This topic is locked
ComboFix 08-03-08.2 - Bobby Fischer 2008-03-09 15:52:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1160 [GMT -8:00]
Running from: C:\Documents and Settings\Bobby Fischer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bobby Fischer\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\PROGRA~1\CURITY~1\taskmgr.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\hjutrqnd.dll
C:\WINDOWS\system32\users32.dat
.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.
2008-03-09 01:16 . 2008-03-09 01:16 <DIR> d-------- C:\Deckard
2008-03-09 01:16 . 2008-03-08 21:01 396,288 --a------ C:\Program Files\Common Files\Bobby Fischer.exe
2008-03-08 21:01 . 2008-03-08 21:01 396,288 --a------ C:\Program Files\Common Files\HijammmmkThis.exe
2008-03-08 21:00 . 2008-03-08 21:00 <DIR> d-------- C:\Program Files\Common Files\New Folder
2008-03-08 16:46 . 2008-03-08 16:46 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-08 13:41 . 2008-03-08 13:41 149,056 --a------ C:\WINDOWS\system32\xhppweme.dll.vir
2008-03-08 02:52 . 2008-03-08 02:52 <DIR> d-------- C:\Documents and Settings\Bobby Fischer\Application Data\Grisoft
2008-03-08 02:28 . 2008-03-08 02:28 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-08 02:28 . 2008-03-08 02:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 02:26 . 2008-03-08 02:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 02:13 . 2008-03-08 22:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy1
2008-03-08 02:08 . 2008-03-08 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-08 02:08 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-07 12:30 . 2008-03-07 12:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-07 11:41 . 2008-03-08 02:09 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-06 20:14 . 2008-03-06 20:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-06 13:39 . 2008-03-06 14:26 414 ---hs---- C:\WINDOWS\system32\dnqrtujh.ini
2008-03-06 12:27 . 2008-03-06 12:27 <DIR> d-------- C:\Program Files\Airlink101
2008-03-06 12:27 . 2003-10-13 15:30 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2008-03-06 12:27 . 2004-04-30 15:12 40,960 --a------ C:\WINDOWS\system32\AWLH5025.dll
2008-03-06 12:27 . 2003-09-25 23:28 31,930 --a------ C:\WINDOWS\system32\GTNDIS3.VXD
2008-03-06 12:27 . 2008-03-06 12:27 19,915 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-06 12:27 . 2003-09-25 22:15 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2008-03-05 23:10 . 2008-03-06 19:28 1,018 --a------ C:\WINDOWS\wininit.ini
2008-03-05 22:48 . 2008-03-08 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-05 10:10 . 2008-03-05 10:10 <DIR> d-------- C:\kav
2008-03-05 09:16 . 2008-03-08 03:14 <DIR> d--hs---- C:\WINDOWS\Um9nZXI
2008-03-05 05:37 . 2008-03-05 05:38 <DIR> d-------- C:\Program Files\Evidence Eliminator
2008-03-05 05:37 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-03-05 05:37 . 2007-07-12 12:52 118,784 --a------ C:\WINDOWS\system32\EEGenFn1.dll
2008-03-05 05:37 . 1999-05-29 21:33 114,696 --a------ C:\WINDOWS\system32\Fablock6.ocx
2008-03-05 05:37 . 2007-04-24 16:21 61,440 --a------ C:\WINDOWS\system32\Eeshellx.dll
2008-03-05 05:37 . 2007-08-13 15:24 36,864 --a------ C:\WINDOWS\system32\eetransx.exe
2008-03-05 05:37 . 1996-05-03 23:05 28,672 --a------ C:\WINDOWS\system32\MSGHOO32.OCX
2008-03-04 19:58 . 2008-03-05 09:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-04 19:45 . 2008-03-04 19:45 <DIR> d-------- C:\Documents and Settings\Bobby Fischer\Application Data\TrueSwitch
2008-03-04 19:12 . 2008-03-04 19:12 249,856 --------- C:\WINDOWS\Setup1.exe
2008-03-04 19:12 . 2008-03-04 19:12 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-03-04 19:01 . 2008-03-04 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-03-04 14:42 . 2008-03-05 04:08 <DIR> d-------- C:\Program Files\VeryPDF PDF Editor v2.2
2008-03-03 21:29 . 2008-03-05 10:01 <DIR> d-------- C:\Program Files\Download Direct
2008-03-03 21:07 . 2008-03-03 21:10 <DIR> d-------- C:\Program Files\FLSPlan
2008-03-03 21:07 . 1998-11-23 07:50 634,880 --a------ C:\WINDOWS\system32\GSPROP32.DLL
2008-03-03 21:07 . 1998-11-11 07:50 423,016 --a------ C:\WINDOWS\system32\Gsw32.exe
2008-03-03 21:07 . 1999-01-12 16:46 242,816 --a------ C:\WINDOWS\system32\GSWAG32.DLL
2008-03-03 21:07 . 1998-11-11 07:50 152,688 --a------ C:\WINDOWS\system32\GSWDLL32.DLL
2008-03-03 21:07 . 2004-08-26 09:22 59,392 --a------ C:\WINDOWS\system32\fce32.DLL
2008-03-03 06:08 . 2008-03-03 06:08 <DIR> d-------- C:\Program Files\VeryPDF Form Filler v3.0
2008-03-02 17:00 . 2008-03-02 17:00 <DIR> d-------- C:\Documents and Settings\Bobby Fischer\Application Data\ATI
2008-03-02 17:00 . 2008-03-02 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-03-02 16:52 . 2008-03-02 16:52 <DIR> d-------- C:\Documents and Settings\Bobby Fischer\Application Data\Leadertech
2008-03-02 01:57 . 2008-03-02 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-02 00:25 . 2008-03-02 00:25 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-02 00:25 . 2008-03-02 00:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-01 22:55 . 2008-03-02 16:59 <DIR> d-------- C:\Program Files\Google
2008-03-01 19:32 . 2008-03-07 01:31 <DIR> d---s---- C:\Documents and Settings\Bobby Fischer\UserData
2008-03-01 19:24 . 2008-03-01 19:24 <DIR> d-------- C:\Program Files\Siber Systems
2008-03-01 19:24 . 2008-03-01 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-03-01 17:35 . 2007-12-05 14:17 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-03-01 17:34 . 2008-03-01 17:38 <DIR> d-------- C:\Program Files\ATI Technologies
