PC has viruses

[vista890]

Ok thankyou

 

[Jacee]

Hi vista890

First I'd like you to flush the DNS cache and restore MS's Hosts file:
Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click to run as Administraror. Your computer will reboot itself.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Your Java is outdated and vulnerable to malware infections...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "Java Runtime Environment (JRE) 6u25 allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u25-windows-i586-p.exe to install the newest version.

After you have done all of the above, Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
New HJT log taken after the above scan has run
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix

IF CF won't run:
During the download, rename Combofix.exe to sVchost.exe

 

[vista890]

Hi, Jacee, thanks for your help. I have done everything so far up until the Java update. I'm not sure which is the correct one to download. Could you please tell me if I've hi lighted the correct one? Thanks

 

[Jacee]

It's this one (JRE), except it says update 25

 

[vista890]

Sorry for asking again, but I'm still not sure. I cant see any JRE on the page other than Java SE 6 Update 26, the only one that says Update 25 is the one I put in my last post. I don't know if I'm not clicking on the right thing, I cant even see the one that you've shown in your last post

Its ok, I think I've found it now. I googled it on another pc and found it straight away then copied the link I hope its the right one anyway!

 

[vista890]

Just want to check again that this is the right one I've found?

 

[Jacee]

Yes, it appears that
Java SE 6 Update 26, is the correct one ...

click on the JRE download button

 

[vista890]

Ok I've done that and am trying to do the Combofix scan now. I have Virgin Media security which I have turned off but the scan is saying 'the above real time scanners are still active but combofix will continue to run. Kindly note that this is at your own risk. (Virgin Media Security & Virgin Media Anti-Virus) All the security as far as I know is off. I haven't clicked ok on the combo scan yet as I dont want to risk any damage.
I know something called Radial Point is part of Virgin Media Security, but as far as I can see its all disabled.I right clicked on the security in the task bar and and exited it, this said it would turn all security off. I've also checked in Task Manager (services) and disabled all the related Virgin Media and Radial Point programs so I have no idea why Combofix is still saying that Anti Virus & Anti Spyware is running.

 

[Jacee]

Did you do this?
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.

Don't worry about Combofix is still saying that Anti Virus & Anti Spyware is running.

 

[vista890]

Yes I did do that Here are the ComboFix log & HijackThis log....


