Inactive Another Yahoo/Google Link Redirect

[Inactive] Another Yahoo/Google Link Redirect

I am having a similar issue.
Here is my info from Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:49 PM, on 1/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\vVX6000.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Intel Corp./ICP vortex GmbH - (no file)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6324 bytes

 

Welcome to WindowsBBS kingblc

HijackThis just doesn't show us enough information to properly analyze a system. We use another tool for that now. Please download DDS from one of the 3 mirrors and save it to your desktop.

Mirror 1 Mirror 2 Mirror 3

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.

Include the contents of both logs in your new topic.
The scan will instruct you to post Attach.txt as an attachment.
No need for that though ..... just post it's contents as you would any other log.

• Note - You may be required to split the logs into 2 or more posts due to their size and character count limitations in the forum software.

 

DDS (Ver_09-02-01.01) - NTFSx86
Run by home at 17:23:23.49 on Mon 02/02/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1331 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\vVX6000.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\mobsync.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\home\Downloads\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - Java(tm) Plug-In SSV Helper
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
{9030d464-4c02-4abf-8ecc-5164760863c6}
BHO: {aa58ed58-01dd-4d91-8333-cf10577473f7} - Google Toolbar Helper
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {dbc80044-a445-435b-bc74-9c25c1c588a9} - Java(tm) Plug-In 2 SSV Helper
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} -
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Aim6]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe "
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe "
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\home\appdata\roaming\mozilla\firefox\profiles\vpjucfvl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - plugin: d:\program files\mozilla firefox\plugins\np_gp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-30 206096]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2007-4-10 2385896]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\nbservice.exe --> c:\program files\common files\nero\nero backitup 4\NBService.exe [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-4 33752]

=============== Created Last 30 ================

2009-01-29 14:13 193,109,194 a------- c:\windows\MEMORY.DMP
2009-01-28 13:58 4,899 a------- c:\windows\system32\Config.MPF
2009-01-28 13:57 <DIR> --d----- c:\programdata\SiteAdvisor
2009-01-28 13:56 33,800 a------- c:\windows\system32\drivers\mferkdk.sys
2009-01-28 13:56 201,288 a------- c:\windows\system32\drivers\mfehidk.sys
2009-01-28 13:56 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-01-28 13:56 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-01-28 13:56 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-01-28 13:56 125,728 a------- c:\windows\system32\drivers\Mpfp.sys
2009-01-28 13:55 <DIR> --d----- c:\program files\McAfee.com
2009-01-28 13:55 <DIR> --d----- c:\program files\common files\McAfee
2009-01-28 13:55 <DIR> --d----- c:\program files\McAfee
2009-01-28 13:54 <DIR> --d----- c:\programdata\McAfee
2009-01-27 21:39 <DIR> --d----- c:\programdata\Symantec
2009-01-27 21:39 <DIR> --d----- c:\progra~2\Symantec
2009-01-27 21:38 <DIR> --d----- c:\programdata\Norton
2009-01-27 21:38 <DIR> --d----- c:\progra~2\Norton
2009-01-27 21:37 <DIR> --d----- c:\programdata\NortonInstaller
2009-01-27 21:37 <DIR> --d----- c:\progra~2\NortonInstaller
2009-01-27 21:34 <DIR> --d----- c:\program files\Trend Micro
2009-01-27 20:43 <DIR> --d----- c:\programdata\Elaborate Bytes
2009-01-27 20:43 <DIR> --d----- c:\progra~2\Elaborate Bytes
2009-01-27 20:40 <DIR> --d----- c:\programdata\SlySoft
2009-01-27 20:25 <DIR> --d----- c:\program files\SlySoft
2009-01-27 20:20 <DIR> --d----- c:\program files\Elaborate Bytes
2009-01-27 20:19 <DIR> --d----- c:\users\home\{07f7949b-a75a-474f-9542-03d6276e3cca}
2009-01-26 22:14 <DIR> --d----- c:\program files\Classic Menu for Office
2009-01-25 18:57 <DIR> --d----- c:\program files\SKTools
2009-01-20 18:15 39 a------- c:\windows\Irremote.ini
2009-01-20 18:02 <DIR> --d----- c:\program files\Nero
2009-01-20 18:01 <DIR> --d----- c:\programdata\Nero
2009-01-20 18:01 <DIR> --d----- c:\progra~2\Nero
2009-01-17 15:07 <DIR> --d----- c:\program files\Magic M4A to MP3 Converter
2009-01-16 19:42 103,488 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-01-16 17:35 93,352 a------- c:\windows\system32\ElbyCDIO.dll
2009-01-14 22:18 <DIR> --d----- c:\program files\Motorola Phone Tools
2009-01-14 20:32 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-01-14 20:23 <DIR> --d----- c:\program files\T-Mobile Shadow User Manual
2009-01-14 16:43 24,360 a------- c:\windows\system32\drivers\ElbyCDIO.sys
2009-01-13 21:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-13 21:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-13 21:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 20:58 <DIR> --d----- c:\program files\CCleaner
2009-01-13 20:29 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner
2009-01-13 18:37 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-12 22:09 255 ---shr-- C:\autorun.inf
2009-01-12 21:45 <DIR> --d----- c:\users\home\appdata\roaming\Malwarebytes
2009-01-12 21:45 <DIR> --d----- c:\programdata\Malwarebytes
2009-01-12 21:45 <DIR> --d----- c:\progra~2\Malwarebytes
2009-01-12 21:12 <DIR> --d----- c:\programdata\FLEXnet
2009-01-12 20:48 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-01-12 20:47 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-01-12 20:37 10 a------- c:\windows\system32\db
2009-01-05 20:41 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-05 16:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-01-05 16:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-01-05 14:18 32,592 a------- c:\windows\system32\msonpmon.dll
2009-01-05 14:09 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-01-05 14:08 <DIR> --d----- c:\programdata\Microsoft Help
2009-01-04 21:41 <DIR> --d----- c:\program files\Lavasoft
2009-01-04 21:41 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-04 20:53 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2009-01-04 12:07 <DIR> --d----- c:\programdata\NOS

==================== Find3M ====================

2009-01-31 08:49 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-31 08:49 86,016 a------- c:\windows\inf\infstor.dat
2009-01-31 08:49 51,200 a------- c:\windows\inf\infpub.dat
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-06-26 08:57 174 a--sh--- c:\program files\desktop.ini
2008-06-26 08:48 665,600 a------- c:\windows\inf\drvindex.dat
2008-02-23 12:45 52,968 a------- c:\users\home\appdata\roaming\GDIPFONTCACHEV1.DAT
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:24:40.18 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2008 9:33:38 PM
System Uptime: 2/2/2009 10:53:07 AM (7 hours ago)

Motherboard: ELITEGROUP | | MCP61PM-AM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2200/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 198.545 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.102 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP413: 1/12/2009 8:42:14 PM - Installed Adobe Acrobat 9 Pro Extended - English, Français, Deutsch.
RP414: 1/12/2009 10:06:31 PM - RegistryBackup1.12.2009-10_06_30-PM
RP415: 1/12/2009 10:11:13 PM - RegistryBackup1.12.2009-10_11_12-PM
RP416: 1/13/2009 3:31:19 PM - Scheduled Checkpoint
RP417: 1/13/2009 9:46:47 PM - RegistryBackup1.13.2009-9_46_46-PM
RP418: 1/14/2009 2:31:57 PM - Scheduled Checkpoint
RP419: 1/14/2009 8:23:32 PM - Device Driver Package Install: Microsoft Corporation Network adapters
RP420: 1/14/2009 8:24:19 PM - Device Driver Package Install: Microsoft Corporation Mobile devices
RP421: 1/14/2009 8:24:47 PM - Device Driver Package Install: Microsoft Corporation Portable Devices
RP422: 1/14/2009 8:25:18 PM - Device Driver Package Install: Microsoft Corporation Bluetooth Radios
RP423: 1/14/2009 8:32:08 PM - Installed Windows Mobile Device Center
RP425: 1/14/2009 10:18:19 PM - Installed Motorola Phone Tools
RP426: 1/14/2009 10:19:33 PM - Device Driver Package Install: Motorola Korea, Inc. Universal Serial Bus controllers
RP427: 1/14/2009 10:19:50 PM - Device Driver Package Install: Motorola Korea, Inc. Modems
RP428: 1/14/2009 10:20:07 PM - Device Driver Package Install: Motorola Korea, Inc. Ports (COM & LPT)
RP429: 1/15/2009 10:33:32 AM - Scheduled Checkpoint
RP430: 1/16/2009 10:14:31 AM - Scheduled Checkpoint
RP431: 1/17/2009 11:10:08 AM - Scheduled Checkpoint
RP432: 1/18/2009 9:06:05 AM - Scheduled Checkpoint
RP433: 1/19/2009 12:00:09 AM - Scheduled Checkpoint
RP434: 1/20/2009 12:00:08 AM - Scheduled Checkpoint
RP436: 1/20/2009 6:00:27 PM - Installed Nero 9 2.0.0.1
RP437: 1/22/2009 8:58:20 AM - Scheduled Checkpoint
RP438: 1/23/2009 8:37:49 AM - Scheduled Checkpoint
RP439: 1/24/2009 1:58:51 PM - Scheduled Checkpoint
RP440: 1/24/2009 8:38:51 PM - Installed QuickTime
RP441: 1/24/2009 9:02:16 PM - RegistryBackup1.24.2009-9_02_16-PM
RP442: 1/26/2009 11:28:51 AM - Scheduled Checkpoint
RP444: 1/26/2009 9:51:23 PM - Removed Nero 9 2.0.0.1
RP445: 1/27/2009 1:49:44 PM - Scheduled Checkpoint
RP446: 1/27/2009 8:19:50 PM - Device Driver Package Install: VSO Software
RP448: 1/27/2009 8:20:35 PM - Install CloneDVD2
RP450: 1/27/2009 8:24:57 PM - Install AnyDVD
RP452: 1/27/2009 8:37:19 PM - Remove CloneDVD2
RP454: 1/27/2009 8:38:01 PM - Remove AnyDVD
RP456: 1/27/2009 8:39:26 PM - Install AnyDVD
RP458: 1/27/2009 8:40:19 PM - Install CloneDVD2
RP460: 1/27/2009 8:44:12 PM - Install AnyDVD
RP461: 1/28/2009 8:04:01 PM - Scheduled Checkpoint
RP462: 1/29/2009 10:03:40 AM - Scheduled Checkpoint
RP463: 1/30/2009 2:38:38 PM - Scheduled Checkpoint
RP464: 1/31/2009 2:19:28 PM - Scheduled Checkpoint
RP465: 2/1/2009 11:32:17 AM - Scheduled Checkpoint
RP466: 2/2/2009 10:53:38 AM - Scheduled Checkpoint

==== Installed Programs ======================


µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Ad-Aware
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AIM 6
AnyDVD
Apple Software Update
Avanquest update
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 1.0
Canon MP210 series
Canon MP210 series User Registration
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities PhotoStitch
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Classic Menu 3.x for Office 2007
CloneDVD2
Eusing Free Registry Cleaner
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
HijackThis 2.0.2
ImagXpress
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
K-Lite Codec Pack 4.3.4 (Standard)
Magic M4A to MP3 Converter 3.1
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft LifeCam
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Mozilla Firefox (3.0.5)
MS-Errors ErrorFixer 3.2.9
neroxml
NVIDIA Drivers
PIXMA Extended Survey Program
QuickTime
RegCure 1.5.0.0
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Soft Data Fax Modem with SmartCP
T-Mobile Shadow™ User Manual
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb958619)
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver

==== Event Viewer Messages From Past Week ========

1/26/2009 9:39:46 AM, Error: Service Control Manager [7000] - The PIXMA Extended Survey Program service failed to start due to the following error: The system cannot find the path specified.
1/26/2009 9:39:46 AM, Error: Service Control Manager [7000] - The MSCamSvc service failed to start due to the following error: The system cannot find the path specified.
1/26/2009 9:39:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: tpcdrdrv
1/26/2009 9:39:46 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
1/26/2009 9:39:46 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/27/2009 12:46:50 PM, Error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.
1/27/2009 4:43:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
1/28/2009 12:40:52 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk5\DR8.
1/28/2009 12:45:05 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk5\DR9.
1/28/2009 10:01:21 PM, Error: EventLog [6008] - The previous system shutdown at 9:57:33 PM on 1/28/2009 was unexpected.
1/29/2009 10:39:35 AM, Error: EventLog [6008] - The previous system shutdown at 10:35:59 AM on 1/29/2009 was unexpected.
1/29/2009 2:13:40 PM, Error: EventLog [6008] - The previous system shutdown at 2:12:04 PM on 1/29/2009 was unexpected.
1/29/2009 7:52:53 PM, Error: EventLog [6008] - The previous system shutdown at 7:48:06 PM on 1/29/2009 was unexpected.
1/31/2009 3:00:21 PM, Error: EventLog [6008] - The previous system shutdown at 2:51:48 PM on 1/31/2009 was unexpected.
1/31/2009 3:00:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/31/2009 3:00:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/31/2009 3:00:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/31/2009 3:00:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/31/2009 3:00:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/31/2009 3:01:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/31/2009 3:01:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments " " in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/31/2009 3:01:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC ElbyCDIO mfehidk MPFP NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx tpcdrdrv Wanarpv6
2/1/2009 9:01:35 PM, Error: EventLog [6008] - The previous system shutdown at 7:12:54 PM on 2/1/2009 was unexpected.

==== End Of File ===========================
Thanks for the help noahdfear

 

You've got some infections present. Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

ComboFix 09-02-02.04 - home 2009-02-03 13:51:42.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.1918.1024 [GMT -5:00]
Running from: c:\users\home\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.
ADS - Windows: deleted 72 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\users\home\AppData\Local\Temp\svchost.exe
c:\windows\system32\db\
c:\windows\system32\drivers\msqpdxexifyiuo.sys
c:\windows\system32\msqpdxybtnphxi.dll
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-01-31 13:23 . 2009-01-31 13:23 <DIR> d-------- C:\rsit
2009-01-29 14:13 . 2009-02-01 21:01 193,109,194 --a------ c:\windows\MEMORY.DMP
2009-01-28 13:58 . 2009-02-03 13:51 5,377 --a------ c:\windows\System32\Config.MPF
2009-01-28 13:57 . 2009-01-30 14:16 <DIR> d-------- c:\users\All Users\SiteAdvisor
2009-01-28 13:57 . 2009-01-30 14:16 <DIR> d-------- c:\programdata\SiteAdvisor
2009-01-28 13:56 . 2007-07-21 09:08 201,288 --a------ c:\windows\System32\drivers\mfehidk.sys
2009-01-28 13:56 . 2007-07-13 09:21 125,728 --a------ c:\windows\System32\drivers\Mpfp.sys
2009-01-28 13:56 . 2007-07-24 07:40 79,304 --a------ c:\windows\System32\drivers\mfeavfk.sys
2009-01-28 13:56 . 2007-07-21 09:08 40,488 --a------ c:\windows\System32\drivers\mfesmfk.sys
2009-01-28 13:56 . 2007-07-21 09:08 35,240 --a------ c:\windows\System32\drivers\mfebopk.sys
2009-01-28 13:56 . 2007-07-24 12:02 33,800 --a------ c:\windows\System32\drivers\mferkdk.sys
2009-01-28 13:55 . 2009-01-28 13:55 <DIR> d-------- c:\program files\McAfee.com
2009-01-28 13:55 . 2009-01-31 08:28 <DIR> d-------- c:\program files\McAfee
2009-01-28 13:55 . 2009-01-28 13:56 <DIR> d-------- c:\program files\Common Files\McAfee
2009-01-28 13:54 . 2009-01-30 14:16 <DIR> d-------- c:\users\All Users\McAfee
2009-01-28 13:54 . 2009-01-30 14:16 <DIR> d-------- c:\programdata\McAfee
2009-01-27 21:39 . 2009-01-27 21:39 <DIR> d-------- c:\users\All Users\Symantec
2009-01-27 21:39 . 2009-01-27 21:39 <DIR> d-------- c:\programdata\Symantec
2009-01-27 21:38 . 2009-01-31 08:50 <DIR> d-------- c:\users\All Users\Norton
2009-01-27 21:38 . 2009-01-31 08:50 <DIR> d-------- c:\programdata\Norton
2009-01-27 21:37 . 2009-01-27 21:37 <DIR> d-------- c:\users\All Users\NortonInstaller
2009-01-27 21:37 . 2009-01-27 21:37 <DIR> d-------- c:\programdata\NortonInstaller
2009-01-27 21:34 . 2009-01-27 21:34 <DIR> d-------- c:\program files\Trend Micro
2009-01-27 20:43 . 2009-01-27 20:43 <DIR> d-------- c:\users\All Users\Elaborate Bytes
2009-01-27 20:43 . 2009-01-27 20:43 <DIR> d-------- c:\programdata\Elaborate Bytes
2009-01-27 20:40 . 2009-01-27 20:40 <DIR> d-------- c:\users\All Users\SlySoft
2009-01-27 20:40 . 2009-01-27 20:40 <DIR> d-------- c:\programdata\SlySoft
2009-01-27 20:25 . 2009-01-27 20:39 <DIR> d-------- c:\program files\SlySoft
2009-01-27 20:20 . 2009-01-27 20:40 <DIR> d-------- c:\program files\Elaborate Bytes
2009-01-27 20:19 . 2009-01-27 20:19 <DIR> d-------- c:\users\home\{07f7949b-a75a-474f-9542-03d6276e3cca}
2009-01-26 22:14 . 2009-01-26 22:14 <DIR> d-------- c:\program files\Classic Menu for Office
2009-01-25 18:57 . 2009-01-25 18:57 <DIR> d-------- c:\program files\SKTools
2009-01-24 20:39 . 2009-01-24 20:40 <DIR> d-------- c:\program files\QuickTime
2009-01-20 18:39 . 2009-01-20 18:39 <DIR> d-------- c:\users\home\AppData\Roaming\Nero
2009-01-20 18:15 . 2009-01-26 21:59 39 --a------ c:\windows\Irremote.ini
2009-01-20 18:02 . 2009-01-26 22:00 <DIR> d-------- c:\program files\Nero
2009-01-20 18:01 . 2009-01-26 22:09 <DIR> d-------- c:\users\All Users\Nero
2009-01-20 18:01 . 2009-01-26 22:09 <DIR> d-------- c:\programdata\Nero
2009-01-20 18:01 . 2009-01-26 22:10 <DIR> d-------- c:\program files\Common Files\Nero
2009-01-17 15:07 . 2009-01-17 15:07 <DIR> d-------- c:\program files\Magic M4A to MP3 Converter
2009-01-16 19:42 . 2009-01-16 19:42 103,488 --a------ c:\windows\System32\drivers\AnyDVD.sys
2009-01-16 17:35 . 2009-01-16 17:35 93,352 --a------ c:\windows\System32\ElbyCDIO.dll
2009-01-14 22:18 . 2009-01-14 22:19 <DIR> d-------- c:\program files\Motorola Phone Tools
2009-01-14 22:18 . 2009-01-14 22:18 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-01-14 20:32 . 2009-01-14 20:32 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-01-14 20:23 . 2009-01-14 20:23 <DIR> d-------- c:\program files\T-Mobile Shadow User Manual
2009-01-14 16:43 . 2009-01-14 16:43 24,360 --a------ c:\windows\System32\drivers\ElbyCDIO.sys
2009-01-13 22:23 . 2009-01-13 23:03 <DIR> d-------- c:\program files\RegCure
2009-01-13 21:05 . 2009-01-13 21:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-13 21:05 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-13 21:05 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-13 20:58 . 2009-01-13 20:58 <DIR> d-------- c:\program files\CCleaner
2009-01-13 20:29 . 2009-01-13 20:33 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner
2009-01-13 18:37 . 2009-01-13 20:17 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-12 21:59 . 2009-01-13 21:39 <DIR> d-------- c:\users\Public\home
2009-01-12 21:45 . 2009-01-12 21:45 <DIR> d-------- c:\users\home\AppData\Roaming\Malwarebytes
2009-01-12 21:45 . 2009-01-12 21:45 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-12 21:45 . 2009-01-12 21:45 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-12 21:12 . 2009-01-12 21:12 <DIR> d-------- c:\users\All Users\FLEXnet
2009-01-12 21:12 . 2009-01-12 21:12 <DIR> d-------- c:\programdata\FLEXnet
2009-01-12 20:48 . 2009-01-12 20:48 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-12 20:47 . 2008-04-07 05:38 22,872 -ra------ c:\windows\System32\AdobePDFUI.dll
2009-01-12 20:37 . 2009-01-12 20:37 10 --a------ c:\windows\System32\db
2009-01-05 20:41 . 2009-01-05 20:41 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ c:\windows\System32\QuickTime.qts
2009-01-05 14:18 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll
2009-01-05 14:15 . 2009-01-05 14:15 <DIR> d-------- c:\program files\Microsoft Works
2009-01-05 14:12 . 2009-01-05 14:12 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-05 14:09 . 2009-01-05 14:21 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-05 14:08 . 2009-01-06 13:05 <DIR> d-------- c:\users\All Users\Microsoft Help
2009-01-05 14:08 . 2009-01-06 13:05 <DIR> d-------- c:\programdata\Microsoft Help
2009-01-04 21:41 . 2009-01-04 21:41 <DIR> d-------- c:\program files\Lavasoft
2009-01-04 21:41 . 2009-01-04 21:41 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-04 20:53 . 2009-01-04 20:53 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2009-01-04 12:07 . 2009-01-04 12:49 <DIR> d-------- c:\users\All Users\NOS
2009-01-04 12:07 . 2009-01-04 12:49 <DIR> d-------- c:\programdata\NOS
2009-01-04 12:07 . 2009-01-04 12:07 <DIR> d-------- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-01 23:11 --------- d---a-w c:\programdata\TEMP
2009-01-28 21:57 --------- d-----w c:\users\home\AppData\Roaming\uTorrent
2009-01-25 01:39 --------- d-----w c:\programdata\Apple Computer
2009-01-15 03:18 --------- d-----w c:\programdata\BVRP Software
2009-01-14 02:00 --------- d-----w c:\programdata\Viewpoint
2009-01-14 01:17 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-01-13 23:41 --------- d-----w c:\program files\Common Files\Adobe
2009-01-05 19:14 --------- d-----w c:\program files\MSBuild
