Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

what virus that make this??


  • This topic is locked This topic is locked
43 replies to this topic

#1 abauw

abauw

  • Members
  • 951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kebun Kelapa
  • Local time:10:29 PM

Posted 09 July 2010 - 03:03 PM

4 days ago my father told me that usb flash disk he have was damage...I check it and that flash disk still cant open but cant copy or paste anything and I think maybe its hardware error and because of that I try to scandisk that drive (by restarting my computer)...but at scandisk prosess it shown lots "bad links in lost chain at cluster" and make my computer shut down with a beep just like overheat shut down (sometime my heatsink fan no spin automatic and my computer will autoshutdown because of that)...because I have something to do that time I decide to try it again at night...
at night I try scandisk under command prompt but "bad links in lost chain at cluster" stil shown up...i try to ignore it and wait it until finish but scandisk cant finish it because that error...because scandisk cant finish I try to recover data in the flash disk...but I forgot to check the size of data that was shown...after recovery data complete i try to test the result and suddenly my computer freeze...i try anything but still freeze...i decide to shutdown manually...
after my computer power up before windows show up it ask to scandisk C: but I skip it...after in windows I try to check that data again but this time I check the size first...and I just realized that almost all data have 4 kb size...I started to think maybe that flashdrive contain a virus that my AV cant detect it...I try to test by open 1 word file...and my computer freeze again...I shut it again manually and turn it on again and get BSOD with random error...after several attempt I decide to try it again at afternoon because I fell sleppy...
at afternoon I wake up...my brother have use the computer and I try to check my computer with several tools I have and googling found this forum..I have read several thread in this forum and feel interest to ask about my problem...please assist me about this mbr rootkit...the flash disk I think not have hardware error...but almost the data size have been change to 4 kb...I cant open the data safely...like word doc...it cant open but it only open at beginning of document but like been cut off...
I still wonder how this cant be??? almost forget that virus make me have autochk C: (scandisk) but always I skip it but now not anymore...but it says that autochk is missing every time I boot up my computer...

here my DDS log...

DDS (Ver_10-03-17.01) - NTFSx86
Run by Abauw at 2:30:29,40 on 10/07/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.124 [GMT 7:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\xampp\apache\bin\Apache.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TWEAKM~1\TMTray.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\xampp\apache\bin\Apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Abauw\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: TweakMASTER PRO Component: {7daac7de-9ef0-4ff0-bfa5-aff3e899054c} - c:\progra~1\tweakm~1\TweakBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TweakMASTER] "c:\progra~1\tweakm~1\TMTray.exe"
mRun: [DU Meter] c:\program files\du meter\DUMeter.exe
mRun: [cFosSpeed] c:\program files\cfosspeed\cFosSpeed.exe
mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
StartupFolder: c:\docume~1\abauw\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared desktop\down_link.htm
IE: Add to &LinkFox - c:\progra~1\tweakm~1\TweakBHO.dll/IESCRIPT
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {A03F6AFA-9FE4-42C5-8EEF-ABBFE1AC9765} = 203.130.193.74,202.134.0.155
TCP: {F146D3C9-0EE8-45B1-A43D-89A9264E23A3} = 208.67.222.222,208.67.220.220
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\abauw\applic~1\mozilla\firefox\profiles\f0wlqbw3.default\
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF - component: c:\documents and settings\abauw\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\abauw\application data\mozilla\firefox\profiles\f0wlqbw3.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\abauw\application data\mozilla\firefox\profiles\f0wlqbw3.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\abauw\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-5-24 128016]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-4-13 296976]
R1 SASDIFSV;SASDIFSV;c:\docume~1\abauw\locals~1\temp\superantispyware\SASDIFSV.SYS [2010-7-9 12872]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-5-25 303376]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
R3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]
RUnknown DwProt;DwProt; [x]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\abauw\locals~1\temp\superantispyware\saskutil.sys --> c:\docume~1\abauw\locals~1\temp\superantispyware\SASKUTIL.SYS [?]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-7-8 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-7-8 11104]
S3 XDva344;XDva344;\??\c:\windows\system32\xdva344.sys --> c:\windows\system32\XDva344.sys [?]
S3 XDva348;XDva348;\??\c:\windows\system32\xdva348.sys --> c:\windows\system32\XDva348.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\xdva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?]

=============== Created Last 30 ================

2010-07-09 17:42:10 0 ----a-w- c:\documents and settings\abauw\defogger_reenable
2010-07-09 16:42:20 53000 ----a-w- c:\windows\D4S.MID
2010-07-08 20:15:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-08 20:15:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-08 18:02:33 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-08 18:02:30 0 d-----w- c:\docume~1\abauw\applic~1\SUPERAntiSpyware.com
2010-07-08 14:12:14 120 ----a-w- c:\windows\d4s.hst
2010-07-08 08:42:29 535624 ----a-w- c:\windows\system32\pwNative.exe
2010-07-08 08:42:27 16472 ------w- c:\windows\system32\pwdrvio.sys
2010-07-08 08:42:27 11104 ------w- c:\windows\system32\pwdspio.sys
2010-07-08 08:25:29 0 d--h--w- c:\windows\system32\GroupPolicy
2010-07-08 07:24:26 0 d-----w- C:\ComboFix
2010-07-08 06:48:34 77312 ----a-w- C:\mbr.exe
2010-07-08 04:34:59 210 --sha-w- c:\windows\setup_9.0.0.722_07.07.2010_09-51drv.spi
2010-07-07 19:22:18 0 d-sha-r- C:\cmdcons
2010-07-07 19:15:45 77312 ----a-w- c:\windows\MBR.exe
2010-07-07 19:11:57 388608 ----a-w- c:\windows\system32\CF6036.exe
2010-07-07 19:04:14 98816 ----a-w- c:\windows\sed.exe
2010-07-07 19:04:14 256512 ----a-w- c:\windows\PEV.exe
2010-07-07 19:04:14 161792 ----a-w- c:\windows\SWREG.exe
2010-07-07 19:02:16 388608 ----a-w- c:\windows\system32\CF4135.exe
2010-07-07 18:19:14 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-07-07 18:19:12 0 d-----w- c:\program files\MagicDisc
2010-07-07 14:01:25 0 d-----w- c:\docume~1\abauw\applic~1\Malwarebytes
2010-07-07 14:00:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-07 14:00:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-07 13:42:20 0 d-----w- C:\Downloads
2010-07-05 14:12:47 20358 ----a-w- c:\windows\VGIRL.PRF
2010-07-04 16:27:07 0 d-----w- c:\program files\common files\Macromedia Shared
2010-07-01 12:40:33 44 ----a-w- c:\windows\popcinfo.dat
2010-06-29 01:08:15 0 d-----w- c:\windows\system32\LogFiles
2010-06-26 09:23:38 0 d-----w- c:\docume~1\abauw\applic~1\4shared Desktop
2010-06-26 09:23:33 0 d-----w- c:\program files\4shared Desktop

==================== Find3M ====================

2010-07-06 05:55:22 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-16 18:15:44 65776 ----a-w- c:\windows\UnDeploy.exe
2010-05-05 20:22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-05 01:56:57 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-14 09:48:19 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

============= FINISH: 2:30:47,70 ===============

sorry I cannot post gmer log...because I have twice BSOD while I scan...I run gmer scan while I type this...and thanks God I dont need to type it again...first BSOD shown XDva344.sys problem...second BSOD I forgot...because my computer restarted...

sorry if too long and sorry if my english not too good...I try my best to write this...hope someone understand it...
thanks...

finally after 6 attempt gmer finish scan without BSOD...I attach it now..sorry I zip it...no enough available space...

Edited by abauw, 09 July 2010 - 04:17 PM.

