Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Newhijackthislog


  • Please log in to reply
8 replies to this topic

#1 alexus

alexus

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 12 July 2007 - 01:06 PM

C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\WINDOWS\dobe~1
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\activextest.bat
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\Music\Level01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\Music\Level01B.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM02.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM03.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ANYLOOP.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BONUS100.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUMPSCENERY01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUMPSWEET01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUTTONCLICK.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_CASCADEGOOD.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_COMBOGOOD.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_FAILED.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_FIREWOOSH01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KATEHURRAY01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KATEHURRAY02.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KEYSTROKE.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_LAUNCHERDOWN.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_POP01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PRODUCTION01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUREWIND.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUSHERBONUS.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUSHERPOP.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGEND.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGLOOP.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGSTART.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SHERBETDONE.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SHUFFLE.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKEREND.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKERLOOP.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKERSTART.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SWAP.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_TRANSITION.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\arcadepanel.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\dialog.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\fullscreendialoglocal.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\infodialog.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\longdialog.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\panel.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\screenshots.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\submitdialog.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\textfield.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\yesnodialog.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_down.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_over.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_up.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_down.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_over.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_up.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_down.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_over.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_up.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\buttondown.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\buttonrollover.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\buttonup.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\checkdown.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\checkup.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\choosenamedown.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\choosenameover.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\long_button_down.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\long_button_over.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\long_button_up.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\sliderknob.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\sliderknobover.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\sliderrail.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\cursor\cursor.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\cursor\nocursor.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\fonts\main.mvec
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Comic\Intros.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Comic\TipWindow.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_Flame.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_Hot.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_PowerUp.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_Ring.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_Sherbet.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_Steam.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_SugarFloor.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_White.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach01_PistonA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach01A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach02_RingA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach02A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach03_HammerA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach03A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach04_CrankA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach04A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach05A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06_CrossA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06_PistonA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach07A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach08A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach09A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerBase01A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerBase02A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop01A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop01B.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop02A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop02B.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleBase.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleDoor.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHead.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHead2.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHole.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHoleA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHoleB.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHurray1.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHurray2.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateAhead.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateFire.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateLeft.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateRight.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleSling.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleSlingA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleTop.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleTunnel.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Sucker\SuckerTop.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Sucker\SuckerWind.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Glass\Glass01.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Ingredients\Ingredient02.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Machines\Mach02A.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Walls\Wall02.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01B.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01C.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Joints\JointCross01A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Joints\JointStraight01A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Vent01.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall01A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall01B.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall02A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall02B.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall03A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall03B.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\Channel06.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\ChannelShadow.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\InsChannel.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Floors\Floor01.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\Pusher.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\PusherBang.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\PusherWheel.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Shadows\Shadow01.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Shadows\Shadow02.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetA.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetC.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetC_S.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetG.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetG_S.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetH.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetP.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetP_S.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetPUs.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetR.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetR_S.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetS.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetS_S.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetShine.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Vat\MacLight01.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Vat\VatPipes01.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\InGame\PUDialog.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\Instructions\InstBackdrop.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\Instructions\SweetTypes.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\Loading\LoadingBar.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\Loading\LoadingScreen.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\MainMenu\MainMenuScreen.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\Pointers\InGameHole.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\Pointers\InGamePointer.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\hiscore\global-hs-bb_large.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\hiscore\global-hs-bb_small.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\hiscore\hi.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\hiscore\local-hs-bb.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\hiscore\p1icon.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A01.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A02.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A03.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A04.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A05.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A06.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A07.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A08.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A09.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A10.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C01.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C02.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C03.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C04.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C05.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C06.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C07.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C08.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C09.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C10.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\Complete.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\CPaused.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\Ins.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\MoreInfo.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\TIP_K1.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\Tip_L1C.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\Tip_L1D.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\Tip_L1E.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\Tip_L5A.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\arcade.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\chooseplayer.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\complete.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\continue.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\credits.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\entername.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\game.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\instructions.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\loading.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\moreinfo.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\ok.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\options.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\pause.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\pieye.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\style.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Splash\PiEyeGames_logo.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Splash\playfirst_aol_logo.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\strings.xml
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\xsellstyle.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\EULA.txt
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\readme.htm
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\Sweetopia.exe
C:\WINDOWS\retadpu11.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fnts~2
C:\WINDOWS\system32\sks~1
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core
-------\nm


