Logfile of random's system information tool 1.08 (written by random/random)
Run by Jenni at 2010-08-31 05:09:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 145 GB (95%) free of 153 GB
Total RAM: 502 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:12:32 AM, on 31/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Jenni\Desktop\RSIT.exe
C:\Program Files\trend micro\Jenni.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 8475396609O17 - HKLM\System\CCS\Services\Tcpip\..\{7C8AC250-558D-4592-B9E9-285E2A964430}: NameServer = 113.212.168.39 208.67.222.222
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 3291 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2003-08-12 114688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Zone Labs\ZoneAlarm\Diagnostics\DiagnosticsCaptureTool.exe"="C:\Program Files\Zone Labs\ZoneAlarm\Diagnostics\DiagnosticsCaptureTool.exe:*:Disabled:ZoneAlarm Diagnostics Tool"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-08-31 05:09:06 ----D---- C:\rsit
2010-08-30 09:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-30 09:23:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-30 09:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2183461$
2010-08-30 09:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-30 09:22:45 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-30 09:22:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-30 09:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-30 09:22:20 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-30 09:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-30 07:25:13 ----D---- C:\Documents and Settings\Jenni\Application Data\Malwarebytes
2010-08-30 07:25:00 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-30 07:24:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-30 07:24:58 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-30 07:24:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-24 06:01:15 ----D---- C:\Documents and Settings\Jenni\Application Data\Help
2010-08-23 03:18:31 ----D---- C:\Program Files\Trend Micro
2010-08-22 15:00:43 ----A---- C:\WINDOWS\imsins.BAK
2010-08-22 10:59:32 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-08-22 10:59:31 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-08-17 08:06:06 ----D---- C:\WINDOWS\pss
2010-08-10 21:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-10 21:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-08-10 21:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-08-10 21:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-08-05 19:24:33 ----D---- C:\Documents and Settings\Jenni\Application Data\InterVideo
2010-08-05 19:23:34 ----D---- C:\Program Files\InterVideo
2010-08-03 19:19:14 ----D---- C:\Documents and Settings\Jenni\Application Data\Macromedia
2010-08-03 19:19:14 ----D---- C:\Documents and Settings\Jenni\Application Data\Adobe
2010-08-03 16:17:16 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
======List of files/folders modified in the last 1 months======
2010-08-31 05:12:33 ----D---- C:\WINDOWS\Prefetch
2010-08-31 05:11:10 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-08-31 05:09:21 ----D---- C:\WINDOWS\Internet Logs
2010-08-31 03:42:42 ----D---- C:\WINDOWS\Help
2010-08-31 03:37:59 ----D---- C:\WINDOWS\Temp
2010-08-31 03:37:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-30 14:40:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-30 12:56:01 ----A---- C:\WINDOWS\WORDPAD.INI
2010-08-30 09:27:37 ----D---- C:\WINDOWS
2010-08-30 09:27:17 ----D---- C:\WINDOWS\system32
2010-08-30 09:23:31 ----HD---- C:\WINDOWS\inf
2010-08-30 09:23:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-30 09:23:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-30 09:22:47 ----D---- C:\Program Files\Movie Maker
2010-08-30 09:22:30 ----D---- C:\WINDOWS\system32\drivers
2010-08-30 07:24:57 ----RD---- C:\Program Files
2010-08-26 16:12:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-26 16:12:48 ----D---- C:\Program Files\Online Services
2010-08-26 11:20:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-08-26 11:17:59 ----D---- C:\Program Files\SpywareBlaster
2010-08-23 03:18:32 ----SHD---- C:\WINDOWS\Installer
2010-08-23 03:18:32 ----SD---- C:\Documents and Settings\Jenni\Application Data\Microsoft
2010-08-22 04:33:22 ----SHD---- C:\System Volume Information
2010-08-22 04:32:46 ----D---- C:\WINDOWS\system32\NtmsData
2010-08-22 03:45:45 ----D---- C:\WINDOWS\Registration
2010-08-05 19:23:34 ----HD---- C:\Program Files\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S0 cercsr6;cercsr6; C:\WINDOWS\system32\drivers\cercsr6.sys [2005-03-23 39904]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Jenni at 2010-08-31 05:09:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 145 GB (95%) free of 153 GB
Total RAM: 502 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:12:32 AM, on 31/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Jenni\Desktop\RSIT.exe
C:\Program Files\trend micro\Jenni.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 8475396609O17 - HKLM\System\CCS\Services\Tcpip\..\{7C8AC250-558D-4592-B9E9-285E2A964430}: NameServer = 113.212.168.39 208.67.222.222