:guitar: Take me to a place where time is frozen
You don't have to close your eyes to dream :busy:
You can find escape inside this moment :smash:
And I will follow  :whistle:


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:29 PM

Posted 12 July 2010 - 01:54 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 abauw

abauw
  • Topic Starter

  • Members
  • 951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kebun Kelapa
  • Local time:10:29 PM

Posted 12 July 2010 - 02:38 PM

@schrauber
thanks for the reply..
for you information...i have use several tools in Hiren's BootCD 10.6...before I posted or register here...
and several hours ago i have Eset Online Scan...just wonder if that eset cant find it smile.gif

DDS (Ver_10-03-17.01) - NTFSx86
Run by Abauw at 2:30:34,09 on 13/07/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.146 [GMT 7:00]

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\xampp\apache\bin\Apache.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\xampp\apache\bin\Apache.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TWEAKM~1\TMTray.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Abauw\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: TweakMASTER PRO Component: {7daac7de-9ef0-4ff0-bfa5-aff3e899054c} - c:\progra~1\tweakm~1\TweakBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TweakMASTER] "c:\progra~1\tweakm~1\TMTray.exe"
mRun: [DU Meter] c:\program files\du meter\DUMeter.exe
mRun: [cFosSpeed] c:\program files\cfosspeed\cFosSpeed.exe
mRun: [avp] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm
IE: &Download using 4shared Desktop - c:\program files\4shared desktop\down_link.htm
IE: Add to &LinkFox - c:\progra~1\tweakm~1\TweakBHO.dll/IESCRIPT
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {A03F6AFA-9FE4-42C5-8EEF-ABBFE1AC9765} = 203.130.193.74,202.134.0.155
TCP: {F146D3C9-0EE8-45B1-A43D-89A9264E23A3} = 208.67.222.222,208.67.220.220
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\abauw\applic~1\mozilla\firefox\profiles\f0wlqbw3.default\
FF - component: c:\documents and settings\abauw\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\abauw\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-5-24 128016]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-4-13 296976]
R1 SASDIFSV;SASDIFSV;c:\docume~1\abauw\locals~1\temp\superantispyware\SASDIFSV.SYS [2010-7-9 12872]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-5-25 303376]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\abauw\locals~1\temp\superantispyware\saskutil.sys --> c:\docume~1\abauw\locals~1\temp\superantispyware\SASKUTIL.SYS [?]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-7-8 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-7-8 11104]
S3 XDva344;XDva344;\??\c:\windows\system32\xdva344.sys --> c:\windows\system32\XDva344.sys [?]
S3 XDva348;XDva348;\??\c:\windows\system32\xdva348.sys --> c:\windows\system32\XDva348.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\xdva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva351;XDva351;\??\c:\windows\system32\xdva351.sys --> c:\windows\system32\XDva351.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]

=============== Created Last 30 ================

2010-07-11 03:02:20 92 ----a-w- c:\windows\pdf2rtf.INI
2010-07-11 03:00:39 1024 ----a-w- c:\windows\system32\pdf2word.DAT
2010-07-11 03:00:13 0 d-----w- c:\program files\PDF2Word v1.6
2010-07-09 17:42:10 0 ----a-w- c:\documents and settings\abauw\defogger_reenable
2010-07-08 20:15:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-08 20:15:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-08 18:02:33 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-08 18:02:30 0 d-----w- c:\docume~1\abauw\applic~1\SUPERAntiSpyware.com
2010-07-08 14:12:14 120 ----a-w- c:\windows\d4s.hst
2010-07-08 08:42:29 535624 ----a-w- c:\windows\system32\pwNative.exe
2010-07-08 08:42:27 16472 ------w- c:\windows\system32\pwdrvio.sys
2010-07-08 08:42:27 11104 ------w- c:\windows\system32\pwdspio.sys
2010-07-08 08:25:29 0 d--h--w- c:\windows\system32\GroupPolicy
2010-07-08 07:24:26 0 d-----w- C:\ComboFix
2010-07-08 06:48:34 77312 ----a-w- C:\mbr.exe
2010-07-08 04:34:59 210 --sha-w- c:\windows\setup_9.0.0.722_07.07.2010_09-51drv.spi
2010-07-07 19:22:18 0 d-sha-r- C:\cmdcons
2010-07-07 19:15:45 77312 ----a-w- c:\windows\MBR.exe
2010-07-07 19:11:57 388608 ----a-w- c:\windows\system32\CF6036.exe
2010-07-07 19:04:14 98816 ----a-w- c:\windows\sed.exe
2010-07-07 19:04:14 256512 ----a-w- c:\windows\PEV.exe
2010-07-07 19:04:14 161792 ----a-w- c:\windows\SWREG.exe
2010-07-07 19:02:16 388608 ----a-w- c:\windows\system32\CF4135.exe
2010-07-07 18:19:14 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-07-07 18:19:12 0 d-----w- c:\program files\MagicDisc
2010-07-07 14:01:25 0 d-----w- c:\docume~1\abauw\applic~1\Malwarebytes
2010-07-07 14:00:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-07 14:00:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-07 13:42:20 0 d-----w- C:\Downloads
2010-07-05 14:12:47 20358 ----a-w- c:\windows\VGIRL.PRF
2010-07-04 16:27:07 0 d-----w- c:\program files\common files\Macromedia Shared
2010-07-01 12:40:33 44 ----a-w- c:\windows\popcinfo.dat
2010-06-29 01:08:15 0 d-----w- c:\windows\system32\LogFiles
2010-06-26 09:23:38 0 d-----w- c:\docume~1\abauw\applic~1\4shared Desktop
2010-06-26 09:23:33 0 d-----w- c:\program files\4shared Desktop

==================== Find3M ====================

2010-07-06 05:55:22 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-16 18:15:44 65776 ----a-w- c:\windows\UnDeploy.exe
2010-05-05 20:22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-05 01:56:57 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-14 09:48:19 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-04-12 23:50:36 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat

============= FINISH: 2:31:08,35 ===============

for GMER...please wait...
I will posted it after scan finish..
I have scan GMER before and it tooks over a hours with exit AV kaspesky and modem off (no internet)...
so please wait...i will posted the log...
sorry if I make mistake in first post...I dont noticed if I must rename it to ark.txt

Edited by abauw, 12 July 2010 - 02:39 PM.

:guitar: Take me to a place where time is frozen
You don't have to close your eyes to dream :busy:
You can find escape inside this moment :smash:
And I will follow  :whistle:


#4 abauw

abauw
  • Topic Starter

  • Members
  • 951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kebun Kelapa
  • Local time:10:29 PM

Posted 12 July 2010 - 06:28 PM

try running GMER in windows mode...got BSOD...
and after almost 3 hours running GMER in safe mode...got BSOD again...
sorry I cant posted it...I must to go work..i will try again at night...