((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))


2007-07-12 10:38 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-05 11:17 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\MSN6
2007-07-05 11:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-07-04 00:09 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\Pogo Games
2007-06-29 16:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-29 16:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-29 16:38 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\SUPERAntiSpyware.com
2007-06-29 16:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Trillian
2007-06-27 19:02 <DIR> d-------- C:\Program Files\PCPitstop
2007-06-27 19:02 <DIR> d-------- C:\Program Files\McAfee.com
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2007-06-27 19:02 <DIR> d-------- C:\Program Files\CleanUp!(2)
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Citrix
2007-06-27 19:02 <DIR> d-------- C:\Program Files\CallWave
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Bingo Gala(2)
2007-06-27 19:02 <DIR> d-------- C:\Program Files\BFG
2007-06-27 19:02 <DIR> d-------- C:\Program Files\AOD
2007-06-27 19:02 <DIR> d-------- C:\Program Files\AIM
2007-06-27 19:01 <DIR> d-------- C:\Program Files\GoldPocket
2007-06-27 19:01 <DIR> d-------- C:\Program Files\GanymedeNet
2007-06-27 18:42 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat
2007-06-27 18:41 <DIR> d-------- C:\Program Files\Panda Software
2007-06-27 14:12 <DIR> d-------- C:\DOCUME~1\FALEXUS\.housecall6.6
2007-06-27 10:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-06-27 10:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-26 12:11 5,816,320 --a------ C:\DOCUME~1\FALEXUS\ntuser.dat
2007-06-26 12:05 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-06-26 09:07 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-06-26 08:57 <DIR> d-------- C:\Program Files\a-squared Free
2007-06-26 08:22 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\BFGTOOLBAR
2007-06-26 08:07 14 --a------ C:\DOCUME~1\FALEXUS\getfile.dat
2007-06-26 00:32 14 --a------ C:\WINDOWS\SYSTEM32\getfile.dat
2007-06-25 17:27 <DIR> d-------- C:\WINDOWS\ozii
2007-06-25 17:27 <DIR> d-------- C:\Program Files\Common Files\ozii
2007-06-25 17:12 <DIR> d--hs---- C:\WINDOWS\RkFMRVhVUw
2007-06-25 17:12 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-06-23 17:00 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-16 15:39 <DIR> d-------- C:\Program Files\MySpace
2007-06-16 15:39 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\MySpace
2007-06-14 00:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 08:50:46 -------- d-----w C:\Program Files\EggTimerPlus
2007-07-10 04:11:00 -------- d-----w C:\Program Files\Oberon Media
2007-07-03 16:39:25 -------- d-----w C:\Program Files\MSN Messenger
2007-06-29 23:04:44 -------- d-----w C:\Program Files\Yahoo!
2007-06-28 01:58:01 -------- d-----w C:\Program Files\InterMute
2007-06-28 01:58:00 -------- d-----w C:\Program Files\bfgtoolbar
2007-06-28 01:41:37 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-27 23:06:07 -------- d-----w C:\Program Files\Messenger
2007-06-26 19:05:30 -------- d-----w C:\DOCUME~1\FALEXUS\APPLIC~1\Yahoo!
2007-06-26 07:32:21 61,440 ----a-w C:\WINDOWS\system32\sockspy.dll
2007-06-26 07:18:17 -------- d-----w C:\Program Files\KeyText
2007-06-26 06:15:55 -------- d-----w C:\Program Files\QuickTime
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(5).dsk
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(4).dsk
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(3).dsk
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(2).dsk
2007-06-11 06:31:12 -------- d-----w C:\DOCUME~1\FALEXUS\APPLIC~1\iWin
2007-05-23 00:23:48 -------- d-----w C:\Program Files\Hardwood Spades
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 05:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}]
2007-06-26 08:22 1909760 --------- C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-09 21:49]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"BDNewsAgent"="c:\program files\softwin\bitdefender8\bdnagent.exe" [2005-05-09 12:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 05:29]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
"C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-12 10:52:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-12 10:56:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-12 10:56

--- E O F ---

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:45 PM

Posted 20 July 2007 - 10:16 PM

Hello alexus,

Our apologies for the delay.

If you still need help, please post a Hijackthis log.

A new version of HijackThis has now been released, so before you repost your log please download and install the new version by following the instructions in Step 9 of the Preparation Guide For Use Before Posting A Hijackthis Log.

