my hotmail address list has been Hijacked and as been sending this link to my address list in my name as the senders address "http://www.qup2.xmedx.com"

I tried attaching DSS and ATTACHED Zip files but come up with an "error Page" when trying to attached to this thread

Will

here are the 2 Zip files for dds and attached

For some reason the "Manage Attachments " did not attache the Zip files, so I will copy/paste them onto this reply.

Note the the hijacked email address list is being sent out aprox once a week




DDS (Ver_10-03-17.01) - NTFSx86
Run by WK at 23:26:55.61 on 16/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3326.2212 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\WK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MF1P60P3\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://by132w.bay132.mail.live.com/default.aspx?rru=inbox
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100914210710.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 386712]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-28 164808]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-28 64304]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-28 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-28 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-28 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-28 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-28 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-28 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-28 141792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-28 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-28 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-28 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-28 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-28 312904]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-28 84264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-29 1343400]

=============== Created Last 30 ================

2010-09-14 23:36:20 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-11 16:31:32 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-11 16:31:17 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-11 16:31:08 0 d-----w- c:\program files\Microsoft
2010-09-11 16:30:51 0 d-----w- c:\program files\Windows Live SkyDrive
2010-09-11 07:40:43 0 d-----w- c:\program files\common files\Windows Live
2010-09-11 07:40:28 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-09-11 07:40:28 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-10 01:20:31 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-09-10 01:08:52 0 d-----w- c:\windows\PCHEALTH
2010-09-10 01:06:29 0 d-----w- c:\programdata\Microsoft Help
2010-08-31 01:26:05 0 d-----w- c:\program files\Ask.com
2010-08-31 01:25:53 0 d-----w- c:\program files\uTorrent
2010-08-31 01:25:03 0 d-----w- c:\users\wk\appdata\roaming\uTorrent
2010-08-31 01:07:27 0 d-----w- c:\users\wk\appdata\roaming\ImTOO
2010-08-31 01:05:41 0 d-----w- c:\program files\ImTOO
2010-08-29 15:23:04 0 d-----w- c:\programdata\Google
2010-08-29 14:20:14 0 d-----w- c:\programdata\Adobe
2010-08-29 14:18:18 0 d-sh--w- c:\windows\Installer
2010-08-29 13:59:43 0 d-----w- c:\windows\system32\Wat
2010-08-29 07:14:33 0 d-----w- c:\programdata\NVIDIA
2010-08-29 07:05:47 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-29 07:04:30 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-29 07:04:30 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-29 07:04:30 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-29 07:04:30 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-29 07:04:30 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-29 07:01:27 797216 ----a-w- c:\windows\system32\nvcplui.exe
2010-08-29 07:01:27 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-08-29 07:01:27 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2010-08-29 07:01:27 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-08-29 07:01:16 0 d-----w- c:\windows\Panther
2010-08-29 06:55:03 0 d-----w- C:\Windows.old
2010-08-29 06:54:37 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-29 06:54:37 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-29 06:48:00 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-08-29 06:48:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-29 06:48:00 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-08-29 06:37:00 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-29 06:36:13 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-29 06:35:34 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-29 06:35:33 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-29 06:35:33 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-29 06:35:33 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-29 06:35:33 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-29 06:35:33 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-29 06:35:33 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-29 06:35:29 0 d-----w- c:\program files\common files\Mcafee
2010-08-29 06:35:28 0 d-----w- c:\program files\McAfee.com
2010-08-29 06:35:27 0 d-----w- c:\program files\McAfee
2010-08-29 06:28:44 0 d-----w- c:\programdata\McAfee
2010-08-29 06:26:41 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-29 06:26:36 132608 ----a-w- c:\windows\system32\cabview.dll
2010-08-29 06:16:10 726316 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-08-29 06:16:00 0 d-----w- c:\windows\system32\wbem\Performance
2010-08-29 06:04:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2010-08-22 06:08:34 0 d-sh--w- C:\Recovery

==================== Find3M ====================

2010-08-24 21:57:38 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 21:57:38 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:27:45.75 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 28/08/2010 11:19:23 PM
System Uptime: 16/09/2010 8:03:41 PM (3 hours ago)

Motherboard: Dell Inc. | | 0CF456
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Microprocessor | 2000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 429.563 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01CE1028&REV_01\4&35BAB052&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01CE1028&REV_01\4&35BAB052&0&0AF0
Service:

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01CE1028&REV_0A\4&35BAB052&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01CE1028&REV_0A\4&35BAB052&0&0BF0
Service:

==== System Restore Points ===================

RP1: 28/08/2010 11:26:47 PM - Windows Update
RP2: 28/08/2010 11:36:43 PM - Windows Update
RP3: 28/08/2010 11:53:40 PM - Windows Update
RP5: 29/08/2010 6:59:10 AM - Windows Modules Installer
RP6: 29/08/2010 7:20:39 AM - Installed Adobe Reader 9.3.
RP7: 04/09/2010 2:05:53 AM - Windows Update
RP8: 09/09/2010 7:16:51 AM - Windows Update
RP10: 09/09/2010 6:05:49 PM - Installed Microsoft Office Home and Student 2007
RP11: 09/09/2010 6:20:19 PM - Windows Update
RP13: 10/09/2010 2:43:37 PM - Windows Update
RP14: 11/09/2010 12:31:13 AM - Windows Update
RP15: 11/09/2010 12:40:06 AM - Windows Update
RP17: 11/09/2010 9:31:21 AM - Installed DirectX
RP18: 11/09/2010 10:02:45 AM - Windows Update
RP20: 14/09/2010 8:18:52 AM - Windows Update
RP22: 15/09/2010 7:54:46 AM - Windows Modules Installer
RP23: 16/09/2010 11:02:51 PM - Windows Update

