Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Help - Contents of Hijack log SuperAntiSpyware log & Combofix txt
   
BullGuard Antivirus Forum > Bullguard zone > BullGuard Trial users > Help - Contents of Hijack log SuperAntiSpyware log & Combofix txt  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : Help - Contents of Hijack log SuperAntiSpyware log & Combofix txt
[ << Previous Thread | Next Thread >> ]

Titchymichy
New Member


Date Joined Mar 2008
Total Posts : 6
  		   Posted 3-29-2008 6:57 (GMT +2)    Quote: Help - Contents of Hijack log SuperAntiSpyware log & Combofix txtAlert an admin about: Help - Contents of Hijack log SuperAntiSpyware log & Combofix txt
Trying to sanitise a friend's infected PC and have  contents of Hijack log SuperAntiSpyware log & Combofix txt below.  Any help appreciated
 
Hijack log:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33, on 2008-03-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
G:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F47B2E1-3C71-49FF-A853-D9637C7DDC3B} - C:\WINDOWS\jkkjghgd.dll (file missing)
O2 - BHO: Google Module - {4C579E8B-92F1-44d1-9444-66A4355E9386} - bagetionwll.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [gebyxyaxur] Rundll32.exe "C:\WINDOWS\system32\pmnlllkh.dll",s
O4 - HKLM\..\Run: [50de3a25] rundll32.exe "C:\WINDOWS\system32\mkdapyto.dll",b
O4 - HKLM\..\Run: [awvvwwxuro] Rundll32.exe "=5%ì•"°ìy%040XœY<%K{xxxŠZü9xx",s
O4 - HKLM\..\Run: [oppqqpmnli] Rundll32.exe "=5%ì•"°ìy%AŠŠA Z 9ü9xx",s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm027YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: wsock3.dll
O10 - Unknown file in Winsock LSP: wsock3.dll
O10 - Unknown file in Winsock LSP: wsock3.dll
O10 - Unknown file in Winsock LSP: wsock3.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174690111187
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 8690 bytes
SuperAntiSpyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/29/2008 at 03:40 PM
Application Version : 4.0.1154
Core Rules Database Version : 3412
Trace Rules Database Version: 1404
Scan type       : Complete Scan
Total Scan Time : 00:28:00
Memory items scanned      : 369
Memory threats detected   : 5
Registry items scanned    : 5660
Registry threats detected : 63
File items scanned        : 14689
File threats detected     : 90
Adware.Vundo-Variant
 C:\WINDOWS\SYSTEM32\UVPEQULC.DLL
 C:\WINDOWS\SYSTEM32\UVPEQULC.DLL
 Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\uvpequlc
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144675.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144681.DLL
 C:\WINDOWS\SYSTEM32\PQJYULUD.DLL
Adware.Vundo-Variant/Small
 C:\WINDOWS\SYSTEM32\OPNNMLM.DLL
 C:\WINDOWS\SYSTEM32\OPNNMLM.DLL
 Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\opnnmlm
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144668.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144669.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144674.DLL
Adware.Vundo Variant/Resident
 C:\WINDOWS\SYSTEM32\JKHHE.DLL
 C:\WINDOWS\SYSTEM32\JKHHE.DLL
Adware.Vundo-Variant/Small-A
 C:\WINDOWS\SYSTEM32\MKDAPYTO.DLL
 C:\WINDOWS\SYSTEM32\MKDAPYTO.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144654.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144655.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144656.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144657.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144658.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144659.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144660.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144661.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144662.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144663.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144664.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144665.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144666.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144667.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144670.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144671.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144672.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144673.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144676.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144679.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144680.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144685.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144690.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144691.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144692.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144696.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144701.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP299\A0146762.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP303\A0148799.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP305\A0154831.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP306\A0156840.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP308\A0161074.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP311\A0162109.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP313\A0162143.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP314\A0162162.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP315\A0165173.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP316\A0165205.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0166253.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0166256.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0166257.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0166258.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0166261.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0166265.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0167252.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0188261.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0188264.DLL
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0188265.DLL
Adware.eZula
 C:\WINDOWS\SYSTEM32\BKVQNNTE.EXE
 C:\WINDOWS\SYSTEM32\BKVQNNTE.EXE
 C:\WINDOWS\Prefetch\BKVQNNTE.EXE-13071EE3.pf
Adware.MyWebSearch
 HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
 HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
 HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
 HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
 HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
 HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
 C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
 HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
 HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
 HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
 HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
 HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
 HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
 HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
 HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
 HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
 HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
 HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
 C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
 HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
 HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
 HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
 HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
 HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
 HKU\S-1-5-21-2000478354-1677128483-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
Unclassified.Unknown Origin
 HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
 HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
 HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
 HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
 HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
 HKLM\Software\Microsoft\Internet Explorer\Toolbar#{11A69AE4-FBED-4832-A2BF-45AF82825583}
 HKU\S-1-5-21-2000478354-1677128483-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{11A69AE4-FBED-4832-A2BF-45AF82825583}
Adware.Vundo Variant
 HKLM\Software\Classes\CLSID\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}
 HKCR\CLSID\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}
 HKCR\CLSID\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}\InprocServer32
 HKCR\CLSID\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}\InprocServer32#ThreadingModel
 HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
 HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
 HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
 HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}
 HKCR\CLSID\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}
 HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
Trojan.WinFixer
 HKLM\Software\Classes\CLSID\{2C7DEDFC-0C0D-4099-8334-AC765C268CDB}
 HKCR\CLSID\{2C7DEDFC-0C0D-4099-8334-AC765C268CDB}
 HKCR\CLSID\{2C7DEDFC-0C0D-4099-8334-AC765C268CDB}\InprocServer32
 HKCR\CLSID\{2C7DEDFC-0C0D-4099-8334-AC765C268CDB}\InprocServer32#ThreadingModel
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C7DEDFC-0C0D-4099-8334-AC765C268CDB}
Adware.Adservs
 C:\WINDOWS\system32\atmtd.dll._
Trojan.Unknown Origin
 HKLM\Software\xpre
 HKLM\Software\xpre#execount
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0131916.EXE
Adware.ClickSpring/Outer Info Network
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion
Adware.WinTouch/XInside
 C:\Program Files\InetGet2
 C:\Program Files\Router\UnInstall.exe
 C:\Program Files\Router
Adware.ClickSpring/Yazzle
 C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE
Trojan.Downloader-Gen/MROFIN
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP223\A0077298.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP258\A0115083.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0131313.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0131432.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0131477.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0131542.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0132085.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0132243.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0132300.EXE
Trojan.Downloader-Gen/DDC
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144693.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144694.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144695.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144697.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144698.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144699.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144700.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144702.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144705.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144706.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144708.EXE
Trojan.Unclassified/17PHolmes-A
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0131205.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0131445.EXE
Adware.Vundo Variant/Rel
 C:\WINDOWS\SYSTEM32\EHHKJ.INI
and finally ComboFix txt:
 
ComboFix 08-03-25.4 - Bilal 2008-03-29 15:52:36.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.358 [GMT 0:00]
Running from: G:\ComboFix.exe
 * Created a new restore point
 * Resident AV is active

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Bilal\Application Data\FunWebProducts
C:\Documents and Settings\Bilal\Application Data\FunWebProducts\Data\Bilal\avatar.dat
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\000210BF
C:\Program Files\MyWebSearch\bar\Cache\000403D5
C:\Program Files\MyWebSearch\bar\Cache\00040636
C:\Program Files\MyWebSearch\bar\Cache\000EF374
C:\Program Files\MyWebSearch\bar\Cache\00143BBF.bin
C:\Program Files\MyWebSearch\bar\Cache\00143FF5
C:\Program Files\MyWebSearch\bar\Cache\001C9D03.bin
C:\Program Files\MyWebSearch\bar\Cache\001CACC2.bin
C:\Program Files\MyWebSearch\bar\Cache\001CAF14.bin
C:\Program Files\MyWebSearch\bar\Cache\001CB07B.bin
C:\Program Files\MyWebSearch\bar\Cache\001CB1E2.bin
C:\Program Files\MyWebSearch\bar\Cache\002CCE75
C:\Program Files\MyWebSearch\bar\Cache\0067F680.bin
C:\Program Files\MyWebSearch\bar\Cache\00681294.bin
C:\Program Files\MyWebSearch\bar\Cache\0068138E.bin
C:\Program Files\MyWebSearch\bar\Cache\006814D6.bin
C:\Program Files\MyWebSearch\bar\Cache\00F40BB5.bin
C:\Program Files\MyWebSearch\bar\Cache\00F40D0D.bin
C:\Program Files\MyWebSearch\bar\Cache\00F40ED2.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\script.txt
C:\WINDOWS\BM53ed09b9.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aisojrbe.ini
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\cmds.txt
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\eavjfkhf.ini
C:\WINDOWS\system32\ehhkj.ini2
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\fhvjuxef.ini
C:\WINDOWS\system32\file.exe
C:\WINDOWS\system32\gjbdwfot.ini
C:\WINDOWS\system32\jqrjnlfy.ini
C:\WINDOWS\system32\lywrvtkk.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msvcrtd.exe
C:\WINDOWS\system32\ndudvnbk.ini
C:\WINDOWS\system32\otypadkm.ini
C:\WINDOWS\system32\pagxddbh.ini
C:\WINDOWS\system32\qckefnga.ini
C:\WINDOWS\system32\rnidwvpe.ini
C:\WINDOWS\system32\xdbepana.ini
D:\Autorun.inf
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DOMAINSERVICE
-------\Service_DomainService

