Support Forums
Infection Checkup? - Printable Version

+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Virus Protection, Removals, and HJT Team (https://www.supportforums.net/forumdisplay.php?fid=56)
+---- Forum: Virus Removal, Hijack This Logs, and Support (https://www.supportforums.net/forumdisplay.php?fid=48)
+---- Thread: Infection Checkup? (/showthread.php?tid=17185)

Infection Checkup? - Epicly - 03-20-2011

I am just wanting to know is this computer here is clean, its not mine. Its for a cousin really. Right after this check is over Ill switch to Avast, threatfire and also a firewall for my cousin. Thanks to whomever will be helping me clean this computer. Thumbsup

1.My issues are:
My cousin told me her computer got a virus or something, but I checked her computer out and doesnt seem like it. Just making sure thats all!
2.My MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6113

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/20/2011 5:24:47 PM
mbam-log-2011-03-20 (17-24-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 265661
Time elapsed: 23 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3.My HJT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:05:53 PM, on 3/20/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/23
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REGConfusedystem.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Unknown owner - C:\Program Files\Dell\DellDock\DockLogin.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8026 bytes

4.My DDS log:
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Karen at 17:06:27.59 on Sun 03/20/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4058.2162 [GMT -7:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Karen\Downloads\dds.scr
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\k7s6pfje.default\
FF - component: C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\k7s6pfje.default\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Karen\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Prism for Firefox: refractor@developer.mozilla.org - %profile%\extensions\refractor@developer.mozilla.org
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-2-8 55280]
R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2010-12-16 150088]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-8 98208]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-8 13336]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2010-12-16 158280]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2010-12-16 114760]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2010-12-16 121928]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2010-12-16 128584]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-2-18 2253688]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-2-8 172704]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-2-19 254528]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-2-8 76912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-2-8 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-12-14 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-19 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-03-20 23:59:34 388096 ----a-r- C:\Users\Karen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-20 23:59:33 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-03-20 20:21:40 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{8F1B2855-573D-4DF4-8260-9F45F203F66C}\mpengine.dll
2011-03-05 23:11:52 -------- d-----w- C:\Program Files\iPod
2011-03-05 23:11:47 -------- d-----w- C:\Program Files\iTunes
2011-03-05 23:11:47 -------- d-----w- C:\Program Files (x86)\iTunes
2011-03-03 03:34:07 -------- d-----w- C:\jolicloud
2011-02-27 04:49:35 -------- d-----w- C:\Users\Karen\AppData\Roaming\Macrovision
2011-02-27 04:17:33 -------- d-----w- C:\Program Files\HP
2011-02-23 23:25:03 367104 ----a-w- C:\windows\System32\wcncsvc.dll
2011-02-23 23:25:03 276992 ----a-w- C:\windows\SysWow64\wcncsvc.dll
2011-02-23 01:39:53 -------- d-----w- C:\Users\Karen\AppData\Local\Adobe
2011-02-22 20:37:43 662528 ----a-w- C:\windows\System32\XpsPrint.dll
2011-02-22 20:37:43 442880 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2011-02-22 20:37:42 475648 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-02-22 20:37:42 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 20:35:19 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-02-21 19:13:16 257024 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpzppw72.dll
2011-02-20 23:03:10 -------- d-----w- C:\Users\Karen\AppData\Roaming\OpenOffice.org
2011-02-20 08:05:36 -------- d-----w- C:\93ae665398a00296989ce1eb
2011-02-20 06:23:04 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2011-02-20 06:22:31 3977496 ----a-w- C:\windows\System32\d3dx9_31.dll
2011-02-20 06:22:31 2414360 ----a-w- C:\windows\SysWow64\d3dx9_31.dll
2011-02-20 06:14:50 254528 ----a-w- C:\windows\System32\drivers\dtsoftbus01.sys
2011-02-20 06:14:43 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-02-20 06:14:24 -------- d-----w- C:\Users\Karen\AppData\Roaming\DAEMON Tools Lite
2011-02-20 06:14:24 -------- d-----w- C:\PROGRA~3\DAEMON Tools Lite
2011-02-20 03:19:30 -------- d-----w- C:\Users\Karen\AppData\Roaming\DiskAid
2011-02-20 03:15:23 -------- d-----w- C:\windows\SysWow64\Wat
2011-02-20 03:15:23 -------- d-----w- C:\windows\System32\Wat
2011-02-20 02:06:09 99176 ----a-w- C:\windows\SysWow64\PresentationHostProxy.dll
2011-02-20 02:06:09 49472 ----a-w- C:\windows\SysWow64\netfxperf.dll
2011-02-20 02:06:09 48960 ----a-w- C:\windows\System32\netfxperf.dll
2011-02-20 02:06:09 444752 ----a-w- C:\windows\System32\mscoree.dll
2011-02-20 02:06:09 320352 ----a-w- C:\windows\System32\PresentationHost.exe
2011-02-20 02:06:09 297808 ----a-w- C:\windows\SysWow64\mscoree.dll
2011-02-20 02:06:09 295264 ----a-w- C:\windows\SysWow64\PresentationHost.exe
2011-02-20 02:06:09 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll
2011-02-20 02:06:09 109912 ----a-w- C:\windows\System32\PresentationHostProxy.dll
2011-02-20 02:06:08 1942856 ----a-w- C:\windows\System32\dfshim.dll
2011-02-19 17:39:57 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-02-19 17:37:27 112000 ----a-w- C:\windows\System32\consent.exe
2011-02-19 17:37:21 720896 ----a-w- C:\windows\System32\odbc32.dll
2011-02-19 17:37:20 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-02-19 17:37:20 573440 ----a-w- C:\windows\SysWow64\odbc32.dll
2011-02-19 17:37:20 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-02-19 17:37:20 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-02-19 17:37:20 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-02-19 17:37:20 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-02-19 17:37:20 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-02-19 17:37:20 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-02-19 17:37:20 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-02-19 08:18:04 -------- d-----w- C:\Users\Karen\AppData\Local\ElevatedDiagnostics
2011-02-19 06:38:54 -------- d-----w- C:\Users\Karen\AppData\Local\Windows Live
2011-02-19 00:36:41 -------- d-----w- C:\Users\Karen\Tracing
.
==================== Find3M ====================
.
2011-02-19 06:37:44 1135104 ----a-w- C:\windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\windows\System32\d2d1.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\windows\SysWow64\d2d1.dll
2011-02-18 22:21:42 230352 ----a-w- C:\windows\System32\drivers\truecrypt.sys
2011-02-08 21:01:40 75 --sh--r- C:\windows\CT4CET.bin
2011-02-08 20:59:49 521448 ----a-w- C:\windows\System32\deployJava1.dll
2011-02-03 01:11:20 270720 ------w- C:\windows\System32\MpSigStub.exe
2011-01-26 06:53:10 982912 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\windows\SysWow64\atmfd.dll
2011-01-07 02:37:02 51584 ----a-w- C:\windows\System32\drivers\dc3d.sys
2011-01-05 06:20:30 612352 ----a-w- C:\windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\windows\System32\win32k.sys
2010-12-23 06:07:50 1118720 ----a-w- C:\windows\System32\sbe.dll
2010-12-23 06:07:49 961024 ----a-w- C:\windows\System32\CPFilters.dll
2010-12-23 06:07:49 723968 ----a-w- C:\windows\System32\EncDec.dll
2010-12-23 06:02:33 259072 ----a-w- C:\windows\System32\mpg2splt.ax
2010-12-23 05:28:29 850432 ----a-w- C:\windows\SysWow64\sbe.dll
2010-12-23 05:28:28 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll
2010-12-23 05:28:28 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2010-12-23 05:24:02 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax
2010-12-21 06:16:27 97280 ----a-w- C:\windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\windows\SysWow64\davclnt.dll
2010-12-21 02:08:40 24152 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 17:07:42.35 ===============