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
Ask Toolbar
µTorrent
ERUNT 1.1j
ImTOO AVI to DVD Converter 6
Junk Mail filter update
McAfee AntiVirus Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
MSVCRT
NVIDIA Drivers
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Essentials
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool

==== Event Viewer Messages From Past Week ========

15/09/2010 9:33:31 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
14/09/2010 6:24:34 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{11291116-0A45-4AE7-968F-C6DFAEF7D004} because another computer on the network has the same name. The server could not start.
11/09/2010 9:46:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Live Essentials.
10/09/2010 7:45:47 AM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.

==== End Of File ===========================

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).



my hotmail address list has been Hijacked and as been sending this link to my address list in my name as the senders address "http://www.qup2.xmedx.com"
Change your email account password to a new, strong one (use other system for doing that if possible).


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish
Copy and paste report as a reply to this topic, along with a new dds.txt log.

Thank you for responding
Utorrent has been uninstalled and I ran ESET and it ran clean.
Here is copy of today's dss



DDS (Ver_10-03-17.01) - NTFSx86
Run by WK at 16:33:05.29 on 21/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3326.1850 [GMT -7:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\WK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQSKOQTL\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://by132w.bay132.mail.live.com/default.aspx?rru=inbox
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100914210710.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live

\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 386712]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-28 164808]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-28 64304]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-28

271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-28 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-28 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-28 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-28 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-28 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-28 141792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-8-28 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-28 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-28 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-28 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-28 312904]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-

3-18 130384]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-28 84264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-29 1343400]

=============== Created Last 30 ================

2010-09-21 22:35:21 0 d-----w- c:\program files\ESET
2010-09-17 06:47:46 0 d-----w- c:\programdata\WinZip
2010-09-14 23:36:20 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-11 16:31:32 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-11 16:31:17 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-11 16:31:08 0 d-----w- c:\program files\Microsoft
2010-09-11 16:30:51 0 d-----w- c:\program files\Windows Live SkyDrive
2010-09-11 07:40:43 0 d-----w- c:\program files\common files\Windows Live
2010-09-11 07:40:28 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-09-11 07:40:28 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-10 01:20:31 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-09-10 01:08:52 0 d-----w- c:\windows\PCHEALTH
2010-09-10 01:06:29 0 d-----w- c:\programdata\Microsoft Help
2010-08-31 01:26:05 0 d-----w- c:\program files\Ask.com
2010-08-31 01:07:27 0 d-----w- c:\users\wk\appdata\roaming\ImTOO
2010-08-31 01:05:41 0 d-----w- c:\program files\ImTOO
2010-08-29 15:23:04 0 d-----w- c:\programdata\Google
2010-08-29 14:20:14 0 d-----w- c:\programdata\Adobe
2010-08-29 14:18:18 0 d-sh--w- c:\windows\Installer
2010-08-29 13:59:43 0 d-----w- c:\windows\system32\Wat
2010-08-29 07:14:33 0 d-----w- c:\programdata\NVIDIA
2010-08-29 07:05:47 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-29 07:04:30 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-29 07:04:30 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-29 07:04:30 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-29 07:04:30 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-29 07:04:30 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-29 07:01:27 797216 ----a-w- c:\windows\system32\nvcplui.exe
2010-08-29 07:01:27 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-08-29 07:01:27 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2010-08-29 07:01:27 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-08-29 07:01:16 0 d-----w- c:\windows\Panther
2010-08-29 06:55:03 0 d-----w- C:\Windows.old
2010-08-29 06:54:37 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-29 06:54:37 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-29 06:48:00 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-08-29 06:48:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-29 06:48:00 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-08-29 06:37:00 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-29 06:36:13 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-08-29 06:35:34 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-08-29 06:35:33 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-08-29 06:35:33 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-08-29 06:35:33 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-08-29 06:35:33 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-29 06:35:33 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-08-29 06:35:33 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-29 06:35:29 0 d-----w- c:\program files\common files\Mcafee
2010-08-29 06:35:28 0 d-----w- c:\program files\McAfee.com
2010-08-29 06:35:27 0 d-----w- c:\program files\McAfee
2010-08-29 06:28:44 0 d-----w- c:\programdata\McAfee
2010-08-29 06:26:41 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-29 06:26:36 132608 ----a-w- c:\windows\system32\cabview.dll
2010-08-29 06:16:10 726316 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-08-29 06:16:00 0 d-----w- c:\windows\system32\wbem\Performance
2010-08-29 06:04:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf

==================== Find3M ====================

2010-08-24 21:57:38 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 21:57:38 386712 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-

app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 16:33:57.34 ===============

Hi,

Logs look clean. Please monitor situation regarding that email account password change to see if it helped.

Thank you

You're welcome :)

I'll keep the topic open for a week. Please post back within that period and tell if issue is still present.

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.