Help got virus etc on laptop and no antivirus in place

an1179

Running PC tools first before I do Malwarebytes

an1179

OK ran pctools spyware Doctor with Anivius it has found 8 threats and 373 infections and wants me to pay for it to fix the problems

dogmaryxx

Don't. Run Malwarebytes again and delete everything found.

an1179

Malwarebytes' Anti-Malware 1.50.1.1100
https://www.malwarebytes.org

Database version: 5838

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22/02/2011 15:06:09
mbam-log-2011-02-22 (15-06-09).txt

Scan type: Full scan (C:\|)
Objects scanned: 259462
Time elapsed: 1 hour(s), 0 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce\MicrosoftWindows (Trojan.Agent) -> Value: MicrosoftWindows -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://redirecturls.info/) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\nashlaptop\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\2ZVAG8ED\facebook-pic0009206951100-jpeg[1].exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\Users\nashlaptop\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\XO721CP2\gus[1].exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\Users\nashlaptop\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\XO721CP2\gux[1].exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\Windows\temp31233724419.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\Windows\temp3123376123.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\Windows\temp31233764419.exe (Worm.Rimecud) -> Quarantined and deleted successfully.

an1179

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 22/02/2011 at 15:26:58.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\InfDefaultInstall.exe
C:\Windows\SysWOW64\runonce.exe
C:\Windows\SysWOW64\grpconv.exe


Rkill completed on 22/02/2011 at 15:27:24.

an1179

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 22/02/2011 at 15:33:25.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

\WiNlOgOn.exe


Rkill completed on 22/02/2011 at 15:33:42.

dogmaryxx

Any problems now?

an1179

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 22/02/2011 at 15:37:45.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

\eXplorer.exe


Rkill completed on 22/02/2011 at 15:38:02.

an1179

dogmaryxx wrote: »

Any problems now?

Thank you for you continued help

Just finished rkill run those are the logs
I need to install antivirus as caffee has run out. I think I'll get Avira?

How can I tell if all is ok?

debitcardmayhem

an1179 wrote: »

Thank you I think I am getting somewhere now. Have got Malwarebytes running scan and downloading pctools - watch this space

Separate issue
I think i have duplicated my programmes file I have got
programme files properties 655MB / 2515 files /475 folders
programme files (x86) properties 5.54GB / 17022 files/1820 folder
sbut I will deal with that later I think
both modified 22/02/2011

Thank you every one for helping me so far

Don't worry about those, you have Program Files which is for 64bit programs, and Program Files(x86) for 32bit programs. This means you are running the 64 bit version of Home Premium .