Jump to content


Photo

Updater.exe by Spigot, inc. - Malware?


  • Please log in to reply
1 reply to this topic

#1 MarinerMB

MarinerMB

    New Member

  • Members
  • Pip
  • 1 posts

Posted 13 September 2010 - 10:49 AM

Hi all,

I've tried looking all over and can't really find an answer to this:

Is updater.exe by Spigot, inc. malware?

Agnitum Firewall Pro says it keeps asking to access the internet but doesn't say which program it is connected to...just the path for the exe.

I've done all the tests asked and have all the logs...here they are: Please Advise!


ComboFix 10-09-11.01 - Diane 09/11/2010 16:24:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1156 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\Desktopicon
c:\documents and settings\Owner\Application Data\inst.exe
c:\windows\TEMP\X31978\msntsvcv8.dll
c:\windows\TEMP\X31978\mswin32v15.dll
c:\windows\win32t4.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
.

2010-09-11 18:42 . 2010-09-11 18:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-09-11 18:41 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-11 18:41 . 2010-09-11 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-11 18:41 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-11 18:41 . 2010-09-11 18:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-11 18:28 . 2010-09-11 18:28 2400114 ----a-w- C:\MGtools.exe
2010-09-08 18:01 . 2010-09-11 17:15 -------- d-----w- c:\documents and settings\Owner\Application Data\CBS Interactive
2010-09-06 17:09 . 2010-09-06 17:14 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-09-06 17:09 . 2010-09-06 17:14 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-09-06 17:09 . 2010-09-06 17:14 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-09-06 16:15 . 2010-09-06 17:17 35631 ----a-w- c:\windows\DIIUnin.dat
2010-09-06 16:15 . 2010-09-06 16:15 2829 ----a-w- c:\windows\DIIUnin.pif
2010-09-06 16:15 . 2010-09-06 16:15 94208 ----a-w- c:\windows\DIIUnin.exe
2010-09-06 16:08 . 2010-09-10 20:57 -------- d-----w- c:\program files\Diablo II
2010-09-06 00:19 . 2010-09-06 00:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Floodlight Games
2010-09-06 00:19 . 2010-09-06 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Floodlight Games
2010-09-04 01:27 . 2010-09-04 01:27 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\Google
2010-08-26 03:33 . 2010-08-26 03:33 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-26 03:14 . 2010-09-05 13:21 -------- d-----w- c:\documents and settings\LocalService\MCSRACache-5B3A7A45BE
2010-08-26 03:14 . 2010-09-11 20:32 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-26 03:13 . 2010-08-26 03:14 -------- d-----w- c:\documents and settings\LocalService\vw
2010-08-26 03:13 . 2010-09-10 13:21 -------- d-----w- c:\program files\MyConnection Server
2010-08-26 03:05 . 2010-08-26 03:08 -------- d-----w- c:\documents and settings\Owner\Application Data\homebank
2010-08-26 02:53 . 2010-08-26 02:53 -------- d-----w- c:\documents and settings\Owner\Application Data\hott notes 4
2010-08-26 02:53 . 2010-08-26 02:53 -------- d-----w- c:\program files\hott notes 4
2010-08-26 02:01 . 2010-08-26 02:01 -------- d-----w- c:\program files\Application Updater
2010-08-26 02:00 . 2001-10-28 21:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-08-26 02:00 . 1998-07-06 05:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-08-26 01:05 . 2010-08-26 01:05 -------- d-----w- c:\documents and settings\Owner\Application Data\SultansLabyrinth
2010-08-24 02:40 . 2010-08-24 03:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Cabos
2010-08-24 02:39 . 2010-08-26 03:11 -------- d-----w- c:\program files\Cabos
2010-08-21 19:12 . 2010-08-21 19:12 181160 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-17 17:54 . 2010-08-17 17:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Evernote
2010-08-17 17:54 . 2010-08-17 17:54 -------- d-----w- c:\program files\Evernote
2010-08-16 18:48 . 2010-08-16 18:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-08-15 00:51 . 2010-08-15 01:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Last.fm
2010-08-14 04:43 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-08-13 19:28 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-13 19:26 . 2010-08-13 19:26 -------- d-----w- c:\program files\Microsoft Security Essentials

