Author Topic: Double the fun! (Read 8717 times)

GrimAbbott · « **on:** June 26, 2009, 11:49:09 PM »

Looks like I'll get to spend some time on this forum, I've got two home PC's that have both turned into semi-paperweights due to spy or malware that came as a result of an expired Panda Internet Security 2008 subscription. Here's the first one.

Step 1: Malware applications
I'm seeing the following that are on the list: iMesh, Viewpoint Media Player. I'm also seeing two suspects: Last.fm.1.5.4.24567 and XplDbClientPatch.

Step 2: House Cleaning
I pulled down CCleaner 2.21.940 slim and have followed the directions.

Step 3: SUPERAntiSpyware
System would not allow software to download. Tried copying from flash drive, application does not run.

Step 4: Malwarebytes' Anti-Malware
System would not allow software to download. Installed from flash drive but application does not run.

Step 5: Update Your Java
Ran JavaRa and updated to JRE 6.14

Step 6: HijackThis
Completed

LOGS: Only HijackThis log is available since SAS and MBAM would not run.
My HijackThis report

[attachment deleted by admin]

Karnac · « **Reply #1 on:** June 27, 2009, 12:07:55 AM »

Try running Steps 3 and 4 in safe mode...you may have to rename them....

GrimAbbott · « **Reply #2 on:** June 27, 2009, 01:31:56 AM »

OK, got the MBAM to run (report attached) in Safe Mode but the SAS still will not run, even when the .exe is renamed to ComputerHope.exe! Uninstalled and reinstalled SAS, still no luck.

[attachment deleted by admin]

Karnac · « **Reply #3 on:** June 27, 2009, 08:42:11 AM »

Ok, all these infections indicate no action taken...you will have to remove and quarantine them when asked.

GrimAbbott · « **Reply #4 on:** June 27, 2009, 01:20:33 PM »

The successful MBAM scan/cleaning allowed SAS to run; log attached. Further suggestions?

[attachment deleted by admin]

Karnac · « **Reply #5 on:** June 27, 2009, 01:28:45 PM »

While you wait for a specialist to review the logs you can try self help and use the process tool here...

http://www.computerhope.com/forum/index.php/topic,81761.msg540346.html#msg540346

evilfantasy · « **Reply #6 on:** June 27, 2009, 01:29:11 PM »

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Karnac · « **Reply #7 on:** June 27, 2009, 01:30:48 PM »

Nice to see you back.....evil

evilfantasy · « **Reply #8 on:** June 27, 2009, 01:31:59 PM »

Shhh! I'm not back....

Karnac · « **Reply #9 on:** June 27, 2009, 01:34:01 PM »

*censored*...sorry...

GrimAbbott · « **Reply #10 on:** June 27, 2009, 04:16:25 PM »

As requested from DDS:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Dad at 15:19:42.03 on Sat 06/27/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.602 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dad\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gbcph.org/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.omnitechcorp.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sony Ericsson PC Suite] "e:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [AdaptecDirectCD] c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AAWTray] c:\program files\lavasoft\ad-aware 2007\AAWTray.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [MBM 5] "c:\program files\motherboard monitor 5\MBM5.EXE"
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.28.9/ttinst.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\b9k9d87q.default\
FF - prefs.js: browser.startup.homepage - www.gbcph.org
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: e:\program files\adobe\reader 8.0\reader\browser\nppdf32.dll
FF - plugin: e:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: e:\program files\netscape6\nppl3260.dll
FF - plugin: e:\program files\netscape6\nprjplug.dll
FF - plugin: e:\program files\netscape6\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-26 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-8-27 566616]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-26 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-26 55640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-10

24652]
S1 Multicam;MultiCam for Picolo;c:\windows\system32\drivers\multicam.sys --> c:\windows\system32\drivers\multicam.sys [?]
S1 SASKUTIL;SASKUTIL;\??\e:\program files\superantispyware\saskutil.sys --> e:\program files\superantispyware\SASKUTIL.sys

[?]
S3 AtomSync;AtomSync;e:\program files\atomsync\service.exe [2008-9-23 159744]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-5-20 13224]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S3 SASENUM;SASENUM;\??\e:\program files\superantispyware\sasenum.sys --> e:\program files\superantispyware\SASENUM.SYS [?]