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 3291 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2010-06-23 1043968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2003-08-12 114688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Zone Labs\ZoneAlarm\Diagnostics\DiagnosticsCaptureTool.exe"="C:\Program Files\Zone Labs\ZoneAlarm\Diagnostics\DiagnosticsCaptureTool.exe:*:Disabled:ZoneAlarm Diagnostics Tool"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-08-31 05:09:06 ----D---- C:\rsit
2010-08-30 09:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-30 09:23:17 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-30 09:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2183461$
2010-08-30 09:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-30 09:22:45 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-30 09:22:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-30 09:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-30 09:22:20 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-30 09:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-30 07:25:13 ----D---- C:\Documents and Settings\Jenni\Application Data\Malwarebytes
2010-08-30 07:25:00 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-08-30 07:24:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-08-30 07:24:58 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-08-30 07:24:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-24 06:01:15 ----D---- C:\Documents and Settings\Jenni\Application Data\Help
2010-08-23 03:18:31 ----D---- C:\Program Files\Trend Micro
2010-08-22 15:00:43 ----A---- C:\WINDOWS\imsins.BAK
2010-08-22 10:59:32 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-08-22 10:59:31 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-08-17 08:06:06 ----D---- C:\WINDOWS\pss
2010-08-10 21:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-10 21:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-08-10 21:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-08-10 21:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-08-05 19:24:33 ----D---- C:\Documents and Settings\Jenni\Application Data\InterVideo
2010-08-05 19:23:34 ----D---- C:\Program Files\InterVideo
2010-08-03 19:19:14 ----D---- C:\Documents and Settings\Jenni\Application Data\Macromedia
2010-08-03 19:19:14 ----D---- C:\Documents and Settings\Jenni\Application Data\Adobe
2010-08-03 16:17:16 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
======List of files/folders modified in the last 1 months======
2010-08-31 05:12:33 ----D---- C:\WINDOWS\Prefetch
2010-08-31 05:11:10 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2010-08-31 05:09:21 ----D---- C:\WINDOWS\Internet Logs
2010-08-31 03:42:42 ----D---- C:\WINDOWS\Help
2010-08-31 03:37:59 ----D---- C:\WINDOWS\Temp
2010-08-31 03:37:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-30 14:40:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-30 12:56:01 ----A---- C:\WINDOWS\WORDPAD.INI
2010-08-30 09:27:37 ----D---- C:\WINDOWS
2010-08-30 09:27:17 ----D---- C:\WINDOWS\system32
2010-08-30 09:23:31 ----HD---- C:\WINDOWS\inf
2010-08-30 09:23:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-30 09:23:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-30 09:22:47 ----D---- C:\Program Files\Movie Maker
2010-08-30 09:22:30 ----D---- C:\WINDOWS\system32\drivers
2010-08-30 07:24:57 ----RD---- C:\Program Files
2010-08-26 16:12:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-26 16:12:48 ----D---- C:\Program Files\Online Services
2010-08-26 11:20:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-08-26 11:17:59 ----D---- C:\Program Files\SpywareBlaster
2010-08-23 03:18:32 ----SHD---- C:\WINDOWS\Installer
2010-08-23 03:18:32 ----SD---- C:\Documents and Settings\Jenni\Application Data\Microsoft
2010-08-22 04:33:22 ----SHD---- C:\System Volume Information
2010-08-22 04:32:46 ----D---- C:\WINDOWS\system32\NtmsData
2010-08-22 03:45:45 ----D---- C:\WINDOWS\Registration
2010-08-05 19:23:34 ----HD---- C:\Program Files\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2010-05-13 532224]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S0 cercsr6;cercsr6; C:\WINDOWS\system32\drivers\cercsr6.sys [2005-03-23 39904]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2010-06-23 2435592]
-----------------EOF-----------------
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1cf8cca40d2e99439e137e7af704b13e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-08-30 11:23:24
# local_time=2010-08-31 09:23:24 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 18092 18092 0 0
# compatibility_mode=1797 16775141 100 93 89207 42335537 0 0
# compatibility_mode=8192 67108863 100 0 14798 14798 0 0
# compatibility_mode=9217 16777214 75 70 4492718 5114922 0 0
# scanned=19213
# found=0
# cleaned=0
# scan_time=560
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1cf8cca40d2e99439e137e7af704b13e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-08-31 12:31:57
# local_time=2010-08-31 10:31:57 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 22229 22229 0 0
# compatibility_mode=1797 16775141 100 93 93344 42339674 57541 0
# compatibility_mode=8192 67108863 100 0 18935 18935 0 0
# compatibility_mode=9217 16777214 75 70 4496855 5119059 0 0
# scanned=19219
# found=0
# cleaned=0
# scan_time=536