Note that it is unnecessary to uninstall the old version because the new one will be copied to a different folder.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 alexus

alexus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 23 July 2007 - 10:07 PM

THE APPLICATION FAILED TO INITIALIZE PROPERLY(0xc0000001). cLICK OK TO TERMINATE THE APPLICATION. THIS IS THE MESSAGE I RECEIVE WHEN TRYING TO LOAD MESSENGER.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:38 PM, on 7/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\KeyText\KeyText.exe
C:\Program Files\EggTimerPlus\EggTimerPlus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZU
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.3.3.27/peng...s-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.2.25/flin...r-ob-assets.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.4.2.30/hots...k-ob-assets.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {44EC053A-400F-11D0-9DCD-00A0C90391D3} (Registrar Class) - http://www.workathomeagent.net/walldata/re...pressRedist.cab
O16 - DPF: {49937C71-B31C-4EE4-8096-9C935DE005C9} (GBTripeak Control) - http://www.gamebonus.com/dngame/gbtripeak.cab
O16 - DPF: {4CED1E75-12EF-4C24-A381-E36DC088CC00} - http://www.gamebonus.com/dngame/gbstackem.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {651E822E-364A-4BA2-A5FE-F753CE421884} - http://www.gamebonus.com/dngame/gbworddrop.cab
O16 - DPF: {6944D0ED-F974-40CC-AE94-5A6ABAA2557A} (GBSolitaire Control) - http://www.gamebonus.com/dngame/gbsolitaire.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1124332544125
O16 - DPF: {77E55ACB-5CE4-44AD-8C8E-5F36F832BD24} (GBBlasternoid Control) - http://www.gamebonus.com/dngame/gbblasternoid.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://games.bigfishgames.com/en_mysteryso...mesLauncher.cab
O16 - DPF: {AAB73FA7-2F0D-4750-B86C-A12FF5EE53F0} - http://www.gamebonus.com/dngame/gbblitz2.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {B87F4CF3-FC0E-45FB-8564-30F3F1F7A7C7} (GBMahJongSolitaire Control) - http://www.gamebonus.com/dngame/gbmahjongsolitaire.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.bigfishgames.com/online/sweetop...ia.1.0.0.20.cab
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 8211 bytes

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,628 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:45 PM

Posted 23 July 2007 - 10:35 PM

alexus

I've merged your log that was posted in the wrong forum with this one. Please refrain from starting new topics. Stick to the same thread. When you get a reply, just click the Add Reply button to this Topic. Do not create a new topic for your reply. This will cause confusion and a delay in the help you are receiving.

You've had an answer to this topic and another one you abandoned here: http://www.bleepingcomputer.com/forums/ind...c=97699&hl=
Please subscribe to this topic so you get an email notice and a link to it when you get a response. To do that click on the Options box toward the top right of your topic (just underneath Add Reply and New Topic). Then click on Track this topic, put a dot next to Immediate Email Notification, then scroll down and click Proceed.

Or, when you visit the forum, click on My Topics toward the top of any bleepingcomputer forum page. Thanks!

SifuMike will be with you when he is available.

The thing about people

is they change

when they walk away.--Mipso


#5 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:45 PM

Posted 24 July 2007 - 12:11 AM

Hello alexus,


Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

Select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab



This is an optional fix. The following is not necessarily spyware/malware, but I suggest you place a check mark next to the following entry, as this program may be taking up system resources.

O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don't know how to use it, you may cause irreparable damage to your system.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************


Reboot your computer.

Delete the version of ComboFix you have on your computer, as it has been updated. Also delete C:\QOOBOX

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post the ComboFix log and a fresh Hijackthis log in your next reply.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

*******************************************

Open HijackThis
Go to 'config'
Go to 'misc tools'
Press the button 'open uninstall manager'
Press 'save list'
A notepad file will open.
Post the content here in your reply.
Close HijackThis.



Post the ComboFix log, the Uninstall Manager listing, a new Hijackthis log, and tell me how your computer is running.

To reply, just click the Add Reply button to this Topic. Do not create a new topic for your reply. This will cause confusion and a delay in the help you are receiving.