:guitar: Take me to a place where time is frozen
You don't have to close your eyes to dream :busy:
You can find escape inside this moment :smash:
And I will follow  :whistle:


#5 abauw

abauw
  • Topic Starter

  • Members
  • 951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kebun Kelapa
  • Local time:10:29 PM

Posted 13 July 2010 - 05:53 PM

try running gmer twice today...always got BSOD....in windows and safe mode...always got it after scan over 3 hours...
but i have copy several that detected from last scan...but never finish...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-14 02:17:46
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Abauw\LOCALS~1\Temp\pgaiyaow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xF6BBF36E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xF6BBFA86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xF6BC060C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xF6BC0B40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xF6BBFD78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xF6BBE460]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xF6BC0A18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xF6BBDD0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xF6BC08D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xF6BBF102]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xF6BC0C72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xF6BC240E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xF6BBF886]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xF6BC0976]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xF6BBEA20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xF6BBECF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xF6BC021C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xF6BC2980]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xF6BBEE3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xF6BBEEE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xF6BC0016]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xF6BC1EA6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xF6BBE43C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xF6BBE44E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xF6BBF030]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xF6BC0BE2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xF6BBFB08]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xF6BBE604]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xF6BC0AB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xF6BBF56E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xF6BC2438]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xF6BC0D14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xF6BBF492]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xF6BBEF8E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xF6BBEBB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xF6BBE8BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xF6BC2128]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xF6BBEB34]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xF6BBE0C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xF6BC109E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xF6BC0F64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xF6BC1C30]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xF6BBE224]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xF6BC2860]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xF6BBDEC4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xF6BC0312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xF6BBF984]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xF6BC15F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xF6BC1FA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xF6BC24C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xF6BBE744]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xF6BC25A6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xF6BC26D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xF6BC1DD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xF6BBF6EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xF6BBF63C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xF6BBF7C8]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 117 804E2DE8 16 Bytes [02, F1, BB, F6, 72, 0C, BC, ...]
.text ntoskrnl.exe!_abnormal_termination + 14B 804E2E1C 4 Bytes JMP 8DA5F6BB
.text ntoskrnl.exe!_abnormal_termination + 1D3 804E2EA4 12 Bytes [A6, 1E, BC, F6, 3C, E4, BB, ...]
.text ntoskrnl.exe!_abnormal_termination + 313 804E2FE4 4 Bytes CALL 4C4226A4
.text ntoskrnl.exe!_abnormal_termination + 34F 804E3020 16 Bytes [34, EB, BB, F6, C2, E0, BB, ...] {XOR AL, 0xeb; MOV EBX, 0xbbe0c2f6; NEG BYTE [ESI+0x64f6bc10]; BSF ESI, ESI}
.text ...
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF6FA2900]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xD9 0x30 0x82 0xF2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{e0d92541-7a6e-4e45-a533-7e3aa058a53a}@Model 164
Reg HKLM\SOFTWARE\Classes\CLSID\{e0d92541-7a6e-4e45-a533-7e3aa058a53a}@Therad 8
Reg HKLM\SOFTWARE\Classes\CLSID\{e0d92541-7a6e-4e45-a533-7e3aa058a53a}@MData 0x73 0xD5 0xCF 0xB8 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D37E3316-8BC8-4581-8128-A56E7C4F9D94}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D37E3316-8BC8-4581-8128-A56E7C4F9D94}@hapgfoolakclmblm 0x61 0x62 0x6A 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D37E3316-8BC8-4581-8128-A56E7C4F9D94}@jamgogcebipbdimnckgn 0x70 0x61 0x6C 0x66 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0


I have run gmer 5 times from yesterday...always BSOD after 3 hour scan...
sorry if this week I just cant run gmer or other instruction at night...because I must work in exhibition this week (left home at 8am and the fastest that I go home 11pm)...hope you understand...

:guitar: Take me to a place where time is frozen
You don't have to close your eyes to dream :busy:
You can find escape inside this moment :smash:
And I will follow  :whistle:


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:29 PM

Posted 15 July 2010 - 11:30 AM

Hello, abauw
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 abauw

abauw
  • Topic Starter

  • Members
  • 951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kebun Kelapa
  • Local time:10:29 PM

Posted 15 July 2010 - 12:01 PM

hello tom...
thanks for you help...
for your information...I have used combofix for my problem before I know this forum...
when I read a couple thread in this forum ...I just realized that combofix is not a toy and not for everyday use...
because of that I post my problem in this forum...
if you ask me to use combofix I will use it again...
but about the log...do you need the log before (the one that I ran combofix last week)...


:guitar: Take me to a place where time is frozen
You don't have to close your eyes to dream :busy:
You can find escape inside this moment :smash:
And I will follow  :whistle:


#8 abauw

abauw
  • Topic Starter

  • Members
  • 951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kebun Kelapa
  • Local time:10:29 PM

Posted 15 July 2010 - 01:53 PM

geez...
I got a problem...
I waiting combofix running while I eating and left my computer a couple of minutes just put the plate and get something to drink...and when I comeback to computer room and my father have shutdown the computer...dont know what to say lmfao.gif

I turn on the computer again and try to run combofix again...
there was a box with yes & no option...click yes...
and a box like command prompt shown up...about a minute there was a script shown up for 1-2 second (too fast to me...cant read the script) and wait almost a 10-15 minute no sign of combo fix running...until now no sign

is this OK??
I check my windows explorer...and there was a folder name schrauber and in that folder is just like explorer (dont know how to describe it in english)...I attach the picture to you understand...

if no OK...please help me...

sorry for the problem....I dont know my father wake up and go to the computer room and see no one in the room...he shutdown the computer without knowing that I use the computer...I try to wait until morning to see is combofix still running (maybe in hidden proccess) or the combofix not running...if in morning still no sign...I must go work and cannot guarantee that no one in my family shutdown/restart the computer...

please give instruction how to deal with my problem...

its been over 4 hours and still no sign from combofix running...
sorry...I must shutdown the computer...need to work...cant take the risk if I leave this computer...


Edited by abauw, 15 July 2010 - 05:07 PM.

:guitar: Take me to a place where time is frozen
You don't have to close your eyes to dream :busy:
You can find escape inside this moment :smash:
And I will follow  :whistle:


#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:29 PM

Posted 16 July 2010 - 02:43 PM

Hi,

Please reboot the system normally, then run the scan again smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 abauw

abauw
  • Topic Starter

  • Members
  • 951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kebun Kelapa
  • Local time:10:29 PM

Posted 17 July 2010 - 12:00 PM

sorry...
still have the same result after reboot...
try in same mode still the same...
try to see in process list...there no combofix process (or maybe it in hidden process)...but I now what is in process list and no one indicate it combofix list???

I have read in this forum about uninstaling combofix...do I have to try it???



:guitar: Take me to a place where time is frozen
You don't have to close your eyes to dream :busy:
You can find escape inside this moment :smash:
And I will follow  :whistle:


#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:29 PM

Posted 18 July 2010 - 12:44 PM

Hi,


We will try this later. First please delete the copy of Combofix and download a fresh one, and try again.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 abauw

abauw
  • Topic Starter

  • Members
  • 951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kebun Kelapa
  • Local time:10:29 PM

Posted 18 July 2010 - 01:33 PM

sorry...
i ussualy delete the old one and download the new one before use combofix...
just in case something happen when I download it...
but after a couple of time download it...
its always stuck in process like this..



sorry about showing picture from another thread...
that pict show up 1-4 second (dont know the sure...too fast) than disappear
combofix always disappear after showing that



Edited by abauw, 18 July 2010 - 01:33 PM.

:guitar: Take me to a place where time is frozen
You don't have to close your eyes to dream :busy:
You can find escape inside this moment :smash:
And I will follow  :whistle:


#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:29 PM

Posted 19 July 2010 - 01:05 PM

Hi,

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 abauw

abauw
  • Topic Starter

  • Members
  • 951 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kebun Kelapa
  • Local time:10:29 PM

Posted 20 July 2010 - 01:06 AM

hi Tom...
here the report you asked...

OTL logfile created on: 20/07/2010 12:40:00 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Abauw\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000421 | Country: Indonesia | Language: IND | Date Format: dd/MM/yyyy

510,00 Mb Total Physical Memory | 110,00 Mb Available Physical Memory | 21,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): c:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 1,21 Gb Free Space | 6,19% Space Free | Partition Type: NTFS
Drive D: | 54,99 Gb Total Space | 11,98 Gb Free Space | 21,78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABAUW-504248F08
Current User Name: Abauw
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/20 12:39:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Abauw\Desktop\OTL.exe
PRC - [2010/07/12 20:41:15 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/12 20:41:07 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/25 20:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2010/04/29 13:49:12 | 003,220,912 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2008/07/18 15:23:42 | 000,314,584 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\spd.exe
PRC - [2008/07/18 15:23:36 | 000,867,544 | R--- | M] (cFos Software GmbH) -- C:\Program Files\cFosSpeed\cfosspeed.exe
PRC - [2006/11/27 15:26:28 | 000,284,712 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\TweakMASTER\TMTray.exe
PRC - [2006/11/27 15:19:10 | 001,582,616 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2005/09/21 22:21:00 | 003,612,672 | ---- | M] () -- C:\Program Files\xampp\mysql\bin\mysqld-nt.exe
PRC - [2005/07/28 23:10:56 | 000,020,538 | ---- | M] (Apache Software Foundation) -- C:\Program Files\xampp\apache\bin\Apache.exe
PRC - [2004/08/04 05:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/20 12:39:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Abauw\Desktop\OTL.exe
MOD - [2009/03/26 20:35:40 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2004/08/04 05:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 04:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\xampp\mysql\bin\mysqld-nt.exe --defaults-file=mysql\bin\my.cnf -- (mysql)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/05/11 21:12:41 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/25 05:26:40 | 000,303,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2008/07/18 15:23:42 | 000,314,584 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2005/09/02 15:45:30 | 000,528,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2005/07/28 23:10:56 | 000,020,538 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\xampp\apache\bin\Apache.exe -- (Apache2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva352.sys -- (XDva352)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva351.sys -- (XDva351)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva349.sys -- (XDva349)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva348.sys -- (XDva348)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva344.sys -- (XDva344)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Abauw\LOCALS~1\Temp\SuperAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Abauw\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/04/13 08:32:44 | 000,296,976 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/04/13 08:32:44 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2010/02/17 19:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Abauw\Local Settings\temp\SuperAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/19 11:05:40 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2009/07/19 11:05:38 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2009/05/16 20:59:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/05/13 17:46:52 | 000,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/03/10 23:41:48 | 000,635,281 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2009/03/10 23:41:43 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/15 20:41:32 | 000,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2008/07/18 15:23:46 | 000,732,888 | R--- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfosspeed.sys -- (cFosSpeed)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/08/31 11:30:00 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023k.sys -- (USB_RNDIS)
DRV - [2006/05/03 23:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/16 00:42:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/12 20:41:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/04/13 06:47:51 | 000,000,000 | ---D | M]

[2010/04/13 06:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abauw\Application Data\Mozilla\Extensions
[2010/07/12 19:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abauw\Application Data\Mozilla\Firefox\Profiles\f0wlqbw3.default\extensions
[2010/06/26 16:23:37 | 000,000,000 | ---D | M] (4shared.com Toolbar) -- C:\Documents and Settings\Abauw\Application Data\Mozilla\Firefox\Profiles\f0wlqbw3.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}
[2010/04/24 23:27:32 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Abauw\Application Data\Mozilla\Firefox\Profiles\f0wlqbw3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/07/12 19:25:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/06 03:23:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/13 06:49:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/05/06 03:22:41 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/08 14:33:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (TweakMASTER PRO Component) - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\Program Files\TweakMASTER\TweakBHO.dll (Hagel Technologies Ltd)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [TweakMASTER] C:\Program Files\TweakMASTER\TMTray.exe (Hagel Technologies Ltd)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm ()
O8 - Extra context menu item: &Download using 4shared Desktop - C:\Program Files\4shared Desktop\down_link.htm ()
O8 - Extra context menu item: Add to &LinkFox - C:\Program Files\TweakMASTER\TweakBHO.dll (Hagel Technologies Ltd)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/13 05:42:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1127ad48-8f39-11df-ab38-00508d7b3976}\Shell - "" = AutoRun
O33 - MountPoints2\{1127ad48-8f39-11df-ab38-00508d7b3976}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1127ad48-8f39-11df-ab38-00508d7b3976}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{34ae80e2-89f4-11df-ab17-00508d7b3976}\Shell - "" = AutoRun
O33 - MountPoints2\{34ae80e2-89f4-11df-ab17-00508d7b3976}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34ae80e2-89f4-11df-ab17-00508d7b3976}\Shell\AutoRun\command - "" = J:\bootcd\wintools\autorun.exe -- File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/20 12:39:04 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Abauw\Desktop\OTL.exe
[2010/07/18 19:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\My Documents\proyektor
[2010/07/18 00:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\Partition Wizard Home Edition 4.0
[2010/07/18 00:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\My Documents\Hiren Boot CD
[2010/07/18 00:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\PowerQuest
[2010/07/16 04:55:42 | 000,000,000 | --SD | C] -- C:\schrauber
[2010/07/12 17:11:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/07/11 10:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\PDF2Word v1.6
[2010/07/10 02:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Desktop\gmert
[2010/07/09 14:09:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Abauw\Recent
[2010/07/09 03:15:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/09 03:15:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/09 01:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/09 01:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Application Data\SUPERAntiSpyware.com
[2010/07/08 19:11:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/08 15:43:40 | 000,483,192 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/07/08 15:43:40 | 000,305,664 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010/07/08 15:43:40 | 000,287,232 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010/07/08 15:43:40 | 000,283,648 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010/07/08 15:43:40 | 000,275,968 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/07/08 15:43:39 | 000,481,441 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/07/08 15:43:39 | 000,414,208 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/07/08 15:43:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/07/08 15:25:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/07/08 03:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Desktop\Virus Removal Tool
[2010/07/08 02:22:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/08 02:04:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/08 02:04:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/08 02:04:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/08 02:04:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/08 02:02:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/08 02:02:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/08 01:19:14 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2010/07/08 01:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2010/07/07 21:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Application Data\Malwarebytes
[2010/07/07 21:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/07 21:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/07 20:42:20 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/07/04 23:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia Shared
[2010/07/04 23:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Local Settings\Application Data\Macromedia
[2010/06/29 08:08:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/06/28 23:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Local Settings\Application Data\Yahoo
[2010/06/28 23:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Application Data\Yahoo!
[2010/06/26 16:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\My Documents\My 4shared Sync
[2010/06/26 16:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Application Data\4shared Desktop
[2010/06/26 16:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\4shared Desktop
[2010/06/26 08:49:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Desktop\Copy of Adobe CS3
[2010/06/20 05:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\My Documents\Hardrive
[2010/06/11 16:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\My Documents\web-aba
[2010/06/07 13:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\My Documents\Materi
[2010/06/07 11:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Local Settings\Application Data\ABBYY
[2010/06/07 11:35:00 | 000,036,864 | R--- | C] (Visioneer Corporation) -- C:\WINDOWS\System32\Vizmicro.dll
[2010/06/01 21:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/05/28 06:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Application Data\Apple Computer
[2010/05/26 19:57:42 | 000,210,352 | ---- | C] (Tonec Inc.) -- C:\WINDOWS\System32\idmmbc.dll
[2010/05/26 16:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\My Documents\BANJIR 2010
[2010/05/26 16:31:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Local Settings\Application Data\Help
[2010/05/26 16:31:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Application Data\Help
[2010/05/19 07:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\DiskInternals
[2010/05/19 06:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\My Documents\R-TT
[2010/05/19 06:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\R-Studio
[2010/05/19 06:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[2010/05/19 06:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\DataDoctorRecovery
[2010/05/19 06:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\Jufsoft
[2010/05/17 02:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\iCare Data Recovery Software
[2010/05/17 01:15:44 | 000,065,776 | ---- | C] (JGsoft - Just Great Software) -- C:\WINDOWS\UnDeploy.exe
[2010/05/17 01:07:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/05/17 00:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\PowerDataRecovery
[2010/05/15 02:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Application Data\DMCache
[2010/05/14 06:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Application Data\Real
[2010/05/12 23:29:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/05/12 19:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\My Documents\Adobe Scripts
[2010/05/12 17:05:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Symbols
[2010/05/11 21:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/05/11 21:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/11 21:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/05/11 21:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Desktop\Adobe CS3
[2010/05/11 20:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\My Documents\Corel User Files
[2010/05/11 20:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Application Data\Corel
[2010/05/11 20:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/05/11 20:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2010/05/11 20:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2010/05/11 05:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2010/05/09 03:05:48 | 003,623,736 | ---- | C] (Sysinternals) -- C:\Documents and Settings\Abauw\My Documents\procexp.exe
[2010/05/08 17:30:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mgrlist
[2010/05/06 05:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Local Settings\Application Data\Temp
[2010/05/06 05:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Local Settings\Application Data\Google
[2010/05/06 03:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/06 03:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/06 03:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/06 01:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Application Data\MySQL
[2010/05/06 00:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL
[2010/05/05 09:05:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/05 09:02:16 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/05/05 09:02:16 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/05/05 09:02:16 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/05/05 09:00:27 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/05/05 07:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/05/05 00:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\ExcelMySQlConverterDemo
[2010/05/05 00:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Intelligent Converters
[2010/05/03 01:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2010/05/03 01:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2010/05/03 01:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2010/05/03 01:22:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/05/01 08:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\xampp
[2010/05/01 00:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\My Documents\Visual FoxPro Projects
[2010/04/29 22:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2010/04/29 22:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2010/04/29 22:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft UDDI SDK
[2010/04/29 22:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual FoxPro 8
[2010/04/29 22:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/04/29 21:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\My Documents\H. Daeng
[2010/04/29 05:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\AKInteractive
[2010/04/29 01:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/29 01:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Local Settings\Application Data\Apple
[2010/04/29 01:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/29 01:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/04/29 01:08:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\Local Settings\Application Data\Apple Computer
[2010/04/28 15:49:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Futuremark
[2010/04/28 15:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark
[2010/04/28 11:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Abauw\My Documents\New Folder
[2010/04/27 17:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV2323264.TMP
[2010/04/27 17:45:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV38721520.TMP
[2010/04/27 17:19:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV15203444.TMP
[2010/04/27 17:17:55 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/04/27 17:06:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV2908880.TMP
[2010/04/27 17:00:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV29083508.TMP
[2010/04/27 16:51:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV32443488.TMP
[2010/04/27 16:43:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV28922860.TMP
[2010/04/27 15:00:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/20 12:39:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Abauw\Desktop\OTL.exe
[2010/07/20 12:31:20 | 010,223,616 | -H-- | M] () -- C:\Documents and Settings\Abauw\NTUSER.DAT
[2010/07/20 12:11:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/20 11:10:18 | 000,002,516 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/07/20 09:10:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/20 09:10:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/20 01:06:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Abauw\ntuser.ini
[2010/07/19 22:11:30 | 000,057,802 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[2010/07/19 20:31:42 | 000,000,120 | ---- | M] () -- C:\WINDOWS\d4s.hst
[2010/07/19 10:34:45 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\Prosedur koneksi Laptop dan Proyektor.doc
[2010/07/19 07:39:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/19 03:19:39 | 001,580,236 | -H-- | M] () -- C:\Documents and Settings\Abauw\Local Settings\Application Data\IconCache.db
[2010/07/18 19:22:22 | 000,000,082 | ---- | M] () -- C:\WINDOWS\pdf2rtf.INI
[2010/07/18 07:00:20 | 000,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010/07/18 00:57:32 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Partition Wizard Home Edition 4.0.lnk
[2010/07/16 01:17:35 | 000,084,648 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\schrauber pic.JPG
[2010/07/16 01:06:44 | 000,004,283 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\combofix pic.jpg
[2010/07/16 00:44:18 | 003,740,179 | R--- | M] () -- C:\Documents and Settings\Abauw\Desktop\schrauber..exe
[2010/07/15 23:52:43 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\FKI.doc
[2010/07/13 02:41:10 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\gmer.zip
[2010/07/13 02:30:13 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\dds.scr
[2010/07/12 20:43:53 | 000,001,066 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/12 20:43:53 | 000,000,281 | -H-- | M] () -- C:\boot.ini
[2010/07/12 20:43:53 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/12 20:33:44 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/11 10:00:39 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\pdf2word.DAT
