Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

My Hijack This Log. Please Help Me.

Started by maizipulgad , Apr 22 2007 05:42 AM

  • Please log in to reply
14 replies to this topic

#1 maizipulgad

maizipulgad

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 22 April 2007 - 05:42 AM

Logfile of HijackThis v1.99.1
Scan saved at 14:31:59, on 22.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Priit\Desktop\siim\kaitse\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neti.ee/
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ShareSearcher] C:\DOCUME~1\Priit\LOCALS~1\Temp\6F.tmp
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://rotterdam.raw...2.0/Rawflow.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/...nx.1.0.0.87.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.bigfishga...bGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1112617393817
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall....ivex/hcImpl.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.bigfishga...mesLauncher.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://axis.ivmv.ee/...sCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://www.bigfishga...ameLauncher.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.bigfishga...ia.1.0.0.20.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\syst820.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Advertisements

Register to Remove

#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 28 April 2007 - 10:56 PM

C:\WINDOWS\system32\syst820.dll

I would like to see a copy of the file in bold.

Click start / then my computer / local disk then follow the process tree.
Or using Windows Explorer, locate the first file you want to zip.
Right click on the file and select Send To and Compressed (zipped) Folder.
This makes a copy it does not delete it.
Please zip the file and upload it here
Or email it here

Please include a link to this thread.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#3 maizipulgad

maizipulgad

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 29 April 2007 - 06:00 AM

i'm not home right now, but i'll do it as soon as i go home. i hope you are willing to wait for it. thanks for your time!

#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 29 April 2007 - 07:21 AM

I'm now tracking this thread and have nothing but time. :weee:
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#5 maizipulgad

maizipulgad

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 05 May 2007 - 11:15 AM

i have sent you the file. hope you can help me. can you please hurry. i'll leave home on 6-th of may and will be back in the end of the month.

#6 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 05 May 2007 - 09:00 PM

Download The Avenger Copyright © Swandog46
You must extract avenger.exe to your desktop, before you run it.
The Avenger must be run from a user account with administrator privileges,
and ONLY works on Windows 2000 and XP, and only on 32-bit versions!

Copy all the text contained in the code box below to your Clipboard.

Files to delete:
C:\WINDOWS\system32\syst820.dll


The above script is for this user only, if you need help please start your own thread.

Start the Avenger.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Paste the entire text in into this window.
Click done, now click on the Green Light
Answer "Yes" twice when prompted.
Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.

After the restart, it will create a log file that should open.
This log file will be located at C:\avenger.txt
Paste the contents of the file into your reply along with a fresh HJT log.

Also: Avenger has made backups of all the files, etc., that you asked it to delete, located at C:\avenger\backup.zip.

After posting the new logs.
Then lets try run. combofix.exe
Download it from one of the links below:

http://download.blee...Bs/combofix.exe
http://www.techsuppo...ls/combofix.exe

Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Edited by little eagle, 05 May 2007 - 09:01 PM.

Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#7 maizipulgad

maizipulgad

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 06 May 2007 - 01:36 AM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wogpkqjx

*******************

Script file located at: \??\C:\Documents and Settings\ntisoiba.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\syst820.dll not found!
Deletion of file C:\WINDOWS\system32\syst820.dll failed!

Could not process line:
C:\WINDOWS\system32\syst820.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

The file was not found because its quarantined by housecall or something like that.


Logfile of HijackThis v1.99.1
Scan saved at 10:29:15, on 6.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wsmmlog.exe
C:\WINDOWS\system32\smcntlwio.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Priit\Desktop\siim\kaitse\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neti.ee/
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [updatemanw] C:\WINDOWS\system32\cmdpmeno.exe
O4 - HKLM\..\Run: [winsplog] C:\WINDOWS\system32\wsmmlog.exe
O4 - HKLM\..\Run: [sacmemds] C:\WINDOWS\system32\smcntlwio.exe
O4 - HKLM\..\Run: [DriveCleaner Free] "c:\program files\drivecleaner free\udc.exe" /min
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\hughyqaq.dll",realset
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitLord\BitLord.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://rotterdam.raw...2.0/Rawflow.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/...nx.1.0.0.87.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.bigfishga...bGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1112617393817
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall....ivex/hcImpl.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.bigfishga...mesLauncher.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://axis.ivmv.ee/...sCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://www.bigfishga...ameLauncher.cab
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://www.bigfishga...ia.1.0.0.20.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\syst820.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#8 maizipulgad

