Hijack This Diagnosis

I'm fixining my mother in law's computer, and wow. umm.. I am a little over my head I guess.
I'm hoping one of you pros can save me from having to google over a hundred different hijack this lines.

Thanks so much,
~Chase



DDS (Ver_09-06-26.01) - NTFSx86
Run by The Magnificant One at 13:00:41.41 on Tue 07/28/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1997 [GMT -7:00]

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k NetworkService
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
c:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:Program FilesMcAfeeMSKMskSrver.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Windowssystem32svchost.exe -k imgsvc
C:WindowsSystem32svchost.exe -k WerSvcGroup
C:Windowssystem32SearchIndexer.exe
C:Windowssystem32DRIVERSxaudio.exe
C:Windowssystem32WUDFHost.exe
C:Windowssystem32Dwm.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32taskeng.exe
C:WindowsExplorer.EXE
C:hpsupporthpsysdrv.exe
C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe
C:WindowsRtHDVCpl.exe
C:Program FilesYahoo!Search ProtectionSearchProtection.exe
C:Program FilesiTunesiTunesHelper.exe
C:WindowsSystem32rundll32.exe
C:Program FilesHPHP Software Updatehpwuschd2.exe
C:Program FilesISP50binbartshel.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
C:Windowsehomeehtray.exe
C:Program FilesSnapfish Picture MoverSnapfishMediaDetector.exe
C:Program FilesVerizon WirelessVZAccess ManagerVZAccess Manager.exe
C:Windowssystem32schtasks.exe
C:Windowsehomeehmsas.exe
C:WindowsSystem32rundll32.exe
C:Windowssystem32jusched.exe
C:Program FilesISP50binppshared.exe
C:Program FilesiPodbiniPodService.exe
C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
C:hpkbdkbd.exe
C:Windowssystem32NOTEPAD.EXE
C:Program FilesInternet ExplorerIEUser.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesGoogleGoogle ToolbarGoogleToolbarUser_32.exe
C:WindowsMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe
C:Program FilesDAPDAP.EXE
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowssystem32DllHost.exe
C:Windowssystem32DllHost.exe
C:UsersThe Magnificant OneDocumentsMy Completed Downloadsdds.scr
C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.wunderground.com/wundermap/
uSearch Bar = hxxp://home.peoplepc.com/search/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpn0yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:program filesaskbardisbarbinaskBar.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:progra~1mcafeemskmskapbho.dll
BHO: PeoplePC FixedBandBHO: {3de88907-3e38-11d4-beb2-cbe76c0598dd} - c:program filesisp50binBandObject.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0_01binssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:program filesmcafeevirusscanscriptsn.dll
BHO: PeoplePal Toolbar: {a8fb8eb3-183b-4598-924d-86f0e5e37085} - c:program filespeoplepctoolbarPPCToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.2.4204.1700swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:progra~1mcafeesitead~1mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:program filesgooglegoogle toolbarcomponentfastsearch_B7C5AC242193BB3E.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:program filesyahoo!companioninstallscpn0YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpn0yt.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: PeoplePal Toolbar: {a8fb8eb3-183b-4598-924d-86f0e5e37085} - c:program filespeoplepctoolbarPPCToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:program filesaskbardisbarbinaskBar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:progra~1mcafeesitead~1mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
uRun: [Sidebar] c:program fileswindows sidebarsidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPADVISOR] c:program fileshewlett-packardhp advisorHPAdvisor.exe autoRun
uRun: [ehTray.exe] c:windowsehomeehTray.exe
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
uRun: [Search Protection] c:program filesyahoo!search protectionSearchProtection.exe
mRun: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
mRun: [hpsysdrv] c:hpsupporthpsysdrv.exe
mRun: [KBD] c:hpkbdKbdStub.EXE
mRun: [OsdMaestro] "c:program fileshewlett-packardon-screen osd indicatorOSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-PackardHP Health CheckHPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:windowssystem32jureg.exe"
mRun: [<NO NAME>]
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportbinAppleSyncNotifier.exe
mRun: [YSearchProtection] "c:program filesyahoo!search protectionSearchProtection.exe"
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [NvSvc] RUNDLL32.EXE c:windowssystem32nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [mcagent_exe] "c:program filesmcafee.comagentmcagent.exe" /runkey
mRun: [McENUI] c:progra~1mcafeemhnMcENUI.exe /hide
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [Bart Station] c:program filesisp50htastation.sbrt
StartupFolder: c:usersthemag~1appdataroamingmicros~1windowsstartm~1programsstartupvzacce~1.lnk - c:program filesverizon wirelessvzaccess managerVZAccess Manager.exe
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeofficeOSA9.EXE
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupsnapfi~1.lnk - c:program filessnapfish picture moverSnapfishMediaDetector.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:program filesjavajre1.6.0_01binssv.dll
LSP: c:windowssystem32wpclsp.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Poker%20Superstars%203/Images/stg_drm.ocx
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Poker%20Superstars%203/Images/armhelper.ocx
TCP: {85AE350A-1DF9-459A-A2A0-9EBAC31DFFBD} = 66.174.92.14 66.174.95.44
TCP: {DA0D530C-D9ED-4374-A612-2BDB057C197B} = 66.174.92.14 66.174.95.44
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Name-Space Handler: FTPZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:progra~1dapdapie.dll
Name-Space Handler: HTTPZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:progra~1dapdapie.dll

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefsall.js - pref("ui.allow_platform_file_picker", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:program filesmozilla firefoxgreprefsall.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.urlbar.hideGoButton", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("signon.prefillForms", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