(((((((((((((((((((((((((   Files Created from 2008-02-28 to 2008-03-29  )))))))))))))))))))))))))))))))
.
2008-03-29 15:10 . 2008-03-29 15:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-29 15:10 . 2008-03-29 15:10 <DIR> d-------- C:\Documents and Settings\Bilal\Application Data\SUPERAntiSpyware.com
2008-03-29 15:10 . 2008-03-29 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-29 15:09 . 2008-03-29 15:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 15:01 . 2008-03-29 15:01 <DIR> d-------- C:\Program Files\CCleaner
2008-03-20 23:35 . 2004-08-04 12:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-03-20 23:34 . 2004-08-04 12:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-03-20 23:33 . 2004-08-04 12:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-20 23:32 . 2004-08-04 12:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-03-20 23:31 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-03-20 23:26 . 2008-03-20 23:26 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-20 23:25 . 2008-03-20 23:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-20 23:25 . 2008-03-20 23:25 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-20 23:25 . 2008-03-20 23:25 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-20 23:25 . 2008-03-20 23:25 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-20 23:25 . 2008-03-20 23:25 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-20 23:14 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-03-20 19:58 . 2008-03-20 19:58 0 --a------ C:\WINDOWS\system32\geedeefcyvspmjg
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\BullGuard
2008-03-29 14:57 --------- d-----w C:\Documents and Settings\Bilal\Application Data\AppDate
2008-02-18 17:47 --------- d-----w C:\Documents and Settings\Bilal\Application Data\Talkback
2008-02-18 17:46 51,152 ----a-w C:\WINDOWS\system32\drivers\BdFileSpy.sys
2008-02-15 16:34 22,016 ----a-w C:\Documents and Settings\Bilal\Application Data\ssqrpqpm.dll
2008-02-15 16:34 22,016 ----a-w C:\Documents and Settings\Bilal\~tmp1147.exe
2008-02-11 23:16 --------- d-----w C:\Documents and Settings\Bilal\Application Data\Azureus
2008-02-11 22:50 --------- d-----w C:\Program Files\SopCast
2008-02-11 14:28 --------- d-----w C:\Documents and Settings\Bilal\Application Data\BullGuard
2008-02-07 02:03 --------- d-----w C:\Program Files\BullGuard Ltd
2008-02-07 01:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-07 01:26 --------- d-----w C:\Program Files\RAR Password Cracker
2008-02-07 01:25 --------- d-----w C:\Program Files\Virgin Broadband
2008-02-07 01:25 --------- d-----w C:\Program Files\MacroVirus
2008-02-07 01:25 --------- d-----w C:\Documents and Settings\Bilal\Application Data\MacroVirus
2008-02-07 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-02-04 03:05 --------- d-----w C:\Program Files\Symantec
2008-02-04 02:48 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-02-04 02:45 --------- d-----w C:\Documents and Settings\Bilal\Application Data\Virgin Broadband
2008-02-04 01:41 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-04 01:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-04 01:39 --------- d-----w C:\Program Files\FLV Player
2008-02-04 01:39 --------- d-----w C:\Documents and Settings\Bilal\Application Data\AVG7
2008-02-04 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7(2)
2008-02-04 01:27 --------- d-----w C:\Program Files\Common Files\Real
2008-02-02 18:35 --------- d-----w C:\Documents and Settings\Bilal\Application Data\U3
2008-02-01 21:07 --------- d-----w C:\Program Files\DivX
2008-01-27 22:33 10 ----a-w C:\Program Files\.autoreg
2007-07-03 13:54 23,402,288 ----a-w C:\Program Files\AdbeRdr810_en_US.exe
.
 
 
Back to Top
 
New Topic Locked Topic Printable version of : Help - Contents of Hijack log SuperAntiSpyware log & Combofix txt
 
Forum Information
Currently it is Friday, August 29, 2008 7:55 AM (GMT +2)
There are a total of 61.581 posts in 15.387 threads.
In the last 3 days there were 21 new threads and 48 reply posts. View Active Threads
Who's Online
This forum has 26260 registered members. Please welcome our newest member, MN.
25 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Touch, I missed you so much I had to come back:) (12)29-08-2008 05:38:57 (Touch)
Multiple trojans (3)29-08-2008 05:09:51 (Touch)
Cool USEP scandal (19)29-08-2008 04:39:07 (cyberXpert2008)
Redirect virus + problems downloading software (1)29-08-2008 04:23:04 (Touch)
Help remove trojan!!!! my computer became slower 5x than usual (1)29-08-2008 03:26:26 (Touch)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard