Vaio Virus? Help!!!

Kusunagi · 11-01-2009, 08:38 AM

So I lent this Sony Vaio 2002 VGC-RA840G to a friend. I love this desktop it runs so smooth and I was thinking about upgrading the pathetic gfx card that came with it (atiX300) to a 4650. So I took it back. Well I boot it up in XP SP 2. Not more than 15 minutes after a full boot the computer freezes. If at this point if I click the mouse on anything the computer gives me an infinite beep from the hardware until I do a hard shutdown. I mean at first I thought my friend burnt out my gfx card but it might be a virus. Please help me fix my comp before my friend loses a limb.

All scans were done in safe mod without networking.

after the scans were complete I uploaded them to a flash drive and transferred to a laptop (which im using now to post this topic).

All comments are appreciated. And thank you guys so much for taking time out of your day to be super heroes.

I forgot to mention that I do not have a boot disk.

Here Is my DDS

DDS (Ver_09-10-26.01) - NTFSx86 MINIMAL
Run by Jordan at 21:19:31.45 on Sat 10/31/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.762 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jordan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {8E72DD21-7E0B-40AA-8199-68BDF938187F} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {35065594-9169-4A34-B167-FC4865038E53} - No File
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [WindowBlinds] c:\documents and settings\all users\documents\stardock\windowblinds\WBInstall32.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [cogad] "c:\documents and settings\jordan\application data\cogad\cogad.exe" 61A847B5BBF72813338B2B27128065E9C084320161C4661227A755E9C2933154389A
uRun: [VnrPack22] "c:\program files\vnrpack\VnrPack22.exe"
uRun: [GetPack28] "c:\program files\getpack\GetPack28.exe"
uRun: [GetModule36] "c:\program files\getmodule\GetModule36.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [WinPatrol [FREE Edition]] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &D&ownload &with BitComet - c:\documents and settings\jordan\desktop\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\documents and settings\jordan\desktop\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\documents and settings\jordan\desktop\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.com/kdefence/kdfense8237.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll ideute.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 nwprovau c:\windows\system32\pmnkkljG

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jordan\applic~1\mozilla\firefox\profiles\8vctsqja.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\jordan\application data\mozilla\firefox\profiles\8vctsqja.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-27 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 1028432]
S1 47f627d3;47f627d3;c:\windows\system32\drivers\47f627d3.sys [2009-1-25 0]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-4 335240]
S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2009-5-26 33824]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-27 297752]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-7 24652]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-10-13 33792]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\NPF.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 XDva285;XDva285;\??\c:\windows\system32\xdva285.sys --> c:\windows\system32\XDva285.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-20 133104]

=============== Created Last 30 ================

2009-11-01 04:02:46 0 d-----w- c:\program files\Trend Micro
2009-11-01 00:03:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Geek Squad
2009-11-01 00:03:26 0 dc-h--w- C:\MRI_PE_TEMP
2009-11-01 00:00:30 0 dcsh--w- C:\$RECYCLE.BIN
2009-10-31 23:58:52 262144 ---ha-w- c:\documents and settings\jordan\ntuser.dat.LOG1
2009-10-31 23:58:52 0 ---ha-w- c:\documents and settings\jordan\ntuser.dat.LOG2
2009-10-28 22:55:54 0 d-sh--w- C:\found.001
2009-10-20 21:03:28 190216 ----a-w- c:\windows\system32\PnkBstrB.xtr
2009-10-19 18:52:41 0 d-----w- c:\docume~1\jordan\applic~1\WinPatrol
2009-10-19 18:32:42 40960 ----a-w- c:\windows\system32\ps3sixaxis_en.exe
2009-10-16 03:48:45 0 d-----w- c:\program files\CD Copy Master
2009-10-15 01:26:16 0 d-----w- c:\docume~1\jordan\applic~1\Mount&Blade
2009-10-14 17:34:23 0 d-----w- c:\program files\VirtuallTek
2009-10-14 17:34:23 0 d-----w- c:\docume~1\alluse~1\applic~1\VirtuallTek
2009-10-14 06:24:03 46592 ----a-w- c:\windows\system32\libusb0.dll
2009-10-14 06:24:03 33792 ----a-w- c:\windows\system32\drivers\libusb0.sys
2009-10-14 06:24:03 19456 ----a-w- c:\windows\system32\libusbd-9x.exe
2009-10-14 06:24:03 18944 ----a-w- c:\windows\system32\libusbd-nt.exe
2009-10-14 06:24:03 0 d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2009-10-11 22:17:34 0 d-sh--w- c:\documents and settings\jordan\IECompatCache
2009-10-11 22:17:15 0 d-sh--w- c:\documents and settings\jordan\PrivacIE
2009-10-11 21:41:48 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-10-11 21:32:50 604 ----a-w- c:\windows\Edofma.INI
2009-10-11 21