Edited by SifuMike, 24 July 2007 - 12:15 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 alexus

alexus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 27 July 2007 - 06:52 AM

"FALEXUS" - 2007-07-27 4:30:18 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\b103.exe
C:\WINDOWS\system32\FTPx.dll


((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))


2007-07-27 04:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-23 20:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-22 11:01 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\Gaijin Ent
2007-07-21 16:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds
2007-07-21 01:59 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\Sandlot Games
2007-07-21 01:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-07-21 01:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
2007-07-21 01:58 <DIR> d-------- C:\Program Files\GameHouse
2007-07-21 01:58 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\GameHouse
2007-07-20 15:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
2007-07-20 15:14 <DIR> d-------- C:\Program Files\Turbo Pizza
2007-07-20 15:14 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-07-18 20:03 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\OpenOffice.org2
2007-07-17 10:06 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2007-07-17 09:37 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\BFGTOOLBAR
2007-07-05 11:17 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\MSN6
2007-07-05 11:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-07-04 00:09 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\Pogo Games
2007-06-29 16:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-29 16:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-29 16:38 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\SUPERAntiSpyware.com
2007-06-29 16:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Trillian
2007-06-27 19:02 <DIR> d-------- C:\Program Files\PCPitstop
2007-06-27 19:02 <DIR> d-------- C:\Program Files\McAfee.com
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2007-06-27 19:02 <DIR> d-------- C:\Program Files\CleanUp!(2)
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Citrix
2007-06-27 19:02 <DIR> d-------- C:\Program Files\CallWave
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Bingo Gala(2)
2007-06-27 19:02 <DIR> d-------- C:\Program Files\BFG
2007-06-27 19:02 <DIR> d-------- C:\Program Files\AOD
2007-06-27 19:02 <DIR> d-------- C:\Program Files\AIM
2007-06-27 19:01 <DIR> d-------- C:\Program Files\GoldPocket
2007-06-27 19:01 <DIR> d-------- C:\Program Files\GanymedeNet
2007-06-27 18:42 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat
2007-06-27 18:41 <DIR> d-------- C:\Program Files\Panda Software
2007-06-27 14:12 <DIR> d-------- C:\DOCUME~1\FALEXUS\.housecall6.6
2007-06-27 10:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-06-27 10:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 01:02:43 -------- d-----w C:\Program Files\EggTimerPlus
2007-07-20 18:27:39 -------- d-----w C:\Program Files\MSN Messenger
2007-07-10 04:11:00 -------- d-----w C:\Program Files\Oberon Media
2007-06-29 23:04:44 -------- d-----w C:\Program Files\Yahoo!
2007-06-29 23:04:28 -------- d-----w C:\Program Files\Common Files\Scanner
2007-06-28 01:58:01 -------- d-----w C:\Program Files\InterMute
2007-06-28 01:58:00 -------- d-----w C:\Program Files\bfgtoolbar
2007-06-28 01:41:37 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-27 23:06:07 -------- d-----w C:\Program Files\Messenger
2007-06-26 19:05:33 -------- d-----w C:\Program Files\a-squared Free
2007-06-26 19:05:30 -------- d-----w C:\DOCUME~1\FALEXUS\APPLIC~1\Yahoo!
2007-06-26 19:05:25 -------- d-----w C:\DOCUME~1\FALEXUS\APPLIC~1\BFGTOOLBAR
2007-06-26 13:33:12 14 ----a-w C:\WINDOWS\system32\getfile.dat
2007-06-26 07:32:21 61,440 ----a-w C:\WINDOWS\system32\sockspy.dll
2007-06-26 07:18:17 -------- d-----w C:\Program Files\KeyText
2007-06-26 06:15:55 -------- d-----w C:\Program Files\QuickTime
2007-06-26 04:36:26 -------- d-----w C:\Program Files\Common Files\ozii
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(5).dsk
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(4).dsk
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(3).dsk
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(2).dsk
2007-06-21 22:24:09 -------- d-----w C:\Program Files\MySpace
2007-06-16 22:39:54 -------- d-----w C:\DOCUME~1\FALEXUS\APPLIC~1\MySpace
2007-06-11 06:31:12 -------- d-----w C:\DOCUME~1\FALEXUS\APPLIC~1\iWin
2007-05-30 12:10:42 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}"= C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL [2007-06-26 08:22 1909760]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}]
[HKEY_CLASSES_ROOT\bfgtoolbar.BFGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-09 21:49]
"BDNewsAgent"="c:\program files\softwin\bitdefender8\bdnagent.exe" [2005-05-09 12:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\FALEXUS\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
DESKTOP.INI [2002-09-03 07:00:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
"C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
R2 FILESpy;FILESpy;\??\C:\Program Files\Softwin\BitDefender8\filespy.sys
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S1 P3;Intel PentiumIII Processor Driver;C:\WINDOWS\system32\DRIVERS\p3.sys
S2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
S2 REGSpy;REGSpy;\??\C:\Program Files\Softwin\BitDefender8\regspy.sys
S3 i81x;i81x;C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
S3 iAimFP0;iAimFP0;C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
S3 iAimFP1;iAimFP1;C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
S3 iAimFP2;iAimFP2;C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
S3 iAimFP3;iAimFP3;C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
S3 iAimFP4;iAimFP4;C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
S3 iAimTV0;iAimTV0;C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
S3 iAimTV1;iAimTV1;C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
S3 iAimTV2;iAimTV2;C:\WINDOWS\system32\DRIVERS\wATV03nt.sys
S3 iAimTV3;iAimTV3;C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
S3 iAimTV4;iAimTV4;C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-27 04:36:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-27 4:39:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-27 04:38

