grommit01
2008-12-30, 05:53
Thank you for your assistance, as requested here's the ComboFix and HJT logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:20 PM, on 30/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe (User 'Default user')
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203682545671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203682515296
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
--
End of file - 6358 bytes
ComboFix 08-12-29.02 - Sue 2008-12-30 15:34:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.516 [GMT 11:00]
Running from: c:\documents and settings\Sue\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Sue\Local Settings\Temporary Internet Files\update.inf
c:\windows\system32\agatalot.ini
c:\windows\system32\ahozukah.ini
c:\windows\system32\ajazuvud.ini
c:\windows\system32\eminurem.ini
c:\windows\system32\fokozewa.dll
c:\windows\system32\ihetowil.ini
c:\windows\system32\iverigak.ini
c:\windows\system32\jisubufo.dll
c:\windows\system32\jusiwona.dll
c:\windows\system32\merunime.dll
c:\windows\system32\opebirul.ini
c:\windows\system32\opemigeb.ini
c:\windows\system32\raziwanu.dll
c:\windows\system32\siwusupe.dll
c:\windows\system32\tibarozo.dll
c:\windows\system32\ubariwop.ini
c:\windows\system32\utanivop.ini
c:\windows\system32\yerayeho.dll
----- BITS: Possible infected sites -----
hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.
2008-12-30 14:47 . 2008-12-30 14:47 2,602 ---hs---- c:\windows\system32\dezudesu.dll
2008-12-30 14:47 . 2008-12-30 14:47 2,602 ---hs---- c:\windows\system32\bazabezi.dll
2008-12-30 14:47 . 2008-12-30 14:47 2,601 ---hs---- c:\windows\system32\posuyele.dll
2008-12-30 11:46 . 2008-12-30 12:08 <DIR> d-------- c:\documents and settings\Administrator
2008-12-28 12:30 . 2008-12-28 12:30 2,602 ---hs---- c:\windows\system32\tonepopo.dll
2008-12-28 00:30 . 2008-12-28 00:30 2,602 ---hs---- c:\windows\system32\mevozeha.dll
2008-12-27 20:15 . 2008-12-27 20:15 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-27 13:03 . 2008-12-27 13:03 <DIR> d-------- c:\program files\Trend Micro
2008-12-27 12:29 . 2008-12-27 12:29 2,603 ---hs---- c:\windows\system32\hovolile.dll
2008-12-27 12:29 . 2008-12-27 12:29 2,603 ---hs---- c:\windows\system32\gisusuje.dll
2008-12-18 12:11 . 2008-12-24 12:35 385 --a------ c:\windows\wininit.ini
2008-12-18 01:51 . 2008-12-18 01:55 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-18 01:51 . 2008-12-18 12:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 00:15 . 2008-12-29 15:25 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-17 17:18 . 2008-12-17 17:18 2,604 ---hs---- c:\windows\system32\duweweba.dll
2008-12-17 17:18 . 2008-12-17 17:18 2,601 ---hs---- c:\windows\system32\dajifuji.dll
2008-12-17 14:51 . 2008-12-29 13:09 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-17 14:51 . 2008-12-17 14:51 <DIR> d-------- c:\program files\AVG
2008-12-17 14:51 . 2008-12-30 15:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-17 14:51 . 2008-12-17 14:51 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-17 14:51 . 2008-12-17 14:51 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-17 14:51 . 2008-12-17 14:51 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-17 13:37 . 2008-12-17 13:37 <DIR> d-------- c:\documents and settings\Sue\New Folder
2008-12-17 13:08 . 2008-12-17 13:08 <DIR> d-------- c:\program files\Kaspersky Lab
2008-12-17 13:08 . 2008-12-30 15:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-17 13:08 . 2008-12-30 15:36 4,720,160 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-17 13:08 . 2008-12-30 15:39 303,136 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-17 13:08 . 2008-12-17 13:08 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-12-17 13:08 . 2008-12-17 13:08 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-12-17 13:08 . 2008-12-30 15:36 40,052 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-17 13:08 . 2008-12-30 15:36 3,164 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-17 13:07 . 2008-12-17 13:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-18 18:17 . 2008-11-18 18:34 <DIR> d-------- c:\program files\VentSrv
2008-11-11 20:00 . 2008-11-11 20:00 218,376 --a------ c:\windows\system32\klogon.dll
2008-11-11 19:58 . 2008-11-11 19:58 25,601 --a------ c:\windows\system32\drivers\klopp.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 04:05 --------- d-----w c:\program files\Trillian
2008-12-28 08:51 --------- d-----w c:\documents and settings\Sue\Application Data\teamspeak2
2008-12-27 09:15 --------- d-----w c:\program files\Java
2008-12-17 14:56 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-16 05:57 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-18 08:29 --------- d-----w c:\program files\Teamspeak2_RC2
2008-12-20 12:49 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 12:49 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 12:49 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 12:49 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 12:49 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2004-06-11 83968]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2005-12-20 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-17 1261336]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Games\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Games\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3784:TCP"= 3784:TCP:Ventrillo TCP
"3784:UDP"= 3784:UDP:Ventrillo UDP
"8767:TCP"= 8767:TCP:TeamSpeak TCP
"8767:UDP"= 8767:UDP:Teamspeak UDP
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-17 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-17 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-17 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-17 76040]
R3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\DRIVERS\Alpham.sys [2005-12-04 34944]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 Alpham1;Ideazon Merc USB Human Interface Device;c:\windows\system32\DRIVERS\Alpham1.sys [2007-07-23 42624]
S3 Alpham2;Ideazon Merc MM USB Human Interface Device;c:\windows\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]
.
