmart.ex
    - C:\Program Files\RegistrySmart.sharon.Runs RegistrySmart to optimize your registry.
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-22 11:06:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    McAfee Backup = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...


    **************************************************************************
    .
    Completion time: 2008-06-22 11:08:49
    ComboFix-quarantined-files.txt 2008-06-22 11:08:21
    ComboFix2.txt 2008-01-22 13:25:42

    Pre-Run: 28,109,979,648 bytes free
    Post-Run: 28,835,483,648 bytes free

    230 --- E O F --- 2008-06-21 09:49:22
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    this has got dubious reviews and should be removed

    RegistrySmart

    http://www.siteadvisor.com/sites/registrysmart.com

    registrysmart.com

    red-xbg2.gif Security professionals warn against sites that make exaggerated or deceptive claims that can potentially mislead consumers

    I would remove that from Add/Remove programs
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    C:\Program Files\Messenger Plus! Live

    is a source of the "LOP" infection unless you choose NOT to install the sponsor program

    to remove the LOP infection
    Click here to download the LOP uninstaller. Close all browser windows and run the uninstaller.

    When it is finished restart your computer.

    if you cannot get to that site then it is also available here http://www.thespykiller.co.uk/files/lopremover.exe
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    are you using McAfee AntiVirus or Norton as there seems to be traces of both ??

    you should only have one active antivirus

    if you want to fully remove Nortons then use

    http://www.softpedia.com/get/Tweak/Uninstallers/Norton-Removal-Tool.shtml

    for the other

    http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
    Ex forum ambassador

    Long term forum member
  • Browntoa
    Browntoa Posts: 49,602 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    I would then update the definitions for superantispyware and your working version of Nortons or Mcafee, then boot into safe mode

    http://www.pchell.com/support/safemode.shtml

    and do a full scan with superantispyware , and then your antivirus

    let me know how things look afterwards by posting a hijackthis log

    http://www.majorgeeks.com/download5554.html

    by choosing to do a scan and save a log
    Ex forum ambassador

    Long term forum member
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.9K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244K Work, Benefits & Business
  • 598.8K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture