Downloads full of unknown files

[richc46]

If you mean Malwarebytes, 3 hours seems excessive. Mine takes 45 minutes. It depends on how many files etc, it has to check. How many gb on the drive that it is scanning?

 

[vista890]

Sorry, it just finished as I posted the last reply! Here are the results from the scan

 

[richc46]

You have malware in registry, you are so lucky that you thought of telling us about that problem that you were having. If Jacee were not helping, I would give you my advice on what to do next; but since we have an expert helping lets take advantage. Sit tight until she returns.

 

[Jacee]

Open MalwareBytes and do this ...
* Be sure that everything is checked, and click Remove Selected.

There's no reason to keep the malware on your machine

Next,
Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix

 

[vista890]

ComboFix 11-03-18.01 - Lee 18/03/2011 20:12:40.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1104 [GMT 0:00]
Running from: c:\users\Lee\Downloads\ComboFix.exe
AV: Virgin Media Security Anti-Virus *Disabled/Updated* {A61154FD-4365-E00F-9A33-13A09AD54B56}
FW: Virgin Media Security Firewall *Disabled* {9E2AD5D8-090A-E157-B16C-BA9564060C2D}
SP: Virgin Media Security Anti-Spyware *Disabled/Updated* {1D70B519-655F-EF81-A083-28D2E15201EB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\extensions\[email protected]
c:\program files\Mozilla Firefox\extensions\[email protected]\chrome.manifest
c:\program files\Mozilla Firefox\extensions\[email protected]\content\blgc.js
c:\program files\Mozilla Firefox\extensions\[email protected]\content\facemoods.png
c:\program files\Mozilla Firefox\extensions\[email protected]\content\facemoods.xul
c:\program files\Mozilla Firefox\extensions\[email protected]\content\Loader.js
c:\program files\Mozilla Firefox\extensions\[email protected]\content\pref.jpg
c:\program files\Mozilla Firefox\extensions\[email protected]\content\preferences.js
c:\program files\Mozilla Firefox\extensions\[email protected]\content\preferences.xul
c:\program files\Mozilla Firefox\extensions\[email protected]\content\prefman.js
c:\program files\Mozilla Firefox\extensions\[email protected]\content\script-compiler.js
c:\program files\Mozilla Firefox\extensions\[email protected]\content\Thumbs.db
c:\program files\Mozilla Firefox\extensions\[email protected]\content\xmlhttprequester.js
c:\program files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\facemoods.js
c:\program files\Mozilla Firefox\extensions\[email protected]\install.rdf
c:\users\Lee\AppData\Roaming\inst.exe
c:\users\Lee\AppData\Roaming\Zuma's Revenge!.exe
c:\users\Public\AlexaNSISPlugin.4736.dll
c:\users\Public\AlexaNSISPlugin.6228.dll
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\office.exe
c:\windows\system32\system
.
.
((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-18 20:30 . 2011-03-18 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-18 20:30 . 2011-03-18 20:30 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-03-18 16:38 . 2011-03-18 16:56 -------- d-----w- c:\users\Mcx1
2011-03-18 15:20 . 2011-03-18 15:20 -------- d-----w- c:\users\Lee\AppData\Roaming\Malwarebytes
2011-03-18 15:20 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-18 15:20 . 2011-03-18 15:20 -------- d-----w- c:\programdata\Malwarebytes
2011-03-18 15:20 . 2011-03-18 15:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-18 15:20 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-18 14:08 . 2011-03-18 14:08 -------- d-----w- c:\program files\CCleaner
2011-03-18 12:25 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9C62751-D0D1-4858-9393-0808CEE0BE8F}\mpengine.dll
2011-03-10 17:42 . 2011-03-10 17:43 -------- d-----w- c:\users\Lee\AppData\Roaming\GetRightToGo
2011-03-09 14:15 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 14:15 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 14:15 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 14:15 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 14:15 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 14:15 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-02-20 13:48 . 2011-02-20 13:48 -------- d-----w- c:\programdata\Cateia Games
2011-02-18 11:10 . 2011-02-18 11:10 -------- d-----w- c:\program files\iPod
2011-02-18 11:10 . 2011-02-18 11:12 -------- d-----w- c:\program files\iTunes
2011-02-18 11:09 . 2011-02-18 11:09 -------- d-----w- c:\program files\Bonjour
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 21:49 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 21:40 . 2010-05-20 17:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 17:11 . 2009-10-02 19:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 11:31 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 11:31 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 11:31 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 11:31 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 11:31 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 11:31 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 11:31 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 11:31 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 11:31 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 11:31 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 11:31 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 11:31 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 11:31 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 11:31 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 11:31 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 11:31 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 11:31 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 11:31 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 11:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 11:31 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 11:31 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 11:31 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:14 . 2011-02-09 11:31 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:12 . 2011-02-09 11:31 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 11:31 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 11:31 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 11:31 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 11:31 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-09 11:31 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 11:31 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 11:32 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 09:46 413696 ----a-w- c:\windows\system32\odbc32.dll
2009-09-04 19:16 . 2009-09-04 19:17 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-27 2387968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-25 39408]
"Google Update"="c:\users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-11-11 570688]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-25 68592]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2010-10-13 4314424]
"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2010-10-13 2032952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9ffda777cc9b0;Google Update Service (gupdate1c9ffda777cc9b0);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 133104]
R2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [2010-01-04 165408]
R3 dump_wmimmc;dump_wmimmc;c:\program files\GALA-NET\Rappelz\GameGuard\dump_wmimmc.sys [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-16 3532120]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2010-12-16 219200]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [2010-10-13 1406264]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [2010-10-13 689464]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-21 66592]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 27800]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 320AF814
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - 320af814
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bdx REG_MULTI_SZ scan sysagent
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 21:28 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 14:43]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-08 14:43]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2024665364-562614693-3534881995-1000Core.job
- c:\users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 10:37]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2024665364-562614693-3534881995-1000UA.job
- c:\users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-06 10:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80269&lng=en
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://uk.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-WT067330 - c:\program files\HP Games\Elizabeth Find
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-18 20:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-18 20:54:23
ComboFix-quarantined-files.txt 2011-03-18 20:54
.
Pre-Run: 50,757,623,808 bytes free
Post-Run: 51,484,594,176 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=18 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18
- - End Of File - - BA2A0A188E7867563674DD98DEA0F152

 

[vista890]

Not sure if I've posted it correctly?
Can you tell me what the HiJackthis is? Do I need to download it?

 

[vista890]

What do I need to do next or is that all now? Is the virus off now? thanks

 

[Jacee]

I'd like you to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

 

[vista890]

C:\Users\Lee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-2e35dd1b Java/TrojanDownloader.Agent.NBK trojan
C:\Users\Lee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\517408d5-7d7ae824 multiple threats
C:\Users\Lee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\2d2ebe9a-6ccca55e multiple threats
C:\Users\Lee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-336b77a3 Java/TrojanDownloader.Agent.NBL trojan
C:\Users\Lee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6d16b872-196978cf probably a variant of Win32/Agent.RPSVWU trojan
C:\Users\Lee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\4b361974-2d65bf62 multiple threats

 

[vista890]

Is it still not safe for me to use any passwords on the laptop?

 

[Jacee]

Download JavaRa and remove all old Java. |MG| JavaRA 1.16 Beta Download

Next, update your Java ......

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "Java Runtime Environment (JRE) 6u24 allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version.

 

[vista890]

Thanks, I've just done all the above, new java is now installed. As soon as I downloaded and used the JavaRa it has put several language files on my desktop....is it ok to delete these and the JavaRa now?

 

[Jacee]

Yes, go ahead and delete it.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Now,
Run another scan with Eset and post the log.

 

[vista890]

Ive ran the TFC scan and rebooted. I'm trying to scan using the Eset but its saying it cant update...?

 

[vista890]

Managed to do the Eset scan now...it didn't provide a log as it said there were no threats found

 

[Jacee]

Let's see what MBam says ...

Download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.50.1 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

 

[vista890]

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 6165

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

25/03/2011 10:16:54
mbam-log-2011-03-25 (10-16-54).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 437796
Time elapsed: 1 hour(s), 54 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Jacee]

Looks good ... how's everything running?

 

[vista890]

So far so good, everything seems to be running fine thanks Is that all the viruses off now?

 

[Jacee]

It appears that way.
Now,

• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
• When shown the disclaimer, Select "2"
  
  
  
  The above procedure will Delete the following:
  • ComboFix and its associated files and folders.
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.