Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

laptop infected


  • This topic is locked This topic is locked
6 replies to this topic

#1 Jmoney3457

Jmoney3457

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:Maine
  • Local time:08:47 PM

Posted 17 June 2009 - 01:50 PM

I removed alot of malware from bro laptop but want to make sure i got it all ...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:02 PM, on 6/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Travis\Desktop\hjt\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O24 - Desktop Component 0: (no name) - http://photos-162.ak.facebook.com/ip002/v6...004162_3431.jpg

--
End of file - 12359 bytes
Posted Image

BC AdBot (Login to Remove)

 


#2 Jmoney3457

Jmoney3457
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:Maine
  • Local time:08:47 PM

Posted 18 June 2009 - 10:35 PM

bump*

Hello Jmoney3457,

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Edited by The weatherman, 19 June 2009 - 12:36 AM.

Posted Image

#3 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 23 June 2009 - 08:24 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 29 June 2009 - 03:18 PM

Topic reopened.

@ Jmoney3457,

Please post current DDS logs and an updated description of your computer issues.

~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Jmoney3457

Jmoney3457
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:Maine
  • Local time:08:47 PM

Posted 29 June 2009 - 04:23 PM

heres log from DDS..no known issues just making sure I got all malware removed ...
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/20/2006 5:35:15 PM
System Uptime: 6/27/2009 9:30:20 PM (44 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | N/A | 1662/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 86 GiB total, 23.435 GiB free.
D: is Removable
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1092&SUBSYS_81EF104D&REV_02\4&6B16D5B&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1092&SUBSYS_81EF104D&REV_02\4&6B16D5B&0&40F0
Service: E100B

