Tech Support Forum - View Single Post

Niti · 05-14-2008, 09:14 AM

i just got main.txt

what shd i do plssss help

Deckard's System Scanner v20071014.68
Run by Lovin on 2008-05-14 21:41:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Lovin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:41, on 2008-05-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Lovin\Local Settings\Application Data\winlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Niti\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lovin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe0.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: 
O1 - Hosts: <center>
O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>
O1 - Hosts: <tr>
O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399 colspan=2>
O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
O1 - Hosts: <tr bgcolor=white><td valign=top align=center>
O1 - Hosts: <form action="http://search.yahoo.com/search">
O1 - Hosts: <input size="14" name="p" value=""> 
O1 - Hosts: <input type="SUBMIT" value="Search">
O1 - Hosts: <font face=arial size=-2>• <a href="http://search.yahoo.com/search/options?p=">advanced search</a> • <a href="http://buzz.yahoo.com">most popular</a></font>
O1 - Hosts: </form></td></tr></table>
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=ccccff><td>
O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td>
O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>
O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95.
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=right>
O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </td>
O1 - Hosts: <td width=1> </td>
O1 - Hosts: <td valign=top align=center width=445>
O1 - Hosts: <script language="JavaScript" type="text/javascript"
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr">
O1 - Hosts: </script>
O1 - Hosts: <noscript>
O1 - Hosts: <iframe
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
O1 - Hosts: </iframe>
O1 - Hosts: </noscript>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
O1 - Hosts: </font></td></tr></table></td></tr></table>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3AE2C05D-7EA2-4452-A4EC-E4CB5253B0D0} - C:\WINDOWS\system32\rqRIbaAp.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {F6725EDC-93FF-479B-A98B-C5B9E3C44864} - C:\WINDOWS\system32\ljJBsQgG.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [svcshare] C:\WINDOWS\system32\drivers\spoclsv.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Lovin\Local Settings\Application Data\smss.exe"
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe" (User 'Default user')
O4 - S-1-5-20 Startup: Empty.pif = ? (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Empty.pif = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Empty.pif = ? (User 'Default user')
O4 - Startup: Empty.pif = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ljJBsQgG - ljJBsQgG.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 15371 bytes

-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 21:23:44 0 d-------- C:\Program Files\Trend Micro
2008-05-13 21:03:23 0 d-------- C:\backups
2008-05-13 21:02:56 477021 --a------ C:\HijackThis.exe
2008-05-13 16:02:40 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-05-13 16:02:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-05-13 16:02:40 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-13 16:02:40 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-13 16:02:40 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-13 16:02:40 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-13 16:02:35 0 d-------- C:\Program Files\Ahead
2008-05-11 09:33:53 0 d-------- C:\Program Files\WinWatermark 2
2008-05-10 23

43 0 d-------- C:\WINDOWS\_ISTMP1.DIR
2008-05-10 22:15:15 6860 --ahs---- C:\WINDOWS\system32\pAabIRqr.ini2
2008-05-10 22:13:12 6569 --ahs---- C:\WINDOWS\system32\ttwwEfhk.ini2
2008-05-10 22:12:01 277504 --a------ C:\WINDOWS\system32\khfEwwtt.dll
2008-05-10 21:54:54 0 d-------- C:\Program Files\Digital Reality
2008-05-10 20:17:51 0 d-------- C:\Tempa
2008-05-10 12:02:06 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-10 12:02:06 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-10 12:00:46 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-10 12:00:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-10 12:00:40 688160 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-10 12:00:40 2068000 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-10 11:58:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-10 11:12:34 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-05-10 11:12:33 0 d-------- C:\Program Files\UltraISO
2008-05-09 19:04:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-09 19:00:52 42065 -----n--- C:\WowTumpeh.com
2008-05-09 19:00:52 42065 --a------ C:\WINDOWS\system32\System's Setting.scr
2008-05-09 19:00:52 42065 --a------ C:\WINDOWS\system32\Niti's Setting.scr
2008-05-09 19:00:52 42065 --a------ C:\WINDOWS\system32\Lovin's Setting.scr
2008-05-09 19:00:52 42065 ---h----- C:\WINDOWS\eksplorasi.exe
2008-05-09 17:25:09 0 d-------- C:\Program Files\The_Pirate_Bay
2008-05-09 17:25:09 0 d-------- C:\Program Files\Conduit
2008-05-09 00:55:49 29 --a------ C:\WINDOWS\popcinfo.dat
2008-05-09 00:48:54 0 d-------- C:\Documents and Settings\Lovin\Application Data\MEGAUPLOADTOOLBAR
2008-05-09 00:46:52 0 d-------- C:\Program Files\MegauploadToolbar
2008-05-09 00:46:51 0 d-------- C:\Documents and Settings\Niti\Application Data\MegauploadToolbar
2008-05-08 21:44:00 0 d-------- C:\Program Files\DOSBox-0.65
2008-05-08 21:43:19 0 d-------- C:\Program Files\D-Fend
2008-05-08 10:52:51 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-08 10:48:21 0 d-------- C:\Program Files\PopCap Games
2008-05-06 22:18:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Firefly Studios
2008-05-06 22:01:59 0 d-------- C:\Program Files\GameShadow
2008-05-06 22:01:38 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-06 21:56:29 0 d-------- C:\Program Files\Firefly Studios
2008-05-04 17:08:40 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Real
2008-05-04 17:08:26 0 d--h----- C:\Documents and Settings\NetworkService\SendTo
2008-05-04 17:08:16 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Identities
2008-05-04 17:08:02 0 dr------- C:\Documents and Settings\NetworkService\My Documents
2008-05-04 17:08:01 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2008-05-04 17:08:01 0 dr-h----- C:\Documents and Settings\NetworkService\Recent
2008-05-04 17:08:01 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-05-04 17:08:01 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-05-03 20:22:07 100863 -r-hs---- C:\mgjpcfdg.cmd
2008-05-02 10:55:16 0 d-------- C:\Documents and Settings\Niti\Application Data\ArcSoft
2008-05-02 09:01:37 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2008-05-02 09:00:55 0 d-------- C:\Program Files\Microsoft IntelliType Pro 5.2
