Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Help plzzzz Help plzzzz
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 05-08-2008, 10:40 AM   #1 (permalink)
Registered User
 
Join Date: May 2008
Posts: 6
OS: xp


Help plzzzz
My system does nt allow mw to do anything can anyone look at my log entries and help me

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:25 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\drivers\spoclsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
F:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>
O1 - Hosts: <tr>
O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399 colspan=2>
O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
O1 - Hosts: <tr bgcolor=white><td valign=top align=center>
O1 - Hosts: <form action="http://search.yahoo.com/search">
O1 - Hosts: <input size="14" name="p" value="">&nbsp;
O1 - Hosts: <input type="SUBMIT" value="Search">
O1 - Hosts: <font face=arial size=-2>•&nbsp;<a href="http://search.yahoo.com/search/options?p=">advanced search</a> •&nbsp;<a href="http://buzz.yahoo.com">most popular</a></font>
O1 - Hosts: </form></td></tr></table>
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=ccccff><td>
O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td>
O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>
O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95.
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=right>
O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </td>
O1 - Hosts: <td width=1>&nbsp;</td>
O1 - Hosts: <td valign=top align=center width=445>
O1 - Hosts: <script language="JavaScript" type="text/javascript"
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr">
O1 - Hosts: </script>
O1 - Hosts: <noscript>
O1 - Hosts: <iframe
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
O1 - Hosts: </iframe>
O1 - Hosts: </noscript>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
O1 - Hosts: </font></td></tr></table></td></tr></table>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [svcshare] C:\WINDOWS\system32\drivers\spoclsv.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 12242 bytes
Niti is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-12-2008, 12:41 AM   #2 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,439
OS: XP


Re: Help plzzzz
Hi, welcome to TSF!

Sorry for the delay, helpers here are very busy,

If you still need assistance,

Download Deckard's System Scanner to your Desktop.

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - main.txt.txt<<this one will be maximized and extra.txt <<this one will be minimized.
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt.txt in your next reply.
6. Please copy and paste the contents of main.txt and extra.txt to your post.
__________________
Proud member of UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-14-2008, 09:14 AM   #3 (permalink)
Registered User
 
Join Date: May 2008
Posts: 6
OS: xp


Re: Help plzzzz
i just got main.txt

what shd i do plssss help

Deckard's System Scanner v20071014.68
Run by Lovin on 2008-05-14 21:41:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Lovin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:41, on 2008-05-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Lovin\Local Settings\Application Data\winlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Niti\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Lovin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe0.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>
O1 - Hosts: <tr>
O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com">Help</a></font><hr size=1 noshade></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399 colspan=2>
O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
O1 - Hosts: <tr bgcolor=white><td valign=top align=center>
O1 - Hosts: <form action="http://search.yahoo.com/search">
O1 - Hosts: <input size="14" name="p" value="">&nbsp;
O1 - Hosts: <input type="SUBMIT" value="Search">
O1 - Hosts: <font face=arial size=-2>•&nbsp;<a href="http://search.yahoo.com/search/options?p=">advanced search</a> •&nbsp;<a href="http://buzz.yahoo.com">most popular</a></font>
O1 - Hosts: </form></td></tr></table>
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=ccccff><td>
O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td>
O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>
O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.yahoo.com/ps/wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95.
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=right>
O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </td>
O1 - Hosts: <td width=1>&nbsp;</td>
O1 - Hosts: <td valign=top align=center width=445>
O1 - Hosts: <script language="JavaScript" type="text/javascript"
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sr">
O1 - Hosts: </script>
O1 - Hosts: <noscript>
O1 - Hosts: <iframe
O1 - Hosts: src="http://adserver.yahoo.com/a?f=76001284&p=geocities&l=MON&c=sh&bg=ffffff"
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
O1 - Hosts: </iframe>
O1 - Hosts: </noscript>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://address.yahoo.com/">Address Book</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://alerts.yahoo.com/">Alerts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://auctions.yahoo.com/">Auctions</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://billpay.yahoo.com/">Bill Pay</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://bookmarks.yahoo.com/">Bookmarks</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://briefcase.yahoo.com/">Briefcase</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://broadcast.yahoo.com/">Broadcast</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://calendar.yahoo.com/">Calendar</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://chat.yahoo.com/">Chat</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://classifieds.yahoo.com/">Classifieds</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://clubs.yahoo.com/">Clubs</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://companion.yahoo.com/">Companion</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://experts.yahoo.com/">Experts</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://games.yahoo.com/">Games</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://greetings.yahoo.com/">Greetings</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://geocities.yahoo.com/">Home Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://invites.yahoo.com/">Invites</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://mail.yahoo.com/">Mail</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://maps.yahoo.com/">Maps</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://members.yahoo.com/">Member Directory</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://messenger.yahoo.com/">Messenger</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://my.yahoo.com/">My Yahoo!</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://news.yahoo.com/">News</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://paydirect.yahoo.com/">PayDirect</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://people.yahoo.com/">People Search</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://personals.yahoo.com/">Personals</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://photos.yahoo.com/">Photos</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://shopping.yahoo.com/">Shopping</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://sports.yahoo.com/">Sports</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://finance.yahoo.com/">Stock Quotes</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://tv.yahoo.com/">TV</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://travel.yahoo.com/">Travel</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://weather.yahoo.com/">Weather</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://www.yahooligans.com/">Yahooligans</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://yp.yahoo.com/">Yellow Pages</A> · <A
O1 - Hosts: href="http://rd.yahoo.com/footer/?http://docs.yahoo.com/docs/family/more.html">more...</A>
O1 - Hosts: </font></td></tr></table></td></tr></table>
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3AE2C05D-7EA2-4452-A4EC-E4CB5253B0D0} - C:\WINDOWS\system32\rqRIbaAp.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {F6725EDC-93FF-479B-A98B-C5B9E3C44864} - C:\WINDOWS\system32\ljJBsQgG.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [svcshare] C:\WINDOWS\system32\drivers\spoclsv.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Lovin\Local Settings\Application Data\smss.exe"
O4 - HKUS\S-1-5-18\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe" (User 'Default user')
O4 - S-1-5-20 Startup: Empty.pif = ? (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Empty.pif = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Empty.pif = ? (User 'Default user')
O4 - Startup: Empty.pif = ?
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZSEPE32.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ljJBsQgG - ljJBsQgG.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 15371 bytes

-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 21:23:44 0 d-------- C:\Program Files\Trend Micro
2008-05-13 21:03:23 0 d-------- C:\backups
2008-05-13 21:02:56 477021 --a------ C:\HijackThis.exe
2008-05-13 16:02:40 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-05-13 16:02:40 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-05-13 16:02:40 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-13 16:02:40 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-13 16:02:40 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-05-13 16:02:40 0 d-------- C:\Program Files\Common Files\Ahead
2008-05-13 16:02:35 0 d-------- C:\Program Files\Ahead
2008-05-11 09:33:53 0 d-------- C:\Program Files\WinWatermark 2
2008-05-10 2343 0 d-------- C:\WINDOWS\_ISTMP1.DIR
2008-05-10 22:15:15 6860 --ahs---- C:\WINDOWS\system32\pAabIRqr.ini2
2008-05-10 22:13:12 6569 --ahs---- C:\WINDOWS\system32\ttwwEfhk.ini2
2008-05-10 22:12:01 277504 --a------ C:\WINDOWS\system32\khfEwwtt.dll
2008-05-10 21:54:54 0 d-------- C:\Program Files\Digital Reality
2008-05-10 20:17:51 0 d-------- C:\Tempa
2008-05-10 12:02:06 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-10 12:02:06 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-10 12:00:46 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-10 12:00:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-10 12:00:40 688160 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-10 12:00:40 2068000 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-10 11:58:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-10 11:12:34 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-05-10 11:12:33 0 d-------- C:\Program Files\UltraISO
2008-05-09 19:04:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-09 19:00:52 42065 -----n--- C:\WowTumpeh.com
2008-05-09 19:00:52 42065 --a------ C:\WINDOWS\system32\System's Setting.scr
2008-05-09 19:00:52 42065 --a------ C:\WINDOWS\system32\Niti's Setting.scr
2008-05-09 19:00:52 42065 --a------ C:\WINDOWS\system32\Lovin's Setting.scr
2008-05-09 19:00:52 42065 ---h----- C:\WINDOWS\eksplorasi.exe
2008-05-09 17:25:09 0 d-------- C:\Program Files\The_Pirate_Bay
2008-05-09 17:25:09 0 d-------- C:\Program Files\Conduit
2008-05-09 00:55:49 29 --a------ C:\WINDOWS\popcinfo.dat
2008-05-09 00:48:54 0 d-------- C:\Documents and Settings\Lovin\Application Data\MEGAUPLOADTOOLBAR
2008-05-09 00:46:52 0 d-------- C:\Program Files\MegauploadToolbar
2008-05-09 00:46:51 0 d-------- C:\Documents and Settings\Niti\Application Data\MegauploadToolbar
2008-05-08 21:44:00 0 d-------- C:\Program Files\DOSBox-0.65
2008-05-08 21:43:19 0 d-------- C:\Program Files\D-Fend
2008-05-08 10:52:51 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-08 10:48:21 0 d-------- C:\Program Files\PopCap Games
2008-05-06 22:18:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Firefly Studios
2008-05-06 22:01:59 0 d-------- C:\Program Files\GameShadow
2008-05-06 22:01:38 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-06 21:56:29 0 d-------- C:\Program Files\Firefly Studios
2008-05-04 17:08:40 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Real
2008-05-04 17:08:26 0 d--h----- C:\Documents and Settings\NetworkService\SendTo
2008-05-04 17:08:16 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Identities
2008-05-04 17:08:02 0 dr------- C:\Documents and Settings\NetworkService\My Documents
2008-05-04 17:08:01 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2008-05-04 17:08:01 0 dr-h----- C:\Documents and Settings\NetworkService\Recent
2008-05-04 17:08:01 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-05-04 17:08:01 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-05-03 20:22:07 100863 -r-hs---- C:\mgjpcfdg.cmd
2008-05-02 10:55:16 0 d-------- C:\Documents and Settings\Niti\Application Data\ArcSoft
2008-05-02 09:01:37 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2008-05-02 09:00:55 0 d-------- C:\Program Files\Microsoft IntelliType Pro 5.2
2008-05-01 22:51:02 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-01 22:21:35 0 d-------- C:\Documents and Settings\Niti\Application Data\WinRAR
2008-05-01 21:57:26 0 d-------- C:\Documents and Settings\Lovin\Application Data\ArcSoft
2008-05-01 21:50:55 212480 --a------ C:\WINDOWS\pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-05-01 21:50:55 0 d-------- C:\Program Files\ArcSoft
2008-05-01 18:30:54 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-01 18:30:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-05-01 18:29:34 0 d-------- C:\Program Files\Yahoo! Games
2008-04-29 21:35:29 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-29 15:05:08 0 d-------- C:\Documents and Settings\Lovin\Application Data\Gaijin Ent
2008-04-28 13:58:55 0 d-------- C:\Documents and Settings\Niti\Application Data\Gaijin Ent
2008-04-28 13:58:40 0 d-------- C:\Program Files\Stand O Food
2008-04-28 13:58:30 0 d-------- C:\Program Files\ReflexiveArcade
2008-04-27 12:52:10 0 d-------- C:\Documents and Settings\Niti\Application Data\Adobe
2008-04-27 12:43:16 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-25 22:45:13 0 d-------- C:\Program Files\Banana Security
2008-04-25 18:40:33 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-25 18:40:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-25 18:21:06 26964 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-04-24 21:15:43 0 d-------- C:\Program Files\MSXML 4.0
2008-04-24 20:09:58 0 d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-04-24 2052 44544 -ra------ C:\WINDOWS\system32\MSXML4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-04-24 2051 626960 -ra------ C:\WINDOWS\system32\hpvaut32.dll <Not Verified; Microsoft Corporation; >
2008-04-24 20:03:53 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-04-24 20:03:53 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-04-24 20:03:53 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-04-24 20:03:53 65536 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-04-24 20:03:53 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-04-24 20:03:52 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-04-24 20:03:45 327168 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-24 20:01:43 17176 -----n--- C:\WINDOWS\hpomdl04.dat
2008-04-24 20:01:43 104553 --a------ C:\WINDOWS\hpoins04.dat
2008-04-24 19:58:41 0 d-------- C:\temp
2008-04-24 19:46:47 0 d-------- C:\Documents and Settings\Lovin\Application Data\Printer Info Cache
2008-04-24 19:46:45 0 d-------- C:\Documents and Settings\Lovin\Application Data\Image Zone Express
2008-04-24 19:40:57 0 d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-04-24 18:50:30 0 d-------- C:\UniScan
2008-04-23 23:11:15 0 d-------- C:\Documents and Settings\Lovin\Application Data\AdobeUM
2008-04-23 23:10:37 0 d-------- C:\Documents and Settings\Lovin\Application Data\Adobe
2008-04-23 17:08:36 0 d-------- C:\Documents and Settings\Niti\Application Data\Google
2008-04-23 17:08:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-23 17:08:06 0 d-------- C:\Documents and Settings\Niti\Application Data\Macromedia
2008-04-23 17:07:23 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-23 1737 0 d-------- C:\Documents and Settings\Niti\Application Data\Real
2008-04-23 13:54:22 0 d-------- C:\Documents and Settings\Lovin\Application Data\Google
2008-04-23 13:47:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-23 13:40:39 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-04-23 13:36:31 0 d-------- C:\WINDOWS\network diagnostic
2008-04-23 13:36:18 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-23 13:18:58 0 d-------- C:\Documents and Settings\Lovin\Application Data\Macromedia
2008-04-23 13:17:46 0 d-------- C:\Documents and Settings\Lovin\Application Data\WinRAR
2008-04-23 13:17:14 0 d-------- C:\Program Files\Yahoo!
2008-04-23 13:14:17 0 d-------- C:\Program Files\Google
2008-04-23 13:10:19 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-23 13:10:02 0 d-------- C:\Program Files\Real
2008-04-23 13:10:02 0 d-------- C:\Program Files\Common Files\Real
2008-04-23 13:09:41 0 d-------- C:\Documents and Settings\Lovin\Application Data\Real
2008-04-23 13:08:13 98304 --a------ C:\WINDOWS\system32\pdfmona.dll
2008-04-23 13:08:13 50364 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-04-23 13:08:11 0 d-------- C:\pdf995
2008-04-23 13:07:31 0 d-------- C:\Program Files\Nokia
2008-04-23 13:07:31 0 d-------- C:\Program Files\Common Files\Nokia
2008-04-23 13:05:48 0 d-------- C:\Program Files\Common Files\HP
2008-04-23 13:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-04-23 13:04:34 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-04-23 13:04:06 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-23 13:04:04 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-23 13:03:48 0 d-------- C:\Program Files\HP
2008-04-23 13:03:07 308 -----n--- C:\WINDOWS\hpgmdl24.dat
2008-04-23 13:03:07 127730 --a------ C:\WINDOWS\hpgins24.dat
2008-04-23 13:00:31 0 d-------- C:\Program Files\FreeByte
2008-04-23 12:59:46 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-23 12:59:43 0 d-------- C:\Program Files\ffdshow
2008-04-23 12:58:33 0 d-------- C:\Program Files\ImTOO
2008-04-23 12:57:50 0 d-------- C:\Program Files\Ares
2008-04-23 12:53:21 0 d-------- C:\Documents and Settings\Lovin\Application Data\Identities
2008-04-23 12:53:09 0 dr------- C:\Documents and Settings\Lovin\Favorites
2008-04-23 12:53:09 0 d-------- C:\Documents and Settings\Lovin\Desktop
2008-04-23 12:53:09 0 d--hs---- C:\Documents and Settings\Lovin\Cookies
2008-04-23 12:53:09 0 dr-h----- C:\Documents and Settings\Lovin\Application Data
2008-04-23 12:53:08 0 d--h----- C:\Documents and Settings\Lovin\Templates
2008-04-23 12:53:08 0 dr------- C:\Documents and Settings\Lovin\Start Menu
2008-04-23 12:53:08 0 dr-h----- C:\Documents and Settings\Lovin\SendTo
2008-04-23 12:53:08 0 dr-h----- C:\Documents and Settings\Lovin\Recent
2008-04-23 12:53:08 0 d--h----- C:\Documents and Settings\Lovin\PrintHood
2008-04-23 12:53:08 2621440 --ah----- C:\Documents and Settings\Lovin\NTUSER.DAT
2008-04-23 12:53:08 0 d--h----- C:\Documents and Settings\Lovin\NetHood
2008-04-23 12:53:08 0 dr------- C:\Documents and Settings\Lovin\My Documents
2008-04-23 12:53:08 0 d--h----- C:\Documents and Settings\Lovin\Local Settings
2008-04-23 11:04:19 0 d--hs---- C:\Documents and Settings\Niti\UserData
2008-04-23 10:56:43 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-21 19:43:04 0 d--hs---- C:\WINDOWS\Installer
2008-04-21 19:43:04 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-21 19:43:00 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-21 19:42:59 0 dr------- C:\Program Files
2008-04-21 19:42:59 0 d-------- C:\Program Files\Common Files
2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-21 19:42:29 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-21 19:42:29 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-21 19:42:29 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-21 19:42:29 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-21 19:42:29 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-21 19:42:29 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-21 19:42:29 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-21 19:42:29 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-21 19:42:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-21 19:42:13 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-21 19:42:08 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-21 19:42:08 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-21 19:42:07 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-21 19:42:07 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-21 19:41:38 0 d-------- C:\Documents and Settings
2008-04-21 19:41:37 0 d--hs---- C:\System Volume Information
2008-04-21 19:35:17 0 d-------- C:\WINDOWS
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\WinSxS
2008-04-21 19:35:17 0 dr------- C:\WINDOWS\Web
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\twain_32
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\wins
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\wbem
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\usmt
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\spool
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\Setup
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\ras
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\oobe
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\npp
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\mui
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\IME
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\ias
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\export
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\drivers
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-21 19:35:17 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\config
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\3076
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\2052
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1054
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1042
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1041
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1037
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1033
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1031
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1028
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system32\1025
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\system
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\security
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Resources
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\repair
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Provisioning
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\PeerNet
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\pchealth
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\mui
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\msapps
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\msagent
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Media
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\java
2008-04-21 19:35:17 0 d--h----- C:\WINDOWS\inf
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\ime
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Help
2008-04-21 19:35:17 0 dr--s---- C:\WINDOWS\Fonts
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\ehome
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Driver Cache
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Debug
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Cursors
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\Config
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\AppPatch
2008-04-21 19:35:17 0 d-------- C:\WINDOWS\addins
2008-04-21 17:27:55 0 d-------- C:\Program Files\Common Files\L&H
2008-04-21 17:27:42 0 d-------- C:\Program Files\Microsoft.NET
2008-04-21 17:27:30 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-21 17:26:40 0 d-------- C:\Program Files\Microsoft Works
2008-04-21 17:26:16 0 d-------- C:\WINDOWS\SHELLNEW
2008-04-21 17:17:44 1957888 --a------ C:\WINDOWS\webshots.scr <Not Verified; Webshots.com; The Webshots Desktop>
2008-04-21 17:17:43 0 d-------- C:\Program Files\Webshots
2008-04-21 17:15:38 0 d-------- C:\Documents and Settings\Niti\Application Data\Identities
2008-04-21 17:15:31 0 d--h----- C:\Documents and Settings\Niti\Templates
2008-04-21 17:15:31 0 dr------- C:\Documents and Settings\Niti\Start Menu
2008-04-21 17:15:31 0 dr-h----- C:\Documents and Settings\Niti\SendTo
2008-04-21 17:15:31 0 dr-h----- C:\Documents and Settings\Niti\Recent
2008-04-21 17:15:31 0 d--h----- C:\Documents and Settings\Niti\PrintHood
2008-04-21 17:15:31 2359296 --ah----- C:\Documents and Settings\Niti\NTUSER.DAT
2008-04-21 17:15:31 0 d--h----- C:\Documents and Settings\Niti\NetHood
2008-04-21 17:15:31 0 dr------- C:\Documents and Settings\Niti\My Documents
2008-04-21 17:15:31 0 d--h----- C:\Documents and Settings\Niti\Local Settings
2008-04-21 17:15:31 0 dr------- C:\Documents and Settings\Niti\Favorites
2008-04-21 17:15:31 0 d-------- C:\Documents and Settings\Niti\Desktop
2008-04-21 17:15:31 0 d--hs---- C:\Documents and Settings\Niti\Cookies
2008-04-21 17:15:31 0 dr-h----- C:\Documents and Settings\Niti\Application Data
2008-04-21 17:15:31 0 d---s---- C:\Documents and Settings\Niti\Application Data\Microsoft
2008-04-21 15:00:08 0 d-------- C:\Program Files\Alwil Software
2008-04-21 14:49:31 0 d-------- C:\WINDOWS\system32\Lang
2008-04-21 14:38:40 0 d-------- C:\WINDOWS\system32\RTCOM
2008-04-21 14:38:40 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-21 14:38:25 0 d-------- C:\Program Files\Realtek
2008-04-21 14:38:23 487424 -----n--- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-04-21 14:32:14 0 d-------- C:\Program Files\Intel
2008-04-21 14:31:31 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-21 14:31:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-21 14:31:27 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-21 14:30:58 36484 --a------ C:\WINDOWS\system32\drivers\SMBios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>
2008-04-21 14:30:51 0 d-------- C:\TempEI4
2008-04-21 14:28:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-21 14:28:02 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-21 14:28:02 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-21 14:28:02 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-21 14:28:02 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-21 14:28:02 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-21 14:28:02 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-21 14:28:02 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-21 14:28:02 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-21 14:28:02 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-21 14:28:02 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-21 14:28:02 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-21 14:28:02 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-21 14:28:02 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-21 14:28:02 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-21 14:27:22 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-21 14:27:20 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-21 14:27:20 0 d-------- C:\WINDOWS\Prefetch
2008-04-21 14:27:19 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-21 14:27:19 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-21 14:27:19 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-04-21 14:27:19 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-21 14:27:19 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-21 14:27:06 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-21 14:27:06 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-21 14:27:06 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-04-21 14:27:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-21 14:27:06 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-21 14:23:43 0 d-------- C:\WINDOWS\system32\xircom
2008-04-21 14:23:43 0 d-------- C:\Program Files\microsoft frontpage
2008-04-21 14:23:29 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-21 14:23:22 0 -rahs---- C:\MSDOS.SYS
2008-04-21 14:23:22 0 -rahs---- C:\IO.SYS
2008-04-21 14:23:22 0 --a------ C:\CONFIG.SYS
2008-04-21 14:23:22 7 ---hs---- C:\AUTOEXEC.BAT
2008-04-21 14:22:19 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-21 14:22:09 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-21 14:22:09 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-21 14:21:58 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-21 14:21:35 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-21 14:20:39 0 d---s---- C:\WINDOWS\Tasks
2008-04-21 14:20:36 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-21 14:20:31 0 d-------- C:\WINDOWS\srchasst
2008-04-21 14:20:30 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-21 14:20:18 0 d-------- C:\Program Files\Movie Maker
2008-04-21 14:20:02 0 d-------- C:\WINDOWS\system32\Restore
2008-04-21 14:19:11 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-21 14:18:55 0 d-------- C:\WINDOWS\Registration
2008-04-21 14:18:48 0 d-------- C:\Program Files\Online Services
2008-04-21 14:18:42 0 d-------- C:\Program Files\Messenger
2008-04-21 14:18:36 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-21 14:17:44 0 d-------- C:\Program Files\Windows NT
2008-04-21 14:17:39 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-21 14:17:35 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-05-14 00:23:24 9 -r-hs---- C:\Program Files\Desktop_.ini
2008-04-21 19:42:29 62 --ahs---- C:\Documents and Settings\Lovin\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AE2C05D-7EA2-4452-A4EC-E4CB5253B0D0}]
C:\WINDOWS\system32\rqRIbaAp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2008-04-29 14:54 1527320 --a------ C:\Program Files\The_Pirate_Bay\tbThe0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6725EDC-93FF-479B-A98B-C5B9E3C44864}]
C:\WINDOWS\system32\ljJBsQgG.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= C:\Program Files\The_Pirate_Bay\tbThe0.dll [2008-04-29 14:54 1527320]

[-HKEY_CLASSES_ROOT\CLSID\{A33FA729-D155-4B23-842B-2C665ECABDB6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 23:06]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 23:02]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-04-13 11:51 C:\WINDOWS\RTHDCPL.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-23 13:10]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 01:51]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21]
"LoadService"="" []
"CCAPPS"="" []
"OSA"="" []
"SymRun"="" []
"local service"="" []
"Security"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Bron-Spizaetus"="C:\WINDOWS\ShellNew\bronstab.exe" [2008-05-09 19:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-02-16 21:47]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-19 19:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:26]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:54]
"svcshare"="C:\WINDOWS\system32\drivers\spoclsv.exe" []
"Tok-Cirrhatus"="C:\Documents and Settings\Lovin\Local Settings\Application Data\smss.exe" [2008-05-09 19:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\NetworkService\Local Settings\Application Data\smss.exe"

C:\Documents and Settings\Lovin\Start Menu\Programs\Startup\
Empty.pif [2008-05-09 19:00:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableCMD"=0 (0x0)
"DisableRegistryTools"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F6725EDC-93FF-479B-A98B-C5B9E3C44864}"= C:\WINDOWS\system32\ljJBsQgG.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe \"C:\WINDOWS\eksplorasi.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJBsQgG]
ljJBsQgG.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRIbaAp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e03d41a-12da-11dd-a798-001320994a16}]
Auto\command- G:\setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

*Newly Created Service* - AVP



-- End of Deckard's System Scanner: finished at 2008-05-14 21:42:23 ------------
Niti is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-14-2008, 06:37 PM   #4 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,439
OS: XP


Re: Help plzzzz
Hi,

Did you get an extra.txt file when you scanned with DSS? If so, please attach it to your post.

Is your kaspersky still working ok? It doesn't seem to be running...

Please visit this webpage for download links, and instructions for running combofixl:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.
__________________
Proud member of UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-14-2008, 09:49 PM   #5 (permalink)
Registered User
 
Join Date: May 2008
Posts: 6
OS: xp


Re: Help plzzzz
i knw the last time i did it gave me two file one maximized and other one minimized but this time it dint came just the main.txt file came and i have combofix with me but it's an older version and demands for a new version and everytime idownload it my system restarts
Niti is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-14-2008, 10:42 PM   #6 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Location: BC, Canada
Posts: 2,439
OS: XP


Re: Help plzzzz
I see.

The extra.txt that was created in the first run should be here:

C:\Deckard\System Scanner\extra.txt

You should delete the older version and download a new one from the link I gave you.

If your computer still restarts when you attempt to download combofix, please download it next time in this manner:

Download combofix.exe







Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named, next to ComboFix.exe.






Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click 'Yes' to run the full ComboFix scan.


  • When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
__________________
Proud member of UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 05-17-2008, 01:39 AM   #7 (permalink)
Registered User
 
Join Date: May 2008
Posts: 6
OS: xp


Re: Help plzzzz
combofix

ComboFix 08-05-15.3 - Lovin 2008-05-17 11:53:55.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.561 [GMT 5.5:30]
Running from: C:\Documents and Settings\Lovin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lovin\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\backups\Desktop_.ini
C:\Config.Msi\Desktop_.ini
C:\Documents and Settings\NetworkService\Local Settings\Application Data\inetinfo.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\services.exe
C:\Documents and Settings\NetworkService\Local Settings\Application Data\winlogon.exe
C:\Documents and Settings\Niti\Local Settings\Application Data\inetinfo.exe
C:\pdf995\Desktop_.ini
C:\pdf995\res\convert\Desktop_.ini
C:\pdf995\res\Desktop_.ini
C:\pdf995\res\drivedir\Desktop_.ini
C:\pdf995\res\utilities\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Esl\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Help\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Help\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Images\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Javascripts\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\7.0.0\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\7.0.0\en_US\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Optional\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm\PMP\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Stamps\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Stamps\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\en_US\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia\MPP\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Howto\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Howto\images\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Locale\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Locale\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Templates\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins3d\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\SPPlugins\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\WebSearch\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\CMap\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Font\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Font\PFM\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\LanguageNames\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\Pro