Logfile of random's system information tool 1.05 (written by random/random)
Run by bbb at 2008-12-29 00:58:37
Microsoft Windows XP Professional Service Pack 2
System drive C: has 658 MB (7%) free of 9 GB
Total RAM: 223 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:39 AM, on 12/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
C:\Program Files\TuneUp Utilities 2007\ProcessManager.exe
C:\DOCUME~1\bbb\LOCALS~1\Temp\kvnd.exe
C:\DOCUME~1\bbb\LOCALS~1\Temp\winfttjqi.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\explorer.exe
C:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bbb.exe

O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{287F7905-70FB-4FF8-8DF7-A72E8941FB8D}: NameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{43E2F0E8-E4DB-4ADC-9BD9-946CBA87A143}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{287F7905-70FB-4FF8-8DF7-A72E8941FB8D}: NameServer = 208.67.220.220 208.67.222.222

--
End of file - 2972 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-04-25 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}]
IeCatch2 Class - C:\PROGRA~1\FLASHGET\jccatch.dll [2002-01-16 65536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"=C:\WINDOWS\htpatch.exe [2002-12-19 28672]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2005-09-27 2717392]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2008-12-24 1230728]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-04-25 201992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Bandwidth Monitor Pro"=C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe [2005-02-09 303104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe"="C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe:*:Enabled:Anapod Xtreamer"
"G:\blugn.pif"="G:\blugn.pif:*:Enabled:ipsec"
"C:\Program Files\foobar2000\foobar2000.exe"="C:\Program Files\foobar2000\foobar2000.exe:*:Enabled:ipsec"
"C:\Program Files\Trojan Remover\Sschk.exe"="C:\Program Files\Trojan Remover\Sschk.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\PROGRA~1\Sygate\SPF\smc.exe"="C:\PROGRA~1\Sygate\SPF\smc.exe:*:Enabled:ipsec"
"C:\Documents and Settings\Administrator.TYRANT.000\Application Data\Simply Super Software\Trojan Remover\doh1.exe"="C:\Documents and Settings\Administrator.TYRANT.000\Application Data\Simply Super Software\Trojan Remover\doh1.exe:*:Enabled:ipsec"
"C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe"="C:\PROGRA~1\BANDWI~1\Bandwidth Monitor Pro.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winylhcwf.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winylhcwf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\vjhd.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\vjhd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winxyblwd.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winxyblwd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winosbbtm.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winosbbtm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winsuoit.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winsuoit.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\wincpwxt.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\wincpwxt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winnoxc.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winnoxc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\phvpc.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\phvpc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winhmwroc.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winhmwroc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winqyyu.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winqyyu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\hhaxe.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\hhaxe.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winabdcg.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winabdcg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winkdtn.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winkdtn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winfrpkfv.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winfrpkfv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\aljjww.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\aljjww.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winbokb.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winbokb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winpfku.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\winpfku.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\knuho.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\knuho.exe:*:Enabled:ipsec"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\xptum.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\xptum.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\windlpoe.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\windlpoe.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\jecde.exe"="C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\jecde.exe:*:Enabled:ipsec"
"C:\DOCUME~1\bbb\LOCALS~1\Temp\kvnd.exe"="C:\DOCUME~1\bbb\LOCALS~1\Temp\kvnd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\bbb\LOCALS~1\Temp\winfttjqi.exe"="C:\DOCUME~1\bbb\LOCALS~1\Temp\winfttjqi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\bbb\LOCALS~1\Temp\hpxbis.exe"="C:\DOCUME~1\bbb\LOCALS~1\Temp\hpxbis.exe:*:Enabled:ipsec"
"C:\WINDOWS\regedit.exe"="C:\WINDOWS\regedit.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\cmd.exe"="C:\WINDOWS\system32\cmd.exe:*:Enabled:ipsec"
"C:\Program Files\Opera\Opera.exe"="C:\Program Files\Opera\Opera.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-29 00:58:37 ----D---- C:\rsit
2008-12-29 00:56:37 ----RASHD---- C:\autorun.inf
2008-12-29 00:50:05 ----D---- C:\Documents and Settings\bbb\Application Data\TuneUp Software
2008-12-29 00:49:36 ----D---- C:\Documents and Settings\bbb\Application Data\Opera
2008-12-29 00:48:09 ----D---- C:\Documents and Settings\bbb\Application Data\Simply Super Software
2008-12-29 00:46:52 ----D---- C:\Documents and Settings\bbb\Application Data\Identities
2008-12-29 00:46:41 ----SD---- C:\Documents and Settings\bbb\Application Data\Microsoft
2008-12-29 00:46:41 ----ASH---- C:\Documents and Settings\bbb\Application Data\desktop.ini
2008-12-29 00:46:14 ----SHD---- C:\FOUND.026
2008-12-24 18:07:49 ----D---- C:\WINDOWS\ERUNT
2008-12-24 18:03:05 ----D---- C:\SDFix
2008-12-24 17:57:27 ----D---- C:\Program Files\Trend Micro
2008-12-24 17:13:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-24 17:13:37 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-24 16:58:27 ----A---- C:\WINDOWS\zip.exe
2008-12-24 16:58:27 ----A---- C:\WINDOWS\VFIND.exe
2008-12-24 16:58:27 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-24 16:58:27 ----A---- C:\WINDOWS\SWSC.exe
2008-12-24 16:58:27 ----A---- C:\WINDOWS\SWREG.exe
2008-12-24 16:58:27 ----A---- C:\WINDOWS\sed.exe
2008-12-24 16:58:27 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-24 16:58:27 ----A---- C:\WINDOWS\grep.exe
2008-12-24 16:58:27 ----A---- C:\WINDOWS\fdsv.exe
2008-12-24 16:58:21 ----D---- C:\WINDOWS\ERDNT
2008-12-24 16:58:21 ----D---- C:\Qoobox
2008-12-24 16:58:21 ----D---- C:\ComboFix
2008-12-24 16:58:20 ----A---- C:\WINDOWS\system32\CF19025.exe
2008-12-21 23:56:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-12-21 23:52:01 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-12-05 03:22:09 ----D---- C:\Program Files\FlashGet
2008-12-05 02:38:46 ----D---- C:\Program Files\Operaalpha
2008-12-04 02:02:31 ----A---- C:\WINDOWS\system32\BASSMOD.dll

======List of files/folders modified in the last 1 months======

2008-12-29 00:47:46 ----A---- C:\WINDOWS\ModemLog_Nokia 3220 Cable.txt
2008-12-29 00:46:54 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-24 18:52:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-24 18:27:24 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-22 00:22:20 ----SH---- C:\boot.ini
2008-12-22 00:22:20 ----A---- C:\WINDOWS\win.ini
2008-12-22 00:22:20 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2005-09-27 14944]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2005-09-27 14944]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2005-09-27 14944]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2005-09-27 14944]
R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\hmomsn.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2003-02-26 260736]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-06-27 207488]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\catchme.sys []
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 fcvjofnms;fcvjofnms; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 rhgml;rhgml; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------