==== System Restore Points ===================

RP960: 4/1/2009 11:14:34 AM - System Checkpoint
RP961: 4/2/2009 12:08:17 PM - System Checkpoint
RP962: 4/3/2009 12:11:47 PM - System Checkpoint
RP963: 4/4/2009 1:06:24 PM - System Checkpoint
RP964: 4/5/2009 7:33:30 PM - System Checkpoint
RP965: 4/6/2009 2:07:43 PM - Avg8 Update
RP966: 4/6/2009 2:09:36 PM - Avg8 Update
RP967: 4/7/2009 3:26:35 PM - System Checkpoint
RP968: 4/8/2009 3:53:04 PM - System Checkpoint
RP969: 4/9/2009 4:29:42 PM - System Checkpoint
RP970: 4/10/2009 4:47:39 PM - System Checkpoint
RP971: 4/11/2009 5:08:47 PM - System Checkpoint
RP972: 4/12/2009 5:39:24 PM - System Checkpoint
RP973: 4/13/2009 7:16:22 PM - System Checkpoint
RP974: 4/14/2009 8:38:58 PM - System Checkpoint
RP975: 4/15/2009 9:15:04 PM - System Checkpoint
RP976: 4/16/2009 10:01:29 PM - System Checkpoint
RP977: 4/17/2009 3:00:47 AM - Software Distribution Service 3.0
RP978: 4/18/2009 3:01:33 AM - System Checkpoint
RP979: 4/18/2009 8:20:02 PM - Configured Microsoft Office Professional Plus 2007
RP980: 4/19/2009 10:18:38 PM - System Checkpoint
RP981: 4/20/2009 12:51:04 PM - Configured Microsoft Office Professional Plus 2007
RP982: 4/21/2009 1:20:16 PM - System Checkpoint
RP983: 4/21/2009 11:37:15 PM - Installed LINGO 11.0
RP984: 4/22/2009 9:57:44 AM - Avg8 Update
RP985: 4/23/2009 10:32:09 AM - System Checkpoint
RP986: 4/24/2009 9:45:44 AM - Avg8 Update
RP987: 4/25/2009 10:27:30 AM - System Checkpoint
RP988: 4/26/2009 10:53:06 AM - System Checkpoint
RP989: 4/27/2009 11:21:11 AM - System Checkpoint
RP990: 4/27/2009 12:44:22 PM - Installed Windows Movie Maker 2.0
RP991: 4/28/2009 2:17:40 PM - System Checkpoint
RP992: 4/29/2009 2:24:02 PM - System Checkpoint
RP993: 4/30/2009 10:09:59 AM - Software Distribution Service 3.0
RP994: 5/1/2009 10:56:59 AM - System Checkpoint
RP995: 5/2/2009 11:12:07 AM - System Checkpoint
RP996: 5/3/2009 12:31:38 PM - System Checkpoint
RP997: 5/4/2009 12:34:13 PM - System Checkpoint
RP998: 5/5/2009 8:04:53 AM - Avg8 Update
RP999: 5/5/2009 8:09:08 AM - Avg8 Update
RP1000: 5/6/2009 6:43:40 PM - System Checkpoint
RP1001: 5/7/2009 7:40:02 PM - System Checkpoint
RP1002: 5/8/2009 8:02:56 PM - System Checkpoint
RP1003: 5/10/2009 12:21:32 AM - System Checkpoint
RP1004: 5/10/2009 7:20:35 PM - Removed LINGO 11.0
RP1005: 5/11/2009 7:56:50 PM - System Checkpoint
RP1006: 5/12/2009 8:10:52 PM - System Checkpoint
RP1007: 5/13/2009 5:10:45 PM - Avg8 Update
RP1008: 5/13/2009 5:11:27 PM - Software Distribution Service 3.0
RP1009: 5/14/2009 8:38:36 PM - System Checkpoint
RP1010: 5/15/2009 9:10:40 PM - System Checkpoint
RP1011: 5/16/2009 10:11:45 PM - System Checkpoint
RP1012: 5/17/2009 10:46:27 PM - System Checkpoint
RP1013: 5/18/2009 5:16:24 PM - Avg8 Update
RP1014: 5/18/2009 5:18:49 PM - Avg8 Update
RP1015: 5/19/2009 6:42:36 PM - System Checkpoint
RP1016: 5/20/2009 7:13:46 PM - System Checkpoint
RP1017: 5/21/2009 7:17:51 PM - System Checkpoint
RP1018: 5/22/2009 7:55:43 PM - System Checkpoint
RP1019: 5/23/2009 1:22:21 AM - Configured Microsoft Office Professional Plus 2007
RP1020: 5/24/2009 1:26:52 AM - System Checkpoint
RP1021: 5/25/2009 1:46:06 AM - System Checkpoint
RP1022: 5/26/2009 5:31:47 PM - System Checkpoint
RP1023: 5/27/2009 5:46:29 PM - System Checkpoint
RP1024: 5/28/2009 6:08:31 PM - System Checkpoint
RP1025: 5/29/2009 6:19:46 PM - System Checkpoint
RP1026: 5/30/2009 7:22:41 PM - System Checkpoint
RP1027: 5/31/2009 8:02:30 PM - System Checkpoint
RP1028: 6/1/2009 8:31:48 PM - System Checkpoint
RP1029: 6/2/2009 9:04:56 PM - System Checkpoint
RP1030: 6/3/2009 10:03:53 PM - System Checkpoint
RP1031: 6/4/2009 10:17:29 PM - System Checkpoint
RP1032: 6/5/2009 11:17:25 PM - System Checkpoint
RP1033: 6/7/2009 12:17:24 AM - System Checkpoint
RP1034: 6/7/2009 7:48:24 PM - Software Distribution Service 3.0
RP1035: 6/8/2009 7:53:41 PM - System Checkpoint
RP1036: 6/11/2009 7:00:18 PM - System Checkpoint
RP1037: 6/12/2009 3:01:10 AM - Software Distribution Service 3.0
RP1038: 6/13/2009 3:24:48 AM - System Checkpoint
RP1039: 6/13/2009 5:06:37 PM - Configured Microsoft Office Professional Plus 2007
RP1040: 6/14/2009 5:38:47 PM - System Checkpoint
RP1041: 6/15/2009 3:00:21 AM - Software Distribution Service 3.0
RP1042: 6/16/2009 6:21:31 PM - Configured Microsoft Office Professional Plus 2007
RP1043: 6/17/2009 6:55:26 PM - System Checkpoint
RP1044: 6/18/2009 5:41:40 PM - Configured Microsoft Office Professional Plus 2007
RP1045: 6/18/2009 6:01:16 PM - Configured Microsoft Office Professional Plus 2007
RP1046: 6/18/2009 8:05:20 PM - Configured Microsoft Office Professional Plus 2007
RP1047: 6/18/2009 8:07:43 PM - Configured Microsoft Office Professional Plus 2007
RP1048: 6/19/2009 9:55:57 PM - Configured Microsoft Office Professional Plus 2007
RP1049: 6/20/2009 10:14:05 PM - System Checkpoint
RP1050: 6/20/2009 11:41:31 PM - Configured Microsoft Office Professional Plus 2007
RP1051: 6/21/2009 10:54:38 AM - Configured Microsoft Office Professional Plus 2007
RP1052: 6/22/2009 7:29:46 AM - Configured Microsoft Office Professional Plus 2007
RP1053: 6/22/2009 6:10:17 PM - Configured Microsoft Office Professional Plus 2007
RP1054: 6/22/2009 8:59:40 PM - Configured Microsoft Office Professional Plus 2007
RP1055: 6/23/2009 9:32:25 PM - System Checkpoint
RP1056: 6/25/2009 5:10:26 PM - System Checkpoint
RP1057: 6/26/2009 5:46:05 PM - Avg8 Update
RP1058: 6/26/2009 5:48:04 PM - Avg8 Update
RP1059: 6/27/2009 5:48:41 PM - System Checkpoint
RP1060: 6/27/2009 8:31:12 PM - Installed BlackBerry Desktop Software 4.1.1
RP1061: 6/28/2009 9:49:37 PM - System Checkpoint