Contents of the 'Scheduled Tasks' folder
2008-12-29 c:\windows\Tasks\At1.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-27 c:\windows\Tasks\At10.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-27 c:\windows\Tasks\At11.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-28 c:\windows\Tasks\At12.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-28 c:\windows\Tasks\At13.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-28 c:\windows\Tasks\At14.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-29 c:\windows\Tasks\At15.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-30 c:\windows\Tasks\At16.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-29 c:\windows\Tasks\At17.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-29 c:\windows\Tasks\At18.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-29 c:\windows\Tasks\At19.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-28 c:\windows\Tasks\At2.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-29 c:\windows\Tasks\At20.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-29 c:\windows\Tasks\At21.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-29 c:\windows\Tasks\At22.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-29 c:\windows\Tasks\At23.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-29 c:\windows\Tasks\At24.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-29 c:\windows\Tasks\At25.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-28 c:\windows\Tasks\At26.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-27 c:\windows\Tasks\At27.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-27 c:\windows\Tasks\At28.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-27 c:\windows\Tasks\At29.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-27 c:\windows\Tasks\At3.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-27 c:\windows\Tasks\At30.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-27 c:\windows\Tasks\At31.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-27 c:\windows\Tasks\At32.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-27 c:\windows\Tasks\At33.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-27 c:\windows\Tasks\At34.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-27 c:\windows\Tasks\At35.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-28 c:\windows\Tasks\At36.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-28 c:\windows\Tasks\At37.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-28 c:\windows\Tasks\At38.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-29 c:\windows\Tasks\At39.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-27 c:\windows\Tasks\At4.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-30 c:\windows\Tasks\At40.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-29 c:\windows\Tasks\At41.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-29 c:\windows\Tasks\At42.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-29 c:\windows\Tasks\At43.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-29 c:\windows\Tasks\At44.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-29 c:\windows\Tasks\At45.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-29 c:\windows\Tasks\At46.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-29 c:\windows\Tasks\At47.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-29 c:\windows\Tasks\At48.job
- c:\windows\system32\o1in1ngI.exe []
2008-12-28 c:\windows\Tasks\At49.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-27 c:\windows\Tasks\At5.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-28 c:\windows\Tasks\At50.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-27 c:\windows\Tasks\At51.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-27 c:\windows\Tasks\At52.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-27 c:\windows\Tasks\At53.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-27 c:\windows\Tasks\At54.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-27 c:\windows\Tasks\At55.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-27 c:\windows\Tasks\At56.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-27 c:\windows\Tasks\At57.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-27 c:\windows\Tasks\At58.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-27 c:\windows\Tasks\At59.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-27 c:\windows\Tasks\At6.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-28 c:\windows\Tasks\At60.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-28 c:\windows\Tasks\At61.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-28 c:\windows\Tasks\At62.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-28 c:\windows\Tasks\At62.job
- K:\ []
2008-12-29 c:\windows\Tasks\At63.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-30 c:\windows\Tasks\At64.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-29 c:\windows\Tasks\At65.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-29 c:\windows\Tasks\At66.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-29 c:\windows\Tasks\At67.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-29 c:\windows\Tasks\At68.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-29 c:\windows\Tasks\At69.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-27 c:\windows\Tasks\At7.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-29 c:\windows\Tasks\At70.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-29 c:\windows\Tasks\At71.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-29 c:\windows\Tasks\At72.job
- c:\windows\system32\20X8yQUo.exe []
2008-12-27 c:\windows\Tasks\At8.job
- c:\windows\system32\2PTlVVK1.exe []
2008-12-27 c:\windows\Tasks\At9.job
- c:\windows\system32\2PTlVVK1.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{2ab5ab86-d857-41f3-9a26-60b2f598a94a} - c:\windows\system32\fokozewa.dll
HKCU-Run-iPlusAgent - c:\program files\iriver\iriver plus\iAgent.exe
HKLM-Run-sadorujoha - c:\windows\system32\menuliho.dll
