Jump to content

MarinerMB

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by MarinerMB

  1. Hi all, I've tried looking all over and can't really find an answer to this: Is updater.exe by Spigot, inc. malware? Agnitum Firewall Pro says it keeps asking to access the internet but doesn't say which program it is connected to...just the path for the exe. I've done all the tests asked and have all the logs...here they are: Please Advise! ComboFix 10-09-11.01 - Diane 09/11/2010 16:24:55.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1156 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Application Data\Desktopicon c:\documents and settings\Owner\Application Data\inst.exe c:\windows\TEMP\X31978\msntsvcv8.dll c:\windows\TEMP\X31978\mswin32v15.dll c:\windows\win32t4.dll . ((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 ))))))))))))))))))))))))))))))) . 2010-09-11 18:42 . 2010-09-11 18:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2010-09-11 18:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-11 18:41 . 2010-09-11 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-11 18:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-11 18:41 . 2010-09-11 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-11 18:28 . 2010-09-11 18:28 2400114 ----a-w- C:\MGtools.exe 2010-09-08 18:01 . 2010-09-11 17:15 -------- d-----w- c:\documents and settings\Owner\Application Data\CBS Interactive 2010-09-06 17:09 . 2010-09-06 17:14 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-09-06 17:09 . 2010-09-06 17:14 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-09-06 17:09 . 2010-09-06 17:14 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-09-06 16:15 . 2010-09-06 17:17 35631 ----a-w- c:\windows\DIIUnin.dat 2010-09-06 16:15 . 2010-09-06 16:15 2829 ----a-w- c:\windows\DIIUnin.pif 2010-09-06 16:15 . 2010-09-06 16:15 94208 ----a-w- c:\windows\DIIUnin.exe 2010-09-06 16:08 . 2010-09-10 20:57 -------- d-----w- c:\program files\Diablo II 2010-09-06 00:19 . 2010-09-06 00:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Floodlight Games 2010-09-06 00:19 . 2010-09-06 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Floodlight Games 2010-09-04 01:27 . 2010-09-04 01:27 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\Google 2010-08-26 03:33 . 2010-08-26 03:33 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2010-08-26 03:14 . 2010-09-05 13:21 -------- d-----w- c:\documents and settings\LocalService\MCSRACache-5B3A7A45BE 2010-08-26 03:14 . 2010-09-11 20:32 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-26 03:13 . 2010-08-26 03:14 -------- d-----w- c:\documents and settings\LocalService\vw 2010-08-26 03:13 . 2010-09-10 13:21 -------- d-----w- c:\program files\MyConnection Server 2010-08-26 03:05 . 2010-08-26 03:08 -------- d-----w- c:\documents and settings\Owner\Application Data\homebank 2010-08-26 02:53 . 2010-08-26 02:53 -------- d-----w- c:\documents and settings\Owner\Application Data\hott notes 4 2010-08-26 02:53 . 2010-08-26 02:53 -------- d-----w- c:\program files\hott notes 4 2010-08-26 02:01 . 2010-08-26 02:01 -------- d-----w- c:\program files\Application Updater 2010-08-26 02:00 . 2001-10-28 21:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll 2010-08-26 02:00 . 1998-07-06 05:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL 2010-08-26 01:05 . 2010-08-26 01:05 -------- d-----w- c:\documents and settings\Owner\Application Data\SultansLabyrinth 2010-08-24 02:40 . 2010-08-24 03:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Cabos 2010-08-24 02:39 . 2010-08-26 03:11 -------- d-----w- c:\program files\Cabos 2010-08-21 19:12 . 2010-08-21 19:12 181160 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-08-17 17:54 . 2010-08-17 17:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Evernote 2010-08-17 17:54 . 2010-08-17 17:54 -------- d-----w- c:\program files\Evernote 2010-08-16 18:48 . 2010-08-16 18:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2010-08-15 00:51 . 2010-08-15 01:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Last.fm 2010-08-14 04:43 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-08-13 19:28 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-08-13 19:26 . 2010-08-13 19:26 -------- d-----w- c:\program files\Microsoft Security Essentials . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-11 17:20 . 2010-05-05 14:22 -------- d-----w- c:\program files\CCleaner 2010-09-11 16:50 . 2009-09-24 23:15 -------- d-----w- c:\program files\uTorrent 2010-09-09 07:00 . 2009-11-22 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Retrospect 2010-09-07 16:47 . 2009-09-24 23:08 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent 2010-09-07 16:33 . 2009-09-25 04:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-09-07 16:19 . 2009-10-13 16:25 -------- d-----w- c:\program files\Games 2010-09-07 15:14 . 2009-11-09 04:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon 2010-08-31 15:21 . 2010-05-25 18:50 -------- d-----w- c:\program files\YouTube Downloader 2010-08-30 23:37 . 2009-10-14 22:27 -------- d-----w- c:\documents and settings\Owner\Application Data\ERS G-Studio 2010-08-30 18:34 . 2010-09-10 14:23 1496064 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-08-30 18:33 . 2010-09-10 14:23 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-08-30 18:33 . 