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-11 17:20 . 2010-05-05 14:22 -------- d-----w- c:\program files\CCleaner
2010-09-11 16:50 . 2009-09-24 23:15 -------- d-----w- c:\program files\uTorrent
2010-09-09 07:00 . 2009-11-22 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Retrospect
2010-09-07 16:47 . 2009-09-24 23:08 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-09-07 16:33 . 2009-09-25 04:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-07 16:19 . 2009-10-13 16:25 -------- d-----w- c:\program files\Games
2010-09-07 15:14 . 2009-11-09 04:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2010-08-31 15:21 . 2010-05-25 18:50 -------- d-----w- c:\program files\YouTube Downloader
2010-08-30 23:37 . 2009-10-14 22:27 -------- d-----w- c:\documents and settings\Owner\Application Data\ERS G-Studio
2010-08-30 18:34 . 2010-09-10 14:23 1496064 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-30 18:33 . 2010-09-10 14:23 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-30 18:33 . 2010-09-10 14:23 338944 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-30 18:33 . 2010-09-10 14:23 346112 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-27 04:33 . 2009-09-24 23:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-26 04:23 . 2010-08-05 05:01 -------- d-----w- c:\program files\Calibre2
2010-08-26 00:51 . 2009-09-25 04:23 -------- d-----w- c:\program files\bfgclient
2010-08-26 00:51 . 2010-06-30 05:29 3963280 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\Unpack\bfgsetup_s1_l1.exe
2010-08-24 02:35 . 2010-08-04 14:11 -------- d-----w- c:\program files\QuickTime
2010-08-23 20:53 . 2010-08-23 20:53 143392 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\stub\the-sultans-labyrinth-game_s1_l1_gF2453T1L1_d1008673574.exe
2010-08-23 20:53 . 2010-08-23 20:53 3906240 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\Upgrade\clientinstaller\bfgsetup_s1_l1.exe
2010-08-21 19:20 . 2009-09-17 18:27 83976 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-21 19:17 . 2010-05-22 11:29 83976 ----a-w- c:\documents and settings\Bob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-21 19:03 . 2010-03-20 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-21 07:38 . 2009-09-24 19:14 -------- d-----w- c:\program files\Siber Systems
2010-08-21 07:32 . 2010-08-06 03:48 -------- d-----w- c:\documents and settings\Owner\Application Data\GoodSync
2010-08-19 18:14 . 2010-08-06 20:51 -------- d-----w- c:\documents and settings\Bob\Application Data\GoodSync
2010-08-18 22:04 . 2010-08-21 15:26 52224 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{662f5b27-1a14-48d4-b9b6-69b111d6cfde}\components\FFExternalAlert.dll
2010-08-18 22:04 . 2010-08-21 15:26 101376 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{662f5b27-1a14-48d4-b9b6-69b111d6cfde}\components\RadioWMPCore.dll
2010-08-15 00:53 . 2010-08-04 14:13 -------- d-----w- c:\program files\iTunes
2010-08-14 04:43 . 2009-09-17 19:05 -------- d-----w- c:\program files\Windows Media Connect 2
2010-08-13 15:48 . 2009-09-24 22:44 713672 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-08-12 14:00 . 2010-08-04 20:10 -------- d-----w- c:\documents and settings\Bob\Application Data\Apple Computer
2010-08-12 03:48 . 2010-01-07 15:59 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-08-11 22:24 . 2009-09-24 22:44 267752 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-08-09 01:46 . 2010-08-09 01:46 68524 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-09 01:23 . 2010-08-09 01:22 -------- d-----w- c:\program files\Google
2010-08-06 03:48 . 2010-08-06 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\GoodSync
2010-08-05 05:48 . 2010-08-05 05:02 -------- d-----w- c:\documents and settings\Owner\Application Data\calibre
2010-08-04 14:23 . 2010-08-04 14:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-08-04 14:21 . 2010-05-01 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-04 14:14 . 2010-08-04 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-04 14:13 . 2010-08-04 14:13 -------- d-----w- c:\program files\iPod
2010-08-04 14:13 . 2010-05-01 03:01 -------- d-----w- c:\program files\Common Files\Apple
2010-08-04 14:13 . 2010-08-04 14:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-04 14:10 . 2010-08-04 14:10 -------- d-----w- c:\program files\Apple Software Update
2010-08-04 14:09 . 2010-08-04 14:09 -------- d-----w- c:\program files\Bonjour
2010-08-03 03:59 . 2009-11-03 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo
2010-08-02 16:30 . 2009-11-09 02:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Babylonia
2010-08-01 18:42 . 2009-10-01 16:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2010-08-01 14:55 . 2009-10-03 04:47 -------- d-----w- c:\documents and settings\Owner\Application Data\log
2010-08-01 14:33 . 2009-10-03 04:23 -------- d-----w- c:\program files\VSO
2010-07-25 21:53 . 2010-07-25 21:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Walgreens
2010-07-21 20:30 . 2010-07-21 20:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-16 23:52 . 2009-10-04 15:16 -------- d-----w- c:\program files\Oberon Media
2010-07-16 18:38 . 2009-10-29 03:35 -------- d-----w- c:\program files\Wonderburg
2010-07-16 18:37 . 2009-09-29 02:31 -------- d-----w- c:\program files\Winamp
2010-07-16 18:36 . 2010-04-23 03:27 -------- d-----w- c:\program files\VirusTotalUploader2
2010-07-16 18:34 . 2010-07-16 17:32 -------- d-----w- c:\program files\SmartScan
2010-07-16 18:34 . 2009-10-04 22:41 -------- d-----w- c:\program files\Slingo Supreme
2010-07-16 18:33 . 2009-11-29 18:48 -------- d-----w- c:\program files\Rhapsody
2010-07-16 18:33 . 2009-10-27 22:12 -------- d-----w- c:\program files\Return to Mysterious Island 2 - Mina's Fate
2010-07-16 18:33 . 2009-11-02 21:32 -------- d-----w- c:\program files\PowerISO
2010-07-16 18:33 . 2010-01-13 12:55 -------- d-----w- c:\program files\PixiePack Codec Pack
2010-07-16 18:30 . 2009-12-30 03:27 -------- d-----w- c:\program files\NEATO
2010-07-16 18:30 . 2009-09-25 04:24 -------- d-----w- c:\program files\My Kingdom for the Princess
2010-07-16 18:29 . 2009-11-01 08:22 -------- d-----w- c:\program files\MemoKit
2010-07-16 18:29 . 2009-11-04 23:52 -------- d-----w- c:\program files\Gold Wave Editor
2010-07-16 18:25 . 2009-10-02 02:27 -------- d-----w- c:\program files\Exact Audio Copy
2010-07-16 18:25 . 2009-12-19 20:46 -------- d-----w- c:\program files\Dvd-cloner
2010-07-16 18:25 . 2009-11-04 23:29 -------- d-----w- c:\program files\DVD Decrypter
2010-07-16 18:25 . 2009-10-04 22:35 -------- d-----w- c:\program files\Dreamsdwell Stories
2010-07-16 18:24 . 2010-05-13 14:43 -------- d-----w- c:\program files\dingo
2010-07-16 18:24 . 2009-12-13 20:08 -------- d-----w- c:\program files\Dark Hills of Cherai Strategy Guide
2010-07-16 18:24 . 2010-06-18 02:26 -------- d-----w- c:\program files\Common Files\Stardock
2010-07-16 18:23 . 2009-09-24 23:43 -------- d-----w- c:\program files\Common Files\Insight Software Solutions
2010-07-16 18:22 . 2009-10-04 22:30 -------- d-----w- c:\program files\Aveyond 2
2010-07-16 18:21 . 2009-10-19 20:20 -------- d-----w- c:\program files\Age Of Oracles-Tara's Journey
2010-07-16 18:21 . 2009-12-30 03:47 -------- d-----w- c:\program files\Acoustica CD Label Maker
2010-07-16 18:06 . 2009-10-12 00:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2010-07-16 18:06 . 2010-06-12 15:37 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp
2010-07-16 18:06 . 2010-06-14 21:36 -------- d-----w- c:\documents and settings\Bob\Application Data\mjusbsp
2010-07-16 18:06 . 2010-03-14 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-07-16 18:06 . 2010-01-13 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2010-07-16 17:59 . 2009-10-04 20:53 -------- d-----w- c:\program files\Common Files\Oberon Media
2010-07-16 17:48 . 2010-07-16 17:32 69 ----a-w- c:\windows\RunSC.bat
2010-07-06 17:29 . 2010-07-09 15:20 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-06 17:28 . 2009-10-26 18:16 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-06 17:28 . 2009-10-27 01:01 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 17:35 . 2010-06-27 17:35 5105904 ----a-w- c:\documents and settings\Owner\Application Data\OnLive\clients\213.54111\client.dll
2010-06-24 12:22 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 10:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 21:37 . 2010-06-14 21:36 8266104 ---h--w- c:\documents and settings\Bob\Application Data\mjusbsp\ar00000\upgrade.exe
2010-06-14 14:31 . 2009-09-17 15:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
<pre>
c:\program files\Games\Cake Mania Main Street\Cake Mania 4 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4A9D-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}]
2008-06-25 21:38 2401584 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}]
2008-06-25 21:38 2401584 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2010-08-27 17:13 283224 ----a-w- c:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-26 136176]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-09-05 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-18 1070984]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [N/A]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2010-08-27 2839888]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2010-08-27 491272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-09-05 160328]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ShortKeys Lite.lnk - c:\program files\ShortKeys2\shklite.exe [2009-12-3 2747392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/26/2009 2:16 PM 64288]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [9/24/2009 6:44 PM 713672]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 11:42 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 67656]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [9/24/2009 6:42 PM 2035512]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 12:51 AM 380928]
R2 MyConnectionServer-77f90110;Visualware MyConnection Server (#77f90110);c:\program files\MyConnection Server\msserver.exe [8/16/2010 10:49 AM 560626]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [9/24/2009 6:42 PM 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [9/24/2009 6:44 PM 267752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/8/2010 9:22 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 1:28 PM 1355928]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [9/24/2009 6:44 PM 72232]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 3:38 AM 15008]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [11/22/2009 3:04 PM 13824]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 12872]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/9/2010 8:00 PM 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 21:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\Ad-Aware Scan (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 18:17]