2008-05-01 22:51:02 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-01 22:21:35 0 d-------- C:\Documents and Settings\Niti\Application Data\WinRAR
2008-05-01 21:57:26 0 d-------- C:\Documents and Settings\Lovin\Application Data\ArcSoft
2008-05-01 21:50:55 212480 --a------ C:\WINDOWS\pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-05-01 21:50:55 0 d-------- C:\Program Files\ArcSoft
2008-05-01 18:30:54 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-01 18:30:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-05-01 18:29:34 0 d-------- C:\Program Files\Yahoo! Games
2008-04-29 21:35:29 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-29 15:05:08 0 d-------- C:\Documents and Settings\Lovin\Application Data\Gaijin Ent
2008-04-28 13:58:55 0 d-------- C:\Documents and Settings\Niti\Application Data\Gaijin Ent
2008-04-28 13:58:40 0 d-------- C:\Program Files\Stand O Food
2008-04-28 13:58:30 0 d-------- C:\Program Files\ReflexiveArcade
2008-04-27 12:52:10 0 d-------- C:\Documents and Settings\Niti\Application Data\Adobe
2008-04-27 12:43:16 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-25 22:45:13 0 d-------- C:\Program Files\Banana Security
2008-04-25 18:40:33 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-25 18:40:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-25 18:21:06 26964 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-04-24 21:15:43 0 d-------- C:\Program Files\MSXML 4.0
2008-04-24 20:09:58 0 d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-04-24 20

52 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-04-24 20

51 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-04-24 20:03:53 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-04-24 20:03:53 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-04-24 20:03:53 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-04-24 20:03:53 65536 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-04-24 20:03:53 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-04-24 20:03:52 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-04-24 20:03:45 327168 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-24 20:01:43 17176 -----n--- C:\WINDOWS\hpomdl04.dat
2008-04-24 20:01:43 104553 --a------ C:\WINDOWS\hpoins04.dat
2008-04-24 19:58:41 0 d-------- C:\temp
2008-04-24 19:46:47 0 d-------- C:\Documents and Settings\Lovin\Application Data\Printer Info Cache
2008-04-24 19:46:45 0 d-------- C:\Documents and Settings\Lovin\Application Data\Image Zone Express
2008-04-24 19:40:57 0 d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-04-24 18:50:30 0 d-------- C:\UniScan
2008-04-23 23:11:15 0 d-------- C:\Documents and Settings\Lovin\Application Data\AdobeUM
2008-04-23 23:10:37 0 d-------- C:\Documents and Settings\Lovin\Application Data\Adobe
2008-04-23 17:08:36 0 d-------- C:\Documents and Settings\Niti\Application Data\Google
2008-04-23 17:08:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-23 17:08:06 0 d-------- C:\Documents and Settings\Niti\Application Data\Macromedia
2008-04-23 17:07:23 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-23 17

37 0 d-------- C:\Documents and Settings\Niti\Application Data\Real
2008-04-23 13:54:22 0 d-------- C:\Documents and Settings\Lovin\Application Data\Google
2008-04-23 13:47:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-23 13:40:39 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-04-23 13:36:31 0 d-------- C:\WINDOWS\network diagnostic
2008-04-23 13:36:18 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-23 13:18:58 0 d-------- C:\Documents and Settings\Lovin\Application Data\Macromedia
2008-04-23 13:17:46 0 d-------- C:\Documents and Settings\Lovin\Application Data\WinRAR
2008-04-23 13:17:14 0 d-------- C:\Program Files\Yahoo!
2008-04-23 13:14:17 0 d-------- C:\Program Files\Google
2008-04-23 13:10:19 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-23 13:10:02 0 d-------- C:\Program Files\Real
2008-04-23 13:10:02 0 d-------- C:\Program Files\Common Files\Real
2008-04-23 13:09:41 0 d-------- C:\Documents and Settings\Lovin\Application Data\Real
2008-04-23 13:08:13 98304 --a------ C:\WINDOWS\system32\pdfmona.dll
2008-04-23 13:08:13 50364 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-04-23 13:08:11 0 d-------- C:\pdf995
2008-04-23 13:07:31 0 d-------- C:\Program Files\Nokia
2008-04-23 13:07:31 0 d-------- C:\Program Files\Common Files\Nokia
2008-04-23 13:05:48 0 d-------- C:\Program Files\Common Files\HP
2008-04-23 13:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-04-23 13:04:34 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-04-23 13:04:06 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-23 13:04:04 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-23 13:03:48 0 d-------- C:\Program Files\HP
2008-04-23 13:03:07 308 -----n--- C:\WINDOWS\hpgmdl24.dat
2008-04-23 13:03:07 127730 --a------ C:\WINDOWS\hpgins24.dat
2008-04-23 13:00:31 0 d-------- C:\Program Files\FreeByte
2008-04-23 12:59:46 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-23 12:59:43 0 d-------- C:\Program Files\ffdshow
2008-04-23 12:58:33 0 d-------- C:\Program Files\ImTOO
2008-04-23 12:57:50 0 d-------- C:\Program Files\Ares
2008-04-23 12:53:21 0 d-------- C:\Documents and Settings\Lovin\Application Data\Identities
2008-04-23 12:53:09 0 dr------- C:\Documents and Settings\Lovin\Favorites
2008-04-23 12:53:09 0 d-------- C:\Documents and Settings\Lovin\Desktop
2008-04-23 12:53:09 0 d--hs---- C:\Documents and Settings\Lovin\Cookies
2008-04-23 12:53:09 0 dr-h----- C:\Documents and Settings\Lovin\Application Data
2008-04-23 12:53:08 0 d--h----- C:\Documents and Settings\Lovin\Templates
2008-04-23 12:53:08 0 dr------- C:\Documents and Settings\Lovin\Start Menu
2008-04-23 12:53:08 0 dr-h----- C:\Documents and Settings\Lovin\SendTo
2008-04-23 12:53:08 0 dr-h----- C:\Documents and Settings\Lovin\Recent
2008-04-23 12:53:08 0 d--h----- C:\Documents and Settings\Lovin\PrintHood
2008-04-23 12:53:08 2621440 --ah----- C:\Documents and Settings\Lovin\NTUSER.DAT
2008-04-23 12:53:08 0 d--h----- C:\Documents and Settings\Lovin\NetHood
2008-04-23 12:53:08 0 dr------- C:\Documents and Settings\Lovin\My Documents
2008-04-23 12:53:08 0 d--h----- C:\Documents and Settings\Lovin\Local Settings
2008-04-23 11:04:19 0 d--hs---- C:\Documents and Settings\Niti\UserData
2008-04-23 10:56:43 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-21 19:43:04 0 d--hs---- C:\WINDOWS\Installer
2008-04-21 19:43:04 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-21 19:43:00 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-21 19:42:59 0 dr------- C:\Program Files
2008-04-21 19:42:59 0 d-------- C:\Program Files\Common Files
