Logfile of random's system information tool 1.05 (written by random/random)
Run by   at 2009-02-16 13:26:18
Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (48%) free of 9 GB
Total RAM: 111 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:25, on 16.02.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\S3hotkey.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\RSIT.exe
C:\Program Files\trend micro\ .exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ru/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &  Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{42B16548-4042-43AC-B31C-43AA11982125}: NameServer = 195.34.32.116 212.188.4.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5720B4E-C5F5-4FEF-9989-8CF3D94C2F92}: NameServer = 212.188.4.10,195.34.32.116
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service:   (Eventlog) -   - C:\WINDOWS\system32\services.exe
O23 - Service:  COM  - IMAPI (ImapiService) -   - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) -   - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) -   - C:\WINDOWS\system32\services.exe
O23 - Service:        (RDSessMgr) -   - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: - (SCardSvr) -   - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service:     (SysmonLog) -   - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service:    (VSS) -   - C:\WINDOWS\System32\vssvc.exe
O23 - Service:   WMI (WmiApSrv) -   - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 4492 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\  backup.job
C:\WINDOWS\tasks\  scan and fix.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"S3hotkey"=C:\WINDOWS\system32\S3hotkey.exe [2003-05-27 159792]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2003-05-07 36864]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\ \\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c425e46-3118-11d5-a80e-00115b26a801}]
shell\AutoRun\command - select.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d76e310-37cb-11d5-a81c-00115b26a801}]
shell\AutoRun\command - F:\System_Cache\locale.exe
shell\explore\command - F:\System_Cache\locale.exe
shell\open\command - F:\System_Cache\locale.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb4b16b0-be41-11dd-8167-0015eb3e4a93}]
shell\AutoRun\command - F:\System_Cache\locale.exe
shell\explore\command - F:\System_Cache\locale.exe
shell\open\command - F:\System_Cache\locale.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1025290-cdbd-11dd-8176-00115b26a801}]
shell\AutoRun\command - F:\System_Cache\locale.exe
shell\explore\command - F:\System_Cache\locale.exe
shell\open\command - F:\System_Cache\locale.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e125f5f0-ebdc-11dd-818b-0015eb3e4a93}]
shell\AutoRun\command - F:\System_Cache\locale.exe
shell\explore\command - F:\System_Cache\locale.exe
shell\open\command - F:\System_Cache\locale.exe


======List of files/folders created in the last 1 months======

2009-02-15 20:39:21 ----D---- C:\Program Files\trend micro
2009-02-15 20:39:14 ----D---- C:\rsit
2009-02-15 20:38:39 ----A---- C:\Program Files\RSIT.exe
2009-02-13 16:24:24 ----D---- C:\Program Files\gmer
2009-02-13 13:07:07 ----D---- C:\WINDOWS\Minidump
2009-02-13 13:03:12 ----A---- C:\WINDOWS\gmer.ini
2009-02-13 13:03:08 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-13 13:03:08 ----A---- C:\WINDOWS\gmer.dll
2009-02-13 13:03:07 ----RA---- C:\WINDOWS\gmer.exe
2009-02-11 22:38:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-11 20:48:35 ----D---- C:\Documents and Settings\ \Application Data\Help
2009-02-11 18:42:41 ----D---- C:\Program Files\1
2009-02-11 17:12:27 ----D---- C:\Program Files\HiJackThis
2009-02-11 17:08:27 ----D---- C:\Program Files\avz4
2009-02-11 11:31:33 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-11 11:23:42 ----A---- C:\Program Files\setup.exe
2009-01-29 01:11:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-29 01:11:14 ----D---- C:\Program Files\Common Files\Adobe
2009-01-29 01:10:54 ----D---- C:\Program Files\Adobe
2009-01-29 01:05:45 ----D---- C:\WINDOWS\Cache
2009-01-26 22:10:29 ----D---- C:\Documents and Settings\ \Application Data\Kingston
2009-01-25 20:07:34 ----D---- C:\Documents and Settings\ \Application Data\Adobe
2009-01-25 15:35:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-25 15:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

======List of files/folders modified in the last 1 months======

2009-02-16 13:18:20 ----RD---- C:\Program Files
2009-02-16 13:11:41 ----D---- C:\WINDOWS\Temp
2009-02-16 12:53:13 ----D---- C:\WINDOWS\system32
2009-02-16 12:52:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-16 12:51:55 ----D---- C:\Program Files\AMUST
2009-02-15 22:29:41 ----D---- C:\WINDOWS\system32\drivers
2009-02-15 20:25:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-15 19:10:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-15 13:25:22 ----D---- C:\WINDOWS
2009-02-13 15:18:14 ----D---- C:\WINDOWS\Prefetch
2009-02-12 19:16:41 ----SHD---- C:\System Volume Information
2009-02-12 19:16:41 ----D---- C:\WINDOWS\system32\Restore
2009-02-11 22:38:35 ----HD---- C:\WINDOWS\inf
2009-02-11 22:37:33 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-11 11:39:09 ----RSHD---- C:\System_Cache
2009-02-04 02:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-29 01:12:12 ----SHD---- C:\WINDOWS\Installer
2009-01-29 01:12:09 ----D---- C:\Config.Msi
2009-01-29 01:11:14 ----D---- C:\Program Files\Common Files
2009-01-26 19:40:36 ----A---- C:\WINDOWS\imsins.BAK
2009-01-26 16:33:02 ----A---- C:\WINDOWS\WINCMD.INI
2009-01-25 20:07:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-25 19:24:41 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-25 18:20:46 ----D---- C:\WINDOWS\system32\config
2009-01-25 18:20:30 ----D---- C:\WINDOWS\system32\wbem
2009-01-25 18:20:28 ----D---- C:\WINDOWS\Registration
2009-01-25 14:36:53 ----A---- C:\Program Files\Rumus2setupQT.exe
2009-01-25 13:55:27 ----SD---- C:\Documents and Settings\ \Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-30 75072]
R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-13 85969]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 uzc0mta1;AVZ-RK Kernel Driver; \??\C:\WINDOWS\system32\Drivers\uzc0mta1.sys []
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 CmBatt; AC-   (); C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-17 14080]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet ,   NT; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 USB_RNDIS_51;ZTE USB Remote NDIS Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
R3 usbehci;  Microsoft USB 2.0  -; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 ; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;  Microsoft USB  -; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2003-07-07 270592]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudios.sys [2003-02-26 370048]
S3 HidUsb;  HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2003-07-07 9600]
S3 mouhid;  HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2003-07-07 12160]
S3 USBSTOR;    USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2002-11-13 10496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

-----------------EOF-----------------