--- E O F ---


"FALEXUS" - 2007-07-27 4:30:18 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\b103.exe
C:\WINDOWS\system32\FTPx.dll


((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))


2007-07-27 04:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-23 20:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-22 11:01 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\Gaijin Ent
2007-07-21 16:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds
2007-07-21 01:59 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\Sandlot Games
2007-07-21 01:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-07-21 01:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
2007-07-21 01:58 <DIR> d-------- C:\Program Files\GameHouse
2007-07-21 01:58 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\GameHouse
2007-07-20 15:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
2007-07-20 15:14 <DIR> d-------- C:\Program Files\Turbo Pizza
2007-07-20 15:14 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-07-18 20:03 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\OpenOffice.org2
2007-07-17 10:06 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2007-07-17 09:37 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\BFGTOOLBAR
2007-07-05 11:17 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\MSN6
2007-07-05 11:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-07-04 00:09 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\Pogo Games
2007-06-29 16:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-29 16:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-29 16:38 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\SUPERAntiSpyware.com
2007-06-29 16:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Trillian
2007-06-27 19:02 <DIR> d-------- C:\Program Files\PCPitstop
2007-06-27 19:02 <DIR> d-------- C:\Program Files\McAfee.com
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2007-06-27 19:02 <DIR> d-------- C:\Program Files\CleanUp!(2)
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Citrix
2007-06-27 19:02 <DIR> d-------- C:\Program Files\CallWave
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Bingo Gala(2)
2007-06-27 19:02 <DIR> d-------- C:\Program Files\BFG
2007-06-27 19:02 <DIR> d-------- C:\Program Files\AOD
2007-06-27 19:02 <DIR> d-------- C:\Program Files\AIM
2007-06-27 19:01 <DIR> d-------- C:\Program Files\GoldPocket
2007-06-27 19:01 <DIR> d-------- C:\Program Files\GanymedeNet
2007-06-27 18:42 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat
2007-06-27 18:41 <DIR> d-------- C:\Program Files\Panda Software
2007-06-27 14:12 <DIR> d-------- C:\DOCUME~1\FALEXUS\.housecall6.6
2007-06-27 10:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-06-27 10:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 01:02:43 -------- d-----w C:\Program Files\EggTimerPlus
2007-07-20 18:27:39 -------- d-----w C:\Program Files\MSN Messenger
2007-07-10 04:11:00 -------- d-----w C:\Program Files\Oberon Media
2007-06-29 23:04:44 -------- d-----w C:\Program Files\Yahoo!
2007-06-29 23:04:28 -------- d-----w C:\Program Files\Common Files\Scanner
2007-06-28 01:58:01 -------- d-----w C:\Program Files\InterMute
2007-06-28 01:58:00 -------- d-----w C:\Program Files\bfgtoolbar
2007-06-28 01:41:37 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-27 23:06:07 -------- d-----w C:\Program Files\Messenger
2007-06-26 19:05:33 -------- d-----w C:\Program Files\a-squared Free
2007-06-26 19:05:30 -------- d-----w C:\DOCUME~1\FALEXUS\APPLIC~1\Yahoo!
2007-06-26 19:05:25 -------- d-----w C:\DOCUME~1\FALEXUS\APPLIC~1\BFGTOOLBAR
2007-06-26 13:33:12 14 ----a-w C:\WINDOWS\system32\getfile.dat
2007-06-26 07:32:21 61,440 ----a-w C:\WINDOWS\system32\sockspy.dll
2007-06-26 07:18:17 -------- d-----w C:\Program Files\KeyText
2007-06-26 06:15:55 -------- d-----w C:\Program Files\QuickTime
2007-06-26 04:36:26 -------- d-----w C:\Program Files\Common Files\ozii
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(5).dsk
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(4).dsk
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(3).dsk
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(2).dsk
2007-06-21 22:24:09 -------- d-----w C:\Program Files\MySpace
2007-06-16 22:39:54 -------- d-----w C:\DOCUME~1\FALEXUS\APPLIC~1\MySpace
2007-06-11 06:31:12 -------- d-----w C:\DOCUME~1\FALEXUS\APPLIC~1\iWin
2007-05-30 12:10:42 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}"= C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL [2007-06-26 08:22 1909760]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}]
[HKEY_CLASSES_ROOT\bfgtoolbar.BFGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-09 21:49]
"BDNewsAgent"="c:\program files\softwin\bitdefender8\bdnagent.exe" [2005-05-09 12:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\FALEXUS\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
DESKTOP.INI [2002-09-03 07:00:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
"C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
R2 FILESpy;FILESpy;\??\C:\Program Files\Softwin\BitDefender8\filespy.sys
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S1 P3;Intel PentiumIII Processor Driver;C:\WINDOWS\system32\DRIVERS\p3.sys
S2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
S2 REGSpy;REGSpy;\??\C:\Program Files\Softwin\BitDefender8\regspy.sys
S3 i81x;i81x;C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
S3 iAimFP0;iAimFP0;C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
S3 iAimFP1;iAimFP1;C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
S3 iAimFP2;iAimFP2;C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
S3 iAimFP3;iAimFP3;C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
S3 iAimFP4;iAimFP4;C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
S3 iAimTV0;iAimTV0;C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
S3 iAimTV1;iAimTV1;C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
S3 iAimTV2;iAimTV2;C:\WINDOWS\system32\DRIVERS\wATV03nt.sys
S3 iAimTV3;iAimTV3;C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
S3 iAimTV4;iAimTV4;C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-27 04:36:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-27 4:39:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-27 04:38

--- E O F ---
"FALEXUS" - 2007-07-27 4:30:18 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\b103.exe
C:\WINDOWS\system32\FTPx.dll


((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))


2007-07-27 04:20 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-23 20:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-22 11:01 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\Gaijin Ent
2007-07-21 16:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aliasworlds
2007-07-21 01:59 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\Sandlot Games
2007-07-21 01:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-07-21 01:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
2007-07-21 01:58 <DIR> d-------- C:\Program Files\GameHouse
2007-07-21 01:58 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\GameHouse
2007-07-20 15:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
2007-07-20 15:14 <DIR> d-------- C:\Program Files\Turbo Pizza
2007-07-20 15:14 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-07-18 20:03 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\OpenOffice.org2
2007-07-17 10:06 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2007-07-17 09:37 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\BFGTOOLBAR
2007-07-05 11:17 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\MSN6
2007-07-05 11:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-07-04 00:09 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\Pogo Games
2007-06-29 16:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-29 16:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-29 16:38 <DIR> d-------- C:\DOCUME~1\FALEXUS\APPLIC~1\SUPERAntiSpyware.com
2007-06-29 16:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Trillian
2007-06-27 19:02 <DIR> d-------- C:\Program Files\PCPitstop
2007-06-27 19:02 <DIR> d-------- C:\Program Files\McAfee.com
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2007-06-27 19:02 <DIR> d-------- C:\Program Files\CleanUp!(2)
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Citrix
2007-06-27 19:02 <DIR> d-------- C:\Program Files\CallWave
2007-06-27 19:02 <DIR> d-------- C:\Program Files\Bingo Gala(2)
2007-06-27 19:02 <DIR> d-------- C:\Program Files\BFG
2007-06-27 19:02 <DIR> d-------- C:\Program Files\AOD
2007-06-27 19:02 <DIR> d-------- C:\Program Files\AIM
2007-06-27 19:01 <DIR> d-------- C:\Program Files\GoldPocket
2007-06-27 19:01 <DIR> d-------- C:\Program Files\GanymedeNet
2007-06-27 18:42 248 --a------ C:\WINDOWS\SYSTEM32\PavCPL.dat
2007-06-27 18:41 <DIR> d-------- C:\Program Files\Panda Software
2007-06-27 14:12 <DIR> d-------- C:\DOCUME~1\FALEXUS\.housecall6.6
2007-06-27 10:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-06-27 10:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 01:02:43 -------- d-----w C:\Program Files\EggTimerPlus
2007-07-20 18:27:39 -------- d-----w C:\Program Files\MSN Messenger
2007-07-10 04:11:00 -------- d-----w C:\Program Files\Oberon Media
2007-06-29 23:04:44 -------- d-----w C:\Program Files\Yahoo!
2007-06-29 23:04:28 -------- d-----w C:\Program Files\Common Files\Scanner
2007-06-28 01:58:01 -------- d-----w C:\Program Files\InterMute
2007-06-28 01:58:00 -------- d-----w C:\Program Files\bfgtoolbar
2007-06-28 01:41:37 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-27 23:06:07 -------- d-----w C:\Program Files\Messenger
2007-06-26 19:05:33 -------- d-----w C:\Program Files\a-squared Free
2007-06-26 19:05:30 -------- d-----w C:\DOCUME~1\FALEXUS\APPLIC~1\Yahoo!
2007-06-26 19:05:25 -------- d-----w C:\DOCUME~1\FALEXUS\APPLIC~1\BFGTOOLBAR
2007-06-26 13:33:12 14 ----a-w C:\WINDOWS\system32\getfile.dat
2007-06-26 07:32:21 61,440 ----a-w C:\WINDOWS\system32\sockspy.dll
2007-06-26 07:18:17 -------- d-----w C:\Program Files\KeyText
2007-06-26 06:15:55 -------- d-----w C:\Program Files\QuickTime
2007-06-26 04:36:26 -------- d-----w C:\Program Files\Common Files\ozii
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(5).dsk
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(4).dsk
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(3).dsk
2007-06-26 00:42:40 164,787 ----a-w C:\WINDOWS\system32\drivers\core.cache(2).dsk
2007-06-21 22:24:09 -------- d-----w C:\Program Files\MySpace
2007-06-16 22:39:54 -------- d-----w C:\DOCUME~1\FALEXUS\APPLIC~1\MySpace
2007-06-11 06:31:12 -------- d-----w C:\DOCUME~1\FALEXUS\APPLIC~1\iWin
2007-05-30 12:10:42 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}"= C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL [2007-06-26 08:22 1909760]

[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}]
[HKEY_CLASSES_ROOT\bfgtoolbar.BFGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-09 21:49]
"BDNewsAgent"="c:\program files\softwin\bitdefender8\bdnagent.exe" [2005-05-09 12:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\FALEXUS\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
DESKTOP.INI [2002-09-03 07:00:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
"C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
R2 FILESpy;FILESpy;\??\C:\Program Files\Softwin\BitDefender8\filespy.sys
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
S1 P3;Intel PentiumIII Processor Driver;C:\WINDOWS\system32\DRIVERS\p3.sys
S2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
S2 REGSpy;REGSpy;\??\C:\Program Files\Softwin\BitDefender8\regspy.sys
S3 i81x;i81x;C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
S3 iAimFP0;iAimFP0;C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
S3 iAimFP1;iAimFP1;C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
S3 iAimFP2;iAimFP2;C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
S3 iAimFP3;iAimFP3;C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
S3 iAimFP4;iAimFP4;C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
S3 iAimTV0;iAimTV0;C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
S3 iAimTV1;iAimTV1;C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
S3 iAimTV2;iAimTV2;C:\WINDOWS\system32\DRIVERS\wATV03nt.sys
S3 iAimTV3;iAimTV3;C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
S3 iAimTV4;iAimTV4;C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-27 04:36:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-27 4:39:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-27 04:38

--- E O F ---

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:45 PM

Posted 27 July 2007 - 11:40 AM

Hi alexus

You forgot to post the Hijackthis log and the uninstall manager listing.
:thumbsup:

Edited by SifuMike, 27 July 2007 - 11:41 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 alexus

alexus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 29 July 2007 - 10:22 AM

Hi Mike,

Ss this is kinda confusing. Do I need to re-do all teh steps over again to post those two logs? Thank you.

#9 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:45 PM

Posted 29 July 2007 - 11:27 AM

Hi alexus,

No, just post the Hijackthis log and the uninstall manager listing :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users