• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
JenniferInOK

Help! I Can't Get this Nasty Trojan Off of My Computer!

1 post in this topic

I have 3 questions then I will follow up with a chronology of everything I have done and logs:

 

1. How can I get rid of this thing?

2. Why won't Ad Aware work?

3. Once we determine that my computer is clean, what other things can I do to protect myself that won't conflict with AVG and Ad Aware, especially when on the Internet?

 

PLEASE talk to me like I know nothing, because ... I know nothing. I really don't know why or how I am doing the things I have done. I have just read instruction pages on several forums and tried to figure it out myself. I hope I haven't messed things up more!

 

I have been messing with this for 3 days now and I am at my wits end. Thank you to anyone who has the guts, charity and patience to help me with this.

 

I do a lot of digging at Digg.com. I am pretty political these days and I am sure I got whatever this is by clicking on a link in Digg. At the time the problem started I was running:

 

- Windows XP Svc Pk 3 fully updated

- AVG Free

- Spybot

- Spy Doctor

- IE7

 

I knew I had a problem because an AVG warning window popped up which said I had been infected with a trojan horse.

I ran scans on AVG, Spybot and SpyDoctor. None picked up anything.

Rebooted and couldn't open any Word or PDF documents. Files appeared in my folders, but when I clicked on them I got an error which said "file not available"

 

 

Then I tried all kinds of things:

 

I tried AVAST virus cleaner tool.

It found nothing, but there were several files it identified as "unable to scan." Here is the log from one of those scans:

 

 

10/5/2008, 2:38:05 PM

Memory scanning started...

No virus body found in memory.

Memory scanning finished (7.0s).

----------

Files scanning started...

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log... file could not be scanned!

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb... file could not be scanned!

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb... file could not be scanned!

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_c70.dat... file could not be scanned!

C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_154.dat... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf... file could not be scanned!

No virus body found.

-----------

 

 

I tried a number of things and nothing detected the Trojan horse or a virus:

Spybot

 

SUPERantispyware

MBAM

Spyware Terminator

Kaspersky Online Scanner

 

I found a DLoader.Trojan removal tool, but it didn't find anything

 

FINALLY:

 

Dr. Web Cureit detected 2 files which it identified as "probably DLoader.Trojan."

Dr. Web Cureit also detected 2 or 3 files which it identified as "probably Script.virus"

I had Cureit delete these files, but when I rebooted it was back

I had Cureit move the files, but when I rebooted it was back.

 

I uninstalled AVG and installed AVAST

 

 

I then had only AVAST and Ad Adware installed but Ad Aware locks up about 3 minutes into the scan

 

 

I turned off automatic recovery then I deleted all of my temporary internet files, my java cache and all of the temp files in my documents and settings.

Then I rebooted with AVAST set to do a full boot scan (with archiving). It took almost 3 hours, but finally got done. The scan didn't find any infected files but it did find some corrupt files. These files are old and haven't been opened in years. I backed them up when I got my new computer about 4 months ago so I just deleted them altogether. Here is the results of the scan (I am just pasting on of the lines identifying the corrupt files since I have deleted them and they were similar):

 

 

10/06/2008 14:11

Scan of C:\

 

File C:\Documents and Settings\**[my full name]**\My Documents\Personal\Genealogy\SuitsTreen Full.FBK\CHUNK00004 Error 42145 {OLE archive is corrupted.}

 

Number of searched folders: 9854

Number of tested files: 483067

Number of infected files: 0

 

When it finished booting up I could open Word and PDF documents again.

I uninstalled AVAST and reinstalled AVG doesn't find anything other than tracking cookies

 

All I have installed now is AVG and Ad Aware.

 

Ad Aware freezes up at the deep registry scan (about 1 minute into it). Actually, it doesn't freeze up, but it won't move forward even after about an hour of letting it go. When I do a ctrl+alt+del to stop Ad Aware it closes out the Ad Aware window but apparently, it keeps running.

 

Here is what Dr Web Cureit finds (I have tried deleting and moving these files, but they come back, sometimes with the files marked SCRIPT.virus and sometimes without finding them)

 

rpcnet.dll c:\windows32 Probably DLoader.Trojan incurable deleted

rpcnet.exe c:\system32 Probably DLoader.Trojan incurable deleted

 

---------------------------------------------------------------

Then I ran the Avast virus cleaning tool again to see if those same files still couldn't be scanned and they were different (not much) this time. Might they have

 

renamed themselves? Here is the latest log:

 

 

10/7/2008, 4:57:29 PM

Memory scanning started...

No virus body found in memory.

Memory scanning finished (49.0s).

----------

Files scanning started...

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log... file could not be scanned!

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log... file could not be scanned!

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb... file could not be scanned!

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb... file could not be scanned!

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_e48.dat... file could not be scanned!

C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_b70.dat... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf... file could not be scanned!

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf... file could not be scanned!

C:\WINDOWS\system32\CatRoot2\edb.log... file could not be scanned!

C:\WINDOWS\system32\CatRoot2\tmp.edb... file could not be scanned!

C:\WINDOWS\Temp\hsperfdata_SYSTEM\676... file could not be scanned!

No virus body found.

Files scanning finished (75781 files, 0 infected, 1608.6s).

Drives scanned: C:

----------

 

HIJACK THIS SCAN

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:20:50 PM, on 10/7/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\dllhost.exe

c:\WINDOWS\system32\ZuneBusEnum.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rpcnet.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080727

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3080727

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.del...amp;ibd=3080727

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

O4 - HKLM\..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [TSTimer] C:\Program Files\Timeslips\TSTimer.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Scan link by Dr.Web - http://www.drweb.com/online/drweb-online-en.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleG...PluginIEWin.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe

O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

--

End of file - 15028 bytes

Edited by JenniferInOK

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0