=============== Created Last 30 ================

2009-06-27 14:03   <DIR>   --d-h---   c:\windows\PIF
2009-06-26 23:55   <DIR>   --d-----   c:\docume~1\dad\applic~1\Malwarebytes
2009-06-26 23:50   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-06-26 23:27   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-26 23:20   <DIR>   --d-----   c:\docume~1\dad\applic~1\SUPERAntiSpyware.com
2009-06-26 22:46   <DIR>   --d-----   c:\program files\Trend Micro
2009-06-26 22:40   410,984   a-------   c:\windows\system32\deploytk.dll
2009-06-26 00:45   55,640   a-------   c:\windows\system32\drivers\avgntflt.sys
2009-06-26 00:44   <DIR>   --d-----   c:\program files\Avira
2009-06-26 00:44   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Avira
2009-06-26 00:36   38,160   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-26 00:36   19,096   a-------   c:\windows\system32\drivers\mbam.sys
2009-06-26 00:36   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-25 22:57   47   a----r--   c:\windows\amunres.lsl
2009-06-21 20:24   0   a-------   c:\windows\system32\commonpriv.log.lock
2009-06-21 20:22   <DIR>   --d-----   c:\program files\AVG
2009-06-21 20:22   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\avg8
2009-06-21 17:48   <DIR>   --d-----   c:\program files\iPod
2009-06-21 17:48   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-21 17:46   <DIR>   --d-----   c:\program files\Bonjour

==================== Find3M ====================

2008-01-15 11:50   1,004   a--sh---   c:\windows\system32\KGyGaAvL.sys

============= FINISH: 15:20:30.64 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/21/2003 6:30:08 AM
System Uptime: 6/27/2009 12:30:37 PM (3 hours ago)

Motherboard: Intel Corporation | | D865GLC
Processor: Intel(R) Celeron(R) CPU 2.00GHz | J2E1 | 1994/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 100.291 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 112 GiB total, 110.138 GiB free.
Y: is NetworkDisk (NTFS) - 372 GiB total, 220.977 GiB free.
Z: is NetworkDisk (NTFS) - 372 GiB total, 220.977 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP771: 3/29/2009 5:45:41 PM - System Checkpoint
RP772: 4/4/2009 6:02:04 PM - System Checkpoint
RP773: 4/6/2009 10:51:30 AM - System Checkpoint
RP774: 4/8/2009 5:20:42 PM - System Checkpoint
RP775: 4/11/2009 5:40:09 PM - System Checkpoint
RP776: 4/13/2009 10:46:03 AM - System Checkpoint
RP777: 4/18/2009 2:45:05 PM - System Checkpoint
RP778: 4/21/2009 5:03:36 PM - System Checkpoint
RP779: 5/8/2009 12:27:10 PM - System Checkpoint
RP780: 5/8/2009 10:18:06 PM - Installed DirectX
RP781: 5/18/2009 6:23:01 PM - System Checkpoint
RP782: 5/21/2009 2:02:35 PM - System Checkpoint
RP783: 6/8/2009 5:47:54 PM - System Checkpoint
RP784: 6/21/2009 3:36:29 PM - System Checkpoint
RP785: 6/21/2009 5:47:36 PM - Installed iTunes
RP786: 6/21/2009 8:24:20 PM - Installed AVG Free 8.5
RP787: 6/25/2009 10:16:57 PM - Removed Panda Internet Security 2007
RP788: 6/25/2009 11:02:16 PM - Removed OpenOffice.org 2.2
RP789: 6/25/2009 11:25:49 PM - Installed AVG Free 8.5

