Jump to content

Updater.exe by Spigot, inc. - Malware?


Recommended Posts

Hi all,

I've tried looking all over and can't really find an answer to this:

Is updater.exe by Spigot, inc. malware?

Agnitum Firewall Pro says it keeps asking to access the internet but doesn't say which program it is connected to...just the path for the exe.

I've done all the tests asked and have all the logs...here they are: Please Advise!

ComboFix 10-09-11.01 - Diane 09/11/2010 16:24:55.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1156 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\Application Data\Desktopicon

c:\documents and settings\Owner\Application Data\inst.exe

c:\windows\TEMP\X31978\msntsvcv8.dll

c:\windows\TEMP\X31978\mswin32v15.dll

c:\windows\win32t4.dll

.

((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))

.

2010-09-11 18:42 . 2010-09-11 18:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2010-09-11 18:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-11 18:41 . 2010-09-11 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-11 18:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-11 18:41 . 2010-09-11 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-11 18:28 . 2010-09-11 18:28 2400114 ----a-w- C:\MGtools.exe

2010-09-08 18:01 . 2010-09-11 17:15 -------- d-----w- c:\documents and settings\Owner\Application Data\CBS Interactive

2010-09-06 17:09 . 2010-09-06 17:14 21840 ----atw- c:\windows\system32\SIntfNT.dll

2010-09-06 17:09 . 2010-09-06 17:14 17212 ----atw- c:\windows\system32\SIntf32.dll

2010-09-06 17:09 . 2010-09-06 17:14 12067 ----atw- c:\windows\system32\SIntf16.dll

2010-09-06 16:15 . 2010-09-06 17:17 35631 ----a-w- c:\windows\DIIUnin.dat

2010-09-06 16:15 . 2010-09-06 16:15 2829 ----a-w- c:\windows\DIIUnin.pif

2010-09-06 16:15 . 2010-09-06 16:15 94208 ----a-w- c:\windows\DIIUnin.exe

2010-09-06 16:08 . 2010-09-10 20:57 -------- d-----w- c:\program files\Diablo II

2010-09-06 00:19 . 2010-09-06 00:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Floodlight Games

2010-09-06 00:19 . 2010-09-06 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Floodlight Games

2010-09-04 01:27 . 2010-09-04 01:27 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\Google

2010-08-26 03:33 . 2010-08-26 03:33 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2010-08-26 03:14 . 2010-09-05 13:21 -------- d-----w- c:\documents and settings\LocalService\MCSRACache-5B3A7A45BE

2010-08-26 03:14 . 2010-09-11 20:32 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-26 03:13 . 2010-08-26 03:14 -------- d-----w- c:\documents and settings\LocalService\vw

2010-08-26 03:13 . 2010-09-10 13:21 -------- d-----w- c:\program files\MyConnection Server

2010-08-26 03:05 . 2010-08-26 03:08 -------- d-----w- c:\documents and settings\Owner\Application Data\homebank

2010-08-26 02:53 . 2010-08-26 02:53 -------- d-----w- c:\documents and settings\Owner\Application Data\hott notes 4

2010-08-26 02:53 . 2010-08-26 02:53 -------- d-----w- c:\program files\hott notes 4

2010-08-26 02:01 . 2010-08-26 02:01 -------- d-----w- c:\program files\Application Updater

2010-08-26 02:00 . 2001-10-28 21:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll

2010-08-26 02:00 . 1998-07-06 05:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL

2010-08-26 01:05 . 2010-08-26 01:05 -------- d-----w- c:\documents and settings\Owner\Application Data\SultansLabyrinth

2010-08-24 02:40 . 2010-08-24 03:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Cabos

2010-08-24 02:39 . 2010-08-26 03:11 -------- d-----w- c:\program files\Cabos

2010-08-21 19:12 . 2010-08-21 19:12 181160 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-08-17 17:54 . 2010-08-17 17:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Evernote

2010-08-17 17:54 . 2010-08-17 17:54 -------- d-----w- c:\program files\Evernote

2010-08-16 18:48 . 2010-08-16 18:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2010-08-15 00:51 . 2010-08-15 01:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Last.fm

2010-08-14 04:43 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-08-13 19:28 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-08-13 19:26 . 2010-08-13 19:26 -------- d-----w- c:\program files\Microsoft Security Essentials

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-11 17:20 . 2010-05-05 14:22 -------- d-----w- c:\program files\CCleaner

2010-09-11 16:50 . 2009-09-24 23:15 -------- d-----w- c:\program files\uTorrent

2010-09-09 07:00 . 2009-11-22 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Retrospect

2010-09-07 16:47 . 2009-09-24 23:08 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent

2010-09-07 16:33 . 2009-09-25 04:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-09-07 16:19 . 2009-10-13 16:25 -------- d-----w- c:\program files\Games