maizipulgad

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 06 May 2007 - 02:01 AM

"Priit" - 07-05-06 10:39:53 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Priit\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\cifuxppw.dll
C:\WINDOWS\system32\erlcmekq.dll
C:\WINDOWS\system32\qelpcjlp.dll
C:\WINDOWS\system32\roddiyev.dll
C:\WINDOWS\system32\jdqycfrx.dll
C:\WINDOWS\system32\oqycgmov.dll
C:\WINDOWS\system32\gsbiddyw.dll
C:\WINDOWS\system32\jecfovgc.dll
C:\WINDOWS\system32\vgihqhmk.dll
C:\WINDOWS\system32\vvyay.bak1
C:\WINDOWS\system32\vvyay.bak2
C:\WINDOWS\system32\vvyay.ini
C:\WINDOWS\system32\yayvv.dll
C:\WINDOWS\system32\awtqqnn.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\keyboard1.dat
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\activextest.bat
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\EULA.txt
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\readme.htm
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\Sweetopia.exe
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\strings.xml
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\xsellstyle.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\Music\Level01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\Music\Level01B.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM02.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ALARM03.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ANYLOOP.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BONUS100.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUMPSCENERY01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUMPSWEET01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_BUTTONCLICK.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_CASCADEGOOD.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_COMBOGOOD.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_FAILED.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_FIREWOOSH01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KATEHURRAY01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KATEHURRAY02.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_KEYSTROKE.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_LAUNCHERDOWN.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_POP01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PRODUCTION01.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUREWIND.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUSHERBONUS.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_PUSHERPOP.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGEND.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGLOOP.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_ROLLINGSTART.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SHERBETDONE.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SHUFFLE.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKEREND.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKERLOOP.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SUCKERSTART.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_SWAP.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Audio\sfx\SND_TRANSITION.ogg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\arcadepanel.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\dialog.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\fullscreendialoglocal.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\infodialog.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\longdialog.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\panel.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\screenshots.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\submitdialog.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\textfield.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\backgrounds\yesnodialog.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_down.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_over.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowdown_up.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_down.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_over.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowright_up.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_down.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_over.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\bluearrowup_up.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\buttondown.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\buttonrollover.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\buttonup.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\checkdown.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\checkup.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\choosenamedown.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\choosenameover.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\long_button_down.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\long_button_over.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\long_button_up.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\sliderknob.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\sliderknobover.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\buttons\sliderrail.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\cursor\cursor.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\cursor\nocursor.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\fonts\main.mvec
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Comic\Intros.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Comic\TipWindow.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_Flame.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_Hot.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_PowerUp.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_Ring.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_Sherbet.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_Steam.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_SugarFloor.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\FX\FX_White.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach01A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach01_PistonA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach02A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach02_RingA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach03A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach03_HammerA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach04A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach04_CrankA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach05A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06_CrossA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach06_PistonA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach07A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach08A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Machines\Mach09A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerBase01A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerBase02A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop01A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop01B.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop02A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Mixers\MixerTop02B.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleBase.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleDoor.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHead.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHead2.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHole.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHoleA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHoleB.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHurray1.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleHurray2.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateAhead.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateFire.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateLeft.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleKateRight.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleSling.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleSlingA.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleTop.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Paddle\PaddleTunnel.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Sucker\SuckerTop.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Sucker\SuckerWind.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Glass\Glass01.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Ingredients\Ingredient02.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Machines\Mach02A.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Textures\Walls\Wall02.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01B.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Vats\Vat01C.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Vent01.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Joints\JointCross01A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Vents\Joints\JointStraight01A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall01A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall01B.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall02A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall02B.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall03A.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Models\Walls\Wall03B.mesh
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\Channel06.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\ChannelShadow.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Channels\InsChannel.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Floors\Floor01.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\Pusher.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\PusherBang.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Pusher\PusherWheel.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Shadows\Shadow01.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Shadows\Shadow02.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetA.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetC.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetC_S.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetG.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetG_S.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetH.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetP.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetPUs.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetP_S.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetR.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetR_S.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetS.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetShine.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Sweets\SweetS_S.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Vat\MacLight01.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\Textures\Vat\VatPipes01.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\InGame\PUDialog.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\Instructions\InstBackdrop.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\Instructions\SweetTypes.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\Loading\LoadingBar.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\Loading\LoadingScreen.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\MainMenu\MainMenuScreen.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\Pointers\InGameHole.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Game\UI\Pointers\InGamePointer.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\hiscore\global-hs-bb_large.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\hiscore\global-hs-bb_small.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\hiscore\hi.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\hiscore\local-hs-bb.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\hiscore\p1icon.png
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A01.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A02.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A03.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A04.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A05.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A06.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A07.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A08.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A09.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\A10.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C01.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C02.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C03.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C04.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C05.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C06.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C07.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C08.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C09.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Levels\C10.lev
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\Complete.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\CPaused.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\Ins.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\MoreInfo.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\TIP_K1.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\Tip_L1C.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\Tip_L1D.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\Tip_L1E.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Pages\Tip_L5A.Pag
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\arcade.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\chooseplayer.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\complete.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\continue.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\credits.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\entername.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\game.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\instructions.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\loading.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\moreinfo.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\ok.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\options.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\pause.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\pieye.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\style.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Scripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Splash\PiEyeGames_logo.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Splash\playfirst_aol_logo.jpg
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20\assets\Splash\playfirst_logo.jpg
C:\WINDOWS\wpcjmd.log
C:\WINDOWS\DOWNLO~1.\Sweetopia.1.0.0.20
C:\WINDOWS\system32\rpcc.dll


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\npf
-------\LEGACY_CMDSERVICE


((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 ))))))))))))))))))))))))))))))))))