[2010/07/11 08:05:17 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\PROSESI LANTIK 10 Jabar.doc
[2010/07/10 20:14:42 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\Copy of FREQ GATE WAY LINK.xls
[2010/07/10 11:33:47 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\JZ10GNR.doc
[2010/07/10 04:17:24 | 000,035,592 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\gmeer.zip
[2010/07/10 04:17:02 | 000,320,485 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\gmerer.zip
[2010/07/10 04:15:49 | 000,026,238 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\gmwrer.rar
[2010/07/10 00:41:23 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\Defogger.exe
[2010/07/09 22:03:15 | 000,069,120 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\fahmy&BTPN.xls
[2010/07/09 21:46:48 | 000,024,682 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\FAHMY & BTPN.xlsx
[2010/07/09 02:49:42 | 000,069,624 | ---- | M] () -- C:\Documents and Settings\Abauw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/09 02:48:30 | 001,557,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/08 15:43:56 | 000,001,480 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/07/08 14:33:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/08 13:47:38 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010/07/08 11:34:59 | 000,000,210 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_07.07.2010_09-51drv.spi
[2010/07/08 01:19:52 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\MagicDisc.lnk
[2010/07/07 23:49:39 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/07/07 20:15:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/06 23:25:04 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\Google Chrome.lnk
[2010/07/06 23:25:04 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Abauw\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/06 21:50:36 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\nanggalakentjana.doc
[2010/07/05 21:14:02 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Abauw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/05 21:13:49 | 000,000,044 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/07/05 21:12:53 | 000,020,358 | ---- | M] () -- C:\WINDOWS\VGIRL.PRF
[2010/07/04 23:28:18 | 000,001,789 | ---- | M] () -- C:\Documents and Settings\Abauw\Application Data\Microsoft\Internet Explorer\Quick Launch\Macromedia Contribute 3.lnk
[2010/07/04 11:32:59 | 002,117,632 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\daerah.mdb
[2010/07/01 23:18:37 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1844823847-1801674531-1003UA.job
[2010/07/01 23:18:31 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/01 23:18:21 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1844823847-1801674531-1003Core.job
[2010/06/30 12:46:40 | 001,723,194 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\munas2010.cdr
[2010/06/30 12:42:17 | 001,723,108 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\Backup_of_munas2010.cdr
[2010/06/26 18:56:37 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\4shared.doc
[2010/06/25 14:33:39 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\Flowchart Pengembangan Organisasi.doc
[2010/06/23 11:28:56 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Abauw\My Documents\~$TA2 EMAIL.doc
[2010/06/11 21:38:54 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\GRUP MAIL.doc
[2010/06/08 17:30:12 | 000,000,026 | ---- | M] () -- C:\register.js
[2010/06/08 15:36:48 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\Ferdinand Naiborhu.doc
[2010/06/08 14:25:20 | 002,609,152 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\7.4 JARKOM PEN.BENCANA.ppt
[2010/06/03 13:38:24 | 001,334,784 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\DATA2 EMAIL.doc
[2010/06/03 10:13:18 | 000,241,664 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\desain-1 FORM DATA RAPI 2010.doc
[2010/06/01 01:06:20 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\bmg.exe.lnk
[2010/05/31 22:33:14 | 000,892,928 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\KEL. Boyolali.doc
[2010/05/31 22:18:28 | 000,600,064 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\KEL. Blora.doc
[2010/05/31 22:07:26 | 000,434,688 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\KEL. Batang.doc
[2010/05/31 21:56:20 | 000,761,856 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\KEL. Banyumas.doc
[2010/05/30 13:47:45 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Abauw\My Documents\~$lam RAPI 51 55.doc
[2010/05/30 03:03:23 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\Shortcut to desain-1 FORM DATA RAPI 2010.doc.lnk
[2010/05/30 02:57:53 | 000,241,152 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\desain-1.doc
[2010/05/29 14:45:59 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\Salam RAPI 51 55.doc
[2010/05/29 08:58:19 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\DATA 10-28 Daerah 04.xls
[2010/05/23 00:04:50 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\EMAIL FUNGSIONARIS RAPIDA.doc
[2010/05/19 06:47:49 | 000,001,561 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[2010/05/19 06:31:07 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\Data Doctor Recovery - Pen Drive.lnk
[2010/05/17 01:15:44 | 000,065,776 | ---- | M] (JGsoft - Just Great Software) -- C:\WINDOWS\UnDeploy.exe
[2010/05/13 05:12:45 | 001,648,986 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\KACA.jpg
[2010/05/13 05:11:31 | 000,016,572 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\KACA.cdr
[2010/05/13 05:11:14 | 000,049,922 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\KACA.mdi
[2010/05/12 23:31:17 | 000,051,464 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\KETUPAT.jpg
[2010/05/12 23:25:12 | 000,058,205 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\datfar_menu.jpg
[2010/05/11 10:36:25 | 000,733,696 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\keca.xls
[2010/05/11 10:36:17 | 000,733,696 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\KEC.xls
[2010/05/11 00:38:42 | 000,212,480 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\pmb-2010-reg.pdf
[2010/05/08 10:33:24 | 000,006,344 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\logo_rapi.jpg
[2010/05/08 10:04:09 | 000,015,800 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\tframe.jpg
[2010/05/08 10:03:21 | 000,335,109 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\tframe.png
[2010/05/08 09:59:13 | 000,006,287 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\jz10hmi_f.jpg
[2010/05/08 09:58:38 | 000,126,958 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\jz10hmi_f.png
[2010/05/07 22:06:14 | 000,567,218 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\judul.png
[2010/05/07 22:05:58 | 000,130,290 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\judul.gif
[2010/05/07 21:53:30 | 000,003,779 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\judul.jpg
[2010/05/05 18:18:15 | 000,509,720 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/05 18:18:15 | 000,432,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/05 18:18:15 | 000,067,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/05 14:05:37 | 000,113,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/05/05 14:05:36 | 000,097,549 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/05/05 09:03:43 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/05 08:59:26 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/05 08:59:25 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/05 08:59:25 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/05 08:59:13 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/05 08:58:13 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/05 08:58:13 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/05 08:58:07 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/05 08:58:07 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/05 08:58:07 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/05 08:58:07 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/05 08:58:07 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/05 08:58:07 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/05 08:56:57 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/05 07:58:52 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/04 21:58:13 | 013,041,664 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\dbBAKORNAS.mdb
[2010/05/03 01:28:11 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Abauw\Application Data\Microsoft\Internet Explorer\Quick Launch\Macromedia Dreamweaver 8.lnk
[2010/05/02 12:55:13 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\facebook karawang.doc
[2010/05/01 08:12:09 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Abauw\Desktop\XAMPP Control Panel.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 01:10:20 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/28 12:12:42 | 000,140,158 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/27 14:22:51 | 000,000,010 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/04/26 19:45:44 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\PENGWIL PROBOLINGGO.doc
[2010/04/26 19:33:58 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\RAKERDA 09 DKI Jakarta.doc
[2010/04/26 19:15:51 | 000,154,112 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\AJARAN BUDI PEKERTI LUHUR PENCAK SILAT.doc
[2010/04/26 19:08:31 | 000,125,440 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\download data kode etik.doc
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 18:29:26 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Abauw\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/04/23 22:22:59 | 000,214,016 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\MANDAT RAKERDA DKI No. 036.doc
[2010/04/21 18:21:54 | 006,571,463 | ---- | M] () -- C:\Documents and Settings\Abauw\My Documents\A4 TERBARU.rar
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/18 17:47:44 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\Prosedur koneksi Laptop dan Proyektor.doc
[2010/07/18 00:57:32 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Partition Wizard Home Edition 4.0.lnk
[2010/07/16 01:17:34 | 000,084,648 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\schrauber pic.JPG
[2010/07/16 01:06:39 | 000,004,283 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\combofix pic.jpg
[2010/07/16 00:43:32 | 003,740,179 | R--- | C] () -- C:\Documents and Settings\Abauw\Desktop\schrauber..exe
[2010/07/15 23:52:42 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\FKI.doc
[2010/07/13 02:42:32 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\gmer.exe
[2010/07/13 02:41:50 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\gmer.zip
[2010/07/12 19:48:20 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/11 10:02:20 | 000,000,082 | ---- | C] () -- C:\WINDOWS\pdf2rtf.INI
[2010/07/11 10:00:39 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\pdf2word.DAT
[2010/07/11 08:05:14 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\PROSESI LANTIK 10 Jabar.doc
[2010/07/10 20:14:42 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\Copy of FREQ GATE WAY LINK.xls
[2010/07/10 11:33:47 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\JZ10GNR.doc
[2010/07/10 04:15:48 | 000,026,238 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\gmwrer.rar
[2010/07/10 03:13:51 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\Defogger.exe
[2010/07/10 02:34:20 | 000,320,485 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\gmerer.zip
[2010/07/10 02:34:20 | 000,035,592 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\gmeer.zip
[2010/07/10 00:41:40 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\dds.scr
[2010/07/09 22:03:15 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\fahmy&BTPN.xls
[2010/07/09 21:50:29 | 000,024,682 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\FAHMY & BTPN.xlsx
[2010/07/08 21:12:14 | 000,000,120 | ---- | C] () -- C:\WINDOWS\d4s.hst
[2010/07/08 15:43:56 | 000,001,480 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2010/07/08 15:43:40 | 000,267,264 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/07/08 15:43:39 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2010/07/08 15:43:39 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/07/08 15:42:29 | 000,411,704 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2010/07/08 15:42:27 | 000,016,456 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010/07/08 15:42:27 | 000,011,088 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010/07/08 13:48:54 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\Abauw\mbr.log
[2010/07/08 13:48:34 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010/07/08 11:34:59 | 000,000,210 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_07.07.2010_09-51drv.spi
[2010/07/08 02:22:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/08 02:22:19 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/08 02:15:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/08 02:04:14 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/08 02:04:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/08 02:04:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/08 02:04:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/08 01:19:52 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\MagicDisc.lnk
[2010/07/06 21:50:36 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\nanggalakentjana.doc
[2010/07/05 21:12:47 | 000,020,358 | ---- | C] () -- C:\WINDOWS\VGIRL.PRF
[2010/07/04 23:28:18 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\Abauw\Application Data\Microsoft\Internet Explorer\Quick Launch\Macromedia Contribute 3.lnk
[2010/07/01 19:40:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/06/30 12:46:39 | 001,723,108 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\Backup_of_munas2010.cdr
[2010/06/30 12:42:16 | 001,723,194 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\munas2010.cdr
[2010/06/26 18:56:37 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\4shared.doc
[2010/06/25 14:33:38 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\Flowchart Pengembangan Organisasi.doc
[2010/06/23 11:28:56 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Abauw\My Documents\~$TA2 EMAIL.doc
[2010/06/14 10:43:24 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\GRUP MAIL.doc
[2010/06/14 10:32:39 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\EMAIL FUNGSIONARIS RAPIDA.doc
[2010/06/14 10:32:07 | 001,334,784 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\DATA2 EMAIL.doc