2008-03-01 17:32 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-03-01 17:31 . 2008-03-01 17:31 <DIR> d-------- C:\Program Files\Realtek AC97
2008-03-01 17:31 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-03-01 17:31 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-03-01 17:31 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-03-01 17:31 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-03-01 17:31 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-03-01 17:31 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-03-01 17:31 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-03-01 17:31 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-03-01 17:18 . 2008-03-01 17:18 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-03-01 12:43 . 2008-03-01 12:43 <DIR> d-------- C:\Program Files\MSBuild
2008-03-01 12:43 . 2008-03-01 12:43 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-01 12:36 . 2008-03-01 12:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-01 12:33 . 2008-03-06 23:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-01 12:08 . 2008-03-01 17:37 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-03-01 12:08 . 2008-03-01 17:36 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-03-01 12:08 . 2005-06-04 20:07 319,104 --a------ C:\WINDOWS\system32\drivers\RT61.sys
2008-03-01 12:08 . 2005-06-14 15:35 36,864 --a------ C:\WINDOWS\system32\ss.dll
2008-03-01 12:08 . 2005-06-17 13:48 19,968 --a------ C:\WINDOWS\system32\drivers\ss.sys
2008-03-01 12:08 . 2005-06-22 10:44 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin
2008-03-01 12:08 . 2005-06-22 10:44 8,192 --a------ C:\WINDOWS\system32\drivers\rt2561s.bin
2008-03-01 12:08 . 2005-06-22 10:44 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin
2008-03-01 12:01 . 2008-03-01 12:01 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-03-01 04:24 . 2008-03-01 04:24 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-01 04:23 . 2008-03-01 04:23 37 --a------ C:\WINDOWS\vbaddin.ini
2008-03-01 04:23 . 2008-03-01 04:23 36 --a------ C:\WINDOWS\vb.ini
2008-03-01 04:21 . 2008-03-08 02:49 <DIR> d-------- C:\Program Files\Windows Plus
2008-03-01 04:19 . 2004-07-01 02:06 10,604,352 --a--c--- C:\WINDOWS\system32\dllcache\ehcir.ird
2008-03-01 04:18 . 2004-08-10 04:00 2,178,131 --a--c--- C:\WINDOWS\system32\dllcache\shvlres.dll
2008-03-01 04:17 . 2008-03-01 04:23 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2008-03-01 04:16 . 2004-08-10 04:00 1,352,192 --a--c--- C:\WINDOWS\system32\dllcache\cimwin32.dll
2008-02-29 20:13 . 2004-08-03 15:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-02-29 20:13 . 2004-08-03 14:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-02-29 20:13 . 2004-08-03 15:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-02-29 20:13 . 2001-08-17 06:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-02-29 20:13 . 2004-08-03 15:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-02-29 20:13 . 2004-08-03 14:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-02-29 20:13 . 2004-08-03 15:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-02-29 20:12 . 2004-08-03 14:58 207,360 --a------ C:\WINDOWS\system32\drivers\Dot4.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 09:16 5,004 ----a-w C:\Program Files\Common Files\hijackthis.log
2008-03-06 06:29 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-03-02 07:12 86,016 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-01 19:53 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.
Files Infected - Win32.Agent.zb
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-03-08 02:44 160592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas1.exe" [2007-06-11 01:25 6731312]
"braviax"="braviax.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\startupfolder\C:^Documents and Settings^Bobby Fischer^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=C:\Documents and Settings\Bobby Fischer\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
C:\Program Files\Download Direct\DLD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
--a------ 2008-01-11 16:07 920222 C:\Program Files\Evidence Eliminator\ee.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R0 SI3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2006-08-08 06:19]
R2 MIMO XR TM PCI WLService;MIMO XR TM PCI Adapter WLService;C:\Program Files\Airlink101\AWLH5025\WLService.exe [2004-03-29 16:08]
R3 epstw2k;SCM Parallel Port SCSI Driver;C:\WINDOWS\system32\DRIVERS\epstw2k.sys [2001-08-17 05:50]
R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2001-08-17 05:53]
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-17 13:48]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 15:54:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-09 15:55:50
ComboFix-quarantined-files.txt 2008-03-09 23:55:23
ComboFix2.txt 2008-03-09 20:52:43
HJT LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:03 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Airlink101\AWLH5025\WLService.exe
C:\Program Files\Airlink101\AWLH5025\AWLH5025.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\New Folder\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas1.exe" /minimized
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MIMO XR TM PCI Adapter WLService (MIMO XR TM PCI WLService) - Unknown owner - C:\Program Files\Airlink101\AWLH5025\WLService.exe
--
End of file - 5111 bytes
Sign In
Create Account