2007-05-06 10:26 <DIR> d-------- C:\avenger
2007-05-05 10:05 132,660 --a------ C:\WINDOWS\system32\hughyqaq.dll
2007-05-03 20:33 20,480 --a------ C:\WINDOWS\system32\33488082ld.exe
2007-05-03 20:23 20,480 --a------ C:\WINDOWS\system32\23313002ld.exe
2007-05-03 20:13 20,480 --a------ C:\WINDOWS\system32\13131712ld.exe
2007-05-03 20:02 20,480 --a------ C:\WINDOWS\system32\2554732ld.exe
2007-05-03 19:52 20,480 --a------ C:\WINDOWS\system32\52363022ld.exe
2007-05-03 19:42 20,480 --a------ C:\WINDOWS\system32\42168922ld.exe
2007-05-03 19:32 20,480 --a------ C:\WINDOWS\system32\31593142ld.exe
2007-05-03 19:21 20,480 --a------ C:\WINDOWS\system32\21423062ld.exe
2007-05-03 19:11 20,480 --a------ C:\WINDOWS\system32\11243482ld.exe
2007-05-03 19:01 20,480 --a------ C:\WINDOWS\system32\16992ld.exe
2007-05-03 18:50 20,480 --a------ C:\WINDOWS\system32\50482202ld.exe
2007-05-03 18:40 20,480 --a------ C:\WINDOWS\system32\40303822ld.exe
2007-05-03 18:30 20,480 --a------ C:\WINDOWS\system32\30129742ld.exe
2007-05-03 18:19 20,480 --a------ C:\WINDOWS\system32\19518212ld.exe
2007-05-03 18:09 20,480 --a------ C:\WINDOWS\system32\9337122ld.exe
2007-05-03 17:59 20,480 --a------ C:\WINDOWS\system32\59162442ld.exe
2007-05-03 17:49 20,480 --a------ C:\WINDOWS\system32\48592472ld.exe
2007-05-03 17:38 20,480 --a------ C:\WINDOWS\system32\38373832ld.exe
2007-05-03 17:28 20,480 --a------ C:\WINDOWS\system32\28155492ld.exe
2007-05-03 17:17 20,480 --a------ C:\WINDOWS\system32\17563382ld.exe
2007-05-03 17:07 20,480 --a------ C:\WINDOWS\system32\7351352ld.exe
2007-05-03 16:57 20,480 --a------ C:\WINDOWS\system32\57169562ld.exe
2007-05-03 16:46 20,480 --a------ C:\WINDOWS\system32\46562142ld.exe
2007-05-03 16:36 20,480 --a------ C:\WINDOWS\system32\36346102ld.exe
2007-05-03 16:26 20,480 --a------ C:\WINDOWS\system32\2672282ld.exe
2007-05-03 16:15 20,480 --a------ C:\WINDOWS\system32\15471662ld.exe
2007-05-03 16:05 20,480 --a------ C:\WINDOWS\system32\529772ld.exe
2007-05-03 15:55 20,480 --a------ C:\WINDOWS\system32\55115592ld.exe
2007-05-03 15:44 20,480 --a------ C:\WINDOWS\system32\44537912ld.exe
2007-05-03 15:34 20,480 --a------ C:\WINDOWS\system32\34349212ld.exe
2007-05-03 15:24 20,480 --a------ C:\WINDOWS\system32\24151302ld.exe
2007-05-03 15:13 20,480 --a------ C:\WINDOWS\system32\13543172ld.exe
2007-05-03 15:03 20,480 --a------ C:\WINDOWS\system32\3358582ld.exe
2007-05-03 14:53 20,480 --a------ C:\WINDOWS\system32\53168182ld.exe
2007-05-03 14:43 20,480 --a------ C:\WINDOWS\system32\42597502ld.exe
2007-05-01 22:32 20,480 --a------ C:\WINDOWS\system32\32298722ld.exe
2007-05-01 22:22 20,480 --a------ C:\WINDOWS\system32\2291602ld.exe
2007-05-01 22:11 20,480 --a------ C:\WINDOWS\system32\11483872ld.exe
2007-05-01 22:03 <DIR> d-------- C:\Program Files\Common Files\DriveCleaner Free
2007-05-01 22:01 20,480 --a------ C:\WINDOWS\system32\1283352ld.exe
2007-05-01 21:51 20,480 --a------ C:\WINDOWS\system32\5194152ld.exe
2007-05-01 21:40 20,480 --a------ C:\WINDOWS\system32\40477622ld.exe
2007-05-01 21:30 20,480 --a------ C:\WINDOWS\system32\30287812ld.exe
2007-05-01 21:20 20,480 --a------ C:\WINDOWS\system32\20102222ld.exe
2007-05-01 21:09 20,480 --a------ C:\WINDOWS\system32\9521032ld.exe
2007-05-01 20:59 20,480 --a------ C:\WINDOWS\system32\59329332ld.exe
2007-05-01 20:49 20,480 --a------ C:\WINDOWS\system32\4915742ld.exe
2007-05-01 20:38 20,480 --a------ C:\WINDOWS\system32\38567852ld.exe
2007-05-01 20:28 20,480 --a------ C:\WINDOWS\system32\2839272ld.exe
2007-05-01 20:18 20,480 --a------ C:\WINDOWS\system32\18142492ld.exe
2007-05-01 20:07 20,480 --a------ C:\WINDOWS\system32\7554292ld.exe
2007-05-01 19:57 20,480 --a------ C:\WINDOWS\system32\5731212ld.exe
2007-05-01 19:47 20,480 --a------ C:\WINDOWS\system32\47132132ld.exe
2007-05-01 19:36 20,480 --a------ C:\WINDOWS\system32\36545132ld.exe
2007-05-01 19:26 20,480 --a------ C:\WINDOWS\system32\26365952ld.exe
2007-05-01 19:16 20,480 --a------ C:\WINDOWS\system32\16191872ld.exe
2007-05-01 19:06 20,480 --a------ C:\WINDOWS\system32\5556102ld.exe
2007-05-01 18:55 20,480 --a------ C:\WINDOWS\system32\55376512ld.exe
2007-05-01 18:45 20,480 --a------ C:\WINDOWS\system32\45152262ld.exe
2007-05-01 18:34 20,480 --a------ C:\WINDOWS\system32\34568572ld.exe
2007-05-01 18:24 20,480 --a------ C:\WINDOWS\system32\24365252ld.exe
2007-05-01 18:14 20,480 --a------ C:\WINDOWS\system32\14184172ld.exe
2007-05-01 18:03 20,480 --a------ C:\WINDOWS\system32\3572732ld.exe
2007-05-01 17:53 20,480 --a------ C:\WINDOWS\system32\53391752ld.exe
2007-05-01 17:43 20,480 --a------ C:\WINDOWS\system32\43216372ld.exe
2007-05-01 17:33 20,480 --a------ C:\WINDOWS\system32\3334682ld.exe
2007-05-01 17:22 20,480 --a------ C:\WINDOWS\system32\22459202ld.exe
2007-05-01 17:12 20,480 --a------ C:\WINDOWS\system32\12285422ld.exe
2007-05-01 17:02 20,480 --a------ C:\WINDOWS\system32\289512ld.exe
2007-05-01 16:51 20,480 --a------ C:\WINDOWS\system32\51513132ld.exe
2007-05-01 16:41 20,480 --a------ C:\WINDOWS\system32\41332042ld.exe
2007-05-01 16:31 20,480 --a------ C:\WINDOWS\system32\31153162ld.exe
2007-05-01 16:20 20,480 --a------ C:\WINDOWS\system32\20572972ld.exe
2007-05-01 16:10 20,480 --a------ C:\WINDOWS\system32\10366852ld.exe
2007-05-01 16:00 20,480 --a------ C:\WINDOWS\system32157922ld.exe
2007-05-01 15:49 20,480 --a------ C:\WINDOWS\system32\49496922ld.exe
2007-05-01 15:39 20,480 --a------ C:\WINDOWS\system32\39317632ld.exe
2007-05-01 15:29 20,480 --a------ C:\WINDOWS\system32\29103192ld.exe
2007-05-01 15:18 20,480 --a------ C:\WINDOWS\system32\18457712ld.exe
2007-05-01 15:08 20,480 --a------ C:\WINDOWS\system32\8268012ld.exe
2007-04-30 23:34 20,480 --a------ C:\WINDOWS\system32\340852ld.exe
2007-04-30 23:23 20,480 --a------ C:\WINDOWS\system32\23284162ld.exe
2007-04-30 23:13 20,480 --a------ C:\WINDOWS\system32\1317552ld.exe
2007-04-30 23:02 20,480 --a------ C:\WINDOWS\system32\2281342ld.exe
2007-04-30 22:51 20,480 --a------ C:\WINDOWS\system32\51347152ld.exe
2007-04-30 22:41 20,480 --a------ C:\WINDOWS\system32\4121352ld.exe
2007-04-30 22:30 20,480 --a------ C:\WINDOWS\system32\30352542ld.exe
2007-04-30 22:20 20,480 --a------ C:\WINDOWS\system32\201632ld.exe
2007-04-30 22:09 20,480 --a------ C:\WINDOWS\system32\9584852ld.exe
2007-04-30 21:59 20,480 --a------ C:\WINDOWS\system32\59369212ld.exe
2007-04-30 21:49 20,480 --a------ C:\WINDOWS\system32\4975462ld.exe
2007-04-30 21:38 20,480 --a------ C:\WINDOWS\system32\38494082ld.exe
2007-04-30 21:28 20,480 --a------ C:\WINDOWS\system32\28271032ld.exe
2007-04-30 21:18 20,480 --a------ C:\WINDOWS\system32\1812732ld.exe
2007-04-30 21:07 20,480 --a------ C:\WINDOWS\system32\7305662ld.exe
2007-04-30 20:57 20,480 --a------ C:\WINDOWS\system32\5755272ld.exe
2007-04-30 20:46 20,480 --a------ C:\WINDOWS\system32\46443442ld.exe
2007-04-30 20:36 20,480 --a------ C:\WINDOWS\system32\36186842ld.exe
2007-04-30 20:25 20,480 --a------ C:\WINDOWS\system32\25536562ld.exe
2007-04-30 20:15 20,480 --a------ C:\WINDOWS\system32\15301792ld.exe
2007-04-30 20:05 20,480 --a------ C:\WINDOWS\system32\511392ld.exe
2007-04-30 19:54 20,480 --a------ C:\WINDOWS\system32\54522592ld.exe
2007-04-30 19:44 20,480 --a------ C:\WINDOWS\system32\44324882ld.exe
2007-04-30 19:34 20,480 --a------ C:\WINDOWS\system32\34141192ld.exe
2007-04-30 19:23 20,480 --a------ C:\WINDOWS\system32\23401772ld.exe
2007-04-30 19:13 20,480 --a------ C:\WINDOWS\system32\13165402ld.exe
2007-04-30 19:02 20,480 --a------ C:\WINDOWS\system32\2484872ld.exe
2007-04-30 18:52 20,480 --a------ C:\WINDOWS\system32\52252512ld.exe
2007-04-30 18:42 20,480 --a------ C:\WINDOWS\system32\425892ld.exe
2007-04-30 18:31 20,480 --a------ C:\WINDOWS\system32\31429752ld.exe
2007-04-30 18:21 20,480 --a------ C:\WINDOWS\system32\21199392ld.exe
2007-04-30 18:11 20,480 --a------ C:\WINDOWS\system32\10594972ld.exe
2007-04-30 18:00 20,480 --a------ C:\WINDOWS\system32323352ld.exe
2007-04-30 17:50 20,480 --a------ C:\WINDOWS\system32\50117732ld.exe
2007-04-30 17:39 20,480 --a------ C:\WINDOWS\system32\39442002ld.exe
2007-04-30 17:29 20,480 --a------ C:\WINDOWS\system32\29125722ld.exe
2007-04-30 17:18 20,480 --a------ C:\WINDOWS\system32\18481942ld.exe
2007-04-30 17:08 20,480 --a------ C:\WINDOWS\system32\828422ld.exe
2007-04-30 16:58 20,480 --a------ C:\WINDOWS\system32\5857082ld.exe
2007-04-30 10:09 <DIR> d-------- C:\ConvertTemp
2007-04-30 10:08 <DIR> d-------- C:\DOCUME~1\Priit\APPLIC~1\Samsung
2007-04-30 09:59 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-04-30 09:45 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2007-04-30 09:45 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2007-04-30 09:45 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2007-04-30 09:45 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2007-04-30 09:45 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2007-04-30 09:45 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2007-04-30 09:45 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2007-04-30 09:45 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-04-30 09:44 <DIR> d-------- C:\Program Files\Samsung
2007-04-26 22:32 20,480 --a------ C:\WINDOWS\system32\32207202ld.exe
2007-04-26 22:21 20,480 --a------ C:\WINDOWS\system32\2144442ld.exe
2007-04-26 22:11 20,480 --a------ C:\WINDOWS\system32\11155802ld.exe
2007-04-26 22:00 20,480 --a------ C:\WINDOWS\system32298622ld.exe
2007-04-26 21:50 20,480 --a------ C:\WINDOWS\system32\49582542ld.exe
2007-04-26 21:39 20,480 --a------ C:\WINDOWS\system32\39314222ld.exe
2007-04-26 21:29 20,480 --a------ C:\WINDOWS\system32\2984472ld.exe
2007-04-26 21:18 20,480 --a------ C:\WINDOWS\system32\18414552ld.exe
2007-04-26 21:08 20,480 --a------ C:\WINDOWS\system32\8198712ld.exe
2007-04-26 20:57 20,480 --a------ C:\WINDOWS\system32\57458802ld.exe
2007-04-26 20:47 20,480 --a------ C:\WINDOWS\system32\47196892ld.exe
2007-04-26 20:36 20,480 --a------ C:\WINDOWS\system32\36535692ld.exe
2007-04-26 20:26 20,480 --a------ C:\WINDOWS\system32\26346392ld.exe
2007-04-26 20:16 20,480 --a------ C:\WINDOWS\system32\1647832ld.exe
2007-04-26 20:05 20,480 --a------ C:\WINDOWS\system32\5401352ld.exe
2007-04-26 19:55 20,480 --a------ C:\WINDOWS\system32\55127332ld.exe
2007-04-26 19:44 20,480 --a------ C:\WINDOWS\system32\44535322ld.exe
2007-04-26 19:34 20,480 --a------ C:\WINDOWS\system32\34307872ld.exe
2007-04-26 19:24 20,480 --a------ C:\WINDOWS\system32\2453082ld.exe
2007-04-26 19:13 20,480 --a------ C:\WINDOWS\system32\13464482ld.exe
2007-04-26 19:03 20,480 --a------ C:\WINDOWS\system32\3281892ld.exe
2007-04-26 18:53 20,480 --a------ C:\WINDOWS\system32\52517242ld.exe
2007-04-26 18:42 20,480 --a------ C:\WINDOWS\system32\42309412ld.exe
2007-04-26 18:41 20,480 --a------ C:\WINDOWS\system32\41143112ld.exe
2007-04-26 18:36 20,480 --a------ C:\WINDOWS\system32\3613582ld.exe
2007-04-26 18:32 20,480 --a------ C:\WINDOWS\system32\3271242ld.exe
2007-04-26 18:21 20,480 --a------ C:\WINDOWS\system32\21423362ld.exe
2007-04-26 18:11 20,480 --a------ C:\WINDOWS\system32\11241272ld.exe
2007-04-26 18:00 20,480 --a------ C:\WINDOWS\system32584572ld.exe
2007-04-26 17:50 20,480 --a------ C:\WINDOWS\system32\50211102ld.exe
2007-04-26 17:40 20,480 --a------ C:\WINDOWS\system32\39587562ld.exe
2007-04-26 17:29 20,480 --a------ C:\WINDOWS\system32\29407572ld.exe
2007-04-26 17:19 20,480 --a------ C:\WINDOWS\system32\19209362ld.exe
2007-04-26 17:09 20,480 --a------ C:\WINDOWS\system32\927772ld.exe
2007-04-26 16:48 20,480 --a------ C:\WINDOWS\system32\48211112ld.exe
2007-04-24 17:36 19,968 --a------ C:\WINDOWS\system32\36416792ld.exe
2007-04-24 14:28 20,480 --a------ C:\WINDOWS\system32\winsys32.dll
2007-04-24 14:28 19,968 --a------ C:\WINDOWS\system32\28378542ld.exe
2007-04-24 11:52 72,957 --a------ C:\WINDOWS\nybtyhrtg.exe
2007-04-24 11:22 75,302 --a------ C:\WINDOWS\yrtdfvfdgtr.exe
2007-04-22 15:55 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-22 15:54 <DIR> d-------- C:\DOCUME~1\Priit\.housecall6.6
2007-04-22 12:18 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-04-22 12:18 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-04-22 11:47 <DIR> d-------- C:\DOCUME~1\Priit\APPLIC~1\CyberLink
2007-04-22 11:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required
Rootkit driver pe386 is present. ... attempting disinfection
msguard ...... driver unloaded successfully.

2007-05-06 00:38 -------- d-------- C:\Program Files\spywareguard
2007-05-06 00:37 -------- d-------- C:\Program Files\spywareblaster
2007-05-06 00:33 -------- d-------- C:\Program Files\morpheus
2007-05-05 20:40 -------- d-------- C:\Program Files\msn games
2007-05-01 22:40 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-05-01 22:37 -------- d-------- C:\Program Files\norton antivirus
2007-04-30 16:47 -------- d-------- C:\Program Files\symantec
2007-04-30 09:57 -------- d--h----- C:\Program Files\installshield installation information
2007-04-22 12:15 -------- d-------- C:\Program Files\winamp
2007-03-31 09:45 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-20 23:45 -------- d-------- C:\DOCUME~1\Priit\APPLIC~1\playfirst
2007-03-17 16:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-09 00:02 75512 --a------ C:\WINDOWS\zllsputility.exe
2007-03-09 00:01 1087216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-03-08 18:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 18:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 18:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 16:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 21:54 4096 --a------ C:\WINDOWS\d3dx.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{D651AFF4-9590-424d-BD1E-8E33E090DFB3} C:\WINDOWS\system32\qgpwnxpx.dll [x]
{E917494F-0F54-42BE-9BE4-99B5093911B3} C:\WINDOWS\system32\gsbiddyw.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ezShieldProtector for Px"="C:\\WINDOWS\\system32\\ezSP_Px.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"ATIPTA"="atiptaxx.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"updatemanw"="C:\\WINDOWS\\system32\\cmdpmeno.exe"
"winsplog"="C:\\WINDOWS\\system32\\wsmmlog.exe"
"sacmemds"="C:\\WINDOWS\\system32\\smcntlwio.exe"
"DriveCleaner Free"="\"c:\\program files\\drivecleaner free\\udc.exe\" /min"
"WindowsService"="rundll32.exe \"C:\\WINDOWS\\system32\\hughyqaq.dll\",realset"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BitComet"="\"C:\\Program Files\\BitLord\\BitLord.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{8BFA0939-92D5-4762-B188-2F45AE6D445B}"="System Registry Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winaqh32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADVCHK"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Atiptaxx"
"hkey"="HKLM"
"command"="Atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BJPSMAIN"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezSP_Px"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ezSP_Px.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaAccK"
"hkey"="HKLM"
"command"="C:\\Program Files\\Media Access\\MediaAccK.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVMCTRAY"
"hkey"="HKCU"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Oobpjma]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Cuowq"
"hkey"="HKLM"
"command"="C:\\Program Files\\Gvfa\\Cuowq.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="soundman"
"hkey"="HKLM"
"command"="soundman.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -u"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -u"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
WudfServiceGroup REG_MULTI_SZ WUDFSvc\
bthsvcs REG_MULTI_SZ BthServ\


********************************************************************

#9 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 06 May 2007 - 07:10 AM

Looks like we need a lot more cleaning, go HERE and do a online scan.
Let me know what is found.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#10 maizipulgad

maizipulgad

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 06 May 2007 - 08:16 AM

Onlins scan found: Stealth_file (C:\WINDOWS\SYSTEM32:LZX32.SYS) Trojan-Proxy.Win32.Slaper.p (C:\WINDOWS\YRTDFVFDGTR.EXE) Trojan-Proxy.Win32.Slaper.p (C:\WINDOWS\SYSTEM32\WSMMLOG.EXE And some tracking cookies.

#11 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 06 May 2007 - 08:58 AM

Not what I was looking for can you run http://www.mwti.net/...s/mwav/mwav.asp

After that run combofix again and pos the log.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#12 maizipulgad

maizipulgad

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 06 May 2007 - 09:20 AM

i had to leave home, but i'll do it as soon asi get back.

#13 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 06 May 2007 - 09:33 AM

See you when you get back.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#14 maizipulgad

maizipulgad

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 27 May 2007 - 02:37 AM

i'll be back home on 29-th or 31-th of may. thanks again for waiting.

#15 maizipulgad

maizipulgad

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 30 May 2007 - 12:59 AM

new combofix log:

"Priit" - 07-05-30 9:44:13 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Priit\Desktop\siim\kaitse\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\rpcc.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\regedit.com


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-30 ))))))))))))))))))))))))))))))))))


