Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91631 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Pop-ups/RunDLL errors/re-directed internet links - HijackThis log atta


  • This topic is locked This topic is locked
No replies to this topic

#1 Wiggy74

Wiggy74

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 05 April 2008 - 07:53 AM

Hi all,

I've been having problems with my computer all day (my OS is Windows Vista).

Various pop-up windows were appearing this morning so I ran Norton and Spybot scans. Norton Auto-Protect detected and removed Trojan.Vundo this morning, and Spybot detected Smitfraud and Virtumonde. Both of these were removed.

However, I continue to get RunDLL error messages pertaining to "kisxhdyg.dll" and "fcccCusr.dll" when my computer starts up.

Also, webpages continue to pop up whenever I go into Google. In addition, I'm getting directed to websites that have nothing to do with the link (eg I clicked on a link to a reputable job website today and it took me to ebay. Redirections to ebay have happened a couple of times today. I also get redirected to xsearchz.com).

I downloaded and ran AVG Anti-Spyware and it didn't detect anything at all.

I ran CleanUp! earlier and it is still unable to remove a few files that were running when the scan took place. These files still can't be removed when I restart my computer, despite CleanUp! stating that it will remove them when I restart.

I've attached a CleanUp! and HijackThis log for your advice.

Any help that anyone can give me would be greatly appreciated. This problem is driving me insane and I'm too scared to even undertake Internet banking for fear that something really nasty might be in my computer. :pullhair:

Many thanks,

________________________________________________________________________________
_________________________________________