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: asia.msi.com.tw
Trusted Zone: global.msi.com.tw
Trusted Zone: www.msi.com.tw
O16 -: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
c:\windows\Downloaded Program Files\MSIWDev.inf
FF - ProfilePath - c:\documents and settings\Sue\Application Data\Mozilla\Firefox\Profiles\4kytjr7j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.knightsofvegemight.com/nuke/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 15:38:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1412)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2008-12-30 15:42:51 - machine was rebooted [Sue]
ComboFix-quarantined-files.txt 2008-12-30 04:42:48
Pre-Run: 403,632,386,048 bytes free
Post-Run: 404,009,107,456 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
343 --- E O F --- 2008-12-11 16:01:55
grommit01
2008-12-31, 12:41
Thanks Peku, here's the 2 OTViewIT logs:
OTViewIt logfile created on: 31/12/2008 10:39:57 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Sue\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1023.47 Mb Total Physical Memory | 697.23 Mb Available Physical Memory | 68.12% Memory free
2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.59% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 376.20 Gb Free Space | 80.77% Space Free | Partition Type: NTFS
Drive D: | 931.52 Gb Total Space | 695.20 Gb Free Space | 74.63% Space Free | Partition Type: NTFS
Drive E: | 186.30 Gb Total Space | 142.28 Gb Free Space | 76.37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SERVER
Current User Name: Sue
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== Processes ==========
[2007/09/29 02:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/09/29 02:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2004/06/11 11:15:00 | 00,083,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
[2005/12/20 14:34:56 | 00,032,768 | ---- | M] (Ideazon, Inc.) -- C:\Program Files\Ideazon\ZEngine\Zboard.exe
[2006/11/17 05:42:52 | 00,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
[2008/12/27 20:15:22 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/12/17 14:51:35 | 01,261,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/12/17 14:51:33 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/12/27 20:15:22 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/12/17 14:51:36 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/12/17 14:51:34 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2004/08/04 09:56:58 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2001/08/23 23:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
[2007/04/10 14:01:18 | 00,336,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/12/20 23:49:39 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/12/31 22:39:42 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sue\Desktop\OTViewIt.exe
========== (O23) Win32 Services ==========
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/09/29 02:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/12/17 14:51:34 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2008/12/17 14:51:33 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/11/11 19:59:16 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -- (AVP [Auto | Running])
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/05/31 13:24:12 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/12/27 20:15:22 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/05/14 22:28:48 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
File not found -- -- (Ventrilo [Auto | Stopped])
[2005/10/06 18:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS [On_Demand | Stopped])
========== Driver Services ==========
[2004/10/08 12:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
[2006/12/04 17:11:46 | 04,025,984 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
[2005/12/04 13:55:40 | 00,034,944 | ---- | M] (Ideazon Corporation) -- C:\WINDOWS\system32\drivers\Alpham.sys -- (Alpham [On_Demand | Running])
[2007/07/23 07:56:58 | 00,042,624 | ---- | M] (Ideazon Corporation) -- C:\WINDOWS\system32\drivers\Alpham1.sys -- (Alpham1 [On_Demand | Stopped])
[2007/03/20 09:49:52 | 00,018,432 | ---- | M] (Ideazon Corporation) -- C:\WINDOWS\system32\drivers\Alpham2.sys -- (Alpham2 [On_Demand | Stopped])
[2007/04/16 21:46:00 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM [System | Running])
[2007/09/29 03:06:00 | 02,456,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/12/17 14:51:43 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/12/17 14:51:43 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/12/17 14:51:46 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/07/21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [Boot | Running])
[2008/01/29 17:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [Boot | Running])
[2008/12/17 13:08:21 | 00,227,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2008/04/30 17:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])
[2005/05/17 17:45:00 | 00,092,800 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
[2004/05/17 14:00:00 | 00,033,280 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2004/05/17 14:00:00 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2004/06/03 10:40:00 | 00,068,224 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid [Boot | Running])
[2003/10/29 13:02:00 | 00,021,120 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp [Boot | Running])
[2001/08/23 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/02/21 13:05:38 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2007/07/12 11:49:16 | 00,096,384 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2007/11/13 21:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2008/12/17 13:08:21 | 00,227,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (TSP [On_Demand | Stopped])
========== (R ) Internet Explorer ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"AlwaysUseDefaultPrinter"=yes
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local