============= SERVICES / DRIVERS ===============

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:program filesmcafeesiteadvisorMcSACore.exe [2009-7-6 203280]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:windowssystem32driversPTDUBus.sys [2008-10-4 29824]
R3 PTDUMdm;PANTECH UM175 Drivers;c:windowssystem32driversPTDUMdm.sys [2008-10-4 41344]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:windowssystem32driversPTDUVsp.sys [2008-10-4 39936]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:windowssystem32driversPTDUWWAN.sys [2008-10-4 59776]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:windowssystem32driversxcbda.sys [2007-1-1 156928]
S2 gupdate1c9edc07c29e550;Google Update Service (gupdate1c9edc07c29e550);c:program filesgoogleupdateGoogleUpdate.exe [2009-6-15 133104]
S2 MyWebSearchService;My Web Search Service;c:progra~1mywebs~1bar1.binmwssvc.exe --> c:progra~1mywebs~1bar1.binmwssvc.exe [?]
S3 6250spi;Elan USB Bridge Service;c:windowssystem32drivers6250spi.sys [2006-9-19 11465]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:progra~1pc-doc~1PCD5SRVC.pkms [2007-9-12 25760]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-07-27 13:34 8,212 a------- c:windowsmfebcdata
2009-07-27 13:32 <DIR> --d----- c:windowsHewlett-Packard
2009-07-16 09:44 0 a------- c:usersthemag~1appdataroamingwklnhst.dat
2009-07-14 11:42 156,672 a------- c:windowssystem32t2embed.dll
2009-07-14 11:42 289,792 a------- c:windowssystem32atmfd.dll
2009-07-14 11:42 72,704 a------- c:windowssystem32fontsub.dll
2009-07-14 11:42 10,240 a------- c:windowssystem32dciman32.dll
2009-07-06 16:01 11,069 a------- c:windowssystem32Config.MPF
2009-07-06 15:59 79,816 a------- c:windowssystem32driversmfeavfk.sys
2009-07-06 15:59 40,552 a------- c:windowssystem32driversmfesmfk.sys
2009-07-06 15:59 35,272 a------- c:windowssystem32driversmfebopk.sys
2009-07-06 15:59 130,424 a------- c:windowssystem32driversMpfp.sys
2009-07-06 15:35 34,248 a------- c:windowssystem32driversmferkdk.sys

==================== Find3M ====================

2009-07-18 09:06 827,904 a------- c:windowssystem32wininet.dll
2009-07-18 09:01 78,336 a------- c:windowssystem32ieencode.dll
2009-07-18 02:46 26,624 a------- c:windowssystem32ieUnatt.exe
2009-07-06 15:04 174 a--sh--- c:program filesdesktop.ini
2009-06-21 08:44 0 a---h--- c:windowssystem32driversMsft_User_WpdMtpDr_01_00_00.Wdf
2009-04-30 05:37 293,376 a------- c:windowssystem32psisdecd.dll
2009-04-30 05:37 428,544 a------- c:windowssystem32EncDec.dll
2009-03-10 03:00 51,200 a------- c:windowsinfinfpub.dat
2009-03-10 03:00 143,360 a------- c:windowsinfinfstrng.dat
2009-03-08 18:32 86,016 a------- c:windowsinfinfstor.dat
2009-01-22 20:53 665,600 a------- c:windowsinfdrvindex.dat
2006-11-02 05:42 287,440 a------- c:windowsinfperflib0409perfi.dat
2006-11-02 05:42 287,440 a------- c:windowsinfperflib0409perfh.dat
2006-11-02 05:42 30,674 a------- c:windowsinfperflib0409perfd.dat
2006-11-02 05:42 30,674 a------- c:windowsinfperflib0409perfc.dat
2006-11-02 02:20 287,440 a------- c:windowsinfperflib0000perfi.dat
2006-11-02 02:20 287,440 a------- c:windowsinfperflib0000perfh.dat
2006-11-02 02:20 30,674 a------- c:windowsinfperflib0000perfd.dat
2006-11-02 02:20 30,674 a------- c:windowsinfperflib0000perfc.dat
2008-09-02 06:42 16,384 a--sh--- c:windowsserviceprofileslocalserviceappdatalocalmicrosoftwindowshistoryhistory.ie5index.dat
2008-09-02 06:42 32,768 a--sh--- c:windowsserviceprofileslocalserviceappdatalocalmicrosoftwindowstemporary internet filescontent.ie5index.dat
2008-09-02 06:42 16,384 a--sh--- c:windowsserviceprofileslocalserviceappdataroamingmicrosoftwindowscookiesindex.dat
2008-05-28 14:34 32,768 a--sh--- c:windowstempcookiesindex.dat
2008-05-28 14:34 32,768 a--sh--- c:windowstemphistoryhistory.ie5index.dat
2008-05-28 14:34 32,768 a--sh--- c:windowstemptemporary internet filescontent.ie5index.dat
2007-01-01 07:08 8,192 a--sh--- c:windowsusersdefaultNTUSER.DAT

============= FINISH: 13:01:25.89 ===============

Sorry, first post. (screwed up)

Mcafee wont start, mcshell.exe is missing or changed.
C:Program files/Mcafee/SiteAdvisor/sahook.dll module wont initiate

Windows Defender has 0x800106ba problem, but when trying to uninstall reinstall, my computer doesnt even show it installed.

I also have Access Violation 0052f0a6 in module 0000000d,

Merged posts. ~ OB

Edited by Orange Blossom, 28 July 2009 - 03:47 PM.

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom