Software > Computer viruses and spyware
Help I`ve been Hyjacked!
evilfantasy:
Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
frige:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/21/2005 9:50:06 AM
System Uptime: 7/24/2009 6:23:48 PM (0 hours ago)
Motherboard: Compal | | 08A0
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket A | 797/133mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 56 GiB total, 22.725 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP237: 7/18/2009 8:37:13 PM - Software Distribution Service 3.0
RP238: 7/18/2009 8:37:16 PM - Installed Windows XP KB923561.
RP239: 7/18/2009 8:37:18 PM - Installed Windows XP KB960803.
RP240: 7/18/2009 8:37:23 PM - Installed Windows XP KB952004.
RP241: 7/18/2009 8:37:27 PM - Installed Windows XP KB956572.
RP242: 7/18/2009 8:37:29 PM - Installed Windows XP KB963027.
RP243: 7/18/2009 8:37:31 PM - Installed Windows XP KB961373.
RP244: 7/18/2009 8:37:34 PM - Installed Windows XP KB959426.
RP245: 7/18/2009 8:37:39 PM - System Checkpoint
RP246: 7/18/2009 8:37:42 PM - Software Distribution Service 3.0
RP247: 7/18/2009 8:37:44 PM - Software Distribution Service 3.0
RP248: 7/18/2009 8:37:46 PM - Installed Windows XP KB968537.
RP249: 7/18/2009 8:37:48 PM - Installed Windows XP KB969897.
RP250: 7/18/2009 8:37:49 PM - Installed Windows XP KB970238.
RP251: 7/18/2009 8:37:52 PM - Installed Windows XP KB969898.
RP252: 7/18/2009 8:37:55 PM - Installed Windows XP KB961501.
RP253: 7/18/2009 8:37:58 PM - System Checkpoint
RP254: 7/18/2009 8:38:01 PM - System Checkpoint
RP255: 7/18/2009 8:38:06 PM - Software Distribution Service 3.0
RP256: 7/18/2009 8:38:08 PM - Removed Kaspersky Internet Security 7.0.
RP257: 7/18/2009 8:38:11 PM - Software Distribution Service 3.0
RP258: 7/18/2009 8:38:17 PM - System Checkpoint
RP259: 7/18/2009 8:38:23 PM - System Checkpoint
RP260: 7/18/2009 8:38:25 PM - System Checkpoint
RP261: 7/18/2009 8:38:26 PM - System Checkpoint
RP262: 7/18/2009 8:38:27 PM - System Checkpoint
RP263: 7/18/2009 8:38:28 PM - Software Distribution Service 3.0
==== Installed Programs ======================
7500_7600_7700_Help
AAC Decoder
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Agere Systems AC'97 Modem
Athlon 64 Processor Driver
AutoUpdate
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
Broadcom 802.11 Driver
BufferChm
Criterion Assessment
Critical Update for Windows Media Player 11 (KB959772)
Curitel PC Card Software
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
DocProcQFolder
eSupportQFolder
Google Chrome
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 7.0
HP Deskjet 460
HP Deskjet 460 Series
HP Help and Support
HP Imaging Device Functions 7.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Product Assistant
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
iDEN GPS Upgrade Utility
InstantShareDevicesMFC
InterActual Player
InterVideo WinDVD
iolo technologies' DriveScrubber 3
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
L7600
Macromedia FreeHand MXa
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2000
Microsoft Works
MKV Splitter
Mozilla Firefox (3.0.6)
MPM
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
muvee autoProducer 3.5 - SE
NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers
OCR Software by I.R.I.S 7.0
PanoStandAlone
PCI 1620 Cardbus Controller and Software
ProductContext
Quick Launch Buttons 5.00 C1
QuickTime
RealPlayer Basic
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Shop for HP Supplies
SolutionCenter
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Status
SUPERAntiSpyware Free Edition
TI1620/1520
Toolbox
TrayApp
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WordPerfect Office 11
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
7/22/2009 7:36:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
7/22/2009 7:15:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
7/22/2009 7:14:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 eabfiltr Fips mfehidk SASDIFSV SASKUTIL
7/22/2009 7:14:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/20/2009 9:11:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.
7/20/2009 9:11:46 PM, error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/20/2009 9:11:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
7/20/2009 9:11:00 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPodService with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}
7/20/2009 9:10:43 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952506 (0x8007277A).
7/20/2009 9:10:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/20/2009 9:10:43 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/20/2009 9:10:43 PM, error: Service Control Manager [7000] - The HP Pci Information service failed to start due to the following error: The system cannot find the file specified.
7/20/2009 9:10:43 PM, error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The system cannot find the file specified.
7/20/2009 7:36:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McShield with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
7/20/2009 7:33:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 eabfiltr Fips IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
7/20/2009 7:33:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2009 7:33:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2009 7:33:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/20/2009 7:11:50 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 f6b5c254, parameter3 f1195140, parameter4 00000000.
7/20/2009 7:08:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee Scanner service to connect.
7/20/2009 7:08:37 PM, error: Service Control Manager [7000] - The McAfee Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/20/2009 7:08:35 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MCODS with arguments "" in order to run the server: {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2}
7/20/2009 6:33:27 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
7/20/2009 6:32:57 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
7/20/2009 6:32:57 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the McNASvc service.
7/19/2009 8:57:53 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.
7/19/2009 8:57:53 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
7/19/2009 8:33:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
7/19/2009 8:33:16 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/19/2009 12:10:06 PM, error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/19/2009 12:10:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Net Driver HPZ12 service to connect.
7/19/2009 1:34:30 PM, error: Service Control Manager [7028] - The dtoddhes Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
==== End Of File ===========================
frige:
DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by Dragracer at 18:28:39.42 on Fri 07/24/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.309 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dragracer\Local Settings\Temporary Internet Files\Content.IE5\WVN012ZC\dds[1].com
============== Pseudo HJT Report ===============
uStart Page = hxxp://att.yahoo.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - &Yahoo! Messenger
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [Google Update] "c:\documents and settings\dragracer\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
mRun: [nwiz] "nwiz.exe" /install
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [eabconfg.cpl] "c:\program files\hpq\quick launch buttons\EabServr.exe" /Start
mRun: [RealTray] "c:\program files\real\realplayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HPWRTOOLBOX] "c:\program files\hewlett-packard\hp deskjet 460 series\toolbox\HPWRTBX.exe" "-i"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\dragra~1\applic~1\mozilla\firefox\profiles\rrebkk2n.default\
FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\dragracer\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-6-28 214024]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
S2 dtoddhes;dtoddhes;c:\windows\system32\drivers\cddrnaekkb.sys [2009-7-18 76160]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-5-31 712048]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-5-31 712048]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-28 203280]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-28 359952]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-28 144704]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\dragra~1\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\dragra~1\locals~1\temp\hpispz\hpdom\pciinfo.sys [?]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-28 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-28 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-28 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-28 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-28 40552]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [2006-10-25 55344]
S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [2006-10-25 9200]
S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [2006-10-25 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [2006-10-25 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [2006-10-25 69632]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S4 Aspsswlerate;Aspsswlerate; [x]
=============== Created Last 30 ================
2009-07-22 20:23 <DIR> --d----- c:\windows\pss
2009-07-22 19:11 213,024 -------- c:\windows\system32\drivers\str.sys
2009-07-21 19:17 <DIR> --d----- C:\ComboFix
2009-07-21 19:17 389,120 a------- c:\windows\system32\CF24675.exe
2009-07-21 19:16 389,120 a------- c:\windows\system32\cmd.execf
2009-07-21 19:15 389,120 a------- c:\windows\system32\CF24388.exe
2009-07-21 19:11 389,120 a------- c:\windows\system32\CF23591.exe
2009-07-21 18:56 <DIR> --d----- c:\program files\Trend Micro
2009-07-18 20:36 76,160 a------- c:\windows\system32\drivers\cddrnaekkb.sys
2009-07-05 17:52 <DIR> --dsh--- c:\documents and settings\dragracer\IECompatCache
2009-07-03 18:08 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-07-03 18:08 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-03 18:08 129,784 -------- c:\windows\system32\pxafs.dll
2009-07-03 18:05 <DIR> --d----- c:\program files\common files\DivX Shared
2009-07-03 18:05 <DIR> --d----- c:\program files\DivX
2009-06-28 19:09 <DIR> --d----- c:\windows\ie8updates
2009-06-28 13:28 10,409 a------- c:\windows\system32\Config.MPF
2009-06-28 13:23 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-06-28 13:23 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-06-28 13:23 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-06-28 13:23 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-06-28 13:23 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-06-28 13:21 <DIR> --d----- c:\program files\common files\McAfee
2009-06-28 13:21 <DIR> --d----- c:\program files\McAfee.com
2009-06-28 13:21 <DIR> --d----- c:\program files\McAfee
2009-06-28 13:16 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-06-28 13:07 164 a------- C:\install.dat
2009-06-28 11:32 <DIR> --dsh--- c:\documents and settings\dragracer\PrivacIE
2009-06-28 11:27 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-28 11:27 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-28 11:27 <DIR> --d----- c:\docume~1\dragra~1\applic~1\Malwarebytes
2009-06-28 10:38 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 10:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-28 10:38 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-28 10:38 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-27 23:50 <DIR> --dsh--- c:\documents and settings\dragracer\IETldCache
2009-06-27 23:13 <DIR> -cd-h--- c:\windows\ie8
==================== Find3M ====================
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 09:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 14:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-31 11:48 74,703 a------- c:\windows\system32\mfc45.dll
2009-05-13 00:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 00:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 00:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 16:03 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-05-01 16:03 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-05-01 16:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 16:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 16:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 16:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 16:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-30 16:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 16:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 16:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 16:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 16:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 06:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 23:55 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2009-04-28 04:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-13 09:25 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101320081014\index.dat
============= FINISH: 18:32:05.67 ===============
frige:
There you go ;D
Sorry I didnt zip the first one :-[ Real messed up huh? It will only run in safe mode
evilfantasy:
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to infect your system.
First install the new Sun Java Runtime Environment
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close all browser windows before beginning the install.
Remove the old version(s)
Download JavaRa
* Unzip the file and open the JavaRa.exe
* Click Remove Older Versions
* JavaRa will search for and remove any outdated version of Java and remove any that are found.
* Click Additional Tasks
* Place a check next to Remove Useless JRE Files and click Go
* Exit JavaRa
* Delete the JavaRa files from the Desktop
Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
----------
Go to Add or Remove Programs and uninstall: (if found)
- AutoUpdate
- MarketResearch
- Viewpoint Media Player
----------
Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.
Link #1
Link #2
**Note: It is important that it is saved directly to your Desktop
DO NOT run it yet!
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system
Delete these files/folders, as follows:
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C
--- Code: ---KillAll::
DDS::
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - No File
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
--- End code ---
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version