Inactive "Vista Internet Security 2011"

[Elmorell]

I've got some kind of malware infection that's posing as "Vista Internet Security 2011", giving me popups in the bottom right hand corner every few minutes talking about how my system is infected. Followed the preliminary procedure, but it seems like the malware is blocking MalwareBytes, I can download the file but the setup won't run. The other logs are below:

DDS (Ver_10-11-10.01) - NTFSx86
Run by Jeff at 12:40:44.93 on Sat 11/20/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2035.988 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\steam.exe
C:\Users\Jeff\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Users\Jeff\AppData\Local\am.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jeff\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.princeton.edu/main/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Qjebiredoxirakip] rundll32.exe "c:\users\jeff\appdata\local\mptlsL.dll",Startup
uRun: [Fwoxekoconisix] rundll32.exe "c:\users\jeff\appdata\local\imaquloy.dll",Startup
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [googletalk] c:\users\jeff\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [fgjadtyj] c:\users\jeff\appdata\local\pupseyakw\nlvemdktssd.exe
uRun: [fdeesoml] c:\users\jeff\appdata\local\bucnmdybr\cpwmvgttssd.exe
uRun: [hstofynd] c:\users\jeff\appdata\local\abmqjilto\mbrlkwvtssd.exe
uRun: [hsplrbnk] c:\users\jeff\appdata\local\vsgqscujy\eexajyxtssd.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [nwiz] nwiz.exe /install
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Unattend0000000001{A7ED37BA-A960-42D4-87DD-A67355B13AD5}] "\Program Files\Princeton SCI\Downloader\LaunchDownloader.cmd"
mRun: [Unattend0000000001{48D95F8F-4D75-4950-84DB-E255C78B200F}] "\Program Files\Princeton SCI\Downloader\LaunchDownloader.cmd"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\bi65epm3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.princeton.edu
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\jeff\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\bi65epm3.default\extensions\activegs@freetoolsassociation.com\platform\winnt_x86-msvc\plugins\npActiveGS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-20 343920]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_38163857\AEstSrv.exe [2009-4-20 81920]
R2 alssvc;Ambient Light Sensor;c:\program files\dell\ambient light sensor\AlsSvc.exe [2008-6-3 382232]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-1-6 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-6-1 120128]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-1-6 147472]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-1-6 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-16 70728]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-4-21 12840]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-11-11 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-4-20 224384]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-20 91832]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-20 43288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-16 66600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== File Associations ===============

.exe=sezfile

=============== Created Last 30 ================

2010-11-20 17:00:27 318976 --sha-w- c:\users\jeff\appdata\local\am.exe
2010-11-10 17:16:42 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-10-27 16:22:03 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 16:22:02 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2010-09-20 09:25:01 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-09-10 16:37:06 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:26:59 833024 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 17:23:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 15:53:07 389632 ----a-w- c:\windows\system32\html.iec
2010-09-08 15:28:29 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:24:40 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:23:14 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-31 15:41:42 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:41:42 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:40:26 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:39:46 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:07:25 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:01:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01:33 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01:32 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01:32 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll

============= FINISH: 12:41:29.87 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 6/23/2009 5:21:39 PM
System Uptime: 11/20/2010 10:18:39 AM (2 hours ago)

Motherboard: Dell Inc. | | 0X564R
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | Microprocessor | 2400/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 99.33 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0006
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0006
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #4
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel

==== System Restore Points ===================


==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.5
All Day Battery Life Configuration
Ambient Light Sensor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BioAPI Framework
Bonjour
Broadcom USH Host Components
Bullzip PDF Printer 7.1.0.1140
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CCleaner
Circuit Construction Kit (DC Only)
Dell Security Device Driver Pack
Dell Touchpad
Dell Wireless WLAN Card Utility
DivX Setup
Doom 3
Download Manager 2.3.10
EndNote X2
FileZilla Client 3.2.1
Google Earth
Google Talk (remove only)
Google Update Helper
GPL Ghostscript Lite 8.70
Grand Theft Auto Vice City
GTA San Andreas
GTK+ Runtime 2.14.7 rev a (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hype - The Time Quest
IDT Audio
Intel(R) Network Connections 13.0.42.0
Intel® Matrix Storage Manager
ISI ResearchSoft - Export Helper
iTunes
Java DB 10.5.3.0
Java(TM) 6 Update 18
Java(TM) SE Development Kit 6 Update 18
Logitech Desktop Messenger
Logitech Webcam Software
Logitech Webcam Software Driver Package
MATLAB R2009a
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MiKTeX 2.7
Move Media Player
Mozilla Firefox (3.5.15)
Mozilla Thunderbird (3.1.6)
Myst IV - Revelation
NVIDIA Drivers
NVIDIA nView Desktop Manager
Pidgin
QuickTime
rayman2
RealPlayer
RICOH R5U241 / R5C847 Media Driver ver.2.04.01.00
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 4.2
Steam
System Requirements Lab
TIBCO Spotfire S+ 8.1
Turing Machine
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2443839)
VC80CRTRedist - 8.0.50727.4053
Visual X-TOY 7.1 for Java 1.4
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Wolfram Mathematica 7 for Students (M-WIN-G 7.0.1 1213989)
Wolfram Notebook Indexer 2.0
Write-N-Cite
Zuma Deluxe

==== End Of File ===========================
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-20 12:39:00
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925042 rev.DE17
Running: dbsy6ouj.exe; Driver: C:\Users\Jeff\AppData\Local\Temp\kxldypob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0x8819668A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0x881965E8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x881965FC]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x881966C8]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8819664E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8819669E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0x88196676]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0x88196662]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0x8819663A]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x88196626]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x881966F7]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x881966DE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x881966B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x88196612]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----


Thanks!

 

[Bobbye]

Welcome to TechSpot! I'll help with the malware. Please run the following and when through, try the Malwarebytes scan again:

Please download randmbam.exe

It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already. Once done, try running a scan again. Mbam should remove some of the rogue entries.

Go ahead and run the following also. I see numerous entries that will need to be removed, all part of the malware. I'm setting up script for you to run later:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

=================================================


Please download ComboFix from Here and save to your Desktop.

• 
  [1]. Do NOT rename Combofix unless instructed.
  [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3].Close any open browsers.
  [4]. Double click combofix.exe & follow the prompts to run.
• NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
  [5]. If Combofix asks you to install Recovery Console, please allow it.
  [6]. If Combofix asks you to update the program, always allow.
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

So I need the logs from Malwarebytes, the Eset online scan and Combofix in your next reply.

 

[Elmorell]

That program gives me an error message saying that Malwarebytes is not installed--it's the actual setup that's being blocked, so I can't run the installation. As in, I've downloaded the mbam-setup.1.46.exe file, but running it doesn't do anything.

 

[Bobbye]

Do a right click> Delete on the Mbam setup.
Download Malwarebytes again and attempt the installation and scan
If scan fails again. run ranmbam
Run Mbam

Please run the Eset scan and Combofix.

 

[Elmorell]

New problem--the .exe default program association is somehow now wrong. Whenever I try to run a .exe (including ComboFix or anything else) I get an "Open With" display asking me to pick a program to run it with, which obviously makes no sense. I can't get into regedit to fix it because, you guessed it, regedit.exe gives the same message. Thoughts?

 

[Bobbye]

Ah we don't want you doing any regedits anyway!

Run these, then try the scans:

Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

• Rkill.com
• Rkill.scr
• Rkill.pif
• Rkill.exe
  
• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.

• Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
• A black window should pop up, press any key to close once the fix is completed.
• A log file called exehelperlog.txt will be created and should open at the end of the scan)
• A copy of that log will also be saved in the directory where you ran exeHelper.com
• Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).