2008-12-27 17:00 --------- d-----w c:\users\home\AppData\Roaming\Roxio
2008-12-25 01:38 --------- d-----w c:\program files\uTorrent
2008-12-16 17:47 --------- d-----w c:\users\home\AppData\Roaming\ZoomBrowser EX
2008-12-16 17:44 --------- d-----w c:\programdata\ZoomBrowser
2008-12-12 15:45 --------- d-----w c:\program files\Windows Mail
2008-11-10 10:43 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-06-26 13:57 174 --sha-w c:\program files\desktop.ini
2008-02-23 17:45 52,968 ----a-w c:\users\home\AppData\Roaming\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX6000 "= "c:\windows\vVX6000.exe" [2007-04-10 996712]
"Adobe Acrobat Speed Launcher "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Windows Mobile Device Center "= "c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{81E0FC98-AA35-44C8-9B7C-32E00B7860B2} "= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{8F9567F0-D82B-44FB-92A8-DF2CFEE52DC3} "= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{3F5ECDE0-15C6-4052-A13D-8AAF7EDFD5A9} "= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{E1F2FB28-836E-4F52-BD90-061FAA30755B} "= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{ACBC9CC7-6F6A-417A-B413-DCA390FCD723} "= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EC881E28-8BB7-4198-A9CC-1C4D8F0C58C5} "= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B0CC1B2E-B220-45BC-9318-5B6A6C7D3DC9} "= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4EF37C46-A99F-47A0-AAFE-47C0457A44B6} "= UDP:c:\program files\AIM6\aim6.exe:AIM
"{3B0C5327-3DF3-4D87-ABDF-E380734873C2} "= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{D7F4C710-5CFB-4971-9E67-FA468F95C55B}c:\\program files\\microsoft lifecam\\lifecam.exe "= UDP:c:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{3168CF81-80D5-4745-8C1F-A6FD90AE532B}c:\\program files\\microsoft lifecam\\lifecam.exe "= TCP:c:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"TCP Query User{89C6F268-546E-45D3-B47B-FD0979BFAB14}c:\\program files\\aim6\\aim6.exe "= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{54F5C781-49DD-4911-A83A-BE0E7B5979F5}c:\\program files\\aim6\\aim6.exe "= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{65DC4884-BB6E-42E6-9DB1-00A1FB4DFDF1}d:\\program files\\aim6\\aim6.exe "= UDP:d:\program files\aim6\aim6.exe:AIM
"UDP Query User{89C28952-C686-421A-BEC1-A4A4DA3AC33C}d:\\program files\\aim6\\aim6.exe "= TCP:d:\program files\aim6\aim6.exe:AIM
"TCP Query User{91AF6AF8-6DB0-480C-9F86-B92EF450CEFE}c:\\program files\\utorrent\\utorrent.exe "= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{7114D028-3915-44A1-B004-1F4298C71756}c:\\program files\\utorrent\\utorrent.exe "= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{0A6E2E91-CD1E-4478-B7B3-AEA55BD1DBFB} "= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E53A91E4-7AAC-4986-B625-3A8154DB176C} "= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{12C51FEB-0E58-4FFC-B304-C34488E93EFB} "= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5FB9ECA4-A142-420C-B463-6F281DF2D978} "= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3D9AEE38-07DF-49BD-990B-B8FF7786353C} "= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CD98D329-9C38-4470-BC00-4094A051747F} "= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-30 206096]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\System32\drivers\VX6000Xp.sys [2007-04-10 2385896]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-04 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-01-14 c:\windows\Tasks\ErrorFixer.job
- c:\errorfixer\ErrorFixer\bin\release\ErrorFixer.exe []