==== Installed Programs ======================

3D Virtual Reality Architect
Ad-Aware 2007
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.4
Adobe Shockwave Player 11
AiO_Scan
Apple Mobile Device Support
Apple Software Update
AtomSync
Avira AntiVir Personal - Free Antivirus
Belkin 54g USB Network Adapter
Big Fish Games Client
Bonjour
CCleaner (remove only)
CutePDF Writer 2.7
Disc2Phone
Easy CD Creator 5 Basic
Freecorder Toolbar
Freecorder Toolbar 3.0 Application
Freecorder Toolbar 3.02 Application
GameShark SP
Google Talk (remove only)
Google Talk Plugin
Google Updater
HijackThis 2.0.2
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
iMesh
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
iTunes
Java(TM) 6 Update 14
Juniper Networks Cache Cleaner 6.0.0
Juniper Networks Host Checker
Last.fm 1.5.4.24567
Logitech Gaming Software
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Motherboard Monitor 5
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Pando Media Booster
QFolder
QuickTime
RealPlayer
Rhapsody Player Engine
Rosetta Stone 2.1.3.0A
Sansa Media Converter
Scan
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB923789)
Sibelius Scorch Plugin 5.2.5.30
SigmaTel MSCN Audio Player
Sony Ericsson PC Suite 4.010.00
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
SUPERAntiSpyware Free Edition
teenSMART®
TimeLeft
Unity Web Player
Update Service
URGE
Viewpoint Media Player
WebFldrs XP
Where in the World is Carmen Sandiego?
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 2
WordPerfect Office 12
XML Paper Specification Shared Components Pack 1.0
XplDbClientPatch

==== Event Viewer Messages From Past Week ========

6/27/2009 12:32:20 AM, error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: SASKUTIL
6/27/2009 12:31:25 PM, error: sr [1] - The System Restore filter encountered the unexpected

error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has

stopped monitoring the volume.
6/27/2009 11:05:26 AM, error: Service Control Manager [7000] - The SASENUM service failed

to start due to the following error: The system cannot find the path specified.
6/27/2009 11:05:22 AM, error: Service Control Manager [7000] - The SASKUTIL service failed

to start due to the following error: The system cannot find the path specified.
6/26/2009 12:38:58 AM, error: SideBySide [59] - Resolve Partial Assembly failed for

Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on

your system. .
6/26/2009 12:38:58 AM, error: SideBySide [59] - Generate Activation Context failed for

C:\DOCUME~1\Dad\LOCALS~1\Temp\RarSFX0\basic\setup.exe. Reference error message: The

operation completed successfully. .
6/26/2009 12:38:58 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could

not be found and Last Error was The referenced assembly is not installed on your system.
6/26/2009 12:38:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the

service MSIServer with arguments "" in order to run the server:

{000C101C-0000-0000-C000-000000000046}
6/26/2009 12:35:35 AM, error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: cdudf_xp Fips intelppm mbmiodrvr sf
6/26/2009 12:34:59 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the

service StiSvc with arguments "" in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/26/2009 12:34:37 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the

service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
6/26/2009 11:54:26 PM, error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: avgio avipbb cdudf_xp Fips intelppm mbmiodrvr

SASKUTIL sf ssmdrv
6/26/2009 11:40:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the

service wuauserv with arguments "" in order to run the server:

{E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/26/2009 11:27:47 PM, error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: avgio avipbb cdudf_xp Fips intelppm mbmiodrvr sf

ssmdrv
6/21/2009 7:51:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds)

waiting for the Application Layer Gateway Service service to connect.
6/21/2009 7:51:43 PM, error: Service Control Manager [7000] - The Application Layer Gateway

Service service failed to start due to the following error: The service did not respond to

the start or control request in a timely fashion.
6/21/2009 7:51:12 PM, error: Service Control Manager [7022] - The Panda anti-virus service

service hung on starting.
6/21/2009 7:48:39 PM, error: sr [1] - The System Restore filter encountered the unexpected

error '0xC0000243' while processing the file 'NetPcap.cfg' on the volume 'HarddiskVolume1'.

