Infected Vista home premium Service pack 1 85.255.112.215 problem?

My computer is infected and makes IE7 go to other websites rather than the one I wanted. I have done the Microsoft onecare scan and it found a few infections but couldn't clean them all. I have changed my DNS to automatic and deleted the 85.225.112.215 and 85.255.112.94 IP address. I have tried to download the Malwherebytes software but it won't let me open it. I am using McAfee Security Centre software.
I hope some one can advise me how to get rid of this infection? Ian

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

I just downloaded HijackThis and when I ran it it crashed my computer (screen blue and error) and restarted after memory dump?

Any suggestions on my next move?

When I do a Vista update I get the error 80244019 if this help?

Rename Hijack This.exe, see what happens.

I have managed to do another OnCare Saftey Scanner and this says that I have Virtool:Win32/Obfuscator.ER and Virtool:Win32/Obfuscator.ET, I have tried to locate these in the Win32 folder without success and my McAfee virus software cannot find. The Saftey Scanner alos came up with 5 Registry Errors that were skipped by user. This I didn't do? Looked on Windows Malware Protection Centre for these viruses, but it's not very helpful on trying to get rid of them.
I hope you can help?

Is the Hijack.exe only 793Kb?

It says in the compatibity properties run with Windows XP, I am using Vista?

Managed to get a log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:39, on 17/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\oakeyone\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Users\oakeyone\Downloads\HiJack(GP)This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\oakeyone\Program Files\DNA\btdna.exe"
O4 - Global Startup: ASETRES.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.215,85.255.112.94
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.112.215,85.255.112.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.215,85.255.112.94
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9770 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.215,85.255.112.94
  O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.112.215,85.255.112.94
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.215,85.255.112.94
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Hi, Thank you the information, I have done the HijackThis part and deleted the three files, but I cannot get Malwarebytes to load? What do you suggest?

There is a Rootkit Present in your system that is why you can not run Malwarebytes, lets remove it shall we:

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (Mcafee)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Hi, I did manage to download Combo-fix and it deleted three files and go to stage 50 and hung up on the following "
'PEV' is not recognized as an internal or external command operable program or batch file'
The PC restarted and I have tried again to download Combo-fix, but even with each of the McAfee Security Centre sections off, I get the following message from McAfee:

McAfee has automatically blocked and removed a Trojan.

About this Trojan
Detected: Artemis!3BAFF46CFABF (Trojan), Artemis!3BAFF46CFABF (Trojan)
Location: C:\Users\oakeyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F856HQLY\ComboFix[1].exe

How do we progress from here?

Uninstall Mcafee. They are a little over the top on some things, because parts of what makes up Combofix (hence why it's so powerful) are used to stop processes etc, and antivirus programs cannot tell the different between good and malicious intent of the file.

Will it still be OK to go online to download ComboFix?

Yes it will.

Sorry for the delay still trying to either turn off as I cannot find a unistall icon or folder

Still strying, even using the Program Removal in the Control panel won't let me? Is there another way round it?

Please download Revo Uninstall from here: Revo Uinstaller

1. Download and run the setup file for Revo Uninstaller.
   
2. Once setup, run Revo Uninstaller.
   
3. Select the following item for removal by clicking on it once.
   
   Mcafee Security Center
   
   
4. Then hit the "Uninstall" button at the top.
   
5. Close Revo Uninstaller.
   

Success, removed McAfee and ran Combo-fix but the result is too big to post?
How do I show you?

DO you need all the information or just part of ComboFix scan log?