Issues encountered:
Nothing Ive experince myself

RE: Infection Checkup? - Quintus - 03-21-2011

  • Step 1

    Please run a free online scan with ESET Online Scanner by downloading ESET Smart Installer 'here'. Save it to your Desktop.
    • Double-click esetsmartinstaller_enu.exe to execute the program.
    • Tick 'YES, I accept the Terms of Use'.
    • Click 'Start'.
    • If this is your first time installing the scanner, allow the 'ActiveX Control' to install.
    • Database download may take some time.
    • When done, make sure that the option 'Remove found threats' is ticked. Under the and 'Advanced Settings', please put a check on the following options:
      • Scan for potentially unwanted applications
      • Enable Anti-Stealth Technology
    • Click 'Start'.
    • Wait for the scan to finish.
    • Once it is finished, use Notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
    • Copy and paste that log as a reply to this topic.
  • In your next post, please provide the following:
    • A Fresh HijackThis (HJT) Log
    • ESET Scan Log
  • Format of Response

    Code:
    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Step #[/b][/color]
    [color=#FFD700][b]Problems Encountered:[/b][/color]

    [color=#00BFFF][b]Link To Requested Logs:[/b][/color]
  • Comments:
    • Indeed. It does look clean.


RE: Infection Checkup? - Epicly - 03-22-2011

Link To Requested Logs:
http://pastebin.com/x8ssG13P
http://pastebin.com/CTxq98dm

Problems Encountered:
Nothing Yet as of Now

Sorry for the late reply, my cousin took the laptop for a day.

RE: Infection Checkup? - Quintus - 03-24-2011

Seems clean. What made him think that he is infected?

RE: Infection Checkup? - Epicly - 03-24-2011

Well "She" and her mom were just checking flickr, and I guess they got a false report. And I've check the website myself on her computer being that I use flickr ourselves and nothing really happened so I'm guessing it was a false report from either the antivirus itself or a Firefox Add-on such as WOT, but I doubt it.

Thanks Quintus, I'll send in my HiJackThis Application within the following week!
(You can close this now if you like)

RE: Infection Checkup? - HakkuR* - 03-26-2011

Do you have to be HJT team to help I am good with this myself.

RE: Infection Checkup? - Quintus - 03-26-2011

(03-26-2011, 07:36 AM)HakkuR* Wrote: Do you have to be HJT team to help I am good with this myself.

Unless you can give me a certification of your qualification, or pass a test I am to administer, you will not be allowed to do so.

(03-24-2011, 12:07 PM)Epicly Wrote: Well "She" and her mom were just checking flickr, and I guess they got a false report. And I've check the website myself on her computer being that I use flickr ourselves and nothing really happened so I'm guessing it was a false report from either the antivirus itself or a Firefox Add-on such as WOT, but I doubt it.

Thanks Quintus, I'll send in my HiJackThis Application within the following week!
(You can close this now if you like)

You are welcome. Smile