2010-09-07 15:14 . 2009-11-09 04:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon

2010-08-31 15:21 . 2010-05-25 18:50 -------- d-----w- c:\program files\YouTube Downloader

2010-08-30 23:37 . 2009-10-14 22:27 -------- d-----w- c:\documents and settings\Owner\Application Data\ERS G-Studio

2010-08-30 18:34 . 2010-09-10 14:23 1496064 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-08-30 18:33 . 2010-09-10 14:23 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-08-30 18:33 . 2010-09-10 14:23 338944 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-08-30 18:33 . 2010-09-10 14:23 346112 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-08-27 04:33 . 2009-09-24 23:55 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-08-26 04:23 . 2010-08-05 05:01 -------- d-----w- c:\program files\Calibre2

2010-08-26 00:51 . 2009-09-25 04:23 -------- d-----w- c:\program files\bfgclient

2010-08-26 00:51 . 2010-06-30 05:29 3963280 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe

2010-08-24 02:35 . 2010-08-04 14:11 -------- d-----w- c:\program files\QuickTime

2010-08-23 20:53 . 2010-08-23 20:53 143392 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\the-sultans-labyrinth-game_s1_l1_gF2453T1L1_d1008673574.exe

2010-08-23 20:53 . 2010-08-23 20:53 3906240 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe

2010-08-21 19:20 . 2009-09-17 18:27 83976 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-21 19:17 . 2010-05-22 11:29 83976 ----a-w- c:\documents and settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-21 19:03 . 2010-03-20 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-08-21 07:38 . 2009-09-24 19:14 -------- d-----w- c:\program files\Siber Systems

2010-08-21 07:32 . 2010-08-06 03:48 -------- d-----w- c:\documents and settings\Owner\Application Data\GoodSync

2010-08-19 18:14 . 2010-08-06 20:51 -------- d-----w- c:\documents and settings\Bob\Application Data\GoodSync

2010-08-18 22:04 . 2010-08-21 15:26 52224 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{662f5b27-1a14-48d4-b9b6-69b111d6cfde}\components\FFExternalAlert.dll

2010-08-18 22:04 . 2010-08-21 15:26 101376 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{662f5b27-1a14-48d4-b9b6-69b111d6cfde}\components\RadioWMPCore.dll

2010-08-15 00:53 . 2010-08-04 14:13 -------- d-----w- c:\program files\iTunes

2010-08-14 04:43 . 2009-09-17 19:05 -------- d-----w- c:\program files\Windows Media Connect 2

2010-08-13 15:48 . 2009-09-24 22:44 713672 ----a-w- c:\windows\system32\drivers\SandBox.sys

2010-08-12 14:00 . 2010-08-04 20:10 -------- d-----w- c:\documents and settings\Bob\Application Data\Apple Computer

2010-08-12 03:48 . 2010-01-07 15:59 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc

2010-08-11 22:24 . 2009-09-24 22:44 267752 ----a-w- c:\windows\system32\drivers\afwcore.sys

2010-08-09 01:46 . 2010-08-09 01:46 68524 ---ha-w- c:\windows\system32\mlfcache.dat

2010-08-09 01:23 . 2010-08-09 01:22 -------- d-----w- c:\program files\Google

2010-08-06 03:48 . 2010-08-06 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\GoodSync

2010-08-05 05:48 . 2010-08-05 05:02 -------- d-----w- c:\documents and settings\Owner\Application Data\calibre

2010-08-04 14:23 . 2010-08-04 14:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer

2010-08-04 14:21 . 2010-05-01 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2010-08-04 14:14 . 2010-08-04 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-08-04 14:13 . 2010-08-04 14:13 -------- d-----w- c:\program files\iPod

2010-08-04 14:13 . 2010-05-01 03:01 -------- d-----w- c:\program files\Common Files\Apple

2010-08-04 14:13 . 2010-08-04 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-08-04 14:10 . 2010-08-04 14:10 -------- d-----w- c:\program files\Apple Software Update

2010-08-04 14:09 . 2010-08-04 14:09 -------- d-----w- c:\program files\Bonjour

2010-08-03 03:59 . 2009-11-03 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo

2010-08-02 16:30 . 2009-11-09 02:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Babylonia

2010-08-01 18:42 . 2009-10-01 16:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso

2010-08-01 14:55 . 2009-10-03 04:47 -------- d-----w- c:\documents and settings\Owner\Application Data\log

2010-08-01 14:33 . 2009-10-03 04:23 -------- d-----w- c:\program files\VSO

2010-07-25 21:53 . 2010-07-25 21:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Walgreens

2010-07-21 20:30 . 2010-07-21 20:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-07-16 23:52 . 2009-10-04 15:16 -------- d-----w- c:\program files\Oberon Media

2010-07-16 18:38 . 2009-10-29 03:35 -------- d-----w- c:\program files\Wonderburg