========== (O1) Hosts File ==========
HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
========== (O2) BHO's ==========
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (HKLM) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
========== (O4) Run Keys ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" (Kaspersky Lab)
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Zboard"=C:\Program Files\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
========== (O4) Startup Folders ==========
========== (O6 & O7) Current Version Policies ==========
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer]
"Windows Update Menu Text"=Microsoft Update
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
========== (O9) IE Extensions ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web traffic protection statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll [2008/11/11 20:00:38 | 00,222,472 | ---- | M] (Kaspersky Lab)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/07/07 09:41:58 | 01,562,448 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 23:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 12:21:24 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 12:21:24 | 01,694,208 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 12:21:24 | 01,694,208 | ---- | M] (Microsoft Corporation)
========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
========== (O13) Default Prefixes ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://
========== (O15) Trusted Sites ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
com.tw\asia.msi: http in My Computer
com.tw\global.msi: http in My Computer
com.tw\www.msi: http in My Computer
49 domain(s) and sub-domain(s) not assigned to a zone.
========== (O16) DPF ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203682545671 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203682515296 -- MUWebControl Class
{8167C273-DF59-4416-B647-C8BB2C7EE83E}: http://liveupdate.msi.com.tw/autobios/LOnline/install.cab -- WebSDev Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
========== (O17) DNS Name Servers ==========
{2DA27063-FC87-442E-B140-09549D2DC6C7} (Servers: | Description: )
{2FEB8ADC-A41D-4787-93BC-26A629B9DB11} (Servers: | Description: 1394 Net Adapter)
{A537C14A-08AA-42D2-8822-CD7CE4C179A9} (Servers: | Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC)
========== (O20) Winlogon Notify Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
========== Safeboot Options ==========
"AlternateShell"=cmd.exe
========== CDRom AutoRun Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1
========== Autorun Files on Drives ==========
AUTOEXEC.BAT []
[2008/02/22 22:49:02 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]
AUTOEXEC.BAT []
[2008/02/22 22:24:03 | 00,000,000 | ---- | M] () -- E:\AUTOEXEC.BAT -- [ NTFS ]
========== Files/Folders - Created Within 30 Days ==========
[3 C:\WINDOWS\*.tmp files]
[2008/12/31 22:39:36 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sue\Desktop\OTViewIt.exe
[2008/12/31 10:40:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/12/31 10:12:21 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/12/31 00:10:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sue\Application Data\Malwarebytes
[2008/12/31 00:10:00 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/31 00:10:00 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/31 00:09:58 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/31 00:09:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/31 00:09:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/31 00:08:44 | 02,539,168 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sue\Desktop\mbam-setup.exe
[2008/12/31 00:06:08 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/31 00:04:26 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sue\Desktop\OTMoveIt3.exe
[2008/12/30 15:26:11 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/12/30 15:26:09 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/12/30 15:26:08 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/12/30 15:23:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/12/30 15:23:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/12/30 15:23:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/12/30 15:23:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/12/30 15:23:14 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/12/30 15:23:14 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/12/30 15:23:14 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/30 15:23:14 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/12/28 11:29:14 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/12/28 11:29:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/28 11:29:11 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/12/27 14:08:17 | 02,887,980 | R--- | C] () -- C:\Documents and Settings\Sue\Desktop\ComboFix.exe
[2008/12/27 13:03:33 | 00,001,776 | ---- | C] () -- C:\Documents and Settings\Sue\Desktop\HijackThis.lnk
[2008/12/27 13:03:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/27 13:02:50 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Sue\Desktop\HJTInstall.exe
[2008/12/18 12:11:27 | 00,000,385 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/18 01:51:38 | 00,000,975 | ---- | C] () -- C:\Documents and Settings\Sue\Desktop\Spybot - Search & Destroy.lnk
[2008/12/18 01:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/18 01:51:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/18 01:44:55 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Sue\Desktop\spybotsd160.exe
[2008/12/18 00:15:25 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/12/17 14:51:47 | 00,001,549 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/12/17 14:51:46 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/12/17 14:51:46 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/12/17 14:51:43 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/12/17 14:51:43 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/12/17 14:51:40 | 31,290,179 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/17 14:51:40 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/12/17 14:51:40 | 00,368,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/17 14:51:40 | 00,008,170 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/17 14:51:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/12/17 14:51:33 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/12/17 14:51:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/12/17 14:02:13 | 53,682,216 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Sue\Desktop\avg_free_stf_en_8_176a1399.exe
[2008/12/17 13:08:59 | 00,096,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/12/17 13:08:58 | 00,087,855 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/12/17 13:08:33 | 04,720,160 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/12/17 13:08:33 | 00,319,520 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/12/17 13:08:33 | 00,040,052 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/12/17 13:08:33 | 00,003,220 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/12/17 13:08:32 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2008/12/17 13:08:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2008/12/17 13:08:21 | 00,227,344 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/12/17 13:07:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/12/17 12:44:39 | 39,647,808 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Sue\Desktop\kav8.0.0.506en.exe
========== Files - Modified Within 30 Days ==========
[3 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/12/31 22:39:42 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sue\Desktop\OTViewIt.exe
[2008/12/31 14:08:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/31 14:08:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/31 14:07:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/31 12:51:30 | 00,001,664 | ---- | M] () -- C:\Documents and Settings\Sue\Desktop\Trillian.lnk
[2008/12/31 03:06:27 | 04,720,160 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/12/31 03:06:27 | 00,319,520 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/12/31 03:06:27 | 00,040,052 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/12/31 03:06:27 | 00,003,220 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2008/12/31 00:10:00 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/31 00:09:30 | 02,539,168 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sue\Desktop\mbam-setup.exe
[2008/12/31 00:04:40 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sue\Desktop\OTMoveIt3.exe
[2008/12/30 15:38:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/30 15:38:00 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/12/30 15:31:26 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\jikakewi
[2008/12/30 15:26:11 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008/12/30 15:22:52 | 02,887,980 | R--- | M] () -- C:\Documents and Settings\Sue\Desktop\ComboFix.exe
[2008/12/30 14:57:15 | 05,880,146 | -H-- | M] () -- C:\Documents and Settings\Sue\Local Settings\Application Data\IconCache.db
[2008/12/29 13:09:45 | 31,290,179 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/12/29 13:09:45 | 00,008,170 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/12/27 13:03:34 | 00,001,776 | ---- | M] () -- C:\Documents and Settings\Sue\Desktop\HijackThis.lnk
[2008/12/27 13:03:02 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sue\Desktop\HJTInstall.exe
[2008/12/24 12:35:55 | 00,000,385 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/12/23 04:24:28 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/18 01:51:38 | 00,000,975 | ---- | M] () -- C:\Documents and Settings\Sue\Desktop\Spybot - Search & Destroy.lnk
[2008/12/18 01:49:41 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Sue\Desktop\spybotsd160.exe
[2008/12/17 14:51:47 | 00,001,549 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/12/17 14:51:46 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2008/12/17 14:51:46 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/12/17 14:51:43 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/12/17 14:51:43 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/12/17 14:51:40 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/12/17 14:19:20 | 53,682,216 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Sue\Desktop\avg_free_stf_en_8_176a1399.exe
[2008/12/17 13:08:59 | 00,096,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008/12/17 13:08:58 | 00,087,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008/12/17 13:08:21 | 00,227,344 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/12/17 12:59:51 | 39,647,808 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Sue\Desktop\kav8.0.0.506en.exe
[2008/12/13 17:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 17:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/12 03:01:55 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/05 01:17:43 | 00,084,992 | ---- | M] () -- C:\Documents and Settings\Sue\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >
grommit01
2008-12-31, 12:42
OTViewIt Extras logfile created on: 31/12/2008 10:39:57 PM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Sue\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1023.47 Mb Total Physical Memory | 697.23 Mb Available Physical Memory | 68.12% Memory free
2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.59% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 376.20 Gb Free Space | 80.77% Space Free | Partition Type: NTFS
Drive D: | 931.52 Gb Total Space | 695.20 Gb Free Space | 74.63% Space Free | Partition Type: NTFS
Drive E: | 186.30 Gb Total Space | 142.28 Gb Free Space | 76.37% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SERVER
Current User Name: Sue
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=1
""=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 09:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 23:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 09:56:58 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 23:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/12/11 00:00:00 | 01,873,280 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian
[2004/08/04 09:56:50 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2008/11/14 17:00:38 | 00,889,488 | ---- | M] (Blizzard Entertainment, Inc.) -- C:\Games\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility
[2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/14 17:00:35 | 01,077,904 | ---- | M] (Blizzard Entertainment) -- C:\Games\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
[2007/08/02 06:52:48 | 00,439,808 | ---- | M] () -- C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server
[2003/08/29 16:13:04 | 01,436,160 | ---- | M] (Dominating Bytes Design) -- C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe:*:Enabled:Teamspeak RC2
[2008/12/17 14:51:34 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2008/12/17 14:51:35 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2004/10/13 12:21:24 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger
[2007/12/17 17:13:36 | 03,810,544 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger
========== (O10) Winsock2 Catalogs ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
========== (O18) Protocol Handlers ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/17 14:51:40 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
msdaipp: [HKLM - No CLSID value]
[2004/09/17 14:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2004/09/17 14:44:16 | 00,843,472 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java(TM) 6 Update 6
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}"=ZEngine
"{6580C5A3-2336-4EC5-85F1-3448C5F6208A}"=Kaspersky Anti-Virus 2009
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}"=Software Update for Web Folders
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}"=Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"AC3Filter"=AC3Filter (remove only)
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58"=Adobe Photoshop CS3
"ATI Display Driver"=ATI Display Driver
"AVG8Uninstall"=AVG Free 8.0
"Canon Digital Camera USB WIA Driver"=Canon Digital Camera USB WIA Driver
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallWIX_{6580C5A3-2336-4EC5-85F1-3448C5F6208A}"=Kaspersky Anti-Virus 2009
"KC Softwares VideoInspector_is1"=KC Softwares VideoInspector
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0.0.20)"=Mozilla Firefox (2.0.0.20)
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1"=TeamSpeak 2 Server RC2
"Trillian"=Trillian
"WinRAR archiver"=WinRAR archiver
"World of Warcraft"=World of Warcraft
"Xvid_is1"=Xvid 1.1.3 final uninstall
"Yahoo!7 Messenger"=Yahoo!7 Messenger
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16/05/2008 10:21:48 PM | Computer Name = SERVER | Source = Application Error | ID = 1000
Description = Faulting application wordpad.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x7575ffff.
Error - 22/05/2008 10:01:04 PM | Computer Name = SERVER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 26/05/2008 7:05:59 AM | Computer Name = SERVER | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.
Error - 11/07/2008 10:41:12 AM | Computer Name = SERVER | Source = Application Hang | ID = 1002
Description = Hanging application Ad-Aware.exe, version 7.1.0.10, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 9/08/2008 5:56:13 AM | Computer Name = SERVER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16674, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 15/09/2008 10:13:34 PM | Computer Name = SERVER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20080.4669, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 3/10/2008 8:29:36 AM | Computer Name = SERVER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.17373, faulting
module firefox.exe, version 1.8.20080.17373, fault address 0x00175b8e.
Error - 7/10/2008 12:46:26 AM | Computer Name = SERVER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20080.17373, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/10/2008 12:48:30 AM | Computer Name = SERVER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20080.17373, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 7/10/2008 1:28:13 AM | Computer Name = SERVER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20080.17373, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 30/12/2008 7:41:21 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7000
Description = The Ventrilo service failed to start due to the following error: %%2
Error - 30/12/2008 7:51:03 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7000
Description = The Ventrilo service failed to start due to the following error: %%2
Error - 30/12/2008 7:51:10 PM | Computer Name = SERVER | Source = System Error | ID = 1003
Description = Error code 100000d4, parameter1 b7233c48, parameter2 000000ff, parameter3
00000001, parameter4 80542455.
Error - 30/12/2008 7:51:18 PM | Computer Name = SERVER | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 30/12/2008 7:51:18 PM | Computer Name = SERVER | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 30/12/2008 8:02:36 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7034
Description = The AVG Free8 E-mail Scanner service terminated unexpectedly. It
has done this 1 time(s).
Error - 30/12/2008 8:02:44 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7034
Description = The AVG Free8 E-mail Scanner service terminated unexpectedly. It
has done this 2 time(s).
Error - 30/12/2008 11:08:13 PM | Computer Name = SERVER | Source = Service Control Manager | ID = 7000
Description = The Ventrilo service failed to start due to the following error: %%2
Error - 30/12/2008 11:08:28 PM | Computer Name = SERVER | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 30/12/2008 11:08:28 PM | Computer Name = SERVER | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
< End of report >