It has stopped monitoring the volume.

==== End Of File ===========================

evilfantasy · « **Reply #11 on:** June 27, 2009, 04:34:36 PM »

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

.
It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar
Viewpoint Experience Technology

.
----------

Go to Start > Run > type Notepad.exe and click OK to open Notepad.

In the top of Notepad go to Format and click Word Wrap then close Notepad.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Driver::
Viewpoint Manager Service
PavSRK.sys
PavTPK.sys

DDS::
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Firefox::
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

Folder::
c:\program files\viewpoint
c:\program files\AVG
c:\docume~1\alluse~1\applic~1\avg8

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

GrimAbbott · « **Reply #12 on:** June 27, 2009, 05:53:52 PM »

Quick check...CF got an error message: AntiVir Desktop is running. It requires me to kill that before continuing. I assume this is OK but await confirmation.

evilfantasy · « **Reply #13 on:** June 27, 2009, 06:45:38 PM »

Yes you can shut down Avira while running CF.

GrimAbbott · « **Reply #14 on:** June 27, 2009, 08:00:32 PM »

Thanks. Along the way, CFx prompted a download of MS Recovery Console which installed successfully. Here is the ComboFix log:

ComboFix 09-06-26.02 - Dad 06/27/2009 18:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.696 [GMT -7:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dad\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\alluse~1\applic~1\avg8
c:\docume~1\alluse~1\applic~1\avg8\Log\avgcfg.log.install_backup
c:\docume~1\alluse~1\applic~1\avg8\Log\avgcfg.log.lock
c:\docume~1\alluse~1\applic~1\avg8\Log\avgcore.log.1
c:\docume~1\alluse~1\applic~1\avg8\Log\avgcore.log.lock
c:\docume~1\alluse~1\applic~1\avg8\Log\avglng.log.lock
c:\docume~1\alluse~1\applic~1\avg8\Log\avgsrm.log.lock
c:\docume~1\alluse~1\applic~1\avg8\Log\avgwd.log.install_backup
c:\docume~1\alluse~1\applic~1\avg8\Log\avgwd.log.lock
c:\docume~1\alluse~1\applic~1\avg8\Log\avgwdsvc.log.lock
c:\docume~1\alluse~1\applic~1\avg8\Log\commonpriv.log.lock
c:\documents and settings\Samuel.OAKTREE3\Application Data\WeatherDPA
c:\program files\AVG
c:\program files\AVG\AVG8\cfg\mail.cfg
c:\program files\AVG\AVG8\Emc\Log\emc.log
c:\program files\AVG\AVG8\log\history.xml
c:\program files\messenger\msmsgs.exe
c:\windows\system32\drivers\gxvxckrocqmjyidltpxtbimjcbiqmupvaqjgp.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcrqpaaxmkamxeyrvwwmfrfcjalcsbxrtq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Legacy_PAVSRK.SYS
-------\Legacy_PAVTPK.SYS
-------\Service_PavSRK.sys
-------\Service_PavTPK.sys