2009-01-29 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-07-25 15:10]

2009-01-29 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-07-25 15:10]

2009-02-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]

2009-01-14 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]

2009-01-13 c:\windows\Tasks\RegistryCleaner.job
- c:\registrycleaner\RegistryCleaner\bin\release\RegistryCleaner.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\home\AppData\Roaming\Mozilla\Firefox\Profiles\vpjucfvl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np_gp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 13:55:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-02-03 13:57:42
ComboFix-quarantined-files.txt 2009-02-03 18:57:39

Pre-Run: 214,098,092,032 bytes free
Post-Run: 214,274,965,504 bytes free

232 --- E O F --- 2009-01-12 16:25:56

 

Please delete the following scheduled task.

c:\windows\Tasks\ErrorFixer.job

Looks like ComboFix took care of everything else, but lets get an online scan to be sure. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

 

When i try to run Kaspersky Online Scanner, it says that i need to enable java. Java in enabled, so i tried to download the missing plugins and am receiving an error meesage.

 

Lets see if another tool reveals anything. This tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I only want to see a Report of what it finds.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click 'Start' to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

• Once the short scan has finished, we need to change the default settings.
• In the Menu Bar at the top, click 'Setting'>Change Settings.
• Click on the Actions tab
• Using the drop down menus, change each item under Objects and Malware to [color= "Blue"] Report[/color]
• Next, 'tick' Complete Scan.
• Click the green arrow at the right, and the scan will start.
• Click 'No to All' if it asks if you want to cure/move the file.
• After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Post the contents of the log from Dr.Web you saved previously in your next reply.