infected computer

**miguzman** · 02-08-2010

no clue as what happened, but i left my computer scanning and had dinner, and when i came back, it had restarted, all by itself. good or bad?

**broni** · 02-08-2010

I'm not sure....

Please, run this one. It should be quick...

Please run a BitDefender Online Scan

Disable your antivirus program.
Click Start Scanner button.
Click Start scan button
Allow browser plug-in to be installed when prompted.
Click I Agree to agree to the EULA.
Please refrain from using the computer until the scan is finished.
When the scan is finished, click on View log.
Notepad will open with scan results.
Save the report to your desktop and post its content in your next reply.

**miguzman** · 02-08-2010

QuickScan Beta 32-bit v0.9.9.30
-------------------------------
Scan date: Sun Aug 01 22:18:25 2010
Machine ID: 4C08E533

No infection found.
-------------------

Processes
---------
<unsigned> Dell Webcam Central 3476 C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
<unsigned> Dell Wireless WLAN Card Wireless Networ 3412 C:\Windows\System32\WLTRAY.EXE

<verified> Alps Pointing-device Driver 3396 C:\Program Files\DellTPad\Apoint.exe
<verified> Alps Pointing-device Driver 3372 C:\Program Files\DellTPad\HidFind.exe
<verified> Alps Pointing-device Driver for Windows 2272 C:\Program Files\DellTPad\Apntex.exe
<verified> Cyberlink PowerDVD 3512 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
<verified> Dell Dock 3260 C:\Program Files\Dell\DellDock\DellDock.exe
<verified> DivX Update 3640 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
<verified> FATrayAlert Application 840 C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe
<verified> FATrayMon 3520 C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
<verified> Google Chrome 1980 C:\Users\Victoria\AppData\Local\Google\Chrome\Appl ication\chrome.exe
<verified> Google Chrome 3376 C:\Users\Victoria\AppData\Local\Google\Chrome\Appl ication\chrome.exe
<verified> Google Chrome 4668 C:\Users\Victoria\AppData\Local\Google\Chrome\Appl ication\chrome.exe
<verified> Google Chrome 5128 C:\Users\Victoria\AppData\Local\Google\Chrome\Appl ication\chrome.exe
<verified> Google Chrome 5592 C:\Users\Victoria\AppData\Local\Google\Chrome\Appl ication\chrome.exe
<verified> Google Chrome 5736 C:\Users\Victoria\AppData\Local\Google\Chrome\Appl ication\chrome.exe
<verified> Google Chrome 6036 C:\Users\Victoria\AppData\Local\Google\Chrome\Appl ication\chrome.exe
<verified> Intel(R) Common User Interface 3404 C:\Windows\System32\hkcmd.exe
<verified> Intel(R) Common User Interface 2392 C:\Windows\system32\igfxsrvc.exe
<verified> iTunes 3756 C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java(TM) Platform SE Auto Updater 2 0 3784 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> Microsoft® Windows® Operating System 2412 C:\Windows\system32\conime.exe
<verified> Microsoft® Windows® Operating System 4044 C:\Windows\system32\wbem\unsecapp.exe
<verified> Microsoft® Windows® Operating System 1376 C:\Windows\system32\wuauclt.exe
<verified> RAID Event Monitor 3432 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
<verified> Sistema operativo Microsoft® Windows® 3916 C:\Program Files\Windows Media Player\wmpnscfg.exe
<verified> Sistema operativo Microsoft® Windows® 3192 C:\Windows\Explorer.EXE
<verified> Sistema operativo Microsoft® Windows® 3164 C:\Windows\system32\Dwm.exe
<verified> Sistema operativo Microsoft® Windows® 3624 C:\Windows\system32\taskeng.exe
<verified> SupportSoft sprtcmd 3588 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
<verified> Trend Micro Anti-Spam 4864 C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
<verified> Windows Live Communications Platform 5548 C:\Program Files\Windows Live\Contacts\wlcomm.exe
<verified> Windows Live Messenger 4592 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

Network activity
----------------
Process chrome.exe (3376) connected on port 80 (HTTP) --> 190.13.74.207
Process MsnMsgr.Exe (4592) connected on port 1863 (MSN) --> sn1msg1010629.phx.gbl
Process MsnMsgr.Exe (4592) connected on port 443 (HTTP over SSL) --> by2msg4020820.phx.gbl
Process MsnMsgr.Exe (4592) connected on port 443 (HTTP over SSL) --> by2msg3020120.phx.gbl
Process chrome.exe (5128) connected on port 80 (HTTP) --> channel1-02-01-snc4.facebook.com
Process chrome.exe (5128) connected on port 80 (HTTP) --> a184-51-236-20.deploy.akamaitechnologies.com
Process chrome.exe (5128) connected on port 80 (HTTP) --> yw-in-f100.1e100.net
Process chrome.exe (5128) connected on port 443 (HTTP over SSL) --> yx-in-f132.1e100.net