2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-21 19:42:29 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-21 19:42:29 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-21 19:42:29 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-21 19:42:29 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-21 19:42:29 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-21 19:42:29 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-21 19:42:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-21 19:42:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-21 19:42:08 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-21 19:42:08 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-21 19:42:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-21 19:42:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-21 19:41:38 0 d-------- C:\Documents and Settings
2008-04-21 19:41:37 0 d--hs---- C:\System Volume Information
2008-04-21 19:35:17 0 d-------- C:\WINDOWS
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\WinSxS
2008-04-21 19:35:17 0 dr------- C:\WINDOWS\Web
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\twain_32
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\wins
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\wbem
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\usmt
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\spool
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\Setup
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\ras
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\oobe
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\npp
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\mui
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\IME
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\ias
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\export
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\drivers
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-21 19:35:17 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\config
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\3076
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\2052
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1054
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1042
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1041
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1037
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1033
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1031
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1028
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1025
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\security
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Resources
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\repair
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Provisioning
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\PeerNet
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\pchealth
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\mui
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\msapps
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\msagent
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Media
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\java
2008-04-21 19:35:17 0 d--h----- C:\WINDOWS\inf
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\ime
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Help
2008-04-21 19:35:17 0 dr--s---- C:\WINDOWS\Fonts
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\ehome
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Driver Cache
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Debug
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Cursors
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Config
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\AppPatch
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\addins
2008-04-21 17:27:55 0 d-------- C:\Program Files\Common Files\L&H
2008-04-21 17:27:42 0 d-------- C:\Program Files\Microsoft.NET
2008-04-21 17:27:30 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-21 17:26:40 0 d-------- C:\Program Files\Microsoft Works
2008-04-21 17:26:16 0 d-------- C:\WINDOWS\SHELLNEW
2008-04-21 17:17:44 1957888 --a------ C:\WINDOWS\webshots.scr <Not Verified; Webshots.com; The Webshots Desktop>
2008-04-21 17:17:43 0 d-------- C:\Program Files\Webshots
2008-04-21 17:15:38 0 d-------- C:\Documents and Settings\Niti\Application Data\Identities
2008-04-21 17:15:31 0 d--h----- C:\Documents and Settings\Niti\Templates
2008-04-21 17:15:31 0 dr------- C:\Documents and Settings\Niti\Start Menu
2008-04-21 17:15:31 0 dr-h----- C:\Documents and Settings\Niti\SendTo
2008-04-21 17:15:31 0 dr-h----- C:\Documents and Settings\Niti\Recent
2008-04-21 17:15:31 0 d--h----- C:\Documents and Settings\Niti\PrintHood
2008-04-21 17:15:31 2359296 --ah----- C:\Documents and Settings\Niti\NTUSER.DAT
2008-04-21 17:15:31 0 d--h----- C:\Documents and Settings\Niti\NetHood
2008-04-21 17:15:31 0 dr------- C:\Documents and Settings\Niti\My Documents
2008-04-21 17:15:31 0 d--h----- C:\Documents and Settings\Niti\Local Settings
2008-04-21 17:15:31 0 dr------- C:\Documents and Settings\Niti\Favorites
2008-04-21 17:15:31 0 d-------- C:\Documents and Settings\Niti\Desktop
2008-04-21 17:15:31 0 d--hs---- C:\Documents and Settings\Niti\Cookies
2008-04-21 17:15:31 0 dr-h----- C:\Documents and Settings\Niti\Application Data
2008-04-21 17:15:31 0 d---s---- C:\Documents and Settings\Niti\Application Data\Microsoft
2008-04-21 15:00:08 0 d-------- C:\Program Files\Alwil Software
2008-04-21 14:49:31 0 d-------- C:\WINDOWS\system32\Lang
2008-04-21 14:38:40 0 d-------- C:\WINDOWS\system32\RTCOM
2008-04-21 14:38:40 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-21 14:38:25 0 d-------- C:\Program Files\Realtek
2008-04-21 14:38:23 487424 -----n--- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-21 14:32:14 0 d-------- C:\Program Files\Intel
2008-04-21 14:31:31 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-21 14:31:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-21 14:31:27 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-21 14:30:58 36484 --a------ C:\WINDOWS\system32\drivers\SMBios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>
2008-04-21 14:30:51 0 d-------- C:\TempEI4
2008-04-21 14:28:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-21 14:28:02 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-21 14:28:02 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-21 14:28:02 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-21 14:28:02 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-21 14:28:02 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-21 14:28:02 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-21 14:28:02 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-21 14:28:02 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-21 14:28:02 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-21 14:28:02 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-21 14:28:02 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-21 14:28:02 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-21 14:28:02 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-21 14:28:02 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-21 14:27:22 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-21 14:27:20 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-21 14:27:20 0 d-------- C:\WINDOWS\Prefetch
2008-04-21 14:27:19 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-21 14:27:19 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-21 14:27:19 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-04-21 14:27:19 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-21 14:27:19 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-21 14:27:06 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-21 14:27:06 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-21 14:27:06 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-04-21 14:27:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-21 14:27:06 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-21 14:23:43 0 d-------- C:\WINDOWS\system32\xircom
2008-04-21 14:23:43 0 d-------- C:\Program Files\microsoft frontpage
2008-04-21 14:23:29 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-21 14:23:22 0 -rahs---- C:\MSDOS.SYS
2008-04-21 14:23:22 0 -rahs---- C:\IO.SYS
2008-04-21 14:23:22 0 --a------ C:\CONFIG.SYS
2008-04-21 14:23:22 7 ---hs---- C:\AUTOEXEC.BAT
2008-04-21 14:22:19 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-21 14:22:09 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-21 14:22:09 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-21 14:21:58 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-21 14:21:35 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-21 14:20:39 0 d---s---- C:\WINDOWS\Tasks
2008-04-21 14:20:36 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-21 14:20:31 0 d-------- C:\WINDOWS\srchasst
2008-04-21 14:20:30 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-21 14:20:18 0 d-------- C:\Program Files\Movie Maker
2008-04-21 14:20:02 0 d-------- C:\WINDOWS\system32\Restore
2008-04-21 14:19:11 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-21 14:18:55 0 d-------- C:\WINDOWS\Registration
2008-04-21 14:18:48 0 d-------- C:\Program Files\Online Services
2008-04-21 14:18:42 0 d-------- C:\Program Files\Messenger
2008-04-21 14:18:36 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-21 14:17:44 0 d-------- C:\Program Files\Windows NT
2008-04-21 14:17:39 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-21 14:17:35 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2008-05-14 00:23:24 9 -r-hs---- C:\Program Files\Desktop_.ini
2008-04-21 19:42:29 62 --ahs---- C:\Documents and Settings\Lovin\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AE2C05D-7EA2-4452-A4EC-E4CB5253B0D0}]
C:\WINDOWS\system32\rqRIbaAp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2008-04-29 14:54 1527320 --a------ C:\Program Files\The_Pirate_Bay\tbThe0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6725EDC-93FF-479B-A98B-C5B9E3C44864}]
C:\WINDOWS\system32\ljJBsQgG.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= C:\Program Files\The_Pirate_Bay\tbThe0.dll [2008-04-29 14:54 1527320]

[-HKEY_CLASSES_ROOT\CLSID\{A33FA729-D155-4B23-842B-2C665ECABDB6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 23:06]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 23:02]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-04-13 11:51 C:\WINDOWS\RTHDCPL.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 13:10]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 01:51]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21]
"LoadService"="" []
"CCAPPS"="" []
"OSA"="" []
"SymRun"="" []
"local service"="" []
"Security"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Bron-Spizaetus"="C:\WINDOWS\ShellNew\bronstab.exe" [2008-05-09 19:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-02-16 21:47]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 19:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:26]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:54]
"svcshare"="C:\WINDOWS\system32\drivers\spoclsv.exe" []
"Tok-Cirrhatus"="C:\Documents and Settings\Lovin\Local Settings\Application Data\smss.exe" [2008-05-09 19:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe"

C:\Documents and Settings\Lovin\Start Menu\Programs\Startup\
Empty.pif [2008-05-09 19:00:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableCMD"=0 (0x0)
"DisableRegistryTools"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F6725EDC-93FF-479B-A98B-C5B9E3C44864}"= C:\WINDOWS\system32\ljJBsQgG.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe \"C:\WINDOWS\eksplorasi.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJBsQgG]
ljJBsQgG.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRIbaAp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e03d41a-12da-11dd-a798-001320994a16}]
Auto\command- G:\setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

*Newly Created Service* - AVP

-- End of Deckard's System Scanner: finished at 2008-05-14 21:42:23 ------------

05-14-2008, 09:14 AM	#3 (permalink)
Niti Registered User Join Date: May 2008 Posts: 6 OS: xp	Re: Help plzzzz i just got main.txt what shd i do plssss help Deckard's System Scanner v20071014.68 Run by Lovin on 2008-05-14 21:41:26 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Lovin.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:41, on 2008-05-14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Lovin\Local Settings\Application Data\winlogon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Niti\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Lovin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe0.dll F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe" O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE> O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue> O1 - Hosts: <!-- following code added by server. PLEASE REMOVE --> O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center> O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0> O1 - Hosts: <tr> O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td> O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td> O1 - Hosts: </tr> O1 - Hosts: </table> O1 - Hosts: <br> O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3> O1 - Hosts: <tr> O1 - Hosts: <td bgcolor=003399 colspan=2> O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font> O1 - Hosts: </td> O1 - Hosts: </tr></table> O1 - Hosts: <br> O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1> O1 - Hosts: <tr> O1 - Hosts: <td valign=top width=229 bgcolor=ffffff> O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr> O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff> O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr> O1 - Hosts: <tr bgcolor=white><td valign=top align=center> O1 - Hosts: <form action="http://search.yahoo.com/search"> O1 - Hosts: <input size="14" name="p" value="">  O1 - Hosts: <input type="SUBMIT" value="Search"> O1 - Hosts: <font face=arial size=-2>• <a href="http://search.yahoo.com/search/options?p=">advanced search</a> • <a href="http://buzz.yahoo.com">most popular</a></font> O1 - Hosts: </form></td></tr></table> O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff> O1 - Hosts: <tr bgcolor=ccccff><td> O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font> O1 - Hosts: </td></tr> O1 - Hosts: <tr><td> O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a> O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95. O1 - Hosts: </td></tr> O1 - Hosts: <tr><td align=right> O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b> O1 - Hosts: </td></tr> O1 - Hosts: </table> O1 - Hosts: </td></tr></table> O1 - Hosts: </td> O1 - Hosts: <td width=1> </td> O1 - Hosts: <td valign=top align=center width=445> O1 - Hosts: <script language="JavaScript" type="text/javascript" O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr"> O1 - Hosts: </script> O1 - Hosts: <noscript> O1 - Hosts: <iframe O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff" O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0 O1 - Hosts: vspace=0 frameborder=0 scrolling=no> O1 - Hosts: </iframe> O1 - Hosts: </noscript> O1 - Hosts: </td> O1 - Hosts: </tr> O1 - Hosts: </table> O1 - Hosts: <br> O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8> O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%"> O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center> O1 - Hosts: <font face=arial size=-2><A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A> O1 - Hosts: </font></td></tr></table></td></tr></table> O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3AE2C05D-7EA2-4452-A4EC-E4CB5253B0D0} - C:\WINDOWS\system32\rqRIbaAp.dll (file missing) O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe0.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {F6725EDC-93FF-479B-A98B-C5B9E3C44864} - C:\WINDOWS\system32\ljJBsQgG.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe0.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [svcshare] C:\WINDOWS\system32\drivers\spoclsv.exe O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Lovin\Local Settings\Application Data\smss.exe" O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe" (User 'Default user') O4 - S-1-5-20 Startup: Empty.pif = ? (User 'NETWORK SERVICE') O4 - S-1-5-18 Startup: Empty.pif = ? (User 'SYSTEM') O4 - .DEFAULT Startup: Empty.pif = ? (User 'Default user') O4 - Startup: Empty.pif = ? O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: ljJBsQgG - ljJBsQgG.dll (file missing) O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 15371 bytes -- Files created between 2008-04-14 and 2008-05-14 ----------------------------- 2008-05-14 21:23:44 0 d-------- C:\Program Files\Trend Micro 2008-05-13 21:03:23 0 d-------- C:\backups 2008-05-13 21:02:56 477021 --a------ C:\HijackThis.exe 2008-05-13 16:02:40 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20> 2008-05-13 16:02:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck> 2008-05-13 16:02:40 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2008-05-13 16:02:40 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2008-05-13 16:02:40 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2008-05-13 16:02:40 0 d-------- C:\Program Files\Common Files\Ahead 2008-05-13 16:02:35 0 d-------- C:\Program Files\Ahead 2008-05-11 09:33:53 0 d-------- C:\Program Files\WinWatermark 2 2008-05-10 2343 0 d-------- C:\WINDOWS\_ISTMP1.DIR 2008-05-10 22:15:15 6860 --ahs---- C:\WINDOWS\system32\pAabIRqr.ini2 2008-05-10 22:13:12 6569 --ahs---- C:\WINDOWS\system32\ttwwEfhk.ini2 2008-05-10 22:12:01 277504 --a------ C:\WINDOWS\system32\khfEwwtt.dll 2008-05-10 21:54:54 0 d-------- C:\Program Files\Digital Reality 2008-05-10 20:17:51 0 d-------- C:\Tempa 2008-05-10 12:02:06 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-05-10 12:02:06 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-05-10 12:00:46 0 d-------- C:\Program Files\Kaspersky Lab 2008-05-10 12:00:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-10 12:00:40 688160 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-10 12:00:40 2068000 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-10 11:58:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-05-10 11:12:34 0 d-------- C:\Program Files\Common Files\EZB Systems 2008-05-10 11:12:33 0 d-------- C:\Program Files\UltraISO 2008-05-09 19:04:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-05-09 19:00:52 42065 -----n--- C:\WowTumpeh.com 2008-05-09 19:00:52 42065 --a------ C:\WINDOWS\system32\System's Setting.scr 2008-05-09 19:00:52 42065 --a------ C:\WINDOWS\system32\Niti's Setting.scr 2008-05-09 19:00:52 42065 --a------ C:\WINDOWS\system32\Lovin's Setting.scr 2008-05-09 19:00:52 42065 ---h----- C:\WINDOWS\eksplorasi.exe 2008-05-09 17:25:09 0 d-------- C:\Program Files\The_Pirate_Bay 2008-05-09 17:25:09 0 d-------- C:\Program Files\Conduit 2008-05-09 00:55:49 29 --a------ C:\WINDOWS\popcinfo.dat 2008-05-09 00:48:54 0 d-------- C:\Documents and Settings\Lovin\Application Data\MEGAUPLOADTOOLBAR 2008-05-09 00:46:52 0 d-------- C:\Program Files\MegauploadToolbar 2008-05-09 00:46:51 0 d-------- C:\Documents and Settings\Niti\Application Data\MegauploadToolbar 2008-05-08 21:44:00 0 d-------- C:\Program Files\DOSBox-0.65 2008-05-08 21:43:19 0 d-------- C:\Program Files\D-Fend 2008-05-08 10:52:51 0 d-------- C:\WINDOWS\system32\LogFiles 2008-05-08 10:48:21 0 d-------- C:\Program Files\PopCap Games 2008-05-06 22:18:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Firefly Studios 2008-05-06 22:01:59 0 d-------- C:\Program Files\GameShadow 2008-05-06 22:01:38 0 d-------- C:\WINDOWS\Downloaded Installations 2008-05-06 21:56:29 0 d-------- C:\Program Files\Firefly Studios 2008-05-04 17:08:40 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Real 2008-05-04 17:08:26 0 d--h----- C:\Documents and Settings\NetworkService\SendTo 2008-05-04 17:08:16 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Identities 2008-05-04 17:08:02 0 dr------- C:\Documents and Settings\NetworkService\My Documents 2008-05-04 17:08:01 0 d-------- C:\Documents and Settings\NetworkService\Start Menu 2008-05-04 17:08:01 0 dr-h----- C:\Documents and Settings\NetworkService\Recent 2008-05-04 17:08:01 0 dr------- C:\Documents and Settings\NetworkService\Favorites 2008-05-04 17:08:01 0 d-------- C:\Documents and Settings\NetworkService\Desktop 2008-05-03 20:22:07 100863 -r-hs---- C:\mgjpcfdg.cmd 2008-05-02 10:55:16 0 d-------- C:\Documents and Settings\Niti\Application Data\ArcSoft 2008-05-02 09:01:37 0 d-------- C:\Program Files\Microsoft IntelliType Pro 2008-05-02 09:00:55 0 d-------- C:\Program Files\Microsoft IntelliType Pro 5.2 2008-05-01 22:51:02 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-01 22:21:35 0 d-------- C:\Documents and Settings\Niti\Application Data\WinRAR 2008-05-01 21:57:26 0 d-------- C:\Documents and Settings\Lovin\Application Data\ArcSoft 2008-05-01 21:50:55 212480 --a------ C:\WINDOWS\pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit> 2008-05-01 21:50:55 0 d-------- C:\Program Files\ArcSoft 2008-05-01 18:30:54 4096 --a------ C:\WINDOWS\d3dx.dat 2008-05-01 18:30:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-05-01 18:29:34 0 d-------- C:\Program Files\Yahoo! Games 2008-04-29 21:35:29 0 d-------- C:\WINDOWS\system32\appmgmt 2008-04-29 15:05:08 0 d-------- C:\Documents and Settings\Lovin\Application Data\Gaijin Ent 2008-04-28 13:58:55 0 d-------- C:\Documents and Settings\Niti\Application Data\Gaijin Ent 2008-04-28 13:58:40 0 d-------- C:\Program Files\Stand O Food 2008-04-28 13:58:30 0 d-------- C:\Program Files\ReflexiveArcade 2008-04-27 12:52:10 0 d-------- C:\Documents and Settings\Niti\Application Data\Adobe 2008-04-27 12:43:16 0 d-------- C:\WINDOWS\system32\Adobe 2008-04-25 22:45:13 0 d-------- C:\Program Files\Banana Security 2008-04-25 18:40:33 0 d-------- C:\Program Files\Common Files\Adobe 2008-04-25 18:40:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2008-04-25 18:21:06 26964 --a------ C:\WINDOWS\system32\drivers\klopp.dat 2008-04-24 21:15:43 0 d-------- C:\Program Files\MSXML 4.0 2008-04-24 20:09:58 0 d-------- C:\Documents and Settings\All Users\Application Data\WEBREG 2008-04-24 2052 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1> 2008-04-24 2051 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; > 2008-04-24 20:03:53 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows> 2008-04-24 20:03:53 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows> 2008-04-24 20:03:53 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl> 2008-04-24 20:03:53 65536 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML> 2008-04-24 20:03:53 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows> 2008-04-24 20:03:52 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl> 2008-04-24 20:03:45 327168 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2008-04-24 20:01:43 17176 -----n--- C:\WINDOWS\hpomdl04.dat 2008-04-24 20:01:43 104553 --a------ C:\WINDOWS\hpoins04.dat 2008-04-24 19:58:41 0 d-------- C:\temp 2008-04-24 19:46:47 0 d-------- C:\Documents and Settings\Lovin\Application Data\Printer Info Cache 2008-04-24 19:46:45 0 d-------- C:\Documents and Settings\Lovin\Application Data\Image Zone Express 2008-04-24 19:40:57 0 d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir 2008-04-24 18:50:30 0 d-------- C:\UniScan 2008-04-23 23:11:15 0 d-------- C:\Documents and Settings\Lovin\Application Data\AdobeUM 2008-04-23 23:10:37 0 d-------- C:\Documents and Settings\Lovin\Application Data\Adobe 2008-04-23 17:08:36 0 d-------- C:\Documents and Settings\Niti\Application Data\Google 2008-04-23 17:08:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Google 2008-04-23 17:08:06 0 d-------- C:\Documents and Settings\Niti\Application Data\Macromedia 2008-04-23 17:07:23 0 d-------- C:\WINDOWS\system32\PreInstall 2008-04-23 1737 0 d-------- C:\Documents and Settings\Niti\Application Data\Real 2008-04-23 13:54:22 0 d-------- C:\Documents and Settings\Lovin\Application Data\Google 2008-04-23 13:47:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-04-23 13:40:39 0 d--h----- C:\WINDOWS\msdownld.tmp 2008-04-23 13:36:31 0 d-------- C:\WINDOWS\network diagnostic 2008-04-23 13:36:18 0 d--h----- C:\WINDOWS\$hf_mig$ 2008-04-23 13:18:58 0 d-------- C:\Documents and Settings\Lovin\Application Data\Macromedia 2008-04-23 13:17:46 0 d-------- C:\Documents and Settings\Lovin\Application Data\WinRAR 2008-04-23 13:17:14 0 d-------- C:\Program Files\Yahoo! 2008-04-23 13:14:17 0 d-------- C:\Program Files\Google 2008-04-23 13:10:19 0 d-------- C:\Program Files\Common Files\xing shared 2008-04-23 13:10:02 0 d-------- C:\Program Files\Real 2008-04-23 13:10:02 0 d-------- C:\Program Files\Common Files\Real 2008-04-23 13:09:41 0 d-------- C:\Documents and Settings\Lovin\Application Data\Real 2008-04-23 13:08:13 98304 --a------ C:\WINDOWS\system32\pdfmona.dll 2008-04-23 13:08:13 50364 --a------ C:\WINDOWS\system32\pdf995mon.dll 2008-04-23 13:08:11 0 d-------- C:\pdf995 2008-04-23 13:07:31 0 d-------- C:\Program Files\Nokia 2008-04-23 13:07:31 0 d-------- C:\Program Files\Common Files\Nokia 2008-04-23 13:05:48 0 d-------- C:\Program Files\Common Files\HP 2008-04-23 13:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant 2008-04-23 13:04:34 0 d-------- C:\Documents and Settings\All Users\Application Data\HP 2008-04-23 13:04:06 0 d-------- C:\Program Files\Common Files\Hewlett-Packard 2008-04-23 13:04:04 0 d-------- C:\Program Files\Hewlett-Packard 2008-04-23 13:03:48 0 d-------- C:\Program Files\HP 2008-04-23 13:03:07 308 -----n--- C:\WINDOWS\hpgmdl24.dat 2008-04-23 13:03:07 127730 --a------ C:\WINDOWS\hpgins24.dat 2008-04-23 13:00:31 0 d-------- C:\Program Files\FreeByte 2008-04-23 12:59:46 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-04-23 12:59:43 0 d-------- C:\Program Files\ffdshow 2008-04-23 12:58:33 0 d-------- C:\Program Files\ImTOO 2008-04-23 12:57:50 0 d-------- C:\Program Files\Ares 2008-04-23 12:53:21 0 d-------- C:\Documents and Settings\Lovin\Application Data\Identities 2008-04-23 12:53:09 0 dr------- C:\Documents and Settings\Lovin\Favorites 2008-04-23 12:53:09 0 d-------- C:\Documents and Settings\Lovin\Desktop 2008-04-23 12:53:09 0 d--hs---- C:\Documents and Settings\Lovin\Cookies 2008-04-23 12:53:09 0 dr-h----- C:\Documents and Settings\Lovin\Application Data 2008-04-23 12:53:08 0 d--h----- C:\Documents and Settings\Lovin\Templates 2008-04-23 12:53:08 0 dr------- C:\Documents and Settings\Lovin\Start Menu 2008-04-23 12:53:08 0 dr-h----- C:\Documents and Settings\Lovin\SendTo 2008-04-23 12:53:08 0 dr-h----- C:\Documents and Settings\Lovin\Recent 2008-04-23 12:53:08 0 d--h----- C:\Documents and Settings\Lovin\PrintHood 2008-04-23 12:53:08 2621440 --ah----- C:\Documents and Settings\Lovin\NTUSER.DAT 2008-04-23 12:53:08 0 d--h----- C:\Documents and Settings\Lovin\NetHood 2008-04-23 12:53:08 0 dr------- C:\Documents and Settings\Lovin\My Documents 2008-04-23 12:53:08 0 d--h----- C:\Documents and Settings\Lovin\Local Settings 2008-04-23 11:04:19 0 d--hs---- C:\Documents and Settings\Niti\UserData 2008-04-23 10:56:43 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-04-21 19:43:04 0 d--hs---- C:\WINDOWS\Installer 2008-04-21 19:43:04 0 d-------- C:\Program Files\Common Files\ODBC 2008-04-21 19:43:00 0 d-------- C:\Program Files\Common Files\SpeechEngines 2008-04-21 19:42:59 0 dr------- C:\Program Files 2008-04-21 19:42:59 0 d-------- C:\Program Files\Common Files 2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\Default User\Templates 2008-04-21 19:42:29 0 dr------- C:\Documents and Settings\Default User\Start Menu 2008-04-21 19:42:29 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\Default User\Recent 2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\Default User\NetHood 2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\Default User\My Documents 2008-04-21 19:42:29 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\Default User\Favorites 2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\Default User\Desktop 2008-04-21 19:42:29 0 d---s---- C:\Documents and Settings\Default User\Cookies 2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\All Users\Templates 2008-04-21 19:42:29 0 dr------- C:\Documents and Settings\All Users\Start Menu 2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\All Users\Favorites 2008-04-21 19:42:29 0 dr------- C:\Documents and Settings\All Users\Documents 2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\All Users\Desktop 2008-04-21 19:42:13 0 d-------- C:\WINDOWS\system32\CatRoot2 2008-04-21 19:42:13 0 d-------- C:\WINDOWS\system32\CatRoot 2008-04-21 19:42:08 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2008-04-21 19:42:08 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2008-04-21 19:42:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2008-04-21 19:42:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-04-21 19:41:38 0 d-------- C:\Documents and Settings 2008-04-21 19:41:37 0 d--hs---- C:\System Volume Information 2008-04-21 19:35:17 0 d-------- C:\WINDOWS 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\WinSxS 2008-04-21 19:35:17 0 dr------- C:\WINDOWS\Web 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\twain_32 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\wins 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\wbem 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\usmt 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\spool 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\ShellExt 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\Setup 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\ras 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\oobe 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\npp 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\mui 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\inetsrv 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\IME 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\icsxml 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\ias 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\export 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\drivers 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\drivers\etc 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\drivers\disdn 2008-04-21 19:35:17 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\dhcp 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\config 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\3com_dmi 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\3076 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\2052 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1054 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1042 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1041 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1037 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1033 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1031 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1028 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1025 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\security 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Resources 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\repair 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Provisioning 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\PeerNet 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\pchealth 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\mui 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\msapps 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\msagent 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Media 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\java 2008-04-21 19:35:17 0 d--h----- C:\WINDOWS\inf 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\ime 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Help 2008-04-21 19:35:17 0 dr--s---- C:\WINDOWS\Fonts 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\ehome 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Driver Cache 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Debug 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Cursors 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Connection Wizard 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Config 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\AppPatch 2008-04-21 19:35:17 0 d-------- C:\WINDOWS\addins 2008-04-21 17:27:55 0 d-------- C:\Program Files\Common Files\L&H 2008-04-21 17:27:42 0 d-------- C:\Program Files\Microsoft.NET 2008-04-21 17:27:30 0 d-------- C:\Program Files\Microsoft ActiveSync 2008-04-21 17:26:40 0 d-------- C:\Program Files\Microsoft Works 2008-04-21 17:26:16 0 d-------- C:\WINDOWS\SHELLNEW 2008-04-21 17:17:44 1957888 --a------ C:\WINDOWS\webshots.scr <Not Verified; Webshots.com; The Webshots Desktop> 2008-04-21 17:17:43 0 d-------- C:\Program Files\Webshots 2008-04-21 17:15:38 0 d-------- C:\Documents and Settings\Niti\Application Data\Identities 2008-04-21 17:15:31 0 d--h----- C:\Documents and Settings\Niti\Templates 2008-04-21 17:15:31 0 dr------- C:\Documents and Settings\Niti\Start Menu 2008-04-21 17:15:31 0 dr-h----- C:\Documents and Settings\Niti\SendTo 2008-04-21 17:15:31 0 dr-h----- C:\Documents and Settings\Niti\Recent 2008-04-21 17:15:31 0 d--h----- C:\Documents and Settings\Niti\PrintHood 2008-04-21 17:15:31 2359296 --ah----- C:\Documents and Settings\Niti\NTUSER.DAT 2008-04-21 17:15:31 0 d--h----- C:\Documents and Settings\Niti\NetHood 2008-04-21 17:15:31 0 dr------- C:\Documents and Settings\Niti\My Documents 2008-04-21 17:15:31 0 d--h----- C:\Documents and Settings\Niti\Local Settings 2008-04-21 17:15:31 0 dr------- C:\Documents and Settings\Niti\Favorites 2008-04-21 17:15:31 0 d-------- C:\Documents and Settings\Niti\Desktop 2008-04-21 17:15:31 0 d--hs---- C:\Documents and Settings\Niti\Cookies 2008-04-21 17:15:31 0 dr-h----- C:\Documents and Settings\Niti\Application Data 2008-04-21 17:15:31 0 d---s---- C:\Documents and Settings\Niti\Application Data\Microsoft 2008-04-21 15:00:08 0 d-------- C:\Program Files\Alwil Software 2008-04-21 14:49:31 0 d-------- C:\WINDOWS\system32\Lang 2008-04-21 14:38:40 0 d-------- C:\WINDOWS\system32\RTCOM 2008-04-21 14:38:40 40960 --a------ C:\WINDOWS\system32\ChCfg.exe 2008-04-21 14:38:25 0 d-------- C:\Program Files\Realtek 2008-04-21 14:38:23 487424 -----n--- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library> 2008-04-21 14:32:14 0 d-------- C:\Program Files\Intel 2008-04-21 14:31:31 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2008-04-21 14:31:29 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-21 14:31:27 0 d-------- C:\Program Files\Common Files\InstallShield 2008-04-21 14:30:58 36484 --a------ C:\WINDOWS\system32\drivers\SMBios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver> 2008-04-21 14:30:51 0 d-------- C:\TempEI4 2008-04-21 14:28:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2008-04-21 14:28:02 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-04-21 14:28:02 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-04-21 14:28:02 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-04-21 14:28:02 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-04-21 14:28:02 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-04-21 14:28:02 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-04-21 14:28:02 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-04-21 14:28:02 0 dr------- C:\Documents and Settings\Administrator\My Documents 2008-04-21 14:28:02 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-04-21 14:28:02 0 dr------- C:\Documents and Settings\Administrator\Favorites 2008-04-21 14:28:02 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-04-21 14:28:02 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2008-04-21 14:28:02 0 dr-h----- C:\Documents and Settings\Administrator\Application Data 2008-04-21 14:28:02 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-04-21 14:27:22 0 d-------- C:\WINDOWS\SoftwareDistribution 2008-04-21 14:27:20 0 d---s---- C:\WINDOWS\system32\Microsoft 2008-04-21 14:27:20 0 d-------- C:\WINDOWS\Prefetch 2008-04-21 14:27:19 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2008-04-21 14:27:19 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2008-04-21 14:27:19 0 d--hs---- C:\Documents and Settings\LocalService\Cookies 2008-04-21 14:27:19 0 d-------- C:\Documents and Settings\LocalService\Application Data 2008-04-21 14:27:19 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2008-04-21 14:27:06 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2008-04-21 14:27:06 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2008-04-21 14:27:06 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies 2008-04-21 14:27:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2008-04-21 14:27:06 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2008-04-21 14:23:43 0 d-------- C:\WINDOWS\system32\xircom 2008-04-21 14:23:43 0 d-------- C:\Program Files\microsoft frontpage 2008-04-21 14:23:29 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT 2008-04-21 14:23:22 0 -rahs---- C:\MSDOS.SYS 2008-04-21 14:23:22 0 -rahs---- C:\IO.SYS 2008-04-21 14:23:22 0 --a------ C:\CONFIG.SYS 2008-04-21 14:23:22 7 ---hs---- C:\AUTOEXEC.BAT 2008-04-21 14:22:19 0 d--hs---- C:\Documents and Settings\All Users\DRM 2008-04-21 14:22:09 0 dr------- C:\WINDOWS\Offline Web Pages 2008-04-21 14:22:09 0 d---s---- C:\WINDOWS\Downloaded Program Files 2008-04-21 14:21:58 0 d--h----- C:\Program Files\WindowsUpdate 2008-04-21 14:21:35 0 d-------- C:\WINDOWS\system32\DirectX 2008-04-21 14:20:39 0 d---s---- C:\WINDOWS\Tasks 2008-04-21 14:20:36 0 d-------- C:\Program Files\Common Files\MSSoap 2008-04-21 14:20:31 0 d-------- C:\WINDOWS\srchasst 2008-04-21 14:20:30 0 d-------- C:\WINDOWS\system32\Macromed 2008-04-21 14:20:18 0 d-------- C:\Program Files\Movie Maker 2008-04-21 14:20:02 0 d-------- C:\WINDOWS\system32\Restore 2008-04-21 14:19:11 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-04-21 14:18:55 0 d-------- C:\WINDOWS\Registration 2008-04-21 14:18:48 0 d-------- C:\Program Files\Online Services 2008-04-21 14:18:42 0 d-------- C:\Program Files\Messenger 2008-04-21 14:18:36 0 d-------- C:\Program Files\MSN Gaming Zone 2008-04-21 14:17:44 0 d-------- C:\Program Files\Windows NT 2008-04-21 14:17:39 0 d-------- C:\WINDOWS\system32\MsDtc 2008-04-21 14:17:35 0 d-------- C:\WINDOWS\system32\Com -- Find3M Report --------------------------------------------------------------- 2008-05-14 00:23:24 9 -r-hs---- C:\Program Files\Desktop_.ini 2008-04-21 19:42:29 62 --ahs---- C:\Documents and Settings\Lovin\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AE2C05D-7EA2-4452-A4EC-E4CB5253B0D0}] C:\WINDOWS\system32\rqRIbaAp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] 2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}] 2008-04-29 14:54 1527320 --a------ C:\Program Files\The_Pirate_Bay\tbThe0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6725EDC-93FF-479B-A98B-C5B9E3C44864}] C:\WINDOWS\system32\ljJBsQgG.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A33FA729-D155-4B23-842B-2C665ECABDB6}"= C:\Program Files\The_Pirate_Bay\tbThe0.dll [2008-04-29 14:54 1527320] [-HKEY_CLASSES_ROOT\CLSID\{A33FA729-D155-4B23-842B-2C665ECABDB6}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 23:06] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 23:02] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-04-13 11:51 C:\WINDOWS\RTHDCPL.EXE] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 13:10] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 01:51] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21] "LoadService"="" [] "CCAPPS"="" [] "OSA"="" [] "SymRun"="" [] "local service"="" [] "Security"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "Bron-Spizaetus"="C:\WINDOWS\ShellNew\bronstab.exe" [2008-05-09 19:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ares"="C:\Program Files\Ares\Ares.exe" [2007-02-16 21:47] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 19:34] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:26] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:54] "svcshare"="C:\WINDOWS\system32\drivers\spoclsv.exe" [] "Tok-Cirrhatus"="C:\Documents and Settings\Lovin\Local Settings\Application Data\smss.exe" [2008-05-09 19:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Tok-Cirrhatus"="C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe" C:\Documents and Settings\Lovin\Start Menu\Programs\Startup\ Empty.pif [2008-05-09 19:00:52] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) "DisableCMD"=0 (0x0) "DisableRegistryTools"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "DisableCMD"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFolderOptions"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoFolderOptions"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{F6725EDC-93FF-479B-A98B-C5B9E3C44864}"= C:\WINDOWS\system32\ljJBsQgG.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe \"C:\WINDOWS\eksplorasi.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJBsQgG] ljJBsQgG.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRIbaAp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt hpqcxs08 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e03d41a-12da-11dd-a798-001320994a16}] Auto\command- G:\setup.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe Newly Created Service - AVP -- End of Deckard's System Scanner: finished at 2008-05-14 21:42:23 ------------