2010-07-16 18:37 . 2009-09-29 02:31 -------- d-----w- c:\program files\Winamp

2010-07-16 18:36 . 2010-04-23 03:27 -------- d-----w- c:\program files\VirusTotalUploader2

2010-07-16 18:34 . 2010-07-16 17:32 -------- d-----w- c:\program files\SmartScan

2010-07-16 18:34 . 2009-10-04 22:41 -------- d-----w- c:\program files\Slingo Supreme

2010-07-16 18:33 . 2009-11-29 18:48 -------- d-----w- c:\program files\Rhapsody

2010-07-16 18:33 . 2009-10-27 22:12 -------- d-----w- c:\program files\Return to Mysterious Island 2 - Mina's Fate

2010-07-16 18:33 . 2009-11-02 21:32 -------- d-----w- c:\program files\PowerISO

2010-07-16 18:33 . 2010-01-13 12:55 -------- d-----w- c:\program files\PixiePack Codec Pack

2010-07-16 18:30 . 2009-12-30 03:27 -------- d-----w- c:\program files\NEATO

2010-07-16 18:30 . 2009-09-25 04:24 -------- d-----w- c:\program files\My Kingdom for the Princess

2010-07-16 18:29 . 2009-11-01 08:22 -------- d-----w- c:\program files\MemoKit

2010-07-16 18:29 . 2009-11-04 23:52 -------- d-----w- c:\program files\Gold Wave Editor

2010-07-16 18:25 . 2009-10-02 02:27 -------- d-----w- c:\program files\Exact Audio Copy

2010-07-16 18:25 . 2009-12-19 20:46 -------- d-----w- c:\program files\Dvd-cloner

2010-07-16 18:25 . 2009-11-04 23:29 -------- d-----w- c:\program files\DVD Decrypter

2010-07-16 18:25 . 2009-10-04 22:35 -------- d-----w- c:\program files\Dreamsdwell Stories

2010-07-16 18:24 . 2010-05-13 14:43 -------- d-----w- c:\program files\dingo

2010-07-16 18:24 . 2009-12-13 20:08 -------- d-----w- c:\program files\Dark Hills of Cherai Strategy Guide

2010-07-16 18:24 . 2010-06-18 02:26 -------- d-----w- c:\program files\Common Files\Stardock

2010-07-16 18:23 . 2009-09-24 23:43 -------- d-----w- c:\program files\Common Files\Insight Software Solutions

2010-07-16 18:22 . 2009-10-04 22:30 -------- d-----w- c:\program files\Aveyond 2

2010-07-16 18:21 . 2009-10-19 20:20 -------- d-----w- c:\program files\Age Of Oracles-Tara's Journey

2010-07-16 18:21 . 2009-12-30 03:47 -------- d-----w- c:\program files\Acoustica CD Label Maker

2010-07-16 18:06 . 2009-10-12 00:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks

2010-07-16 18:06 . 2010-06-12 15:37 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp

2010-07-16 18:06 . 2010-06-14 21:36 -------- d-----w- c:\documents and settings\Bob\Application Data\mjusbsp

2010-07-16 18:06 . 2010-03-14 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2010-07-16 18:06 . 2010-01-13 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution

2010-07-16 17:59 . 2009-10-04 20:53 -------- d-----w- c:\program files\Common Files\Oberon Media

2010-07-16 17:48 . 2010-07-16 17:32 69 ----a-w- c:\windows\RunSC.bat

2010-07-06 17:29 . 2010-07-09 15:20 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe

2010-07-06 17:28 . 2009-10-26 18:16 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-07-06 17:28 . 2009-10-27 01:01 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-27 17:35 . 2010-06-27 17:35 5105904 ----a-w- c:\documents and settings\Owner\Application Data\OnLive\clients\213.54111\client.dll

2010-06-24 12:22 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2004-08-04 10:00 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-04 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-04 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 21:37 . 2010-06-14 21:36 8266104 ---h--w- c:\documents and settings\Bob\Application Data\mjusbsp\ar00000\upgrade.exe

2010-06-14 14:31 . 2009-09-17 15:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

<pre>
c:\program files\Games\Cake Mania Main Street\Cake Mania 4 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4A9D-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}]

2008-06-25 21:38 2401584 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}]

2008-06-25 21:38 2401584 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]

@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"

[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]

2010-08-27 17:13 283224 ----a-w- c:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]

"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-26 136176]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-09-05 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]

"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]

"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]

"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-18 1070984]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [N/A]

"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2010-08-27 2839888]

"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2010-08-27 491272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-09-05 160328]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

ShortKeys Lite.lnk - c:\program files\ShortKeys2\shklite.exe [2009-12-3 2747392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/26/2009 2:16 PM 64288]

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [9/24/2009 6:44 PM 713672]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 11:42 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 67656]

R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [9/24/2009 6:42 PM 2035512]

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 12:51 AM 380928]

R2 MyConnectionServer-77f90110;Visualware MyConnection Server (#77f90110);c:\program files\MyConnection Server\msserver.exe [8/16/2010 10:49 AM 560626]

R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [9/24/2009 6:42 PM 34280]

R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [9/24/2009 6:44 PM 267752]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/8/2010 9:22 PM 136176]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 1:28 PM 1355928]

S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [9/24/2009 6:44 PM 72232]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 3:38 AM 15008]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [11/22/2009 3:04 PM 13824]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 12872]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/9/2010 8:00 PM 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]

2009-03-04 21:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe

.

Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\Ad-Aware Scan (Daily).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 18:17]

2010-09-11 c:\windows\Tasks\Ad-Aware Scan (Tuesday).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 18:17]

2010-09-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 18:17]

2010-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 01:22]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 01:22]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2049760794-839522115-1003Core.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 16:29]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2049760794-839522115-1003UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 16:29]

2010-09-11 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]

2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{D2063CB8-2649-46FE-B074-7E6F0F3412A2}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll

Trusted Zone: exodusvipdesk.com

Trusted Zone: vipdesk.com

TCP: {0EE6384A-1DC6-4552-BE0D-94F5F187AF1F} = 24.25.5.148,24.25.5.147

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{662f5b27-1a14-48d4-b9b6-69b111d6cfde}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{662f5b27-1a14-48d4-b9b6-69b111d6cfde}\components\RadioWMPCore.dll

FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll

FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll

FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: c:\program files\OnLive\FirefoxPlugin\npolgdet.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

AddRemove-Dream Chronicles 2 - c:\program files\Dream Chronicles 2\Uninstal.exe

AddRemove-ObjectDock - c:\progra~1\Stardock\OBJECT~1\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-11 16:32

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTHelper = CTHELPER.EXE?

CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1244)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1056)

c:\windows\system32\WININET.dll

c:\program files\MozyHome\mozyshell.dll

c:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll

c:\windows\system32\ieframe.dll

c:\program files\ShortKeys2\shkHook.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Stardock\Fences\FencesMenu.dll

c:\program files\stardock\fences\DesktopDock.dll

c:\program files\SUPERAntiSpyware\SASSEH.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\MozyHome\mozybackup.exe

c:\windows\system32\java.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files\Retrospect\Retrospect 7.6\retrorun.exe

c:\windows\system32\fxssvc.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\System32\vssvc.exe

c:\windows\stsystra.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-09-11 16:40:55 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-11 20:40

Pre-Run: 158,071,734,272 bytes free

Post-Run: 158,080,131,072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2C53726E0D46E9ED113FE9B729DF0CEC

********************************************************************************

***************

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4595

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/11/2010 2:52:41 PM

mbam-log-2010-09-11 (14-52-41).txt

Scan type: Quick scan

Objects scanned: 159570

Time elapsed: 9 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

********************************************************************************

********

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:27:52 PM, on 9/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files\MyConnection Server\msserver.exe

C:\WINDOWS\system32\java.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files\ShortKeys2\shklite.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\regedit.exe

C:\MGtools\analyse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll

O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe

O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice

O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: ShortKeys Lite.lnk = C:\Program Files\ShortKeys2\shklite.exe

O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll

O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: *.exodusvipdesk.com

O15 - Trusted Zone: *.vipdesk.com

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0EE6384A-1DC6-4552-BE0D-94F5F187AF1F}: NameServer = 24.25.5.148,24.25.5.147

O17 - HKLM\System\CS1\Services\Tcpip\..\{0EE6384A-1DC6-4552-BE0D-94F5F187AF1F}: NameServer = 24.25.5.148,24.25.5.147

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe

O23 - Service: Visualware MyConnection Server (#77f90110) (MyConnectionServer-77f90110) - Unknown owner - C:\Program Files\MyConnection Server\msserver.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Unknown owner - C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe (file missing)

O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe

O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe

--

End of file - 11898 bytes

********************************************************************************

**********

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/09/11 17:07

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

********************************************************************************

************

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 09/11/2010 at 04:03 PM

Application Version : 4.42.1000

Core Rules Database Version : 5490

Trace Rules Database Version: 3302

Scan type : Complete Scan

Total Scan Time : 01:28:01

Memory items scanned : 679

Memory threats detected : 0

Registry items scanned : 7713

Registry threats detected : 0

File items scanned : 28979

File threats detected : 0

Link to post
Share on other sites

Hello MarinerMB: :P

At a glance your logs indicate that you have uTorrent installed besides toolbars like FrostWire, LimeWire... that are debateable. My suggestion is to read and follow the instructions in I'm infected - What do I do now? An Expert will assist you in removal process

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Should you have any other question(s) please post back

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.