ComboFix 11-06-09.01 - Carol 10/06/2011 8:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1916.1025 [GMT 1:00]
Running from: c:\users\Carol\Desktop\ComboFix.exe
AV: Virgin Media Security Anti-Virus *Enabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
FW: Virgin Media Security Firewall *Enabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
SP: Virgin Media Security Anti-Spyware *Enabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\extensions\[email protected]
c:\program files\Mozilla Firefox\extensions\[email protected]\chrome.manifest
c:\program files\Mozilla Firefox\extensions\[email protected]\content\blgc.js
c:\program files\Mozilla Firefox\extensions\[email protected]\content\facemoods.png
c:\program files\Mozilla Firefox\extensions\[email protected]\content\facemoods.xul
c:\program files\Mozilla Firefox\extensions\[email protected]\content\Loader.js
c:\program files\Mozilla Firefox\extensions\[email protected]\content\pref.jpg
c:\program files\Mozilla Firefox\extensions\[email protected]\content\preferences.js
c:\program files\Mozilla Firefox\extensions\[email protected]\content\preferences.xul
c:\program files\Mozilla Firefox\extensions\[email protected]\content\prefman.js
c:\program files\Mozilla Firefox\extensions\[email protected]\content\script-compiler.js
c:\program files\Mozilla Firefox\extensions\[email protected]\content\Thumbs.db
c:\program files\Mozilla Firefox\extensions\[email protected]\content\xmlhttprequester.js
c:\program files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\facemoods.js
c:\program files\Mozilla Firefox\extensions\[email protected]\install.rdf
c:\users\Carol\AppData\Roaming\.#
c:\users\Carol\AppData\Roaming\Zuma's Revenge!.exe
c:\users\Mcx1\Favorites\ehthumbs_vista.db
c:\windows\system32\system
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 07:18 . 2011-06-10 07:18 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-06-10 07:18 . 2011-06-10 07:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-09 17:13 . 2011-06-09 17:13 -------- d-----w- c:\program files\Common Files\Java
2011-06-09 07:39 . 2011-06-09 07:39 0 ----a-w- c:\windows\system32\RENF40B.tmp
2011-06-09 07:39 . 2011-06-09 07:39 0 ----a-w- c:\windows\system32\RENF40A.tmp
2011-06-09 07:39 . 2011-06-09 07:39 0 ----a-w- c:\windows\system32\RENF409.tmp
2011-06-08 21:51 . 2011-06-08 21:51 -------- dc----w- C:\glassfish3
2011-06-07 21:48 . 2011-06-07 21:48 -------- dc----w- C:\_OTL
2011-06-07 14:46 . 2011-06-07 14:46 388096 ----a-r- c:\users\Carol\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-07 14:33 . 2011-06-07 14:33 -------- d-----w- c:\program files\Trend Micro
2011-06-06 18:50 . 2011-06-06 18:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 18:01 . 2011-06-06 18:01 -------- d-----w- c:\windows\Sun
2011-06-06 17:32 . 2011-06-06 17:33 -------- d-----w- c:\program files\TuneUpMedia
2011-06-06 17:32 . 2011-06-07 07:04 -------- d-----w- c:\users\Carol\AppData\Roaming\TuneUpMedia
2011-06-06 17:32 . 2011-06-06 17:33 -------- d-----w- c:\programdata\TuneUpMedia
2011-06-06 17:30 . 2011-06-06 17:30 -------- d-----w- c:\program files\Vuze
2011-06-06 17:21 . 2011-06-06 17:21 75776 --sha-r- c:\windows\system32\mciseqp.dll
2011-06-06 17:09 . 2011-06-06 17:09 -------- d-----w- c:\users\Carol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-06-03 12:56 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1955F3A4-A742-4FB9-8F4E-B217CC46019C}\mpengine.dll
2011-05-29 14:57 . 2011-05-29 14:57 -------- d-----w- c:\program files\MSECache
2011-05-29 12:39 . 2011-05-29 12:37 8192 ----a-w- c:\windows\system32\srvany.exe
2011-05-29 12:35 . 2011-05-29 12:35 -------- d-----w- c:\windows\PCHEALTH
2011-05-29 12:35 . 2011-05-29 12:35 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-05-29 12:33 . 2011-05-29 12:33 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-05-29 12:30 . 2011-05-29 12:30 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-05-29 12:29 . 2011-05-29 12:29 -------- d-----w- c:\users\Carol\AppData\Local\Microsoft Help
2011-05-29 12:28 . 2011-05-30 10:50 -------- d-----w- c:\programdata\Microsoft Help
2011-05-29 12:27 . 2011-05-29 12:27 -------- dc----r- C:\MSOCache
2011-05-14 19:08 . 2009-11-02 14:27 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-05-14 19:08 . 2009-10-23 12:25 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-05-14 19:08 . 2011-05-14 19:08 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2011-05-14 19:07 . 2011-05-14 19:07 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2011-05-14 19:07 . 2011-05-14 19:07 -------- d-----w- c:\programdata\Raxco
2011-05-14 19:07 . 2011-05-14 19:07 -------- d-----w- c:\program files\Raxco
2011-05-13 19:53 . 2011-06-04 11:49 -------- d-----w- c:\users\Carol\Paranormal.Activity.2.2010.UNRATED.DVDRip.XviD-Larceny
2011-05-13 19:52 . 2011-05-14 18:54 -------- d-----w- c:\users\Carol\Paranormal Activity 1-2
2011-05-11 20:57 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-05-11 20:57 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-05-11 20:55 . 2011-05-11 20:55 -------- d-----w- c:\program files\iPod
2011-05-11 20:55 . 2011-06-06 17:33 -------- d-----w- c:\program files\iTunes
2011-05-11 20:51 . 2011-05-11 20:51 -------- d-----w- c:\program files\Bonjour
2011-05-11 09:46 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 08:11 . 2011-04-08 12:38 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2011-04-08 12:38 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 03:52 . 2010-05-14 19:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-26 20:04 . 2011-04-26 20:04 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-12 21:55 . 2011-04-27 10:34 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-19 07:20 . 2011-03-24 08:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe" [2006-07-11 139264]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-4-15 576000]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
VideoCam Suite.lnk - c:\program files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2010-7-13 349600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 135664]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-05-29 8192]
R2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [2010-01-04 165408]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-05-22 20640]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [2011-03-23 1406264]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 27800]
S4 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 02ECFAF8
*NewlyCreated* - MPSSVC
*NewlyCreated* - RADIALPOINTIDSAGENT
*NewlyCreated* - RADIALPOINT_SECURITY_SERVICES
*NewlyCreated* - RP_FWS
*Deregistered* - 02ecfaf8
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
bdx REG_MULTI_SZ scan sysagent
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 12:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 11:00]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 11:00]
.
2011-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-800787542-104480023-1181155886-1000Core.job
- c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-21 14:18]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-800787542-104480023-1181155886-1000UA.job
- c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-21 14:18]
.
2011-05-14 c:\windows\Tasks\HPCeeScheduleForCarol.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-10-24 19:03]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\zknkrr93.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-hpqSRMon - (no file)
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-10 08:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-800787542-104480023-1181155886-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,c7,e1,7b,a4,dc,6f,72,ff,8a,d0,47,88,43,1a,a0,a0,20,af,a8,3f,
dc,ca,d2,b6,fe,93,8d,35,93,20,cc,21,04,0c,76,9a,fd,15,49,70,28,9c,36,28,ae,\
"rkeysecu"=hex:cc,16,5a,54,88,34,43,0c,42,a0,74,5b,f1,02,46,44
.
Completion time: 2011-06-10 08:23:33
ComboFix-quarantined-files.txt 2011-06-10 07:23
.
Pre-Run: 25,047,367,680 bytes free
Post-Run: 29,375,332,352 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,9
- - End Of File - - 1E4A2FD7D01C1EC1328433A9107DF348


HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:46:31, on 10/06/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\Carol\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\hp\kbd\kbd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Free Online News, Sport, Music, Movies, Money and Cars from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ServiceManager.exe] "C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
O4 - HKLM\..\Run: [DHSClient.exe] "C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: VideoCam Suite.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\System32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HsdService - Virgin Media - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Users\Carol\AppData\Local\Temp\{A831D711-88DF-47AF-9C8A-101D37FC879E}\NMSAccessU.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Virgin Media Security (Radialpoint Security Services) - Virgin Media - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
O23 - Service: Virgin Media Security Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Media\Security\Fws.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9751 bytes

 

[Jacee]

Did you do this?
download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Please do it once again... delete Combofix, and redownload and run again, per my instructions above

 

[vista890]

ok I've ran the TFC scan again. and Combofix again. Here is the ComboFix log...


ComboFix 11-06-06.02 - Carol 11/06/2011 11:46:39.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1916.962 [GMT 1:00]
Running from: c:\users\Carol\Desktop\ComboFix.exe
AV: Virgin Media Security Anti-Virus *Disabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
FW: Virgin Media Security Firewall *Disabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
SP: Virgin Media Security Anti-Spyware *Disabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 11:02 . 2011-06-11 11:02 -------- d-----w- c:\users\Carol\AppData\Local\temp
2011-06-11 11:02 . 2011-06-11 11:02 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-06-11 11:02 . 2011-06-11 11:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-10 13:45 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F933192A-BE53-490B-85DF-9F2DE8203150}\mpengine.dll
2011-06-10 13:39 . 2011-06-10 13:39 -------- dc----w- C:\Temp
2011-06-09 17:13 . 2011-06-09 17:13 -------- d-----w- c:\program files\Common Files\Java
2011-06-07 21:48 . 2011-06-07 21:48 -------- dc----w- C:\_OTL
2011-06-07 14:46 . 2011-06-07 14:46 388096 ----a-r- c:\users\Carol\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-07 14:33 . 2011-06-07 14:33 -------- d-----w- c:\program files\Trend Micro
2011-06-06 18:50 . 2011-06-06 18:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 18:01 . 2011-06-06 18:01 -------- d-----w- c:\windows\Sun
2011-06-06 17:32 . 2011-06-06 17:33 -------- d-----w- c:\program files\TuneUpMedia
2011-06-06 17:32 . 2011-06-07 07:04 -------- d-----w- c:\users\Carol\AppData\Roaming\TuneUpMedia
2011-06-06 17:32 . 2011-06-10 11:28 -------- d-----w- c:\programdata\TuneUpMedia
2011-06-06 17:30 . 2011-06-06 17:30 -------- d-----w- c:\program files\Vuze
2011-06-06 17:21 . 2011-06-06 17:21 75776 --sha-r- c:\windows\system32\mciseqp.dll
2011-06-06 17:09 . 2011-06-06 17:09 -------- d-----w- c:\users\Carol\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2011-05-29 14:57 . 2011-05-29 14:57 -------- d-----w- c:\program files\MSECache
2011-05-29 12:39 . 2011-05-29 12:37 8192 ----a-w- c:\windows\system32\srvany.exe
2011-05-29 12:35 . 2011-05-29 12:35 -------- d-----w- c:\windows\PCHEALTH
2011-05-29 12:35 . 2011-05-29 12:35 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-05-29 12:33 . 2011-05-29 12:33 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-05-29 12:30 . 2011-05-29 12:30 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-05-29 12:29 . 2011-05-29 12:29 -------- d-----w- c:\users\Carol\AppData\Local\Microsoft Help
2011-05-29 12:28 . 2011-05-30 10:50 -------- d-----w- c:\programdata\Microsoft Help
2011-05-29 12:27 . 2011-05-29 12:27 -------- dc----r- C:\MSOCache
2011-05-14 19:08 . 2009-11-02 14:27 25608 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-05-14 19:08 . 2009-10-23 12:25 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-05-14 19:08 . 2011-05-14 19:08 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2011-05-14 19:07 . 2011-05-14 19:07 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2011-05-14 19:07 . 2011-05-14 19:07 -------- d-----w- c:\programdata\Raxco
2011-05-14 19:07 . 2011-05-14 19:07 -------- d-----w- c:\program files\Raxco
2011-05-13 19:53 . 2011-06-04 11:49 -------- d-----w- c:\users\Carol\Paranormal.Activity.2.2010.UNRATED.DVDRip.XviD-Larceny
2011-05-13 19:52 . 2011-05-14 18:54 -------- d-----w- c:\users\Carol\Paranormal Activity 1-2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 08:11 . 2011-04-08 12:38 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2011-04-08 12:38 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 03:52 . 2010-05-14 19:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-26 20:04 . 2011-04-26 20:04 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-05-19 07:20 . 2011-03-24 08:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"ReminderApp"="c:\program files\Nova Development\Greeting Card Factory Deluxe\ReminderApp.exe" [2006-07-11 139264]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 135664]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-05-29 8192]
R2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [2010-01-04 165408]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-05-22 20640]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [2011-03-23 1406264]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 27800]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 464AF00A
*Deregistered* - 464af00a
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
bdx REG_MULTI_SZ scan sysagent
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 12:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 11:00]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 11:00]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-800787542-104480023-1181155886-1000Core.job
- c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-21 14:18]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-800787542-104480023-1181155886-1000UA.job
- c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-21 14:18]
.
2011-05-14 c:\windows\Tasks\HPCeeScheduleForCarol.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-10-24 19:03]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\zknkrr93.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BSRTDF&PC=BBSR&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-11 12:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-800787542-104480023-1181155886-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,c7,e1,7b,a4,dc,6f,72,ff,8a,d0,47,88,43,1a,a0,a0,20,af,a8,3f,
dc,ca,d2,b6,fe,93,8d,35,93,20,cc,21,04,0c,76,9a,fd,15,49,70,28,9c,36,28,ae,\
"rkeysecu"=hex:cc,16,5a,54,88,34,43,0c,42,a0,74,5b,f1,02,46,44
.
Completion time: 2011-06-11 12:06:32
ComboFix-quarantined-files.txt 2011-06-11 11:06
ComboFix2.txt 2011-06-10 07:23
.
Pre-Run: 29,133,713,408 bytes free
Post-Run: 29,126,508,544 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,9
- - End Of File - - A8335132B172443D3B912F7416411469