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-27 21:03 . 2009-06-27 21:03   --------   d--h--w-   c:\windows\PIF
2009-06-27 06:55 . 2009-06-27 06:55   --------   d-----w-   c:\documents and settings\Dad\Application Data\Malwarebytes
2009-06-27 06:50 . 2009-06-27 06:54   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-06-27 06:27 . 2009-06-27 18:06   117760   ----a-w-   c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-27 06:27 . 2009-06-27 06:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-27 06:20 . 2009-06-27 06:20   --------   d-----w-   c:\documents and settings\Dad\Application Data\SUPERAntiSpyware.com
2009-06-27 05:46 . 2009-06-27 05:46   --------   d-----w-   c:\program files\Trend Micro
2009-06-27 05:40 . 2009-06-27 05:39   410984   ----a-w-   c:\windows\system32\deploytk.dll
2009-06-26 07:45 . 2009-03-30 17:33   96104   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2009-06-26 07:45 . 2009-03-24 23:08   55640   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2009-06-26 07:45 . 2009-02-13 19:29   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2009-06-26 07:45 . 2009-02-13 19:17   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2009-06-26 07:44 . 2009-06-26 07:44   --------   d-----w-   c:\program files\Avira
2009-06-26 07:44 . 2009-06-26 07:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2009-06-26 07:36 . 2009-06-17 18:27   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-26 07:36 . 2009-06-26 07:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-26 07:36 . 2009-06-17 18:27   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-06-22 00:48 . 2009-06-22 00:48   --------   d-----w-   c:\program files\iPod
2009-06-22 00:48 . 2009-06-22 00:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-22 00:46 . 2009-06-22 00:46   --------   d-----w-   c:\program files\Bonjour
2009-06-22 00:45 . 2009-06-22 00:45   --------   d-----w-   c:\program files\QuickTime
2009-06-22 00:43 . 2009-06-22 00:43   --------   d-----w-   c:\program files\Apple Software Update
2009-06-21 22:50 . 2009-06-21 22:50   --------   d-----w-   c:\documents and settings\Dad\Local Settings\Application Data\AOL
2009-06-05 20:57 . 2009-06-05 20:57   75048   ----a-w-   c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 23:55 . 2009-04-10 18:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-27 06:49 . 2002-01-04 09:43   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-06-27 05:39 . 2002-01-02 07:20   --------   d-----w-   c:\program files\Java
2009-06-27 04:41 . 2007-07-22 04:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-26 06:04 . 2007-03-25 15:49   51936   ----a-w-   c:\documents and settings\Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 06:02 . 2002-01-02 07:21   --------   d-----w-   c:\program files\OpenOffice.org 2.2
2009-06-26 05:56 . 2003-07-31 11:52   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-06-26 05:52 . 2002-01-02 08:35   --------   d-----w-   c:\documents and settings\Dad\Application Data\OpenOffice.org2
2009-06-26 05:52 . 2008-10-08 06:27   --------   d-----w-   c:\documents and settings\Dad\Application Data\stickies
2009-06-26 05:20 . 2002-01-04 09:37   --------   d-----w-   c:\program files\Common Files\Panda Software
2009-06-26 05:12 . 2008-11-25 19:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2009-06-22 00:48 . 2008-09-15 04:37   --------   d-----w-   c:\program files\Common Files\Apple
2009-06-21 22:51 . 2009-04-10 18:24   --------   d-----w-   c:\program files\Common Files\AOL
2009-06-09 17:09 . 2007-09-17 05:02   --------   d-----w-   c:\documents and settings\Samuel.OAKTREE3\Application Data\OpenOffice.org2
2009-05-11 22:48 . 2009-05-11 22:20   34   ----a-w-   c:\documents and settings\Samuel.OAKTREE3\jagex_runescape_preferences.dat
2009-04-10 18:29 . 2009-04-10 18:29   1144808   ----a-w-   c:\documents and settings\All Users\Application Data\AOL Downloads\aimtunes\AIMTunes.exe
2008-01-15 18:50 . 2007-10-21 07:10   1004   --sha-w-   c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-04-21 00:18   1883672   ----a-w-   c:\program files\Freecorder\tbFre1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="e:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-06-19 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-09-19 684032]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-27 148888]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MBM 5"="c:\program files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 594944]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Samuel.OAKTREE3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Samuel.OAKTREE3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Stickies\\stickies.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"57086:TCP"= 57086:TCP:Pando Media Booster
"57086:UDP"= 57086:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/26/2009 12:45 AM 108289]
S1 Multicam;MultiCam for Picolo;c:\windows\system32\Drivers\multicam.sys --> c:\windows\system32\Drivers\multicam.sys [?]
S1 SASKUTIL;SASKUTIL;\??\e:\program files\SUPERAntiSpyware\SASKUTIL.sys --> e:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 AtomSync;AtomSync;e:\program files\AtomSync\service.exe [9/23/2008 10:34 PM 159744]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [5/20/2008 10:47 PM 13224]
S3 SASENUM;SASENUM;\??\e:\program files\SUPERAntiSpyware\SASENUM.SYS --> e:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-06-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-02 01:16]