Below are some of the key results of the Combfix as the full results were too large to put in here. I will send in two parts
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-16 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e4,bf,d9,be,25,ef,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5518B003-3A11-4DCC-BABD-65A7CDC9E462}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C2A56676-F3C3-43B2-B627-35FA1499FBC8}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2A7AD432-0FAF-454B-BED1-E791EB9A79FA}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B6348FC1-1D0C-4B4C-B44A-99F4F57DAEED}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8D2B920C-D9B8-471D-A88F-105F5FBC9558}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{177A75CA-7CFF-4349-8D0B-61FC0AEA3A45}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{AE25174F-D79C-41EC-965F-472D021ADBB5}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{0A83A624-9D2A-43AD-8304-27E2C6D6D113}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5F48CC65-905B-446B-9DC7-3C08A302DBB5}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{E6904C8B-981A-45E3-8928-08038DA9B7B8}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{226C8D64-9553-44D1-B66A-D4D4214B19CB}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{FAC12E16-D5A9-4845-8F40-B99BE932F981}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{E206CFE5-0803-4CC1-956B-030DEAD48FF7}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{E5FA7801-FA65-4F14-9107-1F89F943CA9C}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{2D6C39DE-6BC3-426A-9090-23C186D7E934}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{6FECA731-7A4A-475A-A5D5-465FE99BEE84}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{9C21D352-F3AF-40C1-81FE-9B8E5E9FC678}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"TCP Query User{CDB66B2C-0E88-48D6-A431-9838D76390EA}c:\\users\\oakeyone\\program files\\dna\\btdna.exe"= UDP:c:\users\oakeyone\program files\dna\btdna.exe:btdna.exe
"UDP Query User{0105DFA6-AD02-4201-A71E-A17BE79D713C}c:\\users\\oakeyone\\program files\\dna\\btdna.exe"= TCP:c:\users\oakeyone\program files\dna\btdna.exe:btdna.exe
"TCP Query User{B76CC6DB-EE3D-4209-8E20-27B492B04621}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{2EBBC210-CF4F-4686-953D-167A3935E17F}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [16/06/2009 10:20 269448]
S3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [16/03/2008 20:01 30752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BitTorrent DNA"="c:\users\oakeyone\Program Files\DNA\btdna.exe" [2009-02-28 321344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-06 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-06-07 203296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-17 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

Rest of the results
ComboFix 09-06-16.05 - oakeyone 17/06/2009 18:14.3 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.44.1033.18.3071.2086 [GMT 1:00]
Running from: c:\users\oakeyone\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

2009-06-17 17:16 . 2009-06-17 17:16 -------- d-----w- c:\users\oakeyone\AppData\Local\temp
2009-06-17 17:02 . 2009-06-17 17:02 -------- d-----w- c:\program files\VS Revo Group
2009-06-17 12:02 . 2009-06-17 12:02 -------- d-----w- c:\program files\Common Files\Scanner
2009-06-17 12:02 . 2009-06-17 12:04 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-06-17 09:45 . 2009-02-12 09:35 38208 ----a-w- c:\users\oakeyone\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-17 09:45 . 2009-06-17 09:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-17 09:45 . 2009-06-17 09:45 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-06-17 09:44 . 2009-06-17 11:23 -------- d-----w- c:\programdata\NOS
2009-06-17 09:44 . 2009-06-17 11:23 -------- d-----w- c:\program files\NOS
2009-06-17 09:30 . 2009-06-17 09:30 -------- d-----w- c:\program files\Java
2009-06-17 09:28 . 2009-06-17 09:30 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 08:22 . 2008-03-18 15:31 98304 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2009-06-17 08:18 . 2009-06-17 08:18 -------- d-----w- c:\windows\system32\EventProviders
2009-06-17 08:17 . 2009-04-11 04:42 27648 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-06-17 08:00 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-17 08:00 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-16 17:00 . 2009-06-17 16:04 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-16 16:58 . 2008-12-04 00:25 120832 ----a-w- c:\users\oakeyone\AppData\Roaming\Mozilla\Firefox\Profiles\tcyp9i9m.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-16 16:50 . 2009-06-16 16:50 -------- d-----w- c:\users\oakeyone\AppData\Local\Mozilla
2009-06-16 16:29 . 2009-06-16 16:29 -------- d-----w- c:\users\oakeyone\AppData\Local\Yahoo
2009-06-16 15:25 . 2009-06-16 15:25 -------- d-----w- c:\programdata\Yahoo!
2009-06-16 10:38 . 2009-06-16 10:38 -------- d-----w- c:\users\oakeyone\AppData\Roaming\Media Player Classic
2009-06-16 10:38 . 2009-01-21 10:38 158249 ----a-w- c:\windows\system32\Downlnvw.exe
2009-06-16 07:35 . 2009-06-16 07:35 -------- d-----w- c:\users\oakeyone\AppData\Local\Acer DVDivine
2009-06-16 07:34 . 2009-06-16 07:34 -------- d-----w- c:\users\oakeyone\AppData\Local\Acer DV Magician
2009-06-16 06:51 . 2009-06-16 06:51 -------- d-----w- c:\users\oakeyone\AppData\Roaming\dvdcss
2009-06-16 06:35 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-16 06:35 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-11 16:28 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 16:28 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 16:28 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-29 09:35 . 2009-05-30 10:01 -------- d-----w- c:\users\oakeyone\AppData\Roaming\DivX
2009-05-29 09:31 . 2009-05-29 09:31 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-29 09:31 . 2009-06-12 11:10 -------- d-----w- c:\program files\DivX
2009-05-29 09:31 . 2009-06-12 11:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-26 17:40 . 2009-06-16 11:53 -------- d-----w- c:\users\oakeyone\AppData\Roaming\skypePM
2009-05-26 17:39 . 2009-06-16 14:53 -------- d-----w- c:\users\oakeyone\AppData\Roaming\Skype
2009-05-26 17:39 . 2009-05-26 17:39 -------- d-----w- c:\program files\Common Files\Skype
2009-05-26 17:39 . 2009-05-26 17:39 -------- d-----r- c:\program files\Skype
2009-05-26 17:39 . 2009-05-26 17:39 -------- d-----w- c:\programdata\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 17:12 . 2009-06-17 08:10 4838 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-06-17 17:07 . 2008-03-16 20:04 -------- d-----w- c:\programdata\McAfee
2009-06-17 17:07 . 2008-03-16 20:04 -------- d-----w- c:\program files\McAfee
2009-06-17 17:07 . 2009-02-21 19:26 -------- d-----w- c:\users\oakeyone\AppData\Roaming\DNA
2009-06-17 13:03 . 2009-02-21 19:27 -------- d-----w- c:\users\oakeyone\AppData\Roaming\BitTorrent
2009-06-17 09:46 . 2008-03-16 20:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-17 08:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-17 08:24 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-17 08:05 . 2009-02-07 12:37 101856 ----a-w- c:\users\oakeyone\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-17 07:58 . 2008-03-16 19:28 -------- d-----w- c:\programdata\Microsoft Help
2009-06-17 07:57 . 2008-03-16 19:29 -------- d-----w- c:\program files\Microsoft Works
2009-06-16 15:25 . 2009-02-07 12:52 -------- d-----w- c:\programdata\Yahoo! Companion
2009-06-16 15:25 . 2008-03-16 20:02 -------- d-----w- c:\program files\Yahoo!
2009-06-16 09:24 . 2008-03-16 19:45 -------- d-----w- c:\program files\Acer Arcade Live
2009-06-16 07:34 . 2009-04-11 14:13 -------- d-----w- c:\users\oakeyone\AppData\Roaming\CyberLink
2009-05-26 17:40 . 2009-05-26 17:40 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-05-04 11:25 . 2009-05-03 16:51 -------- d-----w- c:\program files\Full Tilt Poker.Net
2009-05-04 11:25 . 2008-03-16 19:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown


------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
mStart Page = hxxp://en.uk.acer.yahoo.com
Trusted Zone: microsoft.com\www
FF - ProfilePath - c:\users\oakeyone\AppData\Roaming\Mozilla\Firefox\Profiles\tcyp9i9m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\oakeyone\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 18:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2664)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Completion time: 2009-06-17 18:17
ComboFix-quarantined-files.txt 2009-06-17 17:17

Pre-Run: 236,770,017,280 bytes free
Post-Run: 236,680,642,560 bytes free

199 --- E O F --- 2009-06-17 08:22

See anything that needs fixing or changing?

Nope, all looks good to me.
Still having problems?

Do you think the HijackThis, deletion of the three or four files and Combi-fix solved the problem?
I will reload McAfee and see if IE7 browsers gets diverted to other websites and get back to you. In the menatime thankyou for all support and efforts and I will certainly be making a donation.
Ian

Latest update, was tied up yesterday and had to please the misses........in a good way.
I have now re-installed McAfee, Malwarebytes and managed to update Windows to Service Pack 2 and IE8.
I did a scan with Malwarebytes and it said I had Bifrost Backdoor, which it quantined and then removed.
On starting IE8 I keep getting it closed with a statement DEP Data Execution Prevention. (which according to the information prevent damage from virus and security threats and uses system memory safely)
What would you suggest be my next step? Do you need another scan log?
Ian

Forgot to mention, when I do manage to start IE8 it keeps closing saying that "the program has stop working and will restart" is this to do with the new IE8 ?

Just done a full scan with McAfee and it came up with Artemis virus that it removed and quarantined.

Where did it find it?

The IE8 problem is likely an add-on that it doesn't like.
Right click the IE8 icon on your Desktop, and there will be an option to run it without add-ons.

Artemis was in the Combo-Fix.exe file (desktop) and is in McAfee Quarantine
Qoobox was in Windows\system32\MSIVX(lots of letters).dll.vir and is in
Malwarebyte Quarantine
Not sure where Bifrost Backdoor was as it was deleted.

Is the abobe OK, or do I need to delete these?
IE8 is now working fine with the add-ons turned off

Hello.
This is fine. C:\Qoobox\C\Windows\etc is Combofix quarantine folder.

Just delete the Qoobox folder.

Find out what add-ons you are running normally in IE8 and disable them one by one and see which is causing the problem.