2007-05-07 18:33 19,968 --a------ C:\WINDOWS\system32\33196412ld.exe
2007-05-07 18:23 19,968 --a------ C:\WINDOWS\system32\2322632ld.exe
2007-05-07 18:12 19,968 --a------ C:\WINDOWS\system32\12398482ld.exe
2007-05-07 18:02 19,968 --a------ C:\WINDOWS\system32\2159612ld.exe
2007-05-07 17:52 19,968 --a------ C:\WINDOWS\system32\52107812ld.exe
2007-05-07 17:41 19,968 --a------ C:\WINDOWS\system32\41344962ld.exe
2007-05-07 17:24 19,968 --a------ C:\WINDOWS\system32\24467672ld.exe
2007-05-07 17:14 19,968 --a------ C:\WINDOWS\system32\1441262ld.exe
2007-05-06 18:10 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-05-06 18:10 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-05-06 18:10 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-05-06 18:10 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-05-06 18:10 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-05-06 18:10 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-05-06 18:05 146,432 --a------ C:\WINDOWS\R.COM
2007-05-06 18:05 135,680 --a------ C:\WINDOWS\system32\T.COM
2007-05-06 14:09 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-05-06 14:08 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-05-06 14:04 <DIR> dr-h----- C:\MSOCache
2007-05-06 10:26 <DIR> d-------- C:\avenger
2007-05-05 10:05 132,660 --a------ C:\WINDOWS\system32\hughyqaq.dll
2007-05-03 20:33 20,480 --a------ C:\WINDOWS\system32\33488082ld.exe
2007-05-03 20:23 20,480 --a------ C:\WINDOWS\system32\23313002ld.exe
2007-05-03 20:13 20,480 --a------ C:\WINDOWS\system32\13131712ld.exe
2007-05-03 20:02 20,480 --a------ C:\WINDOWS\system32\2554732ld.exe
2007-05-03 19:52 20,480 --a------ C:\WINDOWS\system32\52363022ld.exe
2007-05-03 19:42 20,480 --a------ C:\WINDOWS\system32\42168922ld.exe
2007-05-03 19:32 20,480 --a------ C:\WINDOWS\system32\31593142ld.exe
2007-05-03 19:21 20,480 --a------ C:\WINDOWS\system32\21423062ld.exe
2007-05-03 19:11 20,480 --a------ C:\WINDOWS\system32\11243482ld.exe
2007-05-03 19:01 20,480 --a------ C:\WINDOWS\system32\16992ld.exe
2007-05-03 18:50 20,480 --a------ C:\WINDOWS\system32\50482202ld.exe
2007-05-03 18:40 20,480 --a------ C:\WINDOWS\system32\40303822ld.exe
2007-05-03 18:30 20,480 --a------ C:\WINDOWS\system32\30129742ld.exe
2007-05-03 18:19 20,480 --a------ C:\WINDOWS\system32\19518212ld.exe
2007-05-03 18:09 20,480 --a------ C:\WINDOWS\system32\9337122ld.exe
2007-05-03 17:59 20,480 --a------ C:\WINDOWS\system32\59162442ld.exe
2007-05-03 17:49 20,480 --a------ C:\WINDOWS\system32\48592472ld.exe
2007-05-03 17:38 20,480 --a------ C:\WINDOWS\system32\38373832ld.exe
2007-05-03 17:28 20,480 --a------ C:\WINDOWS\system32\28155492ld.exe
2007-05-03 17:17 20,480 --a------ C:\WINDOWS\system32\17563382ld.exe
2007-05-03 17:07 20,480 --a------ C:\WINDOWS\system32\7351352ld.exe
2007-05-03 16:57 20,480 --a------ C:\WINDOWS\system32\57169562ld.exe
2007-05-03 16:46 20,480 --a------ C:\WINDOWS\system32\46562142ld.exe
2007-05-03 16:36 20,480 --a------ C:\WINDOWS\system32\36346102ld.exe
2007-05-03 16:26 20,480 --a------ C:\WINDOWS\system32\2672282ld.exe
2007-05-03 16:15 20,480 --a------ C:\WINDOWS\system32\15471662ld.exe
2007-05-03 16:05 20,480 --a------ C:\WINDOWS\system32\529772ld.exe
2007-05-03 15:55 20,480 --a------ C:\WINDOWS\system32\55115592ld.exe
2007-05-03 15:44 20,480 --a------ C:\WINDOWS\system32\44537912ld.exe
2007-05-03 15:34 20,480 --a------ C:\WINDOWS\system32\34349212ld.exe
2007-05-03 15:24 20,480 --a------ C:\WINDOWS\system32\24151302ld.exe
2007-05-03 15:13 20,480 --a------ C:\WINDOWS\system32\13543172ld.exe
2007-05-03 15:03 20,480 --a------ C:\WINDOWS\system32\3358582ld.exe
2007-05-03 14:53 20,480 --a------ C:\WINDOWS\system32\53168182ld.exe
2007-05-03 14:43 20,480 --a------ C:\WINDOWS\system32\42597502ld.exe
2007-05-01 22:32 20,480 --a------ C:\WINDOWS\system32\32298722ld.exe
2007-05-01 22:22 20,480 --a------ C:\WINDOWS\system32\2291602ld.exe
2007-05-01 22:11 20,480 --a------ C:\WINDOWS\system32\11483872ld.exe
2007-05-01 22:03 <DIR> d-------- C:\Program Files\Common Files\DriveCleaner Free
2007-05-01 22:01 20,480 --a------ C:\WINDOWS\system32\1283352ld.exe
2007-05-01 21:51 20,480 --a------ C:\WINDOWS\system32\5194152ld.exe
2007-05-01 21:40 20,480 --a------ C:\WINDOWS\system32\40477622ld.exe
2007-05-01 21:30 20,480 --a------ C:\WINDOWS\system32\30287812ld.exe
2007-05-01 21:20 20,480 --a------ C:\WINDOWS\system32\20102222ld.exe
2007-05-01 21:09 20,480 --a------ C:\WINDOWS\system32\9521032ld.exe
2007-05-01 20:59 20,480 --a------ C:\WINDOWS\system32\59329332ld.exe
2007-05-01 20:49 20,480 --a------ C:\WINDOWS\system32\4915742ld.exe
2007-05-01 20:38 20,480 --a------ C:\WINDOWS\system32\38567852ld.exe
2007-05-01 20:28 20,480 --a------ C:\WINDOWS\system32\2839272ld.exe
2007-05-01 20:18 20,480 --a------ C:\WINDOWS\system32\18142492ld.exe
2007-05-01 20:07 20,480 --a------ C:\WINDOWS\system32\7554292ld.exe
2007-05-01 19:57 20,480 --a------ C:\WINDOWS\system32\5731212ld.exe
2007-05-01 19:47 20,480 --a------ C:\WINDOWS\system32\47132132ld.exe
2007-05-01 19:36 20,480 --a------ C:\WINDOWS\system32\36545132ld.exe
2007-05-01 19:26 20,480 --a------ C:\WINDOWS\system32\26365952ld.exe
2007-05-01 19:16 20,480 --a------ C:\WINDOWS\system32\16191872ld.exe
2007-05-01 19:06 20,480 --a------ C:\WINDOWS\system32\5556102ld.exe
2007-05-01 18:55 20,480 --a------ C:\WINDOWS\system32\55376512ld.exe
2007-05-01 18:45 20,480 --a------ C:\WINDOWS\system32\45152262ld.exe
2007-05-01 18:34 20,480 --a------ C:\WINDOWS\system32\34568572ld.exe
2007-05-01 18:24 20,480 --a------ C:\WINDOWS\system32\24365252ld.exe
2007-05-01 18:14 20,480 --a------ C:\WINDOWS\system32\14184172ld.exe
2007-05-01 18:03 20,480 --a------ C:\WINDOWS\system32\3572732ld.exe
2007-05-01 17:53 20,480 --a------ C:\WINDOWS\system32\53391752ld.exe
2007-05-01 17:43 20,480 --a------ C:\WINDOWS\system32\43216372ld.exe
2007-05-01 17:33 20,480 --a------ C:\WINDOWS\system32\3334682ld.exe
2007-05-01 17:22 20,480 --a------ C:\WINDOWS\system32\22459202ld.exe
2007-05-01 17:12 20,480 --a------ C:\WINDOWS\system32\12285422ld.exe
2007-05-01 17:02 20,480 --a------ C:\WINDOWS\system32\289512ld.exe
2007-05-01 16:51 20,480 --a------ C:\WINDOWS\system32\51513132ld.exe
2007-05-01 16:41 20,480 --a------ C:\WINDOWS\system32\41332042ld.exe
2007-05-01 16:31 20,480 --a------ C:\WINDOWS\system32\31153162ld.exe
2007-05-01 16:20 20,480 --a------ C:\WINDOWS\system32\20572972ld.exe
2007-05-01 16:10 20,480 --a------ C:\WINDOWS\system32\10366852ld.exe
2007-05-01 16:00 20,480 --a------ C:\WINDOWS\system32157922ld.exe
2007-05-01 15:49 20,480 --a------ C:\WINDOWS\system32\49496922ld.exe
2007-05-01 15:39 20,480 --a------ C:\WINDOWS\system32\39317632ld.exe
2007-05-01 15:29 20,480 --a------ C:\WINDOWS\system32\29103192ld.exe
2007-05-01 15:18 20,480 --a------ C:\WINDOWS\system32\18457712ld.exe
2007-05-01 15:08 20,480 --a------ C:\WINDOWS\system32\8268012ld.exe
2007-04-30 23:34 20,480 --a------ C:\WINDOWS\system32\340852ld.exe
2007-04-30 23:23 20,480 --a------ C:\WINDOWS\system32\23284162ld.exe
2007-04-30 23:13 20,480 --a------ C:\WINDOWS\system32\1317552ld.exe
2007-04-30 23:02 20,480 --a------ C:\WINDOWS\system32\2281342ld.exe
2007-04-30 22:51 20,480 --a------ C:\WINDOWS\system32\51347152ld.exe
2007-04-30 22:41 20,480 --a------ C:\WINDOWS\system32\4121352ld.exe
2007-04-30 22:30 20,480 --a------ C:\WINDOWS\system32\30352542ld.exe
2007-04-30 22:20 20,480 --a------ C:\WINDOWS\system32\201632ld.exe
2007-04-30 22:09 20,480 --a------ C:\WINDOWS\system32\9584852ld.exe
2007-04-30 21:59 20,480 --a------ C:\WINDOWS\system32\59369212ld.exe
2007-04-30 21:49 20,480 --a------ C:\WINDOWS\system32\4975462ld.exe
2007-04-30 21:38 20,480 --a------ C:\WINDOWS\system32\38494082ld.exe
2007-04-30 21:28 20,480 --a------ C:\WINDOWS\system32\28271032ld.exe
2007-04-30 21:18 20,480 --a------ C:\WINDOWS\system32\1812732ld.exe
2007-04-30 21:07 20,480 --a------ C:\WINDOWS\system32\7305662ld.exe
2007-04-30 20:57 20,480 --a------ C:\WINDOWS\system32\5755272ld.exe
2007-04-30 20:46 20,480 --a------ C:\WINDOWS\system32\46443442ld.exe
2007-04-30 20:36 20,480 --a------ C:\WINDOWS\system32\36186842ld.exe
2007-04-30 20:25 20,480 --a------ C:\WINDOWS\system32\25536562ld.exe
2007-04-30 20:15 20,480 --a------ C:\WINDOWS\system32\15301792ld.exe
2007-04-30 20:05 20,480 --a------ C:\WINDOWS\system32\511392ld.exe
2007-04-30 19:54 20,480 --a------ C:\WINDOWS\system32\54522592ld.exe
2007-04-30 19:44 20,480 --a------ C:\WINDOWS\system32\44324882ld.exe
2007-04-30 19:34 20,480 --a------ C:\WINDOWS\system32\34141192ld.exe
2007-04-30 19:23 20,480 --a------ C:\WINDOWS\system32\23401772ld.exe
2007-04-30 19:13 20,480 --a------ C:\WINDOWS\system32\13165402ld.exe
2007-04-30 19:02 20,480 --a------ C:\WINDOWS\system32\2484872ld.exe
2007-04-30 18:52 20,480 --a------ C:\WINDOWS\system32\52252512ld.exe
2007-04-30 18:42 20,480 --a------ C:\WINDOWS\system32\425892ld.exe
2007-04-30 18:31 20,480 --a------ C:\WINDOWS\system32\31429752ld.exe
2007-04-30 18:21 20,480 --a------ C:\WINDOWS\system32\21199392ld.exe
2007-04-30 18:11 20,480 --a------ C:\WINDOWS\system32\10594972ld.exe
2007-04-30 18:00 20,480 --a------ C:\WINDOWS\system32323352ld.exe
2007-04-30 17:50 20,480 --a------ C:\WINDOWS\system32\50117732ld.exe
2007-04-30 17:39 20,480 --a------ C:\WINDOWS\system32\39442002ld.exe
2007-04-30 17:29 20,480 --a------ C:\WINDOWS\system32\29125722ld.exe
2007-04-30 17:18 20,480 --a------ C:\WINDOWS\system32\18481942ld.exe
2007-04-30 17:08 20,480 --a------ C:\WINDOWS\system32\828422ld.exe
2007-04-30 16:58 20,480 --a------ C:\WINDOWS\system32\5857082ld.exe
2007-04-30 10:09 <DIR> d-------- C:\ConvertTemp
2007-04-30 10:08 <DIR> d-------- C:\DOCUME~1\Priit\APPLIC~1\Samsung
2007-04-30 09:59 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-04-30 09:45 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2007-04-30 09:45 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2007-04-30 09:45 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2007-04-30 09:45 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2007-04-30 09:45 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2007-04-30 09:45 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2007-04-30 09:45 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2007-04-30 09:45 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-04-30 09:44 <DIR> d-------- C:\Program Files\Samsung


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required
Rootkit driver pe386 is present. ... attempting disinfection
msguard ...... driver unloaded successfully.

2007-05-09 15:21 -------- d-------- C:\Program Files\morpheus
2007-05-06 13:12 -------- d--h----- C:\Program Files\installshield installation information
2007-05-06 00:38 -------- d-------- C:\Program Files\spywareguard
2007-05-06 00:37 -------- d-------- C:\Program Files\spywareblaster
2007-05-05 20:40 -------- d-------- C:\Program Files\msn games
2007-05-01 22:40 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-05-01 22:37 -------- d-------- C:\Program Files\norton antivirus
2007-04-30 16:47 -------- d-------- C:\Program Files\symantec
2007-04-30 09:42 -------- d-------- C:\Program Files\Common Files\installshield
2007-04-26 22:32 20480 --a------ C:\WINDOWS\system32\32207202ld.exe
2007-04-26 22:21 20480 --a------ C:\WINDOWS\system32\2144442ld.exe
2007-04-26 22:11 20480 --a------ C:\WINDOWS\system32\11155802ld.exe
2007-04-26 22:00 20480 --a------ C:\WINDOWS\system32298622ld.exe
2007-04-26 21:50 20480 --a------ C:\WINDOWS\system32\49582542ld.exe
2007-04-26 21:39 20480 --a------ C:\WINDOWS\system32\39314222ld.exe
2007-04-26 21:29 20480 --a------ C:\WINDOWS\system32\2984472ld.exe
2007-04-26 21:18 20480 --a------ C:\WINDOWS\system32\18414552ld.exe
2007-04-26 21:08 20480 --a------ C:\WINDOWS\system32\8198712ld.exe
2007-04-26 20:57 20480 --a------ C:\WINDOWS\system32\57458802ld.exe
2007-04-26 20:47 20480 --a------ C:\WINDOWS\system32\47196892ld.exe
2007-04-26 20:36 20480 --a------ C:\WINDOWS\system32\36535692ld.exe
2007-04-26 20:26 20480 --a------ C:\WINDOWS\system32\26346392ld.exe
2007-04-26 20:16 20480 --a------ C:\WINDOWS\system32\1647832ld.exe
2007-04-26 20:05 20480 --a------ C:\WINDOWS\system32\5401352ld.exe
2007-04-26 19:55 20480 --a------ C:\WINDOWS\system32\55127332ld.exe
2007-04-26 19:44 20480 --a------ C:\WINDOWS\system32\44535322ld.exe
2007-04-26 19:34 20480 --a------ C:\WINDOWS\system32\34307872ld.exe
2007-04-26 19:24 20480 --a------ C:\WINDOWS\system32\2453082ld.exe
2007-04-26 19:13 20480 --a------ C:\WINDOWS\system32\13464482ld.exe
2007-04-26 19:03 20480 --a------ C:\WINDOWS\system32\3281892ld.exe
2007-04-26 18:53 20480 --a------ C:\WINDOWS\system32\52517242ld.exe
2007-04-26 18:42 20480 --a------ C:\WINDOWS\system32\42309412ld.exe
2007-04-26 18:41 20480 --a------ C:\WINDOWS\system32\41143112ld.exe
2007-04-26 18:36 20480 --a------ C:\WINDOWS\system32\3613582ld.exe
2007-04-26 18:32 20480 --a------ C:\WINDOWS\system32\3271242ld.exe
2007-04-26 18:21 20480 --a------ C:\WINDOWS\system32\21423362ld.exe
2007-04-26 18:11 20480 --a------ C:\WINDOWS\system32\11241272ld.exe
2007-04-26 18:00 20480 --a------ C:\WINDOWS\system32584572ld.exe
2007-04-26 17:50 20480 --a------ C:\WINDOWS\system32\50211102ld.exe
2007-04-26 17:40 20480 --a------ C:\WINDOWS\system32\39587562ld.exe
2007-04-26 17:29 20480 --a------ C:\WINDOWS\system32\29407572ld.exe
2007-04-26 17:19 20480 --a------ C:\WINDOWS\system32\19209362ld.exe
2007-04-26 17:09 20480 --a------ C:\WINDOWS\system32\927772ld.exe
2007-04-26 16:48 20480 --a------ C:\WINDOWS\system32\48211112ld.exe
2007-04-24 17:36 19968 --a------ C:\WINDOWS\system32\36416792ld.exe
2007-04-24 14:28 19968 --a------ C:\WINDOWS\system32\28378542ld.exe
2007-04-24 12:42 72957 --a------ C:\WINDOWS\nybtyhrtg.exe
2007-04-22 15:55 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-22 12:18 196608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-04-22 12:18 1040384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-04-22 12:15 -------- d-------- C:\Program Files\winamp
2007-04-18 19:12 2854400 --a------ C:\WINDOWS\system32\msi.dll
2007-03-31 09:45 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-17 16:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-09 00:02 75512 --a------ C:\WINDOWS\zllsputility.exe
2007-03-09 00:01 1087216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-03-08 18:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 18:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 18:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 16:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-05 21:54 4096 --a------ C:\WINDOWS\d3dx.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{E917494F-0F54-42BE-9BE4-99B5093911B3} C:\System Volume Information\_restore{6AF3B6C9-D322-4580-9DCD-3770BB49A992}\RP744\A0258874.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ezShieldProtector for Px"="C:\\WINDOWS\\system32\\ezSP_Px.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"ATIPTA"="atiptaxx.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"sacmemds"="C:\\WINDOWS\\system32\\smcntlwio.exe"
"WindowsService"="rundll32.exe \"C:\\WINDOWS\\system32\\hughyqaq.dll\",realset"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BitComet"="\"C:\\Program Files\\BitLord\\BitLord.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{8BFA0939-92D5-4762-B188-2F45AE6D445B}"="System Registry Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\
Notification Packages REG_MULTI_SZ scecli\


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADVCHK"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Atiptaxx"
"hkey"="HKLM"
"command"="Atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BJPSMAIN"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezSP_Px"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ezSP_Px.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVMCTRAY"
"hkey"="HKCU"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NVMCTRAY.DLL,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Oobpjma]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Cuowq"
"hkey"="HKLM"
"command"="C:\\Program Files\\Gvfa\\Cuowq.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="soundman"
"hkey"="HKLM"
"command"="soundman.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -u"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -u"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
WudfServiceGroup REG_MULTI_SZ WUDFSvc\
bthsvcs REG_MULTI_SZ BthServ\


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-30 09:54:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-30 9:55:26 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-30 09:55

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·