==== Installed Programs ======================

1500
1500_Help
1500Trb
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
AIM 6
AiO_Scan
AiOSoftware
Apple Mobile Device Support
Apple Software Update
Ares 2.0.3
Auto Gordian Knot 2.40
AVG 8.5
AviSynth 2.5
BlackBerry Desktop Software 4.1.1
Bonjour
BufferChm
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.20
COMODO Firewall Pro
Copy
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DISCover
DivX Web Player
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
DocProc
DSD Direct
DSD Playback Plug-in 1.0
DVD Decrypter (Remove Only)
DVgate Plus
F4200
F4200_Help
Fax
FirstClass® Client
Free Folder Hider 10.9
FUJIFILM USB Driver
GPBaseService
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Image Zone Express
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP PSC & OfficeJet 5.3.B
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
Image Converter 2 Plus
ImageStation
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD for VAIO
iPod Video Converter 3
ISScript
iTunes
Java™ 6 Update 11
LAN Setting Utility
LiveUpdate BVRP Software
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
MarketResearch
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
mMHouse
mobile PhoneTools
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
neroxml
NewCopy
NVIDIA Drivers
Office 2003 Trial Assistant
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.4.00
ProductContext
PSSWCORE
QuickTime
Readme
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Setting Utility Series
Shop for HP Supplies
SigmaTel Audio
Skype™ 3.8
SmartWebPrintingOC
SolutionCenter
Sonic Encoders
SonicStage 3.4
SonicStage Mastering Studio 2.2
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Certificate PCH
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
SpywareBlaster 4.2
Status
StepVoice Recorder 1.6
Toolbox
TrayApp
Unload
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VAIO Breeze Wallpaper
VAIO Camera Utility
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
VAIOSurveySA
VCRedistSetup
Videora iPod Converter 2.11
VideoToolkit01
Viewpoint Media Player
VobSub v2.23 (Remove Only)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinPatrol
Wireless Switch Setting Utility
XviD MPEG4 Video Codec (remove only)
ZipGenius 6 (6.0.2.1060)

==== Event Viewer Messages From Past Week ========

6/27/2009 9:33:53 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

==== End Of File ===========================
Posted Image

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:47 PM

Posted 01 July 2009 - 03:26 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Next

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<

unite.jpg


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:47 AM

Posted 05 July 2009 - 06:16 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users