also @ TechSpot: Asus P7P55D Deluxe Motherboard Review
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Login to participate.
Go Back   TechSpot OpenBoards > Operating Systems & Software > Virus & Malware removal
Reload this Page Logs attached - just need confirmation

Logs attached - just need confirmation

Closed Thread
Bookmark Thread Tools
  #1  
Old 12-07-2007
Newcomer, in training
  
Member since: Dec 2007, 12 posts
Logs attached - just need confirmation
A computer on my home network was infected, these are from another computer.
PANDA reported no rootkits found.
Attached Files
File Type: log hijackthismine.log (10.5 KB, 2 views)
File Type: txt ComboFix.txt (16.5 KB, 2 views)
File Type: txt Report-Scan-20071207-153055.txt (2.0 KB, 3 views)
  #2  
Old 12-07-2007
momok's Avatar
TS Special Forces
  
Location: Singapore
Member since: Mar 2007, 2,269 posts
Hi,

You may wish to copy and paste these instructions on notepad for easier reference later.
  1. Boot into safe mode under your normal user name. See how HERE
  2. Next turn on "Show all files and folders, including hidden and system". See how HERE

  3. Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Viewpoint Manager Service

  4. Go to start > Control Panel > Add and Remove Programs.
    Remove anything related to the following:

    Viewpoint Manager/Player/etc
    Freecorder Toolbar

  5. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
    O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Close HJT.
  6. Check this folder C:\sj675, was it created by you? What are its contents? Let me know in your next reply.
  7. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    Quote:
    File::
    C:\WINDOWS\Alcmtr.exe
    Folder::
    C:\Program Files\Freecorder
    C:\Documents and Settings\Bradley\Application Data\Viewpoint
    C:\Documents and Settings\Nicholas\Application Data\Viewpoint
    C:\Program Files\Viewpoint
    C:\Documents and Settings\All Users\Application Data\Viewpoint

    Registry::
  8. Save this as CFScript on the desktop.
  9. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.

  10. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

    Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

  11. Reboot into normal mode and rehide your protected OS files.
Thereafter, please post a fresh HJT log from normal mode as an attachment into this thread.


Regards,
momok =)

This thread is for the use of wallywimple only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
To remove this ad, sign in. To register for a new account, click here.
  
  #3  
Old 12-08-2007
Newcomer, in training
  
Member since: Dec 2007, 12 posts
All Done
C:\sj675 is an installation folder created by HP Scanket 6300 installation program. It is fine.

John
Attached Files
File Type: txt ComboFix.txt (30.2 KB, 2 views)
File Type: log hijackthis.log (10.2 KB, 1 views)
  #4  
Old 12-09-2007
momok's Avatar
TS Special Forces
  
Location: Singapore
Member since: Mar 2007, 2,269 posts
Hi,

Your logs look clean now.
  1. Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

  2. Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

  3. After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

  4. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of wallywimple only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  #5  
Old 12-09-2007
jobeard's Avatar
TechSpot Evangelist
  
Location: Southern Calif.
Member since: Apr 2005, 7,901 posts
fyi: re: your question: >Check this folder C:\sj675, was it created by you?<

this folder is created by an HP Print driver install
  #6  
Old 12-09-2007
Newcomer, in training
  
Member since: Dec 2007, 12 posts
Dear Friendly Momok,

Thank you

John
Closed Thread

Tip: Download Advanced SystemCare 3 Freeware - 1 Click A Day to Clean, Repair, Protect & Optimize your PC.

Thread Tools


Similar Topics
Topic Category Replies Last Post
Logs Attached, Don't think I'm debugged Yet. Virus & Malware removal 18 11-19-2007 10:06 AM
HJT and AVG-AS logs attached Virus & Malware removal 10 06-10-2007 07:49 AM
Help! Possible virus, all logs attached Virus & Malware removal 5 05-09-2007 04:39 PM
Logs attached; please advise Virus & Malware removal 5 04-03-2007 08:38 AM
Yet another lop.as Logs attached Virus & Malware removal 7 01-10-2007 03:06 AM


All times are GMT -4. The time now is 10:08 AM.