2009-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4265909289-2111342016-2801439982-1016.job
- c:\documents and settings\Samuel.OAKTREE3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-18 07:05]
.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gbcph.org/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\b9k9d87q.default\
FF - prefs.js: browser.startup.homepage - www.gbcph.org
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: e:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 18:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{15FD8424-D12A-4C51-8C6C-D5D57B80F781}\TypeLib]
@DACL=(02 0000)
@="{C62A9E79-2B52-439B-AF57-2E60BB06E86C}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}\TypeLib]
@DACL=(02 0000)
@="{0729F461-8054-47DC-8D39-A31B61CC0119}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}\TypeLib]
@DACL=(02 0000)
@="{0729F461-8054-47DC-8D39-A31B61CC0119}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}\TypeLib]
@DACL=(02 0000)
@="{0729F461-8054-47DC-8D39-A31B61CC0119}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\TypeLib]
@DACL=(02 0000)
@="{C62A9E79-2B52-439B-AF57-2E60BB06E86C}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{715FFD42-4E05-4EAB-9513-C8DAA5395AE2}\TypeLib]
@DACL=(02 0000)
@="{C62A9E79-2B52-439B-AF57-2E60BB06E86C}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{759D6F7C-8D30-45B6-ABEA-FA51C190EED5}\TypeLib]
@DACL=(02 0000)
@="{C62A9E79-2B52-439B-AF57-2E60BB06E86C}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}\TypeLib]
@DACL=(02 0000)
@="{0729F461-8054-47DC-8D39-A31B61CC0119}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}\TypeLib]
@DACL=(02 0000)
@="{0729F461-8054-47DC-8D39-A31B61CC0119}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9A4A64A4-A2FB-48FA-9BBA-1AC50267695D}\TypeLib]
@DACL=(02 0000)
@="{C62A9E79-2B52-439B-AF57-2E60BB06E86C}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}\TypeLib]
@DACL=(02 0000)
@="{0729F461-8054-47DC-8D39-A31B61CC0119}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}\TypeLib]
@DACL=(02 0000)
@="{0729F461-8054-47DC-8D39-A31B61CC0119}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}\TypeLib]
@DACL=(02 0000)
@="{0729F461-8054-47DC-8D39-A31B61CC0119}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{0729F461-8054-47DC-8D39-A31B61CC0119}\1.0]
@DACL=(02 0000)
@="HbCoreSrv 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{C62A9E79-2B52-439B-AF57-2E60BB06E86C}\1.0]
@DACL=(02 0000)
@="HbToolbar 1.0 Type Library"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(3396)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-28 19:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-28 02:04

Pre-Run: 107,632,934,912 bytes free
Post-Run: 108,974,166,016 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

358

Computer Hope Forum

News:

Author Topic: Double the fun! (Read 8717 times)

GrimAbbott

Double the fun!

Karnac

Re: Double the fun!

GrimAbbott

Re: Double the fun!

Karnac

Re: Double the fun!

GrimAbbott

Re: Double the fun!

Karnac

Re: Double the fun!

evilfantasy

Re: Double the fun!

Karnac

Re: Double the fun!

evilfantasy

Re: Double the fun!

Karnac

Re: Double the fun!

GrimAbbott

Re: Double the fun!

evilfantasy

Re: Double the fun!

GrimAbbott

Re: Double the fun!

evilfantasy

Re: Double the fun!

GrimAbbott

Re: Double the fun!