PDA

View Full Version : Help please - my PC is infected


cpcc1
2010-05-12, 08:17
Hello,

Please see the attached DDS log. Trust this will give you sufficient info to work on.

I am not a computer expert, so please give simple unstructions.

Many thanks,

David

DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 6:54:41.75 on 12/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2551.1894 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Mwl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Mpacya.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\1247942699\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\QLink 1.0\devmonit.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\AOL 9.0 VR\waol.exe
C:\Program Files\AOL 9.0 VR\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\7CIDCMTP\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100510082523.dll
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [M5T8QL3YW3] c:\docume~1\user\locals~1\temp\Mwl.exe
uRun: [ojesvhny] c:\documents and settings\user\local settings\application data\melfpecsu\toemlrmtssd.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [AS00_Gear311T] c:\program files\netgear\wg311tsu\utility\Gear311T.exe -hide
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DSLSTATEXE] c:\program files\bt voyager 105 adsl modem\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\bt voyager 105 adsl modem\dslagent.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [%FP%Friendly fts.exe] "c:\program files\voyagertest\fts.exe"
mRun: [HostManager] c:\program files\common files\aol\1247942699\ee\AOLSoftware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\user\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\user\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\qlink 1.0\devmonit.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\windows\installer\{b93d24b3-928d-4805-b379-4aa47cb3794e}\NewShortcut2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\VPNCLI~1.LNK -
mPolicies-system: EnableLUA = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145300451350
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} - hxxp://mvt.mcafee.com/mvt/bin/3,0,1,0/mvt.cab
DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - hxxp://www.parallelgraphics.com/bin/cortvrml.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 93.188.164.134,93.188.166.180
TCP: {4214E397-77D4-4C7E-AC48-92964A4C6DD3} = 93.188.164.134,93.188.166.180
TCP: {AA1781E1-4439-4B76-B4EF-AE0029D26202} = 93.188.164.134,93.188.166.180
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 64.71.248.152 download.mcafee.com
Hosts: 64.208.176.57 download.mcafee.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\c1td3kko.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\c1td3kko.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 385536]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-10 218592]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-10 82952]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-5-10 54776]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-4 390528]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-15 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15 116328]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-5-11 112592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-10 271480]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-10 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-10 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-10 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-10 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-10 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-10 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-2-5 229688]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-15 779496]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-5-10 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-5-10 1142224]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2005-5-18 16194]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-10 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-10 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-10 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-10 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-10 88480]
R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\drivers\wg311tn5.sys [2005-5-18 344448]
S0 Cdr4vsd;Cdr4vsd;c:\windows\system32\drivers\CDR4VSD.SYS [2006-1-3 71872]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]
S2 VCapture;DC3410 Video Camera Device;c:\windows\system32\drivers\VCapture.sys [2005-5-19 515803]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2005-5-21 30920]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-10 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-10 83496]
S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2005-12-6 155264]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

=============== Created Last 30 ================

2010-05-11 20:11:43 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-11 20:11:42 882 ----a-w- c:\windows\RegSDImport.xml
2010-05-11 20:11:42 879 ----a-w- c:\windows\RegISSImport.xml
2010-05-11 20:11:42 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-11 20:11:42 131 ----a-w- c:\windows\IDB.zip
2010-05-11 20:11:41 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-11 20:11:41 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-11 20:11:41 1152444 ----a-w- c:\windows\UDB.zip
2010-05-10 21:01:40 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-05-10 21:01:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-10 21:01:27 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-10 21:01:27 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-05-10 21:01:27 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-05-10 21:01:27 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-10 21:01:15 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-05-10 21:01:15 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-10 21:01:06 0 d-----w- c:\program files\common files\PC Tools
2010-05-10 21:01:05 0 d-----w- c:\program files\Spyware Doctor
2010-05-10 21:01:05 0 d-----w- c:\docume~1\user\applic~1\PC Tools
2010-05-10 21:01:05 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-05-10 20:11:41 339968 ----a-w- c:\windows\system32\RapportBuka.dll
2010-05-10 07:50:40 0 d-----w- c:\program files\McAfeeMOBK
2010-05-10 07:50:21 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-05-10 07:50:01 0 d-----w- c:\program files\McAfee Online Backup
2010-05-10 07:25:21 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-05-10 07:25:14 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-05-10 07:25:13 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-05-10 07:25:13 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-05-10 07:25:13 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-05-10 07:25:13 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-05-10 07:25:13 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-05-10 07:25:13 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-10 07:25:05 0 d-----w- c:\program files\common files\Mcafee
2010-05-10 07:25:03 0 d-----w- c:\program files\McAfee.com
2010-05-10 07:24:47 0 d-----w- c:\program files\McAfee
2010-05-10 06:37:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2010-05-10 06:32:50 0 d-----w- c:\program files\Citrix
2010-05-09 18:05:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-03 17:40:19 107008 ----a-w- c:\windows\system32\o.dat
2010-05-03 17:28:34 442 ----a-w- C:\config.ini
2010-05-03 09:48:24 175616 ----a-w- c:\windows\Mpacya.exe
2010-05-03 09:48:10 84992 --sha-r- c:\windows\system32\ODCTOOLSQ.dll
2010-04-28 19:39:58 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-18 08:46:14 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-18 08:33:36 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-05-12 05:32:35 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-12 05:32:31 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-04-14 11:29:58 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-14 11:29:58 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-28 15:24:06 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 21:10:40 41 ----a-w- c:\documents and settings\user\jagex_runescape_preferences.dat
2010-02-15 21:10:03 69 ----a-w- c:\documents and settings\user\jagex_runescape_preferences2.dat
2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2006-07-05 11:22:08 265984 ----a-w- c:\windows\inf\wg511v2\WG511v2XP.sys
2006-07-05 11:22:08 265856 ----a-w- c:\windows\inf\wg511v2\WG511v2.sys
2006-07-05 11:22:08 212992 ----a-w- c:\windows\inf\wg511v2\CopyWHQLDriver.exe
2006-05-24 19:23:15 37311488 ----a-w- c:\program files\iTunesSetup.exe
2006-04-11 21:39:43 189920 ----a-w- c:\program files\msicuu2.exe
2005-09-18 20:02:30 12720184 ----a-w- c:\program files\familyfeudsetup.exe
2005-07-09 09:01:19 33673283 ----a-w- c:\program files\MIS_7_1_05_EN-GB.exe
2005-07-02 09:20:36 315624 ----a-w- c:\program files\dxwebsetup.exe
2005-06-08 20:32:47 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
2005-05-21 20:59:40 32973241 ----a-w- c:\program files\MIS_7_0_ENGB.EXE
2009-06-11 19:00:56 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-10-26 09:27:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102620081027\index.dat

============= FINISH: 6:59:48.06 ===============

Am repeated getting McAfee pop up saying it has detected and automatically removed a Trojan DNSChanger!dj, quarantined from C:tdlcmd.dll.:sad:
peku006
2010-05-16, 09:52
Hello and :welcome: to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:


If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.

1 - Download and Run Malwarebytes' Anti-Malware

Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) and save it to your desktop. If needed...Tutorial w/screenshots (http://thespykiller.co.uk/index.php/topic,5946.0.html)
Alternate download sites available here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or here (http://www.besttechie.net/tools/mbam-setup.exe).
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
Problems downloading the updates? Manually download them from here (http://malwarebytes.gt500.org/mbam-rules.exe) and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log

Thanks peku006
peku006
2010-05-22, 08:50
Due to a lack of response, this topic is now closed

If you still require help, please open a new thread in the Malware Removal forum (http://forums.spybot.info/forumdisplay.php?f=22), include a
fresh HijackThis log, and wait for a new helper.

Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)