
I'm fixining my mother in law's computer, and wow. umm.. I am a little over my head I guess.
I'm hoping one of you pros can save me from having to google over a hundred different hijack this lines.
Thanks so much,
~Chase
DDS (Ver_09-06-26.01) - NTFSx86
Run by The Magnificant One at 13:00:41.41 on Tue 07/28/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1997 [GMT -7:00]
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k NetworkService
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
c:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
C:Program FilesMcAfeeMSKMskSrver.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Windowssystem32svchost.exe -k imgsvc
C:WindowsSystem32svchost.exe -k WerSvcGroup
C:Windowssystem32SearchIndexer.exe
C:Windowssystem32DRIVERSxaudio.exe
C:Windowssystem32WUDFHost.exe
C:Windowssystem32Dwm.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32taskeng.exe
C:WindowsExplorer.EXE
C:hpsupporthpsysdrv.exe
C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe
C:WindowsRtHDVCpl.exe
C:Program FilesYahoo!Search ProtectionSearchProtection.exe
C:Program FilesiTunesiTunesHelper.exe
C:WindowsSystem32rundll32.exe
C:Program FilesHPHP Software Updatehpwuschd2.exe
C:Program FilesISP50binbartshel.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
C:Windowsehomeehtray.exe
C:Program FilesSnapfish Picture MoverSnapfishMediaDetector.exe
C:Program FilesVerizon WirelessVZAccess ManagerVZAccess Manager.exe
C:Windowssystem32schtasks.exe
C:Windowsehomeehmsas.exe
C:WindowsSystem32rundll32.exe
C:Windowssystem32jusched.exe
C:Program FilesISP50binppshared.exe
C:Program FilesiPodbiniPodService.exe
C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
C:hpkbdkbd.exe
C:Windowssystem32NOTEPAD.EXE
C:Program FilesInternet ExplorerIEUser.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesGoogleGoogle ToolbarGoogleToolbarUser_32.exe
C:WindowsMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe
C:Program FilesDAPDAP.EXE
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowssystem32DllHost.exe
C:Windowssystem32DllHost.exe
C:UsersThe Magnificant OneDocumentsMy Completed Downloadsdds.scr
C:Windowssystem32wbemwmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.wunderground.com/wundermap/
uSearch Bar = hxxp://home.peoplepc.com/search/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpn0yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:program filesaskbardisbarbinaskBar.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:progra~1mcafeemskmskapbho.dll
BHO: PeoplePC FixedBandBHO: {3de88907-3e38-11d4-beb2-cbe76c0598dd} - c:program filesisp50binBandObject.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre1.6.0_01binssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:program filesmcafeevirusscanscriptsn.dll
BHO: PeoplePal Toolbar: {a8fb8eb3-183b-4598-924d-86f0e5e37085} - c:program filespeoplepctoolbarPPCToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.2.4204.1700swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:progra~1mcafeesitead~1mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:program filesgooglegoogle toolbarcomponentfastsearch_B7C5AC242193BB3E.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:program filesyahoo!companioninstallscpn0YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpn0yt.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: PeoplePal Toolbar: {a8fb8eb3-183b-4598-924d-86f0e5e37085} - c:program filespeoplepctoolbarPPCToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:program filesaskbardisbarbinaskBar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:progra~1mcafeesitead~1mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
uRun: [Sidebar] c:program fileswindows sidebarsidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPADVISOR] c:program fileshewlett-packardhp advisorHPAdvisor.exe autoRun
uRun: [ehTray.exe] c:windowsehomeehTray.exe
uRun: [WMPNSCFG] c:program fileswindows media playerWMPNSCFG.exe
uRun: [Search Protection] c:program filesyahoo!search protectionSearchProtection.exe
mRun: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
mRun: [hpsysdrv] c:hpsupporthpsysdrv.exe
mRun: [KBD] c:hpkbdKbdStub.EXE
mRun: [OsdMaestro] "c:program fileshewlett-packardon-screen osd indicatorOSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-PackardHP Health CheckHPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:windowssystem32jureg.exe"
mRun: [<NO NAME>]
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportbinAppleSyncNotifier.exe
mRun: [YSearchProtection] "c:program filesyahoo!search protectionSearchProtection.exe"
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [NvSvc] RUNDLL32.EXE c:windowssystem32nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [mcagent_exe] "c:program filesmcafee.comagentmcagent.exe" /runkey
mRun: [McENUI] c:progra~1mcafeemhnMcENUI.exe /hide
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [Bart Station] c:program filesisp50htastation.sbrt
StartupFolder: c:usersthemag~1appdataroamingmicros~1windowsstartm~1programsstartupvzacce~1.lnk - c:program filesverizon wirelessvzaccess managerVZAccess Manager.exe
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupmicros~1.lnk - c:program filesmicrosoft officeofficeOSA9.EXE
StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupsnapfi~1.lnk - c:program filessnapfish picture moverSnapfishMediaDetector.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:program filesjavajre1.6.0_01binssv.dll
LSP: c:windowssystem32wpclsp.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Poker%20Superstars%203/Images/stg_drm.ocx
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Poker%20Superstars%203/Images/armhelper.ocx
TCP: {85AE350A-1DF9-459A-A2A0-9EBAC31DFFBD} = 66.174.92.14 66.174.95.44
TCP: {DA0D530C-D9ED-4374-A612-2BDB057C197B} = 66.174.92.14 66.174.95.44
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Name-Space Handler: FTPZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:progra~1dapdapie.dll
Name-Space Handler: HTTPZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:progra~1dapdapie.dll
================= FIREFOX ===================
FF - ProfilePath -
---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefsall.js - pref("ui.allow_platform_file_picker", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:program filesmozilla firefoxgreprefsall.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.urlbar.hideGoButton", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("signon.prefillForms", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
============= SERVICES / DRIVERS ===============
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:program filesmcafeesiteadvisorMcSACore.exe [2009-7-6 203280]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:windowssystem32driversPTDUBus.sys [2008-10-4 29824]
R3 PTDUMdm;PANTECH UM175 Drivers;c:windowssystem32driversPTDUMdm.sys [2008-10-4 41344]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:windowssystem32driversPTDUVsp.sys [2008-10-4 39936]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:windowssystem32driversPTDUWWAN.sys [2008-10-4 59776]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:windowssystem32driversxcbda.sys [2007-1-1 156928]
S2 gupdate1c9edc07c29e550;Google Update Service (gupdate1c9edc07c29e550);c:program filesgoogleupdateGoogleUpdate.exe [2009-6-15 133104]
S2 MyWebSearchService;My Web Search Service;c:progra~1mywebs~1bar1.binmwssvc.exe --> c:progra~1mywebs~1bar1.binmwssvc.exe [?]