2010-09-11 c:\windows\Tasks\Ad-Aware Scan (Tuesday).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 18:17]

2010-09-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 18:17]

2010-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 01:22]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 01:22]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2049760794-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 16:29]

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-2049760794-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 16:29]

2010-09-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]

2010-09-11 c:\windows\Tasks\User_Feed_Synchronization-{D2063CB8-2649-46FE-B074-7E6F0F3412A2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll
Trusted Zone: exodusvipdesk.com
Trusted Zone: vipdesk.com
TCP: {0EE6384A-1DC6-4552-BE0D-94F5F187AF1F} = 24.25.5.148,24.25.5.147
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{662f5b27-1a14-48d4-b9b6-69b111d6cfde}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\360rtmlo.default\extensions\{662f5b27-1a14-48d4-b9b6-69b111d6cfde}\components\RadioWMPCore.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\OnLive\FirefoxPlugin\npolgdet.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-Dream Chronicles 2 - c:\program files\Dream Chronicles 2\Uninstal.exe
AddRemove-ObjectDock - c:\progra~1\Stardock\OBJECT~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-11 16:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1244)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1056)
c:\windows\system32\WININET.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll
c:\windows\system32\ieframe.dll
c:\program files\ShortKeys2\shkHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MozyHome\mozybackup.exe
c:\windows\system32\java.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Retrospect\Retrospect 7.6\retrorun.exe
c:\windows\system32\fxssvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\System32\vssvc.exe
c:\windows\stsystra.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-11 16:40:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-11 20:40

Pre-Run: 158,071,734,272 bytes free
Post-Run: 158,080,131,072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2C53726E0D46E9ED113FE9B729DF0CEC

********************************************************************************
***************
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4595

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/11/2010 2:52:41 PM
mbam-log-2010-09-11 (14-52-41).txt

Scan type: Quick scan
Objects scanned: 159570
Time elapsed: 9 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
********************************************************************************
********

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:27:52 PM, on 9/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\MyConnection Server\msserver.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\ShortKeys2\shklite.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
C:\MGtools\analyse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: ShortKeys Lite.lnk = C:\Program Files\ShortKeys2\shklite.exe
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.exodusvipdesk.com
O15 - Trusted Zone: *.vipdesk.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EE6384A-1DC6-4552-BE0D-94F5F187AF1F}: NameServer = 24.25.5.148,24.25.5.147
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EE6384A-1DC6-4552-BE0D-94F5F187AF1F}: NameServer = 24.25.5.148,24.25.5.147
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Visualware MyConnection Server (#77f90110) (MyConnectionServer-77f90110) - Unknown owner - C:\Program Files\MyConnection Server\msserver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Unknown owner - C:\PROGRA~1\RETROS~1\RETROS~1.5\retrorun.exe (file missing)
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe

--
End of file - 11898 bytes
********************************************************************************
**********
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/09/11 17:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
********************************************************************************
************

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/11/2010 at 04:03 PM

Application Version : 4.42.1000

Core Rules Database Version : 5490
Trace Rules Database Version: 3302

Scan type : Complete Scan
Total Scan Time : 01:28:01

Memory items scanned : 679
Memory threats detected : 0
Registry items scanned : 7713
Registry threats detected : 0
File items scanned : 28979
File threats detected : 0

#2 Haider

Haider

    Forum Deity

  • Honorary Members
  • PipPipPipPipPipPip
  • 1,823 posts
  • Gender:Male

Posted 13 September 2010 - 11:35 AM

Hello MarinerMB: :P

At a glance your logs indicate that you have uTorrent installed besides toolbars like FrostWire, LimeWire... that are debateable. My suggestion is to read and follow the instructions in I'm infected - What do I do now? An Expert will assist you in removal process

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Should you have any other question(s) please post back
"Learning is the only thing the mind never exhausts, never fears, and never regrets"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users