 

[Jacee]

Looking better!

I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

 

[vista890]

ESET Scan


C:\Users\Carol\Downloads\sims\Games\07_Glamour Life Stuff\The Sims 2 - Glamour Life Stuff.iso probably a variant of Win32/Agent.LNDZOZL trojan

 

[vista890]

My Virgin Media security has just picked up on another virus. I wasn't doing a scan at the time, it just popped up on the task bar that it had found a virus. Its says..
Threat: Gen:Variant.Vundo.4
Original file name: mciseqp.dll
Folder: C:\WINDOWS\System32\
Source: Real-time

The virus has been put into quarantine, and gives me the option to delete it. Should I do this?

 

[Jacee]

Absolutely!

I'm on vacation for the next couple of days... so please don't think I'm ignoring you.

 

[vista890]

ok Should I run the Eset scan again and delete the virus that, that picked up as well?

Just to add, the web pages have stopped redirecting now, so hopefully all the viruses will be cleared soon! Enjoy your vacation

 

[vista890]

Whilst your away...I've run another Eset scan, which came back clear. Then I've ran Malwarebytes scan again, here is the log....


Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6859

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

15/06/2011 16:00:53
byteslog

Scan type: Full scan (C:\|D:\|)
Objects scanned: 700034
Time elapsed: 8 hour(s), 8 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\3XQZ6EO4AP (Trojan.FakeAlert.SA) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\monte cristo\fire department 3\FD3.exe (Malware.Gen) -> No action taken.

 

[Jacee]

Sheesh, sorry, I'm late!!!! It's been one thing after another.

Was this game Fire Department 3, a torrent download?

Please upload c:\program files\monte cristo\fire department 3\FD3.exe to
VirusTotal - Free Online Virus, Malware and URL Scanner and have it scanned ... save the output log and copy/paste it back here.

 

[vista890]

It's ok

The Fire Department 3 game isn't a torrent, and it's not even been downloaded from the internet, so can't understand why it had a virus in it?? It's been installed on the pc for a couple of years and nothing has ever picked up that there was a virus in it before.

I've tried to upload the file, but it says it cannot be found. I did remove the threats from malwarebytes, maybe that's why.