Each sector scanned on Kaspersky yielded no result...Reports were blank.
RSIT log:
Logfile of random's system information tool 1.05 (written by random/random)
Run by judy at 2009-03-10 22:12:23
Microsoft Windows XP Professional Service Pack 3
System drive C: has 72 GB (94%) free of 76 GB
Total RAM: 239 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:40, on 3/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\judy\Desktop\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\judy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/ ... mailto.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 3837989077
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3837976374
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9535DC02-ECC3-4712-A6CE-7620E7198714}: NameServer = 142.161.130.154 142.161.2.154
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 4650 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\User_Feed_Synchronization-{2F596269-74BE-4162-88E1-E16F297CDF22}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-07 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-07 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-03 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-03 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 251504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"=LTMSG.exe 7 []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-03 148888]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-25 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-03-10 21:16:30 ----D---- C:\WINDOWS\LastGood
2009-03-10 10:04:01 ----SHD---- C:\Config.Msi
2009-03-09 17:43:56 ----D---- C:\Program Files\Typing Tutor
2009-03-09 12:35:55 ----D---- C:\_OTMoveIt
2009-03-09 12:28:40 ----D---- C:\WINDOWS\ERDNT
2009-03-09 12:26:45 ----D---- C:\Program Files\ERUNT
2009-03-09 09:45:57 ----A---- C:\WINDOWS\system32\tmp.txt
2009-03-09 09:45:49 ----A---- C:\rapport.txt
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\swsc.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\swreg.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\Process.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-03-08 10:00:54 ----A---- C:\Rooter.txt
2009-03-08 10:00:19 ----D---- C:\Rooter$
2009-03-06 17:38:11 ----D---- C:\Program Files\Stamina
2009-03-06 17:21:40 ----D---- C:\WINDOWS\system32\Adobe
2009-03-05 00:21:22 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-05 00:21:07 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-05 00:21:07 ----D---- C:\Documents and Settings\judy\Application Data\SUPERAntiSpyware.com
2009-03-04 22:31:08 ----D---- C:\Program Files\Avira
2009-03-04 22:31:08 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-03-04 19:39:04 ----D---- C:\Documents and Settings\judy\Application Data\Malwarebytes
2009-03-04 19:38:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-04 19:38:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-04 18:55:25 ----D---- C:\Program Files\Trend Micro
2009-03-04 17:54:23 ----D---- C:\Program Files\CCleaner
2009-03-03 11:42:37 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-03 11:42:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-03 11:42:36 ----A---- C:\WINDOWS\system32\java.exe
2009-03-03 11:42:11 ----D---- C:\Program Files\Java
2009-02-25 19:27:52 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-18 14:14:28 ----D---- C:\Program Files\Yahoo!
======List of files/folders modified in the last 1 months======
2009-03-10 22:12:40 ----A---- C:\WINDOWS\ModemLog_Agere Win Modem.txt
2009-03-10 21:58:25 ----D---- C:\WINDOWS\Temp
2009-03-10 21:18:55 ----HD---- C:\WINDOWS\inf
2009-03-10 21:17:14 ----D---- C:\WINDOWS\Prefetch
2009-03-10 21:17:12 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-10 21:17:10 ----D---- C:\WINDOWS
2009-03-10 21:16:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-10 20:57:40 ----D---- C:\WINDOWS\system32
2009-03-10 12:22:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-10 10:04:17 ----SHD---- C:\WINDOWS\Installer
2009-03-10 10:04:16 ----D---- C:\Program Files\Common Files
2009-03-10 09:56:33 ----RD---- C:\Program Files
2009-03-08 09:21:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-07 19:06:52 ----D---- C:\rsit
2009-03-06 17:21:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-04 22:31:11 ----D---- C:\WINDOWS\system32\drivers
2009-03-04 19:10:58 ----SD---- C:\Documents and Settings\judy\Application Data\Microsoft
2009-03-04 17:57:02 ----D---- C:\WINDOWS\Minidump
2009-03-04 17:57:02 ----D---- C:\WINDOWS\Debug
2009-03-04 13:36:13 ----HD---- C:\$AVG8.VAULT$
2009-03-03 11:42:22 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-01 00:00:39 ----A---- C:\WINDOWS\win.ini
2009-02-26 10:31:10 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-02-25 19:34:10 ----D---- C:\Program Files\Adobe
2009-02-25 19:34:08 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-25 11:29:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-11 13:14:51 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\system32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys []
S3 basic2;basic2; C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2007-11-21 37376]
S3 hsf_msft;hsf_msft; C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-03 152984]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-07 137200]
-----------------EOF-----------------