CleanUp started on 04/06/08 00:41:11.
...
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\space[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\spellcheck[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\sprite_articleTools_li[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\Start[1].htm - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\strawberry[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\styles[1].css - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\style[1].css - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\style[2].css - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\swfobject[1].js - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\s[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\s[2].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\s[3].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\tableCountry_02[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\tableL_01[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\tabl[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\tab_n[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\talk[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\TARTE_AD2[1].jpg - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\teaser_compatibility[1].jpg - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\tha[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\TheMonthlyLinkLogo[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\thumbup[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\th_AirAsiaPlane_med-thumb__90x60[1].jpg - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\th_botox_index-lgthumb__90x60,0[1].jpg - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\th_craig_nicholls_index-lgthumb__90x60[1].jpg - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\th_joan_london_index-lgthumb__90x60[1].jpg - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\th_king_med-thumb__90x60[1].jpg - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\th_lachlanmurdoch-90x60[1].jpg - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\ticker-next[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\ticker-prev[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\tile_cat[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\title_06[1].jpg - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\title_bg_AU[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\todays-most-popular-divider[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\todays-most-popular-spr[1].png - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\tools[1] - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\tour_js_2_4am[1].js - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\to_starck[1].jpg - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\traineeships[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\trk[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\trk[2].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\tv_leader_728x90[1].swf - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\tv_leader_728x90[2].swf - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\txt_service_support[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\t[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\upper-left[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\up[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\user_offline[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\u[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\v52[1].js - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\vbulletin_global[1].js - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\vbulletin_md5[1].js - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\vbulletin_menu[1].js - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\VideoFramePackage[1].js - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\video_sprite2[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\Vogue_April08_Competitions_728x90[1].jpg - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\volume[1].swf - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\volume[2].swf - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\vundofix_confirm[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\vxvidtracker[1].js - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\white_bkg_a[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\White_bk[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\windows[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\wlb-tv-over[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\wlbheader_v5wide_02[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\woot[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\write_player[1] - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\y7_logo_1_1[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\yay[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\yeah[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\yregml_sec_200604111840[1].css - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UVZUKR5S\y[1].gif - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WVC0GL98\ - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\Spybot - Search & Destroy\Logs\SDHelper.log - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\Spybot - Search & Destroy\Logs\ - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\Spybot - Search & Destroy\ - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\Symantec\wcid0.log - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\Symantec\ - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ProgramData\ - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Nic\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Nic\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Nic\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Nic\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Nic\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Nic\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Nic\AppData\Local\Microsoft\Windows\Explorer\ - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Nic\AppData\Local\Microsoft\Windows\ - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Nic\AppData\Local\Microsoft\ - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Nic\AppData\Local\ - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Nic\AppData\ - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Nic\ - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\ - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\ - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\ - deleted
http://free3.grisoft...5.1.43-3339.exe - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Users\Nic\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Users\Nic\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008040520080406\index.dat - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008040520080406\ - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008040620080407\index.dat - deleted
C:\Users\Nic\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008040620080407\ - deleted
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: Nic@http://au.strawberrynet.com/skincare.aspx?BrandId=277 - deleted
Visited: Nic@http://feeds.news.com.au/public/rss/2.0/news_top_stories_48.xml - deleted
Visited: Nic@http://rss.api.ebay.com/ws/rssapi?FeedName=SearchResults&siteId=15&language=en-AU&output=RSS20&fsop=34&fsoo=1&satitle=www.bumblebee&from=R34&keyword=www.bumblebee&gbr=1&crlp=9341972041_55&sbrsrt=d&rawquery=bumble - deleted
Visited: Nic@http://www.news.com.au/entertainment/story/0,26278,23488213-10388,00.html - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-17,00.html - deleted
Visited: Nic@http://au.strawberrynet.com/makeup.aspx?BrandId=277&goChar=C - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-12,00.html - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/story/0,22049,23485668-5007132,00.html - deleted
Visited: Nic@http://owenonthenet.com/albums/index.html - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-paul-starr - deleted
Visited: Nic@http://au.strawberrynet.com/staticIndex/skincareIndex_1_AU.html - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-16,00.html - deleted
Visited: Nic@http://forums.techguy.org/external.php?type=RSS2 - deleted
Visited: Nic@http://au.rss.news.yahoo.com/politics.xml - deleted
Visited: Nic@http://au.strawberrynet.com/makeup.aspx?brandid=285&goChar=L&LineId=3147 - deleted
Visited: Nic@http://forums.vogue.com.au/showthread.php?t=208387&page=4 - deleted
Visited: Nic@http://forums.vogue.com.au/showthread.php?t=208387&page=2 - deleted
Visited: Nic@http://www.police.nsw.gov.au/news/latest_releases?sq_content_src=%2BdXJsPWh0dHBzJTNBJTJGJTJGd3d3LmViaXoucG9saWNlLm5zdy5nb3YuYXUlMkZtZWRpYSUyRjE0Mz
EuaHRtbCZhbGw9MQ%3D%3D - deleted
Visited: Nic@http://au.rss.news.yahoo.com/national.xml - deleted
Visited: Nic@http://www.qantas.com.au/info/flightInfo/index - deleted
Visited: Nic@http://forums.techguy.org/malware-removal-hijackthis-logs/700490-pop-ups-galore-error-messages.html - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-9,00.html - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-marie-robinson - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-14,00.html - deleted
Visited: Nic@http://www.google.com.au/search?hl=en&q=bumble+%26+bumble+hair+powder&btnG=Search&meta=cr%3DcountryAU - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-19,00.html - deleted
Visited: Nic@http://au.rss.news.yahoo.com/travel.xml - deleted
Visited: Nic@http://au.strawberrynet.com/prosearch.aspx - deleted
Visited: Nic@http://www.google.com.au/search?hl=en&q=klorane+dry+shampoo&meta= - deleted
Visited: Nic@http://www.welovebeauty.com/get-this-look?page=1 - deleted
Visited: Nic@http://forums.whatthetech.com/How_To_Remove_Smitfraud_This_tool_removes_Desktop_Hijack_malware_t61697.html - deleted
Visited: Nic@http://www.police.nsw.gov.au/news - deleted
Visited: Nic@http://rss.api.ebay.com/ws/rssapi?FeedName=SearchResults&siteId=15&language=en-AU&output=RSS20&fsop=34&fsoo=1&from=R34&satitle=nsw+police&keyword=nsw police&gbr=1&crlp=4670288041_55&sbrsrt=d&rawquery=nsw police - deleted
Visited: Nic@https://jobs.nsw.gov.au/JobDetails.asp?JobAdvertId=70383 - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-david-gardner - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-dr-jessica-wu - deleted
Visited: Nic@http://forums.whatthetech.com/Self_Help_Fixes_Spyware_Malware_f97.html - deleted
Visited: Nic@http://au.rss.news.yahoo.com/technology.xml - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-kate-somerville - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-mark-townsend - deleted
Visited: Nic@http://www.ewido.net/en/download - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-fiona-stiles - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-5,00.html - deleted
Visited: Nic@http://free3.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43-3339.exe - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-4,00.html - deleted
Visited: Nic@http://www.welovebeauty.com/get-this-look - deleted
