hotspur77
Members-
Posts
2 -
Joined
-
Last visited
Reputation
0 Neutral-
Help needed to check if i'm still infected
hotspur77 replied to hotspur77's topic in Resolved Malware Removal Logs
Ok, thanks. I'm not having any problems, just wanted to check that there wasn't anything still lingering. Thanks again! -
Help needed to check if i'm still infected
hotspur77 posted a topic in Resolved Malware Removal Logs
Hi, I just had an attack of the TDSS virus. With this site i've finally been able to get Malwarebytes to run and clean it up but i need you guys to check if my PC is now clean. I've followed the pre-HJT Post instructions. Can you let me know what i need to do next. Also let me know if anything is running that doesn't need to be. Thanks MBAM scan log: Malwarebytes' Anti-Malware 1.31 Database version: 1537 Windows 6.0.6001 Service Pack 1 23/12/2008 20:31:37 mbam-log-2008-12-23 (20-31-37).txt Scan type: Quick Scan Objects scanned: 55675 Time elapsed: 2 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Panda ActiveScan log: ANALYSIS: 2008-12-23 21:30:32 PROTECTIONS: 1 MALWARE: 27 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Windows Defender 1.1.4205.0 No No ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@trafficmp[2].txt 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@trafficmp[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Zugo\AppData\Roaming\Microsoft\Windows\Cookies\Low\zugo@doubleclick[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Zugo\AppData\Roaming\Microsoft\Windows\Cookies\Low\zugo@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Zugo\AppData\Roaming\Microsoft\Windows\Cookies\zugo@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Zugo\AppData\Roaming\Microsoft\Windows\Cookies\Low\zugo@atdmt[2].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@247realmedia[2].txt 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@247realmedia[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@tribalfusion[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@tribalfusion[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@tribalfusion[3].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Zugo\AppData\Roaming\Microsoft\Windows\Cookies\zugo@tribalfusion[1].txt 00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@anm.co[3].txt 00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@anm.co[1].txt 00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@anm.co[2].txt 00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@ccbill[1].txt 00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@ccbill[2].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@com[5].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Zugo\AppData\Roaming\Microsoft\Windows\Cookies\zugo@com[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@com[4].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@com[2].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@com[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@com[3].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@xiti[2].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@xiti[3].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@xiti[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Zugo\AppData\Roaming\Microsoft\Windows\Cookies\Low\zugo@serving-sys[4].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Zugo\AppData\Roaming\Microsoft\Windows\Cookies\Low\zugo@serving-sys[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@serving-sys[4].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@serving-sys[3].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@serving-sys[2].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@serving-sys[1].txt 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Zugo\AppData\Roaming\Microsoft\Windows\Cookies\Low\zugo@serving-sys[3].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@bs.serving-sys[1].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@bs.serving-sys[3].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@bs.serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Zugo\AppData\Roaming\Microsoft\Windows\Cookies\Low\zugo@bs.serving-sys[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@adtech[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@adtech[4].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@adtech[3].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@adtech[2].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@server.iad.liveperson[2].txt 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Zugo\AppData\Roaming\Microsoft\Windows\Cookies\zugo@server.iad.liveperson[2].txt 00168113 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@fe.lea.lycos[2].txt 00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@stat.onestat[2].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Zugo\AppData\Roaming\Microsoft\Windows\Cookies\Low\zugo@advertising[1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Zugo\AppData\Roaming\Microsoft\Windows\Cookies\Low\zugo@advertising[3].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@ads.pointroll[3].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@ads.pointroll[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@overture[3].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@overture[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@overture[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@realmedia[2].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@realmedia[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@questionmarket[3].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@questionmarket[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Zugo\AppData\Roaming\Microsoft\Windows\Cookies\Low\zugo@questionmarket[2].txt 00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@metriweb[1].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@adultfriendfinder[1].txt 00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@go[2].txt 00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@searchportal.information[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@atwola[2].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@atwola[1].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@smartadserver[4].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@smartadserver[2].txt 00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@smartadserver[1].txt 00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Users\Nnamdi\AppData\Roaming\Microsoft\Windows\Cookies\nnamdi@citi.bridgetrack[1].txt ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location @|uC5 ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description @|uC5 ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:31:18, on 23/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\mobsync.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Lexmark 1400 Series\lxdjamon.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Qlock\qlock.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [simp] C:\Program Files\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: lxdjCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdjserv.exe O23 - Service: lxdj_device - - C:\Windows\system32\lxdjcoms.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 10285 bytes