Autoruns and critical files
---------------------------
<unsigned> Dell Webcam Central C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
<unsigned> Dell Wireless WLAN Card Wireless Networ C:\Windows\System32\WLTRAY.EXE
<unsigned> QuickTime C:\Program Files\QuickTime\QTTask.exe

<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> Alps Pointing-device Driver C:\Program Files\DellTPad\Apoint.exe
<verified> Cyberlink PowerDVD C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
<verified> Dell Dock C:\Program Files\Dell\DellDock\DellDock.exe
<verified> DivX Update C:\Program Files\DivX\DivX Update\DivXUpdate.exe
<verified> FALogNot.dll C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll
<verified> FATrayMon C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
<verified> Google Update C:\Users\Victoria\AppData\Local\Google\Update\Goog leUpdate.exe
<verified> Intel(R) Common User Interface C:\Windows\System32\hkcmd.exe
<verified> Intel(R) Common User Interface C:\Windows\System32\igfxdev.dll
<verified> iTunes C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
<verified> Sistema operativo Microsoft® Windows® C:\Program Files\Windows Media Player\wmpnscfg.exe
<verified> Sistema operativo Microsoft® Windows® C:\Windows\System32\browseui.dll
<verified> Sistema operativo Microsoft® Windows® c:\windows\system32\userinit.exe
<verified> SuperAntiSpyware c:\program files\superantispyware\sasseh.dll
<verified> SupportSoft sprtcmd C:\Program Files\Dell Support Center\bin\sprtcmd.exe
<verified> Trend Micro Internet Security C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
<verified> Windows Defender C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows® Internet Explorer C:\Windows\System32\webcheck.dll

Browser plugins
---------------
<unsigned> Java(TM) Platform SE 6 U21 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> BitDefender QuickScan C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaic famjie\0.9.9.30\npqscan.dll
<verified> BitDefender QuickScan C:\Users\Victoria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaic famjie\0.9.9.30\npqslauncher.dll
<verified> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<verified> DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
<verified> FAIESSO DLL c:\program files\sensible vision\fast access\faiesso.dll
<verified> InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
<verified> InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
<verified> Java(TM) Platform SE 6 U21 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
<verified> Sistema operativo Microsoft® Windows® C:\Windows\System32\mswsock.dll
<verified> Sistema operativo Microsoft® Windows® C:\Windows\System32\NapiNSP.dll
<verified> Sistema operativo Microsoft® Windows® C:\Windows\System32\pnrpnsp.dll
<verified> Software Manager C:\Windows\Downloaded Program Files\isusweb.dll
<verified> Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\Windows\System32\ieframe.dll

Missing files
-------------
File not found: C:\Program Files\iLike\1.2.18\ilikesidebar.exe /checkforupdate
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run \"iLike"

File not found: C:\Users\Victoria\AppData\Local\Temp\catchme.sys
--> HKLM\System\ControlSet001\services\catchme\"ImageP ath"

File not found: C:\Windows\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Paramet ers\"ServiceDll"

File not found: system32\DRIVERS\ewusbmdm.sys
--> HKLM\System\ControlSet001\services\hwdatacard\"Ima gePath"

File not found: system32\DRIVERS\ipinip.sys
--> HKLM\System\ControlSet001\services\IpInIp\"ImagePa th"

File not found: system32\DRIVERS\nwlnkflt.sys
--> HKLM\System\ControlSet001\services\NwlnkFlt\"Image Path"

File not found: system32\DRIVERS\nwlnkfwd.sys
--> HKLM\System\ControlSet001\services\NwlnkFwd\"Image Path"

Scan
----
<unsigned> MD5: 5c5209b04b1942a534259c2ab7bb1eea C:\Program Files\Dell Support Center\bin\libeay32.dll
<unsigned> MD5: 494e52123bd6c4636cd2d97eaf027eae C:\Program Files\Dell Webcam\Dell Webcam Central\CTAudEp.dll
<unsigned> MD5: 2bede2e69a3495e13c8e1c9bd9566e1f C:\Program Files\Dell Webcam\Dell Webcam Central\CTPControl.crl
<unsigned> MD5: 4de14cce4cac9dac83fe301aed61148b C:\Program Files\Dell Webcam\Dell Webcam Central\CTPControl.dll
<unsigned> MD5: 9be952eea0c1a53fc08a0ad485159507 C:\Program Files\Dell Webcam\Dell Webcam Central\CtPinMgr.dll
<unsigned> MD5: 7bbfda2168b4b74c18c00677df6ca4f0 C:\Program Files\Dell Webcam\Dell Webcam Central\HookWndU.dll
<unsigned> MD5: d6989e08265651b720b4d0a8fabb5ddd C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.crl
<unsigned> MD5: 8bdcb32876740fdffbb74283b065670c C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
<unsigned> MD5: db29915209770d8b59654345ec2d943a C:\Program Files\Dell\DellDock\DockLogin.exe
<unsigned> MD5: 8b8c0808cbd730d16b5380c8eb41b2e2 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMON_ESP.dll
<unsigned> MD5: 296b1be8c1b751ec384138c82670f1e0 C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
<unsigned> MD5: 2d5394ff0e31ffefb5049f0911e91d89 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
<unsigned> MD5: 196a3816d8ea839746a215f5f336dd34 C:\Program Files\QuickTime\QTSystem\QTCF.dll
<unsigned> MD5: 5a2299ac53bbae19bf8d03922df47b4e C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: 1456cd56d1aec7823a9f5efe4d6acef9 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\Quick Time.dll
<unsigned> MD5: cc065d46387e4a7e6ff99d7bb5c1769d C:\Program Files\QuickTime\QTTask.exe
<unsigned> MD5: 372ab53f752ca1cf412d1a912baaba88 C:\Windows\assembly\NativeImages_v2.0.50727_32\Acc essibility\c05ffe91d05228cec398877416cb1781\Access ibility.ni.dll
<unsigned> MD5: 3e006fbc84a11ec1c3370d166ef88cba C:\Windows\assembly\NativeImages_v2.0.50727_32\Del lDock\70806d4734db232317807405f6e60108\DellDock.ni .exe
<unsigned> MD5: 760c87ad6b84ea90c1ec0f9e6ca7f3cd C:\Windows\assembly\NativeImages_v2.0.50727_32\Men uSkinning\9887afa3c27bbe008aedb087bad20618\MenuSki nning.ni.dll
<unsigned> MD5: 16cc1b44fe7eef3f6b950e6f6fd5e3c2 C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\e4684843d8592a2f03aa9a9adc8494ca\mscorlib.ni .dll
<unsigned> MD5: 6262ea2689aab8994eeff541c1700c40 C:\Windows\assembly\NativeImages_v2.0.50727_32\MyD ock.Util\c35b74c4771817b12195b241cd24573f\MyDock.U til.ni.dll
<unsigned> MD5: 367c638956e9497174c3f301f2aa8e8d C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\8cc5eb39b4bfefce19c46888b34e5b87 \System.Configuration.ni.dll
<unsigned> MD5: a141cbbf57fe2bfb7611dea278d44ff8 C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\190f3f9836774eca1e5babb1de57acfc\Syste m.Drawing.ni.dll
<unsigned> MD5: a5a3655dab25a132a04bb544941c0854 C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Management\87963c27682eee1260bc3d7141a8a116\Sy stem.Management.ni.dll
<unsigned> MD5: d45f639dbd70586d49422b6ee81ab711 C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\0db14179d7363954afd607a22aa14add \System.Runtime.Remoting.ni.dll
<unsigned> MD5: 988ff7da0be6b60261ed30c9adabbc94 C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\fe4a7dabe1eba18afbe32d36b2906754\System.We b.ni.dll
<unsigned> MD5: da92fa4d90ed2d555ea84a9635fff281 C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\84b4f870ed733e82d08ce01ad20a43e6 \System.Windows.Forms.ni.dll
<unsigned> MD5: a40981e6eacaaf1a4882221209bf87bc C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\5d333724190a0ae0fd359d1b8eb558ac\System.Xm l.ni.dll
<unsigned> MD5: f4835d9fb045541208cb248d68b46e87 C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\299a6b6dbf3e6c0b5e7f0d7727f605ef\System.ni.dll
<unsigned> MD5: ec81e2cbda7da19df2a004de9b168d00 C:\Windows\assembly\NativeImages_v2.0.50727_32\Vis taBridgeLibrary\0769438107b91fe1a8ee8d4f22f57ce1\V istaBridgeLibrary.ni.dll
<unsigned> MD5: 6dcb6ad4a747b586907a4dc6f318d22e C:\Windows\System32\bcmwlrmt.dll
<unsigned> MD5: 1df89c499bf45d878b87ebd4421d462d C:\Windows\System32\Drivers\usbaapl.sys
<unsigned> MD5: 4b36c7d9710c60ea7725685753bbfa5c C:\Windows\System32\WLTRAY.EXE
<unsigned> MD5: 8f9ae85fb8fd7dac24ba540c53e8cfa9 C:\Windows\System32\WLTRYSVC.EXE

No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.01 MB sent, 0.11 KB recvd
Scanned 802 files and modules - 10 seconds

================================================== ============================

**broni** · 02-08-2010

Very good

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

================================================== ===========

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): Safe Browsing Tool | WOT Web of Trust. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?

9. Please, let me know, how is your computer doing.

**miguzman** · 02-08-2010

do you mind if i try to run a scan with my AV one last time? the original problem was that it wasnt able to scan my computer without freezing (and the same happened with kaspersky and maybe with that other one)

**broni** · 02-08-2010

I don't mind at all, but you have to finish my previous instructions first.

At this point, your computer is malware free, so if you'll still experience some shutdown, you may have some other problems (not malware related).

**miguzman** · 02-08-2010

ok ill let you know when i finish

**broni** · 02-08-2010

Sounds good

**broni** · 08-08-2010

Any word about your computer?

**broni** · 15-08-2010

The issue appears to be resolved.

infected computer

re: infected computer

Similar Threads

computer infected

computer infected??

My Computer is infected HELP

Infected Computer?! here's my HJT Log

Seriously infected computer