Visited: Nic@http://feeds.news.com.au/public/rss/2.0/news_breaking_news_32.xml - deleted
Visited: Nic@http://www.police.nsw.gov.au/news/latest_releases?sq_content_src=%2BdXJsPWh0dHBzJTNBJTJGJTJGd3d3LmViaXoucG9saWNlLm5zdy5nb3YuYXUlMkZtZWRpYSUyRjE0Mz
MuaHRtbCZhbGw9MQ%3D%3D - deleted
Visited: Nic@https://jobs.nsw.gov.au/JobDetails.asp?JobAdvertId=70258 - deleted
Visited: Nic@http://au.strawberrynet.com/productDetail.aspx?ProdId=37080&goChar=L - deleted
Visited: Nic@http://au.rss.news.yahoo.com/entertainment.xml - deleted
Visited: Nic@http://forums.vogue.com.au/showthread.php?t=208387&page=5 - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-3,00.html - deleted
Visited: Nic@http://au.strawberrynet.com/productDetail.aspx?ProdId=40107&goChar=C - deleted
Visited: Nic@http://forums.whatthetech.com/Self_Help_Fixes_for_Spyware_Malware_f97.html - deleted
Visited: Nic@http://www.google.com.au/search?hl=en&q=nsw+government+jobs&meta= - deleted
Visited: Nic@https://jobs.nsw.gov.au/JobDetails.asp?JobAdvertId=70005 - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-jamal-hamadi - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-elke-von-freudenberg - deleted
Visited: Nic@http://forums.whatthetech.com/HijackThis_Logs_and_Infections_Removal_f27.html - deleted
Visited: Nic@https://jobs.nsw.gov.au/JobList.asp?SearchString=&JobCategoryId=&JobKeywords=&EmploymentStatusId=&SalaryRange=636&RegionId=21&JobLocation=&PositionNumber=&AgencyId=&JobTitle=&SortBy=&SearchFrom=tab1&PageNum=2 - deleted
Visited: Nic@http://www.google.com.au - deleted
Visited: Nic@https://jobs.nsw.gov.au/JobDetails.asp?JobAdvertId=70412 - deleted
Visited: Nic@http://au.rss.news.yahoo.com/oddly_enough.xml - deleted
Visited: Nic@http://forums.whatthetech.com/self_Help_t58958.html - deleted
Visited: Nic@http://blogs.smh.com.au/lifestyle/asksam/index.xml - deleted
Visited: Nic@http://au.strawberrynet.com/staticIndex/makeupIndex_1_AU.html - deleted
Visited: Nic@http://www.google.com.au/search?hl=en&q=nsw+police&meta= - deleted
Visited: Nic@http://www.google.com.au/search?hl=en&q=bumble+%26+bumble+dry+shampoo&meta= - deleted
Visited: Nic@http://forums.whatthetech.com/rss_14.html - deleted
Visited: Nic@http://search.ebay.com.au/www-bumblebee_W0QQcrlpZ9341972041Q5f55QQdfspZ1QQfromZR34QQfsooZ1QQfsopZ34QQgbrZ1QQke
ywordZwwwQ2ebumblebeeQQrawqueryZbumbleQQsatitleZwwwQ2ebumblebeeQQsbrsrtZd - deleted
Visited: Nic@http://forums.whatthetech.com/rss_12.html - deleted
Visited: Nic@https://jobs.nsw.gov.au/JobList.asp - deleted
Visited: Nic@http://forums.whatthetech.com/rss_6.html - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-18,00.html - deleted
Visited: Nic@http://forums.vogue.com.au/external.php?type=RSS - deleted
Visited: Nic@http://forums.whatthetech.com/rss_13.html - deleted
Visited: Nic@http://au.rss.news.yahoo.com/top_stories.xml - deleted
Visited: Nic@http://au.strawberrynet.com/makeup.aspx?brandid=277&goChar=C&LineId=4013 - deleted
Visited: Nic@http://au.strawberrynet.com/skincare.aspx?BrandId=608&goChar=B - deleted
Visited: Nic@http://feeds.news.com.au/public/rss/2.0/news_mostpopular_topstories_403.xml - deleted
Visited: Nic@http://www.google.com.au/search?hl=en&q=xsearchz.com&meta=cr%3DcountryAU - deleted
Visited: Nic@http://forums.whatthetech.com/start_new_topic_f27.html - deleted
Visited: Nic@http://forums.techguy.org/external.php?type=RSS2&forumids=54 - deleted
Visited: Nic@http://forums.whatthetech.com/rss_11.html - deleted
Visited: Nic@http://au.strawberrynet.com/makeup.aspx?BrandId=285&goChar=L - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141,00.html - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-11,00.html - deleted
Visited: Nic@http://blogs.smh.com.au/lifestyle/asksam/atom.xml - deleted
Visited: Nic@https://login.yahoo.com/config/login_verify2?.intl=au&.src=ym&rl=1 - deleted
Visited: Nic@http://au.strawberrynet.com/prosearch.aspx?searchField=dry+shampoo - deleted
Visited: Nic@http://au.strawberrynet.com/productDetail.aspx?ProdId=9349 - deleted
Visited: Nic@http://forums.whatthetech.com/rss_15.html - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-2,00.html - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-adir-abergel - deleted
Visited: Nic@http://www.strawberrynet.com/skincare.aspx?BrandId=608 - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-billy-b - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-kristin-ess - deleted
Visited: Nic@http://giftsforwomen.com.au/Bumble_and_Bumble_2.html - deleted
Visited: Nic@http://www.cheapcosmetics.com.au/products/bumble.html - deleted
Visited: Nic@http://www.welovebeauty.com/get-look-natalie-portman039s-classic-beauty - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-15,00.html - deleted
Visited: Nic@http://au.rss.news.yahoo.com/world.xml - deleted
Visited: Nic@http://www.myshopping.com.au/PT--224_Personal_Products - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-amber-kerns - deleted
Visited: Nic@http://www.welovebeauty.com/taxonomy/term/24/0/feed - deleted
Visited: Nic@http://forums.whatthetech.com/HijackThis_Logs_and_Infections_Removal_f27.html - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-1,00.html - deleted
Visited: Nic@http://au.rss.news.yahoo.com/business.xml - deleted
Visited: Nic@https://jobs.nsw.gov.au/JobDetails.asp?JobAdvertId=70096 - deleted
Visited: Nic@http://au.mg2.mail.yahoo.com/dc/launch?.rand=67ilmtd3m4r35 - deleted
Visited: Nic@http://au.rss.news.yahoo.com/most_viewed.xml - deleted
Visited: Nic@http://www.strawberrynet.com/country.aspx - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-7,00.html - deleted
