Results 1 to 3 of 3

Thread: Help please - my PC is infected

  1. #1
    Junior Member
    Join Date
    May 2010
    Posts
    1

    Default Help please - my PC is infected

    Hello,

    Please see the attached DDS log. Trust this will give you sufficient info to work on.

    I am not a computer expert, so please give simple unstructions.

    Many thanks,

    David

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by User at 6:54:41.75 on 12/05/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2551.1894 [GMT 1:00]

    AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files\McAfee Online Backup\MOBKbackup.exe
    C:\DOCUME~1\User\LOCALS~1\Temp\Mwl.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\WINDOWS\Mpacya.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\VoyagerTest\fts.exe
    C:\Program Files\Common Files\AOL\1247942699\ee\AOLSoftware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\QLink 1.0\devmonit.exe
    C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\AOL 9.0 VR\waol.exe
    C:\Program Files\AOL 9.0 VR\shellmon.exe
    C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\7CIDCMTP\dds[1].scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100510082523.dll
    BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
    BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
    TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [M5T8QL3YW3] c:\docume~1\user\locals~1\temp\Mwl.exe
    uRun: [ojesvhny] c:\documents and settings\user\local settings\application data\melfpecsu\toemlrmtssd.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    mRun: [AS00_Gear311T] c:\program files\netgear\wg311tsu\utility\Gear311T.exe -hide
    mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
    mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [DSLSTATEXE] c:\program files\bt voyager 105 adsl modem\dslstat.exe icon
    mRun: [DSLAGENTEXE] c:\program files\bt voyager 105 adsl modem\dslagent.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
    mRun: [AlcWzrd] ALCWZRD.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [%FP%Friendly fts.exe] "c:\program files\voyagertest\fts.exe"
    mRun: [HostManager] c:\program files\common files\aol\1247942699\ee\AOLSoftware.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\qlink 1.0\devmonit.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\windows\installer\{b93d24b3-928d-4805-b379-4aa47cb3794e}\NewShortcut2.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\VPNCLI~1.LNK -
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
    DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} - hxxp://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
    DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
    DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145300451350
    DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
    DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} - hxxp://mvt.mcafee.com/mvt/bin/3,0,1,0/mvt.cab
    DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - hxxp://www.parallelgraphics.com/bin/cortvrml.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    TCP: NameServer = 93.188.164.134,93.188.166.180
    TCP: {4214E397-77D4-4C7E-AC48-92964A4C6DD3} = 93.188.164.134,93.188.166.180
    TCP: {AA1781E1-4439-4B76-B4EF-AE0029D26202} = 93.188.164.134,93.188.166.180
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 64.71.248.152 download.mcafee.com
    Hosts: 64.208.176.57 download.mcafee.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\c1td3kko.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
    FF - prefs.js: browser.search.selectedEngine - AOL Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
    FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLab&query=
    FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\c1td3kko.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
    FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 385536]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-10 218592]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-10 82952]
    R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-5-10 54776]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-4 390528]
    R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-15 58984]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15 116328]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-5-11 112592]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-10 271480]
    R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-10 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-10 271480]
    R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-10 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-10 170144]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-10 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-10 141792]
    R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-2-5 229688]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-15 779496]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-5-10 366840]
    R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-5-10 1142224]
    R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2005-5-18 16194]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-10 55456]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-10 152320]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-10 51688]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-10 312616]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-10 88480]
    R3 NETGEAR_WG311T_SERVICE;NETGEAR WG311T Wireless Adapter Service;c:\windows\system32\drivers\wg311tn5.sys [2005-5-18 344448]
    S0 Cdr4vsd;Cdr4vsd;c:\windows\system32\drivers\CDR4VSD.SYS [2006-1-3 71872]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]
    S2 VCapture;DC3410 Video Camera Device;c:\windows\system32\drivers\VCapture.sys [2005-5-19 515803]
    S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2005-5-21 30920]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-10 88480]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-10 83496]
    S3 NUVision;Pinnacle DVC 80 Video;c:\windows\system32\drivers\nuvvid2.sys [2005-12-6 155264]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