[2010/06/11 21:42:09 | 042,384,832 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\DJ_SF_03_D2500_NonNet_Basic_Win_WW_110_192_NB.exe
[2010/06/08 17:29:20 | 000,000,026 | ---- | C] () -- C:\register.js
[2010/06/08 15:36:48 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\Ferdinand Naiborhu.doc
[2010/06/08 13:53:41 | 002,609,152 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\7.4 JARKOM PEN.BENCANA.ppt
[2010/06/07 11:34:59 | 000,026,112 | R--- | C] () -- C:\WINDOWS\RunUnDrv.exe
[2010/06/07 11:34:42 | 000,014,336 | R--- | C] () -- C:\WINDOWS\System32\pmxusb.cpl
[2010/06/01 01:06:20 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\bmg.exe.lnk
[2010/05/31 22:21:58 | 000,892,928 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\KEL. Boyolali.doc
[2010/05/31 22:10:27 | 000,600,064 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\KEL. Blora.doc
[2010/05/31 22:01:20 | 000,434,688 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\KEL. Batang.doc
[2010/05/31 21:44:33 | 000,761,856 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\KEL. Banyumas.doc
[2010/05/30 13:47:45 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Abauw\My Documents\~$lam RAPI 51 55.doc
[2010/05/30 03:03:23 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\Shortcut to desain-1 FORM DATA RAPI 2010.doc.lnk
[2010/05/30 03:03:01 | 000,241,664 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\desain-1 FORM DATA RAPI 2010.doc
[2010/05/30 01:10:15 | 000,241,152 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\desain-1.doc
[2010/05/29 08:58:19 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\DATA 10-28 Daerah 04.xls
[2010/05/19 06:47:52 | 000,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2010/05/19 06:47:49 | 000,001,561 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[2010/05/19 06:31:07 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\Data Doctor Recovery - Pen Drive.lnk
[2010/05/13 05:12:34 | 001,648,986 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\KACA.jpg
[2010/05/13 05:11:30 | 000,016,572 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\KACA.cdr
[2010/05/13 05:11:14 | 000,049,922 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\KACA.mdi
[2010/05/12 23:30:37 | 000,051,464 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\KETUPAT.jpg
[2010/05/12 23:21:50 | 000,058,205 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\datfar_menu.jpg
[2010/05/11 20:34:17 | 000,057,802 | ---- | C] () -- C:\WINDOWS\FontData.fdb
[2010/05/11 20:28:52 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/05/11 00:38:42 | 000,212,480 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\pmb-2010-reg.pdf
[2010/05/10 21:12:32 | 000,733,696 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\keca.xls
[2010/05/10 20:58:47 | 000,733,696 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\KEC.xls
[2010/05/10 20:53:37 | 002,117,632 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\daerah.mdb
[2010/05/08 10:29:32 | 000,006,344 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\logo_rapi.jpg
[2010/05/08 10:04:09 | 000,015,800 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\tframe.jpg
[2010/05/08 10:03:21 | 000,335,109 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\tframe.png
[2010/05/08 09:59:12 | 000,006,287 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\jz10hmi_f.jpg
[2010/05/08 09:58:17 | 000,126,958 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\jz10hmi_f.png
[2010/05/07 21:53:30 | 000,003,779 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\judul.jpg
[2010/05/07 21:39:46 | 000,130,290 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\judul.gif
[2010/05/07 21:36:53 | 000,567,218 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\judul.png
[2010/05/07 01:33:11 | 013,041,664 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\dbBAKORNAS.mdb
[2010/05/06 05:14:25 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\Google Chrome.lnk
[2010/05/06 05:14:25 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Abauw\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/05/06 05:13:39 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1844823847-1801674531-1003UA.job
[2010/05/06 05:13:38 | 000,001,034 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1844823847-1801674531-1003Core.job
[2010/05/05 09:03:01 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/05/05 09:02:08 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/05/05 09:02:08 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/05/05 09:02:04 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/05/05 09:01:33 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/05/05 09:01:32 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/05/05 09:01:21 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/05/05 09:01:20 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/05/05 09:01:18 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/05/05 09:01:07 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/05/05 09:01:00 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/05/05 09:00:50 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/05/05 09:00:30 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/05/05 09:00:26 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/05/05 09:00:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/05/05 09:00:25 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/05/05 09:00:25 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/05/05 09:00:25 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/05/05 09:00:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/05/05 09:00:24 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/05/05 09:00:24 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/05/05 09:00:24 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/05/05 09:00:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/05/05 09:00:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/05/05 09:00:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/05/05 09:00:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/05/05 09:00:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/05/05 09:00:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/05/05 09:00:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/05/05 09:00:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/05/05 09:00:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/05/05 09:00:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/05/05 09:00:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/05/05 09:00:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/05/05 09:00:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/05/05 09:00:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/05/05 09:00:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/05/05 09:00:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/05/05 09:00:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/05/05 09:00:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/05/05 09:00:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/05/05 09:00:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/05/05 09:00:21 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/05/05 09:00:21 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/05/05 09:00:21 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/05/05 09:00:21 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/05/05 09:00:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/05/05 09:00:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/05/05 09:00:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/05/05 09:00:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/05/05 09:00:20 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/05/05 09:00:20 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/05/05 09:00:20 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/05/05 09:00:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/05/05 09:00:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/05/05 09:00:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/05/05 09:00:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/05/05 09:00:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/05/05 09:00:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/05/05 09:00:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/05/05 09:00:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/05/05 09:00:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/05/05 09:00:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/05/05 09:00:18 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/05/05 09:00:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/05/05 09:00:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/05/05 09:00:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/05/05 09:00:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/05/05 09:00:17 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/05/05 09:00:17 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/05/05 09:00:16 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/05/05 09:00:15 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/05/05 09:00:14 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/05/05 08:58:13 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/05 08:58:07 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/05 08:58:07 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/05 08:58:07 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/05 08:58:07 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/05 08:58:07 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/05 08:28:26 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/05/05 08:28:26 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/05/05 08:28:26 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/05/05 08:28:26 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/05/05 08:28:26 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/05/05 08:28:26 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/05/05 08:28:26 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/05/05 08:28:26 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/05/05 08:28:25 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/05/05 08:28:25 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/05/05 08:28:25 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/05/05 08:28:25 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/05/05 08:28:25 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/05/05 08:28:25 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/05/05 08:28:25 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/05/05 08:28:25 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/05/05 08:28:25 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/05/05 08:28:24 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/05/05 07:58:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/05 07:58:52 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/05 07:49:53 | 000,186,407 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2010/05/03 01:28:11 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\Abauw\Application Data\Microsoft\Internet Explorer\Quick Launch\Macromedia Dreamweaver 8.lnk
[2010/05/02 10:32:31 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\facebook karawang.doc
[2010/05/01 07:51:18 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Abauw\Desktop\XAMPP Control Panel.lnk
[2010/04/29 01:10:19 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/29 01:09:06 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/28 15:49:50 | 000,006,173 | ---- | C] () -- C:\WINDOWS\System32\drivers\Entech.vxd
[2010/04/28 15:49:50 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2010/04/28 07:20:21 | 000,140,158 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/28 07:20:10 | 000,018,070 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/04/28 07:13:02 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/04/28 07:13:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/04/28 07:12:59 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/04/28 07:12:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2010/04/28 07:12:57 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/04/28 07:12:57 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/04/28 07:12:53 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/04/28 07:12:53 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/04/28 07:12:47 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/04/28 07:12:38 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/04/27 14:22:49 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/04/26 19:45:43 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\PENGWIL PROBOLINGGO.doc
[2010/04/26 19:32:52 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\RAKERDA 09 DKI Jakarta.doc
[2010/04/26 19:10:10 | 000,154,112 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\AJARAN BUDI PEKERTI LUHUR PENCAK SILAT.doc
[2010/04/26 18:36:55 | 000,125,440 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\download data kode etik.doc
[2010/04/24 18:29:26 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Abauw\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/04/23 22:22:59 | 000,214,016 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\MANDAT RAKERDA DKI No. 036.doc
[2010/04/21 18:27:09 | 006,571,463 | ---- | C] () -- C:\Documents and Settings\Abauw\My Documents\A4 TERBARU.rar
[2010/04/16 13:47:16 | 000,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/04/15 06:22:39 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\tcusbdrv.dll
[2010/04/13 16:53:01 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/04/13 06:33:37 | 002,768,896 | ---- | C] () -- C:\WINDOWS\System32\GSDLL32.dll
[2010/04/13 06:33:37 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\psparam.ini
[2010/04/13 06:03:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/13 06:00:21 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009/07/25 22:00:02 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/11/01 13:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/01 13:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/05/26 20:29:14 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/04/03 19:26:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2005/06/11 11:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2004/10/25 06:22:58 | 001,069,056 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2004/08/04 05:56:44 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 16:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/05/15 13:39:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 11:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll
[2001/10/28 02:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\prnmnt.dll

========== LOP Check ==========

[2010/07/07 20:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abauw\Application Data\4shared Desktop
[2010/07/20 12:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abauw\Application Data\DMCache
[2010/04/13 06:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abauw\Application Data\Hagel Technologies
[2010/07/10 18:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abauw\Application Data\IDM
[2010/05/11 10:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abauw\Application Data\MySQL
[2010/04/19 07:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Abauw\Application Data\YCanPDF
[2010/04/13 11:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\55-05-3q-2o-84-21
[2010/04/13 06:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2010/04/16 13:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/07/08 13:47:38 | 000,077,312 | ---- | M] () -- C:\mbr.exe


< MD5 for: AGP440.SYS >
[2004/08/04 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 06:05:44 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004/08/04 06:05:44 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 03:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 03:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 05:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 05:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 05:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 05:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 05:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 05:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 05:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 05:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/04 05:56:44 | 001,392,671 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/05/05 15:23:46 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/05/05 07:50:35 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/05/05 15:23:46 | 022,806,528 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/05/05 15:23:46 | 007,340,032 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemdrive%\*.sys /90 /md5 >
[2010/07/07 20:15:07 | 000,000,000 | RHS- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\MSDOS.SYS
[2010/07/20 09:10:24 | 1572,864,000 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys
< End of report >

OTL Extras logfile created on: 20/07/2010 12:40:00 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Abauw\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000421 | Country: Indonesia | Language: IND | Date Format: dd/MM/yyyy

510,00 Mb Total Physical Memory | 110,00 Mb Available Physical Memory | 21,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): c:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 1,21 Gb Free Space | 6,19% Space Free | Partition Type: NTFS
Drive D: | 54,99 Gb Total Space | 11,98 Gb Free Space | 21,78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABAUW-504248F08
Current User Name: Abauw
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{235D8A8E-2F97-11D6-A551-0090278A1BB8}" = Visual FoxPro 8.0 Baseline - English
"{235D8A94-2F97-11D6-A551-0090278A1BB8}" = Visual FoxPro 8.0 Professional - English
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9535BF-CC90-4158-AF32-CAF57A8820CA}" = Macromedia Contribute 3.11
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5BE3BF62-D432-4D47-A712-CD4DF91CABFB}" = TP-LINK ADSL USB Router
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.0
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ECCE5126-9A87-48CC-A2FA-A3D8483AE86B}_is1" = PDFTOEXCEL
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4100 USB Scanner" = 4100 USB Scanner
"4shared Desktop" = 4shared Desktop
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"ATI Display Driver" = ATI Display Driver
"BadCopy Pro" = BadCopy Pro
"Bounce Out Blitz" = Bounce Out Blitz
"cFosSpeed" = cFosSpeed v4.25
"Convert DOC to PDF For Word_is1" = Convert DOC to PDF For Word 2.00
"dumeter3_is1" = DU Meter
"Free PS Convert driver_is1" = Free PS Convert driver
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Internet Download Manager" = Internet Download Manager
"Letter Linker" = Letter Linker
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIA Drivers" = NVIDIA Drivers
"PDF2Word v1.6_is1" = PDF2Word v1.6
"Power Data Recovery_is1" = Power Data Recovery 4.6.0
"PPT to PDF Converter_is1" = PPT to PDF Converter 3.0
"R-Studio 4.6NSIS" = R-Studio 4.6
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Storm Codec 5" = Storm Codec
"twkmastr1_is1" = TweakMASTER
"Visual FoxPro 8.0 Professional - English" = Microsoft Visual FoxPro 8.0 Professional - English
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR archiver
"xampp" = XAMPP 1.4.16
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/07/2010 15:47:44 | Computer Name = ABAUW-504248F08 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 18/07/2010 5:56:57 | Computer Name = ABAUW-504248F08 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/07/2010 6:01:18 | Computer Name = ABAUW-504248F08 | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/07/2010 20:43:23 | Computer Name = ABAUW-504248F08 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 19/07/2010 2:09:44 | Computer Name = ABAUW-504248F08 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 19/07/2010 6:40:12 | Computer Name = ABAUW-504248F08 | Source = Application Hang | ID = 1002
Description = Hanging application DUMeter.exe, version 3.50.2822.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 19/07/2010 6:43:33 | Computer Name = ABAUW-504248F08 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 19/07/2010 13:34:12 | Computer Name = ABAUW-504248F08 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 19/07/2010 19:36:26 | Computer Name = ABAUW-504248F08 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 20/07/2010 1:38:41 | Computer Name = ABAUW-504248F08 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 12/07/2010 19:34:26 | Computer Name = ABAUW-504248F08 | Source = Service Control Manager | ID = 7000
Description = The mysql service failed to start due to the following error: %%1053

Error - 12/07/2010 19:34:46 | Computer Name = ABAUW-504248F08 | Source = System Error | ID = 1003
Description = Error code 00000024, parameter1 001902fe, parameter2 f5553754, parameter3
f5553450, parameter4 806ee753.

Error - 13/07/2010 3:52:36 | Computer Name = ABAUW-504248F08 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 13/07/2010 3:52:36 | Computer Name = ABAUW-504248F08 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 13/07/2010 6:18:45 | Computer Name = ABAUW-504248F08 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the mysql service to connect.

Error - 13/07/2010 6:18:45 | Computer Name = ABAUW-504248F08 | Source = Service Control Manager | ID = 7000
Description = The mysql service failed to start due to the following error: %%1053

Error - 13/07/2010 18:19:56 | Computer Name = ABAUW-504248F08 | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 fd4a4000, parameter2 00000000, parameter3
f51a0fec, parameter4 00000000.

Error - 15/07/2010 18:00:45 | Computer Name = ABAUW-504248F08 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the mysql service to connect.

Error - 15/07/2010 18:00:45 | Computer Name = ABAUW-504248F08 | Source = Service Control Manager | ID = 7000
Description = The mysql service failed to start due to the following error: %%1053

Error - 17/07/2010 14:22:35 | Computer Name = ABAUW-504248F08 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.


< End of report >

Edited by abauw, 20 July 2010 - 01:09 AM.

:guitar: Take me to a place where time is frozen
You don't have to close your eyes to dream :busy:
You can find escape inside this moment :smash:
And I will follow  :whistle:


#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:29 PM

Posted 21 July 2010 - 12:33 PM

Hi,


Download MBRCheck.exe to your desktop
XP users > double click on MBRCheck.exe to run it
Vista and Windows 7 users > right click on MBRCheck.exe and select Run as Administrator
It will show a black screen with some data on it
Click on the black C:\ in the upper left hand corner of the black screen
Choose Edit > Select All > Press Enter to copy the data to your clip board
Press Enter again to close MBRCheck
Now open up notepad or wordpad and paste the data in (press Control+V)

Post the results in your reply
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users