2010-09-10 14:23 338944 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-08-30 18:33 . 2010-09-10 14:23 346112 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-08-27 04:33 . 2009-09-24 23:55 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-08-26 04:23 . 2010-08-05 05:01 -------- d-----w- c:\program files\Calibre2 2010-08-26 00:51 . 2009-09-25 04:23 -------- d-----w- c:\program files\bfgclient 2010-08-26 00:51 . 2010-06-30 05:29 3963280 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe 2010-08-24 02:35 . 2010-08-04 14:11 -------- d-----w- c:\program files\QuickTime 2010-08-23 20:53 . 2010-08-23 20:53 143392 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\the-sultans-labyrinth-game_s1_l1_gF2453T1L1_d1008673574.exe 2010-08-23 20:53 . 2010-08-23 20:53 3906240 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe 2010-08-21 19:20 . 2009-09-17 18:27 83976 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-21 19:17 . 2010-05-22 11:29 83976 ----a-w- c:\documents and settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-21 19:03 . 2010-03-20 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-08-21 07:38 . 2009-09-24 19:14 -------- d-----w- c:\program files\Siber Systems 2010-08-21 07:32 . 2010-08-06 03:48 -------- d-----w- c:\documents and settings\Owner\Application Data\GoodSync 2010-08-19 18:14 . 2010-08-06 20:51 -------- d-----w- c:\documents and settings\Bob\Application Data\GoodSync 2010-08-18 22:04 . 2010-08-21 15:26 52224 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{662f5b27-1a14-48d4-b9b6-69b111d6cfde}\components\FFExternalAlert.dll 2010-08-18 22:04 . 2010-08-21 15:26 101376 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{662f5b27-1a14-48d4-b9b6-69b111d6cfde}\components\RadioWMPCore.dll 2010-08-15 00:53 . 2010-08-04 14:13 -------- d-----w- c:\program files\iTunes 2010-08-14 04:43 . 2009-09-17 19:05 -------- d-----w- c:\program files\Windows Media Connect 2 2010-08-13 15:48 . 2009-09-24 22:44 713672 ----a-w- c:\windows\system32\drivers\SandBox.sys 2010-08-12 14:00 . 2010-08-04 20:10 -------- d-----w- c:\documents and settings\Bob\Application Data\Apple Computer 2010-08-12 03:48 . 2010-01-07 15:59 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc 2010-08-11 22:24 . 2009-09-24 22:44 267752 ----a-w- c:\windows\system32\drivers\afwcore.sys 2010-08-09 01:46 . 2010-08-09 01:46 68524 ---ha-w- c:\windows\system32\mlfcache.dat 2010-08-09 01:23 . 2010-08-09 01:22 -------- d-----w- c:\program files\Google 2010-08-06 03:48 . 2010-08-06 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\GoodSync 2010-08-05 05:48 . 2010-08-05 05:02 -------- d-----w- c:\documents and settings\Owner\Application Data\calibre 2010-08-04 14:23 . 2010-08-04 14:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer 2010-08-04 14:21 . 2010-05-01 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-08-04 14:14 . 2010-08-04 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-08-04 14:13 . 2010-08-04 14:13 -------- d-----w- c:\program files\iPod 2010-08-04 14:13 . 2010-05-01 03:01 -------- d-----w- c:\program files\Common Files\Apple 2010-08-04 14:13 . 2010-08-04 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2010-08-04 14:10 . 2010-08-04 14:10 -------- d-----w- c:\program files\Apple Software Update 2010-08-04 14:09 . 2010-08-04 14:09 -------- d-----w- c:\program files\Bonjour 2010-08-03 03:59 . 2009-11-03 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo 2010-08-02 16:30 . 2009-11-09 02:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Babylonia 2010-08-01 18:42 . 2009-10-01 16:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso 2010-08-01 14:55 . 2009-10-03 04:47 -------- d-----w- c:\documents and settings\Owner\Application Data\log 2010-08-01 14:33 . 2009-10-03 04:23 -------- d-----w- c:\program files\VSO 2010-07-25 21:53 . 2010-07-25 21:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Walgreens 2010-07-21 20:30 . 2010-07-21 20:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-07-16 23:52 . 2009-10-04 15:16 -------- d-----w- c:\program files\Oberon Media 2010-07-16 18:38 . 2009-10-29 03:35 -------- d-----w- c:\program files\Wonderburg 2010-07-16 18:37 . 2009-09-29 02:31 -------- d-----w- c:\program files\Winamp 2010-07-16 18:36 . 2010-04-23 03:27 -------- d-----w- c:\program files\VirusTotalUploader2 2010-07-16 18:34 . 2010-07-16 17:32 -------- d-----w- c:\program files\SmartScan 2010-07-16 18:34 . 2009-10-04 22:41 -------- d-----w- c:\program files\Slingo Supreme 2010-07-16 18:33 . 2009-11-29 18:48 -------- d-----w- c:\program files\Rhapsody 2010-07-16 18:33 . 2009-10-27 22:12 -------- d-----w- c:\program files\Return to Mysterious Island 2 - Mina's Fate 2010-07-16 18:33 . 2009-11-02 21:32 -------- d-----w- c:\program files\PowerISO 2010-07-16 18:33 . 2010-01-13 12:55 -------- d-----w- c:\program files\PixiePack Codec Pack 2010-07-16 18:30 . 2009-12-30 03:27 -------- d-----w- c:\program files\NEATO 2010-07-16 18:30 . 2009-09-25 04:24 -------- d-----w- c:\program files\My Kingdom for the Princess 2010-07-16 18:29 . 2009-11-01 08:22 -------- d-----w- c:\program files\MemoKit 2010-07-16 18:29 . 2009-11-04 23:52 -------- d-----w- c:\program files\Gold Wave Editor 2010-07-16 18:25 . 2009-10-02 02:27 -------- d-----w- c:\program files\Exact Audio Copy 2010-07-16 18:25 . 2009-12-19 20:46 -------- d-----w- c:\program files\Dvd-cloner 2010-07-16 18:25 . 