S3 6250spi;Elan USB Bridge Service;c:windowssystem32drivers6250spi.sys [2006-9-19 11465]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:progra~1pc-doc~1PCD5SRVC.pkms [2007-9-12 25760]
============== File Associations ===============
regfile="regedit.exe" "%1"
=============== Created Last 30 ================
2009-07-27 13:34 8,212 a------- c:windowsmfebcdata
2009-07-27 13:32 <DIR> --d----- c:windowsHewlett-Packard
2009-07-16 09:44 0 a------- c:usersthemag~1appdataroamingwklnhst.dat
2009-07-14 11:42 156,672 a------- c:windowssystem32t2embed.dll
2009-07-14 11:42 289,792 a------- c:windowssystem32atmfd.dll
2009-07-14 11:42 72,704 a------- c:windowssystem32fontsub.dll
2009-07-14 11:42 10,240 a------- c:windowssystem32dciman32.dll
2009-07-06 16:01 11,069 a------- c:windowssystem32Config.MPF
2009-07-06 15:59 79,816 a------- c:windowssystem32driversmfeavfk.sys
2009-07-06 15:59 40,552 a------- c:windowssystem32driversmfesmfk.sys
2009-07-06 15:59 35,272 a------- c:windowssystem32driversmfebopk.sys
2009-07-06 15:59 130,424 a------- c:windowssystem32driversMpfp.sys
2009-07-06 15:35 34,248 a------- c:windowssystem32driversmferkdk.sys
==================== Find3M ====================
2009-07-18 09:06 827,904 a------- c:windowssystem32wininet.dll
2009-07-18 09:01 78,336 a------- c:windowssystem32ieencode.dll
2009-07-18 02:46 26,624 a------- c:windowssystem32ieUnatt.exe
2009-07-06 15:04 174 a--sh--- c:program filesdesktop.ini
2009-06-21 08:44 0 a---h--- c:windowssystem32driversMsft_User_WpdMtpDr_01_00_00.Wdf
2009-04-30 05:37 293,376 a------- c:windowssystem32psisdecd.dll
2009-04-30 05:37 428,544 a------- c:windowssystem32EncDec.dll
2009-03-10 03:00 51,200 a------- c:windowsinfinfpub.dat
2009-03-10 03:00 143,360 a------- c:windowsinfinfstrng.dat
2009-03-08 18:32 86,016 a------- c:windowsinfinfstor.dat
2009-01-22 20:53 665,600 a------- c:windowsinfdrvindex.dat
2006-11-02 05:42 287,440 a------- c:windowsinfperflib0409perfi.dat
2006-11-02 05:42 287,440 a------- c:windowsinfperflib0409perfh.dat
2006-11-02 05:42 30,674 a------- c:windowsinfperflib0409perfd.dat
2006-11-02 05:42 30,674 a------- c:windowsinfperflib0409perfc.dat
2006-11-02 02:20 287,440 a------- c:windowsinfperflib0000perfi.dat
2006-11-02 02:20 287,440 a------- c:windowsinfperflib0000perfh.dat
2006-11-02 02:20 30,674 a------- c:windowsinfperflib0000perfd.dat
2006-11-02 02:20 30,674 a------- c:windowsinfperflib0000perfc.dat
2008-09-02 06:42 16,384 a--sh--- c:windowsserviceprofileslocalserviceappdatalocalmicrosoftwindowshistoryhistory.ie5index.dat
2008-09-02 06:42 32,768 a--sh--- c:windowsserviceprofileslocalserviceappdatalocalmicrosoftwindowstemporary internet filescontent.ie5index.dat
2008-09-02 06:42 16,384 a--sh--- c:windowsserviceprofileslocalserviceappdataroamingmicrosoftwindowscookiesindex.dat
2008-05-28 14:34 32,768 a--sh--- c:windowstempcookiesindex.dat
2008-05-28 14:34 32,768 a--sh--- c:windowstemphistoryhistory.ie5index.dat
2008-05-28 14:34 32,768 a--sh--- c:windowstemptemporary internet filescontent.ie5index.dat
2007-01-01 07:08 8,192 a--sh--- c:windowsusersdefaultNTUSER.DAT
============= FINISH: 13:01:25.89 ===============
Sorry, first post. (screwed up)
Mcafee wont start, mcshell.exe is missing or changed.
C:Program files/Mcafee/SiteAdvisor/sahook.dll module wont initiate
Windows Defender has 0x800106ba problem, but when trying to uninstall reinstall, my computer doesnt even show it installed.
I also have Access Violation 0052f0a6 in module 0000000d,
Merged posts. ~ OB
Attached Files
Edited by Orange Blossom, 28 July 2009 - 03:47 PM.