47 0 dc----w- C:\Bitcomet
2009-10-11 20:39:28 0 d-sh--w- c:\documents and settings\jordan\IETldCache
2009-10-09 17:15:10 0 d-sh--w- C:\found.000
2009-10-06 21:57:34 0 d-----w- c:\docume~1\alluse~1\applic~1\ALM

==================== Find3M ====================

2009-10-23 22:43:27 190216 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-23 20:49:32 139640 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-20 21:01:36 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-29 03:39:37 105984 ----a-w- c:\windows\system32\c_dll.dll
2009-08-28 16:30:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2008-10-29 03:57:49 10213663 ----a-w- c:\program files\K-Lite Codec Pack.rar
2008-03-09 14:25:10 236 ---ha-w- c:\program files\common files\dx.reg
2009-01-28 00:55:04 387525 --sha-w- c:\windows\system32\Gjlkknmp.ini2

============= FINISH: 21:20:18.17 ===============

Kusunagi · 11-04-2009, 09:54 PM

bump please

Ried · 11-04-2009, 10:09 PM

Hello Kusunagi,

From the Attach.txt:

Quote:

==== Event Viewer Messages From Past Week ========

10/28/2009 2:55:18 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

Have you done that yet? If not, please do so before we do anything else.

Kusunagi · 11-05-2009, 11:43 PM

Oh im not sure how to do that. (chkdsk disk thing)

But I ran the comp into safe mode and did a virus scan with ad-ware by lavasoft.

After cleaning 2 trojans both listed as malware trojans, I now cannot log into windows. After a boot up I type my name into the login screen then my pass hit enter and what happens? Well it logs in and then after a second logs me out. Then im left at the log in screen again. Ive even done this in safe mode and the same results. Is this caused from the virus as well?

Ried · 11-06-2009, 03:45 PM

What was the name of the virus and what files did it delete?

Try booting into Last known good configuration. If successful, please run new scans with gmer and dds.scr and post the fresh logs.

Kusunagi · 11-07-2009, 03:21 PM

okay ill try that now

Ried · 11-07-2009, 09:05 PM

If that doesn't work, it would be a big help if you could recall what files were deleted. Do you have access to a Windows XPPro SP2 disc?

11-04-2009, 09:54 PM	#2 (permalink)
Kusunagi Registered User Join Date: Oct 2009 Posts: 4 OS: xp sp2	Re: Vaio Virus? Help!!! bump please

11-05-2009, 11:43 PM	#4 (permalink)
Kusunagi Registered User Join Date: Oct 2009 Posts: 4 OS: xp sp2	Re: Vaio Virus? Help!!! Oh im not sure how to do that. (chkdsk disk thing) But I ran the comp into safe mode and did a virus scan with ad-ware by lavasoft. After cleaning 2 trojans both listed as malware trojans, I now cannot log into windows. After a boot up I type my name into the login screen then my pass hit enter and what happens? Well it logs in and then after a second logs me out. Then im left at the log in screen again. Ive even done this in safe mode and the same results. Is this caused from the virus as well?

11-06-2009, 03:45 PM	#5 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,103 OS: WinXP and Vista	Re: Vaio Virus? Help!!! What was the name of the virus and what files did it delete? Try booting into Last known good configuration. If successful, please run new scans with gmer and dds.scr and post the fresh logs. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

11-07-2009, 03:21 PM	#6 (permalink)
Kusunagi Registered User Join Date: Oct 2009 Posts: 4 OS: xp sp2	Re: Vaio Virus? Help!!! okay ill try that now

11-07-2009, 09:05 PM	#7 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 27,103 OS: WinXP and Vista	Re: Vaio Virus? Help!!! If that doesn't work, it would be a big help if you could recall what files were deleted. Do you have access to a Windows XPPro SP2 disc? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."