2009-11-04 23:29 -------- d-----w- c:\program files\DVD Decrypter 2010-07-16 18:25 . 2009-10-04 22:35 -------- d-----w- c:\program files\Dreamsdwell Stories 2010-07-16 18:24 . 2010-05-13 14:43 -------- d-----w- c:\program files\dingo 2010-07-16 18:24 . 2009-12-13 20:08 -------- d-----w- c:\program files\Dark Hills of Cherai Strategy Guide 2010-07-16 18:24 . 2010-06-18 02:26 -------- d-----w- c:\program files\Common Files\Stardock 2010-07-16 18:23 . 2009-09-24 23:43 -------- d-----w- c:\program files\Common Files\Insight Software Solutions 2010-07-16 18:22 . 2009-10-04 22:30 -------- d-----w- c:\program files\Aveyond 2 2010-07-16 18:21 . 2009-10-19 20:20 -------- d-----w- c:\program files\Age Of Oracles-Tara's Journey 2010-07-16 18:21 . 2009-12-30 03:47 -------- d-----w- c:\program files\Acoustica CD Label Maker 2010-07-16 18:06 . 2009-10-12 00:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks 2010-07-16 18:06 . 2010-06-12 15:37 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp 2010-07-16 18:06 . 2010-06-14 21:36 -------- d-----w- c:\documents and settings\Bob\Application Data\mjusbsp 2010-07-16 18:06 . 2010-03-14 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2010-07-16 18:06 . 2010-01-13 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution 2010-07-16 17:59 . 2009-10-04 20:53 -------- d-----w- c:\program files\Common Files\Oberon Media 2010-07-16 17:48 . 2010-07-16 17:32 69 ----a-w- c:\windows\RunSC.bat 2010-07-06 17:29 . 2010-07-09 15:20 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe 2010-07-06 17:28 . 2009-10-26 18:16 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-07-06 17:28 . 2009-10-27 01:01 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-27 17:35 . 2010-06-27 17:35 5105904 ----a-w- c:\documents and settings\Owner\Application Data\OnLive\clients\213.54111\client.dll 2010-06-24 12:22 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2004-08-04 10:00 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2004-08-04 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-04 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 21:37 . 2010-06-14 21:36 8266104 ---h--w- c:\documents and settings\Bob\Application Data\mjusbsp\ar00000\upgrade.exe 2010-06-14 14:31 . 2009-09-17 15:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll . <pre> c:\program files\Games\Cake Mania Main Street\Cake Mania 4 .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4A9D-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}] 2008-06-25 21:38 2401584 ----a-w- c:\program files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}] 2008-06-25 21:38 2401584 ----a-w- c:\program files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost] @="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}" [HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}] 2010-08-27 17:13 283224 ----a-w- c:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520] "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-26 136176] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-09-05 160328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440] "CTHelper"="CTHELPER.EXE" [2007-04-09 19456] "CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-18 1070984] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [N/A] "OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2010-08-27 2839888] "OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2010-08-27 491272] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-09-05 160328] c:\documents and settings\All Users\Start Menu\Programs\Startup\ ShortKeys Lite.lnk - c:\program files\ShortKeys2\shklite.exe [2009-12-3 2747392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/26/2009 2:16 PM 64288] R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [9/24/2009 6:44 PM 713672] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 11:42 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 67656] R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [9/24/2009 6:42 PM 2035512] R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 12:51 AM 380928] R2 MyConnectionServer-77f90110;Visualware MyConnection Server (#77f90110);c:\program files\MyConnection Server\msserver.exe [8/16/2010 10:49 AM 560626] R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [9/24/2009 6:42 PM 34280] R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [9/24/2009 6:44 PM 267752] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/8/2010 9:22 PM 136176] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 1:28 PM 1355928] S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [9/24/2009 6:44 PM 72232] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 3:38 AM 15008] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000] S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [11/22/2009 3:04 PM 13824] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 12872] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/9/2010 8:00 PM 685816] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}] 2009-03-04 21:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2010-09-11 c:\windows\Tasks\Ad-Aware Scan (Daily).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 18:17] 2010-09-11 c:\windows\Tasks\Ad-Aware Scan (Tuesday).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 18:17] 2010-09-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 18:17] 2010-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] 2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 01:22] 2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 01:22] 2010-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2049760794-839522115-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 16:29] 2010-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2049760794-839522115-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 16:29] 2010-09-11 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40] 2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{D2063CB8-2649-46FE-B074-7E6F0F3412A2}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000 IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll Trusted Zone: exodusvipdesk.com Trusted Zone: vipdesk.com TCP: {0EE6384A-1DC6-4552-BE0D-94F5F187AF1F} = 24.25.5.148,24.25.5.147 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{662f5b27-1a14-48d4-b9b6-69b111d6cfde}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{662f5b27-1a14-48d4-b9b6-69b111d6cfde}\components\RadioWMPCore.dll FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - plugin: c:\program files\OnLive\FirefoxPlugin\npolgdet.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) AddRemove-Dream Chronicles 2 - c:\program files\Dream Chronicles 2\Uninstal.exe AddRemove-ObjectDock - c:\progra~1\Stardock\OBJECT~1\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-11 16:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? CTxfiHlp = CTXFIHLP.EXE? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1244) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1056) c:\windows\system32\WININET.dll c:\program files\MozyHome\mozyshell.dll c:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll c:\windows\system32\ieframe.dll c:\program files\ShortKeys2\shkHook.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Stardock\Fences\FencesMenu.dll c:\program files\stardock\fences\DesktopDock.dll c:\program files\SUPERAntiSpyware\SASSEH.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\MozyHome\mozybackup.exe c:\windows\system32\java.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\Retrospect\Retrospect 7.6\retrorun.exe c:\windows\system32\fxssvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\System32\vssvc.exe c:\windows\stsystra.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-09-11 16:40:55 - machine was rebooted ComboFix-quarantined-files.txt 2010-09-11 20:40 Pre-Run: 158,071,734,272 bytes free Post-Run: 158,080,131,072 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 2C53726E0D46E9ED113FE9B729DF0CEC ******************************************************************************** *************** Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4595 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 9/11/2010 2:52:41 PM mbam-log-2010-09-11 (14-52-41).txt Scan type: Quick scan Objects scanned: 159570 Time elapsed: 9 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ******************************************************************************** ******** Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:27:52 PM, on 9/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MozyHome\mozybackup.exe C:\Program Files\MyConnection Server\msserver.exe C:\WINDOWS\system32\java.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\stsystra.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\ShortKeys2\shklite.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\regedit.exe C:\MGtools\analyse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file) O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: ShortKeys Lite.lnk = C:\Program Files\ShortKeys2\shklite.exe O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000 O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: *.exodusvipdesk.com O15 - Trusted Zone: *.vipdesk.com O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0EE6384A-1DC6-4552-BE0D-94F5F187AF1F}: NameServer = 24.25.5.148,24.25.5.147 O17 - HKLM\System\CS1\Services\Tcpip\..\{0EE6384A-1DC6-4552-BE0D-94F5F187AF1F}: NameServer = 24.25.5.148,24.25.5.147 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe O23 - Service: Visualware MyConnection Server (#77f90110) (MyConnectionServer-77f90110) - Unknown owner - C:\Program Files\MyConnection Server\msserver.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Unknown owner - C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe (file missing) O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe -- End of file - 11898 bytes ******************************************************************************** ********** ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/09/11 17:07 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! ******************************************************************************** ************ SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/11/2010 at 04:03 PM Application Version : 4.42.1000 Core Rules Database Version : 5490 Trace Rules Database Version: 3302 Scan type : Complete Scan Total Scan Time : 01:28:01 Memory items scanned : 679 Memory threats detected : 0 Registry items scanned : 7713 Registry threats detected : 0 File items scanned : 28979 File threats detected : 0
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.