Vista Antivirus Pro 2010 virus

ComboFix 10-02-27.04 - Justin the Hutt 02/27/2010 15:59:40.1.2 - x86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.2045.1284 [GMT -5:00]
Running from: c:\users\Justin the Hutt\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\sysReserve.ini
c:\users\Justin the Hutt\AppData\Local\Microsoft\Windows\Temporary Internet Files\k0LA4KYyJ.jpg
c:\users\Justin the Hutt\AppData\Local\Microsoft\Windows\Temporary Internet Files\lX5bA6.jpg
c:\users\Justin the Hutt\AppData\Local\Microsoft\Windows\Temporary Internet Files\MymY126KN.jpg
c:\users\Justin the Hutt\AppData\Local\Microsoft\Windows\Temporary Internet Files\x01AXk.jpg
c:\users\Justin the Hutt\AppData\Roaming\inst.exe
c:\users\Justin the Hutt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-27 21:06 . 2010-02-27 21:06 -------- d-----w- c:\users\Justin the Hutt\AppData\Local\temp
2010-02-27 21:06 . 2010-02-27 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-27 20:57 . 2010-02-27 20:58 -------- d-----w- C:\32788R22FWJFW
2010-02-26 23:46 . 2010-02-26 23:46 -------- d-----w- C:\_OTL
2010-02-20 19:15 . 2010-02-20 19:15 -------- d-----w- c:\program files\championBuilder
2010-02-17 00:25 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-02-17 00:24 . 2010-02-19 03:58 -------- d-----w- c:\program files\Cryptic Studios

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 01:33 . 2009-11-21 01:32 439816 ----a-w- c:\users\Justin the Hutt\AppData\Roaming\Real\Update\setup3.09\setup.exe
2010-02-26 23:38 . 2009-06-11 13:03 -------- d-----w- c:\users\Justin the Hutt\AppData\Roaming\uTorrent
2010-02-25 04:35 . 2009-08-13 18:40 -------- d-----w- c:\users\Justin the Hutt\AppData\Roaming\SPORE
2010-02-24 14:16 . 2009-10-03 05:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 01:52 . 2009-06-09 22:30 49605 ----a-w- c:\programdata\nvModes.dat
2010-02-20 23:53 . 2009-12-23 18:22 -------- d-----w- c:\users\Justin the Hutt\AppData\Roaming\Vso
2010-02-16 15:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-27 01:32 . 2009-08-13 18:10 -------- d-----w- c:\programdata\Electronic Arts
2010-01-27 01:31 . 2009-06-11 12:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-27 01:31 . 2010-01-27 01:32 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-27 01:31 . 2009-06-11 12:54 38784 ----a-w- c:\users\Justin the Hutt\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-26 16:18 . 2009-06-12 18:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-26 15:03 . 2009-06-10 00:39 680 ----a-w- c:\users\Justin the Hutt\AppData\Local\d3d9caps.dat
2010-01-15 06:14 . 2009-12-07 03:21 -------- d-----w- c:\programdata\Skype
2010-01-15 06:09 . 2009-09-12 19:23 -------- d-----w- c:\users\Justin the Hutt\AppData\Roaming\Move Networks
2010-01-15 06:04 . 2009-06-11 12:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-06 23:51 . 2009-12-07 03:26 -------- d-----w- c:\users\Justin the Hutt\AppData\Roaming\skypePM
2010-01-06 23:50 . 2009-06-11 12:54 -------- d-----w- c:\programdata\NOS
2010-01-03 02:16 . 2009-06-10 00:39 85672 ----a-w- c:\users\Justin the Hutt\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-02 06:38 . 2010-01-22 11:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 11:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 11:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 11:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 01:51 . 2009-12-31 01:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_androidusb_01005.Wdf
2009-12-31 01:49 . 2009-12-31 01:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-12-28 12:35 . 2010-02-10 11:40 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 11:40 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 11:40 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 11:40 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 11:40 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 11:40 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 11:40 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 11:40 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 11:40 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 11:40 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-23 20:45 . 2009-12-23 18:22 47360 ----a-w- c:\users\Justin the Hutt\AppData\Roaming\pcouffin.sys
2009-12-23 20:45 . 2009-12-23 18:22 47360 ----a-w- c:\users\Justin the Hutt\AppData\Roaming\pcouffin.sys
2009-12-23 18:22 . 2009-12-23 18:22 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-11 12:07 . 2010-02-10 11:40 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 11:40 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 11:40 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 11:40 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 11:40 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-07 16:48 . 2009-06-09 23:05 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-07 03:26 . 2009-12-07 03:26 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-04 16:12 . 2010-02-10 11:40 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 16:12 . 2010-02-10 11:40 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-11-22 14:57 . 2006-11-22 14:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\users\Justin the Hutt\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-09 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13781536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-11 198160]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-12-11 291760]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-06-25 283792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_11\bin\jusched.exe" [2009-07-28 136600]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\users\Justin the Hutt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2009-12-9 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/9/2009 6:05 PM 108289]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\System32\ASTSRV.EXE [7/12/2009 4:24 PM 57344]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\System32\drivers\copperhd.sys [11/2/2005 9:54 AM 11596]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [11/2/2006 5:25 AM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [11/2/2006 5:25 AM 251904]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
S3 androidusb;ADB Interface Driver;c:\windows\System32\drivers\androidusb.sys [9/4/2009 4:38 PM 25728]
.
Contents of the 'Scheduled Tasks' folder

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-102117945-2110181670-3325598433-1000Core.job
- c:\users\Justin the Hutt\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-09 19:06]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-102117945-2110181670-3325598433-1000UA.job
- c:\users\Justin the Hutt\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-09 19:06]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Justin the Hutt\AppData\Roaming\Mozilla\Firefox\Profiles\pq5fbrn1.default\
FF - prefs.js: browser.search.selectedEngine -
FF - plugin: c:\program files\Java\jre1.6.0_11\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre1.6.0_11\bin\new_plugin\npjp2.dll
FF - plugin: c:\users\Justin the Hutt\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-bearsharetb - c:\program files\BearShareTb\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 16:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-102117945-2110181670-3325598433-1000\Software\SecuROM\License information*]
"datasecu"=hex:81,1a,e0,33,01,f9,8f,16,ec,e5,45,b7,87,01,da,5a,5c,0a,80,d8,f1,
fa,8b,8c,35,c5,b9,60,fd,a0,85,83,dd,c1,36,b5,f6,97,d7,bb,07,69,0e,40,d4,f5,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-27 16:09:02
ComboFix-quarantined-files.txt 2010-02-27 21:09

Pre-Run: 726,052,880,384 bytes free
Post-Run: 726,101,143,552 bytes free

- - End Of File - - 11FDF00BBCF162E0CA3C42543579AF61

is anything else needed? everything seems ok at the moment

Hello.

• Click Start >> Control Panel.
  
• Under the Programs click Uninstall a Program
  
• Highlight the following:
  
  Java(TM) 6 Update 11
  MediaBar
  Uniblue DriverScanner 2009
  
  
• Click on the Uninstall/Change button at the top.
  

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

didnt see a MediaBar in the program list, looked for a while. havent done the run / copy past part yet should i do it even though i didnt see Medibar?

i did uninstall the other two though.

Okay, how is the machine running then?

its seems to be running great! thank you so much i will be sure to donate!