Visited: Nic@https://jobs.nsw.gov.au/Start.asp - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-molly-stern - deleted
Visited: Nic@http://forums.whatthetech.com/login.html - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-mary-klimek - deleted
Visited: Nic@http://au.strawberrynet.com/main.aspx - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-8,00.html - deleted
Visited: Nic@http://www.police.nsw.gov.au/recruitment - deleted
Visited: Nic@http://www.google.com.au/search?hl=en&q=bumble+%26+bumble+hair+powder&meta= - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-6,00.html - deleted
Visited: Nic@http://blogs.smh.com.au/lifestyle/asksam/archives/2008/04/engagement_real_love_or_just_t.html?s_rid=smh:top5 - deleted
Visited: Nic@http://forums.vogue.com.au/showthread.php?t=208387 - deleted
Visited: Nic@http://blogs.smh.com.au/lifestyle/asksam/index.rdf - deleted
Visited: Nic@http://www.welovebeauty.com/rss.xml - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-rachel-goodwin - deleted
Visited: Nic@http://search.ebay.com.au/nsw-police_W0QQcrlpZ4670288041Q5f55QQdfspZ1QQfromZR34QQfsooZ1QQfsopZ34QQgbrZ1QQkeywo
rdZnswQ20policeQQrawqueryZnswQ20policeQQsbrsrtZd - deleted
Visited: Nic@http://forums.whatthetech.com/How_to_remove_Trojan_Virtumonde_t86255.html - deleted
Visited: Nic@http://forums.vogue.com.au/showthread.php?t=208387&page=3 - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-robin-coe-hutshing - deleted
Visited: Nic@http://au.strawberrynet.com/productDetail.aspx?brandid=&lCart=1&error=-1&ProdId=37080&goChar=L - deleted
Visited: Nic@http://www.smh.com.au - deleted
Visited: Nic@http://www.google.com.au/search?hl=en&q=remove+xsearchz.com&meta=cr%3DcountryAU - deleted
Visited: Nic@http://www.news.com.au - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-10,00.html - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/gallery/0,22056,5030785-5010141-13,00.html - deleted
Visited: Nic@http://forums.whatthetech.com/rss_4.html - deleted
Visited: Nic@http://www.welovebeauty.com/celebrity-stylemakers-spencer-barnes - deleted
Visited: Nic@http://216.133.243.28/2.php?sid=7180&keyword=bumble&goto=6883d0c57cb1c06595de85f2dab2bd5c-MTIwNzQwMTYwNgk1OC4xMDUuNzMuMTk1CQlwX3JzMDEJNzE4MAlidW1ibGUJc291c2hhdWhvbWUJaHR0
cDovL3JjMTIub3ZlcnR1cmUuY29tL2Qvc3IvP3hhcmdzPTE1S1BqZzE0RlNuNWFtd3IlMkRxZGIlNUZJ
U
mVXQXhWY2F4Y2E1OXNsc0RwUiUyREd0RmY1aU14WE9aMmFhREFrOFI4VCUyRFZ4djFQZHolNUZDWDlLV
V
NMdlh5bSU1RmlJRndtSFJWQ0JIJTVGV3Vnb0hOem84OFA2aWpXWWx4c093aHp1cnVsNFZPTkh1eVdsdn
h
kTk8lMkRudmlkWVg3SkQxQTRwc3dPekI2YSUyRGZkdXg4cTN4T1lJUWV2VmlnMHNza3FGYzVaMW45TW9
n
TXF4WDVzQVQ4RW1kdDdyaFhmRmZad1ElMkQlMkR4UWtleXRQMVZnWFN5aTRob2E5VmVISUM1NXY2ekpk
S
kVMdmJQbnk5dVZPNmFnem9VTGZSWEc0JTJERlRyZXFuJTJEVmFObTk4MklDdlVoTEpjaGc5VFJ1aXBNW
G
lPMEU5dzclNUZDdzNiZTBmNFU5Nm0lNUZ6RnB1UWVEbXFQUzNuVDNnakRldiU1RmJSSFRMWGR0dWhPRF
p
jUWN3ZjZRdVM2OEJMU0JDeloySUY0QTdzWGxOY2NuMHowJTJFCTAuMgkwCTEJMTY5NTgzNTE3NgkJMQl
B
dXN0cmFsaWEJQVU%3D&objTimStr=0.60635700+1207401606 - deleted
Visited: Nic@http://www.news.com.au/dailytelegraph/comments/0,22058,23485668-5007132,00.html - deleted
Visited: Nic@http://www.welovebeauty.com - deleted
Visited: Nic@http://www.welovebeauty.com/taxonomy/term/33/0/feed - deleted
C:\Users\Nic\AppData\Local\Temp\Nic.bmp - deleted
C:\Users\Nic\AppData\Local\Temp\~DF902E.tmp - deleted
C:\Users\Nic\AppData\Local\Temp\~DFA56D.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Nic\AppData\Local\Temp\~DFA971.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Nic\AppData\Local\Temp\Low\~DF66F0.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Nic\AppData\Local\Temp\Low\~DF66FB.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Nic\AppData\Local\Temp\WPDNSE\ - deleted
C:\Users\Nic\AppData\Local\Temp\~DFA56D.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Nic\AppData\Local\Temp\~DFA971.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Nic\AppData\Local\Temp\Low\~DF66F0.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Nic\AppData\Local\Temp\Low\~DF66FB.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Nic\Local Settings\Temp\~DFA56D.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Nic\Local Settings\Temp\~DFA971.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Nic\Local Settings\Temp\Low\~DF66F0.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Nic\Local Settings\Temp\Low\~DF66FB.tmp currently in use. Will be deleted when Windows is restarted.
Paint Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 212.7 MB of disk space from 2854 files.
CleanUp! finished on 04/06/08 00:41:28.

________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:22 PM, on 5/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\StkCSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Host Process] C:\Users\Nic\svchost.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Nic\AppData\Local\Temp\fcccCusr.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Nic\AppData\Local\Temp\kisxhdyg.dll",run
O4 - HKCU\..\Run: [__c00897E3] rundll32.exe "C:\Users\Nic\AppData\Roaming\__c00897E3.dat",B
O4 - HKCU\..\Run: [BM1f2950bc] Rundll32.exe "C:\Users\Nic\AppData\Local\Temp\srxdlpwb.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Get 2 FREE Audiobooks.lnk = C:\Users\Nic\AppData\Local\Temp\HelpInstaller_StartUp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MultiFrame.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace...ronGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11899 bytes

Edited by Wiggy74, 05 April 2008 - 07:55 AM.

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users