Help - Contents of Hijack log SuperAntiSpyware log & Combofix txt

Posted 3/29/2008 4:57 PM
#60938
User avatar

Titchymichy Member

Date Joined Nov 2016
Total Posts: 6
Trying to sanitise a friend's infected PC and have contents of Hijack log SuperAntiSpyware log & Combofix txt below. Any help appreciated


Hijack log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33, on 2008-03-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
G:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F47B2E1-3C71-49FF-A853-D9637C7DDC3B} - C:\WINDOWS\jkkjghgd.dll (file missing)
O2 - BHO: Google Module - {4C579E8B-92F1-44d1-9444-66A4355E9386} - bagetionwll.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [gebyxyaxur] Rundll32.exe "C:\WINDOWS\system32\pmnlllkh.dll",s
O4 - HKLM\..\Run: [50de3a25] rundll32.exe "C:\WINDOWS\system32\mkdapyto.dll",b
O4 - HKLM\..\Run: [awvvwwxuro] Rundll32.exe "=5%ì•"°ìy%040XœY<%K{xxxŠZü9xx",s
O4 - HKLM\..\Run: [oppqqpmnli] Rundll32.exe "=5%ì•"°ìy%AŠŠA Z 9ü9xx",s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - https://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm027YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: wsock3.dll
O10 - Unknown file in Winsock LSP: wsock3.dll
O10 - Unknown file in Winsock LSP: wsock3.dll
O10 - Unknown file in Winsock LSP: wsock3.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - https://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - https://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174690111187
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - https://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - https://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8690 bytes


SuperAntiSpyware log:

SUPERAntiSpyware Scan Log
https://www.superantispyware.com

Generated 03/29/2008 at 03:40 PM

Application Version : 4.0.1154

Core Rules Database Version : 3412
Trace Rules Database Version: 1404

Scan type : Complete Scan
Total Scan Time : 00:28:00

Memory items scanned : 369
Memory threats detected : 5
Registry items scanned : 5660
Registry threats detected : 63
File items scanned : 14689
File threats detected : 90

Adware.Vundo-Variant
C:\WINDOWS\SYSTEM32\UVPEQULC.DLL
C:\WINDOWS\SYSTEM32\UVPEQULC.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\uvpequlc
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144675.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144681.DLL
C:\WINDOWS\SYSTEM32\PQJYULUD.DLL

Adware.Vundo-Variant/Small
C:\WINDOWS\SYSTEM32\OPNNMLM.DLL
C:\WINDOWS\SYSTEM32\OPNNMLM.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\opnnmlm
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144668.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144669.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144674.DLL

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\JKHHE.DLL
C:\WINDOWS\SYSTEM32\JKHHE.DLL

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\MKDAPYTO.DLL
C:\WINDOWS\SYSTEM32\MKDAPYTO.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144654.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144655.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144656.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144657.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144658.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144659.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144660.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144661.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144662.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144663.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144664.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144665.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144666.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144667.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144670.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144671.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144672.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144673.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144676.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144679.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144680.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144685.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144690.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144691.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144692.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144696.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144701.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP299\A0146762.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP303\A0148799.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP305\A0154831.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP306\A0156840.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP308\A0161074.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP311\A0162109.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP313\A0162143.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP314\A0162162.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP315\A0165173.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP316\A0165205.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0166253.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0166256.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0166257.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0166258.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0166261.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0166265.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0167252.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0188261.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0188264.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP319\A0188265.DLL

Adware.eZula
C:\WINDOWS\SYSTEM32\BKVQNNTE.EXE
C:\WINDOWS\SYSTEM32\BKVQNNTE.EXE
C:\WINDOWS\Prefetch\BKVQNNTE.EXE-13071EE3.pf

Adware.MyWebSearch
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-2000478354-1677128483-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKU\S-1-5-21-2000478354-1677128483-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{11A69AE4-FBED-4832-A2BF-45AF82825583}

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}
HKCR\CLSID\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}
HKCR\CLSID\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}\InprocServer32
HKCR\CLSID\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}
HKCR\CLSID\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{2C7DEDFC-0C0D-4099-8334-AC765C268CDB}
HKCR\CLSID\{2C7DEDFC-0C0D-4099-8334-AC765C268CDB}
HKCR\CLSID\{2C7DEDFC-0C0D-4099-8334-AC765C268CDB}\InprocServer32
HKCR\CLSID\{2C7DEDFC-0C0D-4099-8334-AC765C268CDB}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C7DEDFC-0C0D-4099-8334-AC765C268CDB}

Adware.Adservs
C:\WINDOWS\system32\atmtd.dll._

Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0131916.EXE

Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion

Adware.WinTouch/XInside
C:\Program Files\InetGet2
C:\Program Files\Router\UnInstall.exe
C:\Program Files\Router

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE

Trojan.Downloader-Gen/MROFIN
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP223\A0077298.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP258\A0115083.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0131313.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0131432.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0131477.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0131542.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0132085.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0132243.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0132300.EXE

Trojan.Downloader-Gen/DDC
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144693.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144694.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144695.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144697.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144698.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144699.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144700.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144702.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144705.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144706.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP293\A0144708.EXE

Trojan.Unclassified/17PHolmes-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0131205.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{41DA2A03-B6C8-4501-A166-FE91B83B5DD4}(2)\RP281\A0131445.EXE

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\EHHKJ.INI


and finally ComboFix txt:



ComboFix 08-03-25.4 - Bilal 2008-03-29 15:52:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.358 [GMT 0:00]
Running from: G:\ComboFix.exe
* Created a new restore point
* Resident AV is active


[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Bilal\Application Data\FunWebProducts
C:\Documents and Settings\Bilal\Application Data\FunWebProducts\Data\Bilal\avatar.dat
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\000210BF
C:\Program Files\MyWebSearch\bar\Cache\000403D5
C:\Program Files\MyWebSearch\bar\Cache\00040636
C:\Program Files\MyWebSearch\bar\Cache\000EF374
C:\Program Files\MyWebSearch\bar\Cache\00143BBF.bin
C:\Program Files\MyWebSearch\bar\Cache\00143FF5
C:\Program Files\MyWebSearch\bar\Cache\001C9D03.bin
C:\Program Files\MyWebSearch\bar\Cache\001CACC2.bin
C:\Program Files\MyWebSearch\bar\Cache\001CAF14.bin
C:\Program Files\MyWebSearch\bar\Cache\001CB07B.bin
C:\Program Files\MyWebSearch\bar\Cache\001CB1E2.bin
C:\Program Files\MyWebSearch\bar\Cache\002CCE75
C:\Program Files\MyWebSearch\bar\Cache\0067F680.bin
C:\Program Files\MyWebSearch\bar\Cache\00681294.bin
C:\Program Files\MyWebSearch\bar\Cache\0068138E.bin
C:\Program Files\MyWebSearch\bar\Cache\006814D6.bin
C:\Program Files\MyWebSearch\bar\Cache\00F40BB5.bin
C:\Program Files\MyWebSearch\bar\Cache\00F40D0D.bin
C:\Program Files\MyWebSearch\bar\Cache\00F40ED2.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\Words
C:\Program Files\Words\list.txt
C:\Program Files\Words\script.txt
C:\WINDOWS\BM53ed09b9.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aisojrbe.ini
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\cmds.txt
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\eavjfkhf.ini
C:\WINDOWS\system32\ehhkj.ini2
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\fhvjuxef.ini
C:\WINDOWS\system32\file.exe
C:\WINDOWS\system32\gjbdwfot.ini
C:\WINDOWS\system32\jqrjnlfy.ini
C:\WINDOWS\system32\lywrvtkk.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msvcrtd.exe
C:\WINDOWS\system32\ndudvnbk.ini
C:\WINDOWS\system32\otypadkm.ini
C:\WINDOWS\system32\pagxddbh.ini
C:\WINDOWS\system32\qckefnga.ini
C:\WINDOWS\system32\rnidwvpe.ini
C:\WINDOWS\system32\xdbepana.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Service_DomainService


((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

2008-03-29 15:10 . 2008-03-29 15:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-29 15:10 . 2008-03-29 15:10 <DIR> d-------- C:\Documents and Settings\Bilal\Application Data\SUPERAntiSpyware.com
2008-03-29 15:10 . 2008-03-29 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-29 15:09 . 2008-03-29 15:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 15:01 . 2008-03-29 15:01 <DIR> d-------- C:\Program Files\CCleaner
2008-03-20 23:35 . 2004-08-04 12:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-03-20 23:34 . 2004-08-04 12:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-03-20 23:33 . 2004-08-04 12:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-20 23:32 . 2004-08-04 12:00 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-03-20 23:31 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-03-20 23:26 . 2008-03-20 23:26 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-20 23:25 . 2008-03-20 23:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-20 23:25 . 2008-03-20 23:25 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-20 23:25 . 2008-03-20 23:25 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-20 23:25 . 2008-03-20 23:25 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-20 23:25 . 2008-03-20 23:25 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-20 23:14 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-03-20 19:58 . 2008-03-20 19:58 0 --a------ C:\WINDOWS\system32\geedeefcyvspmjg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 15:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\BullGuard
2008-03-29 14:57 --------- d-----w C:\Documents and Settings\Bilal\Application Data\AppDate
2008-02-18 17:47 --------- d-----w C:\Documents and Settings\Bilal\Application Data\Talkback
2008-02-18 17:46 51,152 ----a-w C:\WINDOWS\system32\drivers\BdFileSpy.sys
2008-02-15 16:34 22,016 ----a-w C:\Documents and Settings\Bilal\Application Data\ssqrpqpm.dll
2008-02-15 16:34 22,016 ----a-w C:\Documents and Settings\Bilal\~tmp1147.exe
2008-02-11 23:16 --------- d-----w C:\Documents and Settings\Bilal\Application Data\Azureus
2008-02-11 22:50 --------- d-----w C:\Program Files\SopCast
2008-02-11 14:28 --------- d-----w C:\Documents and Settings\Bilal\Application Data\BullGuard
2008-02-07 02:03 --------- d-----w C:\Program Files\BullGuard Ltd
2008-02-07 01:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-07 01:26 --------- d-----w C:\Program Files\RAR Password Cracker
2008-02-07 01:25 --------- d-----w C:\Program Files\Virgin Broadband
2008-02-07 01:25 --------- d-----w C:\Program Files\MacroVirus
2008-02-07 01:25 --------- d-----w C:\Documents and Settings\Bilal\Application Data\MacroVirus
2008-02-07 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-02-04 03:05 --------- d-----w C:\Program Files\Symantec
2008-02-04 02:48 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-02-04 02:45 --------- d-----w C:\Documents and Settings\Bilal\Application Data\Virgin Broadband
2008-02-04 01:41 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-04 01:41 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-04 01:39 --------- d-----w C:\Program Files\FLV Player
2008-02-04 01:39 --------- d-----w C:\Documents and Settings\Bilal\Application Data\AVG7
2008-02-04 01:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7(2)
2008-02-04 01:27 --------- d-----w C:\Program Files\Common Files\Real
2008-02-02 18:35 --------- d-----w C:\Documents and Settings\Bilal\Application Data\U3
2008-02-01 21:07 --------- d-----w C:\Program Files\DivX
2008-01-27 22:33 10 ----a-w C:\Program Files\.autoreg
2007-07-03 13:54 23,402,288 ----a-w C:\Program Files\AdbeRdr810_en_US.exe
.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, December 11, 2019, 6:49 AM (GMT +1)
There are a total of 61,750 posts in 13,625 threads.
In the last 3 days there were 0 new threads and 2 reply posts.

Who's online

This forum has 38,552 registered members. Please welcome our newest member, joshep.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.