    =============== Created Last 30 ================

    2010-05-11 20:11:43 767952 ----a-w- c:\windows\BDTSupport.dll
    2010-05-11 20:11:42 882 ----a-w- c:\windows\RegSDImport.xml
    2010-05-11 20:11:42 879 ----a-w- c:\windows\RegISSImport.xml
    2010-05-11 20:11:42 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2010-05-11 20:11:42 131 ----a-w- c:\windows\IDB.zip
    2010-05-11 20:11:41 165840 ----a-w- c:\windows\PCTBDRes.dll
    2010-05-11 20:11:41 1652688 ----a-w- c:\windows\PCTBDCore.dll
    2010-05-11 20:11:41 1152444 ----a-w- c:\windows\UDB.zip
    2010-05-10 21:01:40 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
    2010-05-10 21:01:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2010-05-10 21:01:27 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2010-05-10 21:01:27 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
    2010-05-10 21:01:27 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
    2010-05-10 21:01:27 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2010-05-10 21:01:15 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
    2010-05-10 21:01:15 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2010-05-10 21:01:06 0 d-----w- c:\program files\common files\PC Tools
    2010-05-10 21:01:05 0 d-----w- c:\program files\Spyware Doctor
    2010-05-10 21:01:05 0 d-----w- c:\docume~1\user\applic~1\PC Tools
    2010-05-10 21:01:05 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
    2010-05-10 20:11:41 339968 ----a-w- c:\windows\system32\RapportBuka.dll
    2010-05-10 07:50:40 0 d-----w- c:\program files\McAfeeMOBK
    2010-05-10 07:50:21 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
    2010-05-10 07:50:01 0 d-----w- c:\program files\McAfee Online Backup
    2010-05-10 07:25:21 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2010-05-10 07:25:14 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2010-05-10 07:25:13 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2010-05-10 07:25:13 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2010-05-10 07:25:13 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2010-05-10 07:25:13 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-05-10 07:25:13 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2010-05-10 07:25:13 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-05-10 07:25:05 0 d-----w- c:\program files\common files\Mcafee
    2010-05-10 07:25:03 0 d-----w- c:\program files\McAfee.com
    2010-05-10 07:24:47 0 d-----w- c:\program files\McAfee
    2010-05-10 06:37:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
    2010-05-10 06:32:50 0 d-----w- c:\program files\Citrix
    2010-05-09 18:05:23 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-05-03 17:40:19 107008 ----a-w- c:\windows\system32\o.dat
    2010-05-03 17:28:34 442 ----a-w- C:\config.ini
    2010-05-03 09:48:24 175616 ----a-w- c:\windows\Mpacya.exe
    2010-05-03 09:48:10 84992 --sha-r- c:\windows\system32\ODCTOOLSQ.dll
    2010-04-28 19:39:58 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-04-18 08:46:14 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-18 08:33:36 0 d-----w- c:\program files\Bonjour

    ==================== Find3M ====================

    2010-05-12 05:32:35 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-05-12 05:32:31 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
    2010-04-14 11:29:58 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2010-04-14 11:29:58 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-28 15:24:06 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
    2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-15 21:10:40 41 ----a-w- c:\documents and settings\user\jagex_runescape_preferences.dat
    2010-02-15 21:10:03 69 ----a-w- c:\documents and settings\user\jagex_runescape_preferences2.dat
    2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2006-07-05 11:22:08 265984 ----a-w- c:\windows\inf\wg511v2\WG511v2XP.sys
    2006-07-05 11:22:08 265856 ----a-w- c:\windows\inf\wg511v2\WG511v2.sys
    2006-07-05 11:22:08 212992 ----a-w- c:\windows\inf\wg511v2\CopyWHQLDriver.exe
    2006-05-24 19:23:15 37311488 ----a-w- c:\program files\iTunesSetup.exe
    2006-04-11 21:39:43 189920 ----a-w- c:\program files\msicuu2.exe
    2005-09-18 20:02:30 12720184 ----a-w- c:\program files\familyfeudsetup.exe
    2005-07-09 09:01:19 33673283 ----a-w- c:\program files\MIS_7_1_05_EN-GB.exe
    2005-07-02 09:20:36 315624 ----a-w- c:\program files\dxwebsetup.exe
    2005-06-08 20:32:47 20798256 ----a-w- c:\program files\AdbeRdr70_enu_full.exe
    2005-05-21 20:59:40 32973241 ----a-w- c:\program files\MIS_7_0_ENGB.EXE
    2009-06-11 19:00:56 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
    2008-10-26 09:27:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102620081027\index.dat

    ============= FINISH: 6:59:48.06 ===============

    Am repeated getting McAfee pop up saying it has detected and automatically removed a Trojan DNSChanger!dj, quarantined from C:tdlcmd.dll.
    Last edited by tashi; 2010-05-12 at 23:53. Reason: Merged two posts as per forum FAQ, please don't add till someone responds. ;-)

  2. #2
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hello and to Safer Networking

    My name is peku006 and I will be helping you to remove any infection(s) that you may have.
    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    Please observe these rules while we work:

    • If you don't know or understand something please don't hesitate to ask
    • Please DO NOT run any other tools or scans whilst I am helping you.
    • It is important that you reply to this thread. Do not start a new topic.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    • Absence of symptoms does not mean that everything is clear.


    1 - Download and Run Malwarebytes' Anti-Malware

    Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
    Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
    Alternate download sites available here or here.
    1. Make sure you are connected to the Internet.
    2. Double-click on mbam-setup.exe to install the application.
    3. When the installation begins, follow the prompts and do not make any changes to default settings.
    4. When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
      • Then click Finish.
      MBAM will automatically start and you will be asked to update the program before performing a scan.
      • If an update is found, the program will automatically update itself.
      • Press the OK button to close that box and continue.
      • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.

    On the Scanner tab:
    1. Make sure the "Perform full scan" option is selected.
    2. Then click on the Scan button.
    3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    4. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    5. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    6. Click OK to close the message box and continue with the removal process.

    Back at the main Scanner screen:
    1. Click on the Show Results button to see a list of any malware that was found.
    2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
      We will take care of the System Volume Information items later.
    3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
      The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    5. Copy and paste the contents of that report in your next reply and exit MBAM.


    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


    2 - Status Check
    Please reply with

    1. the Malwarebytes' Anti-Malware Log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  3. #3
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Due to a lack of response, this topic is now closed

    If you still require help, please open a new thread in the Malware Removal forum, include a
    fresh HijackThis log, and wait for a new helper.

    Your donation helps improving Spybot-S&D!
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •