Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-11-22 18:14:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (23%) free of 38 GB
Total RAM: 766 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:00 PM, on 11/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: {b20b070b-215c-134a-62e4-281297d63104} - {40136d79-2182-4e26-a431-c512b070b02b} - C:\WINDOWS\system32\qawjuc.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\system32\mlJDwWQj.dll
O2 - BHO: (no name) - {B967B353-884F-4090-9880-6D1B66A473FC} - C:\WINDOWS\system32\ssqNGVPi.dll
O2 - BHO: (no name) - {D5E6F6F6-EC00-43F8-BFF0-40695024EC8C} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [5c55983f] rundll32.exe "C:\WINDOWS\system32\enfyuwmi.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) -
http://h30155.www3.hp.com/ediags/dd/ins ... _v01_6.cabO16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} -
http://www.linksysfix.com/netcheck/67/i ... downls.cabO16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) -
file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O20 - Winlogon Notify: mlJDwWQj - C:\WINDOWS\SYSTEM32\mlJDwWQj.dll
O20 - Winlogon Notify: wvUkKCsT - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9306 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40136d79-2182-4e26-a431-c512b070b02b}]
C:\WINDOWS\system32\qawjuc.dll [2008-11-22 129024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A63E645F-13BD-45ED-B15F-6E8C1BD57279}]
C:\WINDOWS\system32\mlJDwWQj.dll [2008-11-22 25600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B967B353-884F-4090-9880-6D1B66A473FC}]
C:\WINDOWS\system32\ssqNGVPi.dll [2008-11-22 318464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5E6F6F6-EC00-43F8-BFF0-40695024EC8C}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-04-06 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-04-06 114688]
"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-01-13 69632]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-08-18 77824]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"5c55983f"=C:\WINDOWS\system32\enfyuwmi.dll [2008-11-22 72704]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-02-18 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-08-18 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [2003-01-09 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-01-13 757760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2003-06-10 55296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2004-03-31 635019]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-11 16423]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlJDwWQj]
C:\WINDOWS\system32\mlJDwWQj.dll [2008-11-22 25600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUkKCsT]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A63E645F-13BD-45ED-B15F-6E8C1BD57279}"=C:\WINDOWS\system32\mlJDwWQj.dll [2008-11-22 25600]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ssqNGVPi
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Java\jre1.6.0_02\launch4j-tmp\Yahtzee.exe"="C:\Program Files\Java\jre1.6.0_02\launch4j-tmp\Yahtzee.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\WS_FTP Pro\ftp95pro.exe"="C:\Program Files\WS_FTP Pro\ftp95pro.exe:*:Enabled:WS_FTP 95"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.js - open - C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -
.vbs - open - C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %*
======List of files/folders created in the last 1 months======
2008-11-22 14:06:16 ----D---- C:\_OTMoveIt
2008-11-22 14:03:52 ----A---- C:\WINDOWS\system32\qawjuc.dll
2008-11-22 14:03:51 ----A---- C:\WINDOWS\system32\swsvyncu.dll
2008-11-22 14:01:40 ----SH---- C:\WINDOWS\system32\imwuyfne.ini
2008-11-22 14:01:36 ----A---- C:\WINDOWS\system32\enfyuwmi.dll
2008-11-22 14:00:41 ----ASH---- C:\WINDOWS\system32\iPVGNqss.ini2
2008-11-22 14:00:41 ----ASH---- C:\WINDOWS\system32\iPVGNqss.ini
2008-11-22 14:00:27 ----A---- C:\WINDOWS\system32\ssqNGVPi.dll
2008-11-22 10:55:20 ----A---- C:\WINDOWS\system32\wvUlkJDv.dll
2008-11-22 10:55:19 ----A---- C:\WINDOWS\system32\mlJDwWQj.dll
2008-11-22 10:55:12 ----A---- C:\WINDOWS\system32\msansspc.dll
2008-11-22 10:46:45 ----A---- C:\Program Files\Administrator.exe
2008-11-22 10:46:43 ----D---- C:\rsit
2008-11-22 09:26:37 ----A---- C:\uninstall_list.txt
2008-11-19 22:38:09 ----D---- C:\WINDOWS\ERUNT
2008-11-19 22:31:02 ----D---- C:\SDFix
2008-11-19 22:29:59 ----A---- C:\mbam-setup.exe
2008-11-19 22:18:20 ----A---- C:\mbam-log-2008-11-19 (22-18-11).txt
2008-11-19 19:46:21 ----A---- C:\Program Files\HijackThis.exe
2008-11-19 04:05:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-18 20:55:56 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-11-18 20:55:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-18 20:55:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-18 20:53:51 ----D---- C:\WINDOWS\ERDNT
2008-11-18 20:53:26 ----D---- C:\Program Files\ERUNT
2008-11-18 20:50:03 ----A---- C:\SysRestorePoint.exe
2008-11-16 23:18:35 ----A---- C:\WINDOWS\system32\HHActiveX.dll
2008-11-16 23:18:34 ----A---- C:\WINDOWS\system32\msxml3a.dll
2008-11-16 23:18:15 ----A---- C:\WINDOWS\system32\TpUtil.dll
2008-11-16 23:18:15 ----A---- C:\WINDOWS\system32\PavSHook.dll
2008-11-16 23:18:15 ----A---- C:\WINDOWS\system32\pavipc.dll
2008-11-16 23:18:14 ----A---- C:\WINDOWS\system32\SYSTOOLS.DLL
2008-11-16 23:17:57 ----D---- C:\WINDOWS\system32\PAV
2008-11-16 23:17:57 ----A---- C:\WINDOWS\system32\avldr.dll
2008-11-16 23:17:50 ----A---- C:\WINDOWS\system32\sporder.dll
2008-11-16 23:16:27 ----D---- C:\Program Files\Panda Software
2008-11-16 23:15:17 ----D---- C:\Program Files\Common Files\Panda Software
2008-11-16 14:11:34 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-11-16 14:11:34 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-11-16 14:11:34 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-16 14:11:34 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2008-11-13 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-02 10:00:29 ----D---- C:\Program Files\Sony
2008-11-02 09:52:11 ----D---- C:\Program Files\Steinberg
2008-10-26 09:46:07 ----D---- C:\Program Files\Virtual Earth 3D
2008-10-24 02:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
======List of files/folders modified in the last 1 months======
2008-11-22 18:14:57 ----RD---- C:\Program Files
2008-11-22 18:14:19 ----D---- C:\WINDOWS\system32\drivers
2008-11-22 18:13:49 ----D---- C:\WINDOWS\Temp
2008-11-22 18:13:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-22 18:11:40 ----D---- C:\WINDOWS\system32
2008-11-22 18:01:52 ----D---- C:\WINDOWS\Prefetch
2008-11-22 14:16:18 ----D---- C:\WINDOWS
2008-11-22 14:06:16 ----D---- C:\Program Files\Common Files
2008-11-22 12:49:11 ----D---- C:\pictures
2008-11-22 12:35:11 ----A---- C:\WINDOWS\QTW.INI
2008-11-22 09:58:49 ----D---- C:\Program Files\Java
2008-11-22 09:58:27 ----SHD---- C:\WINDOWS\Installer
2008-11-21 20:42:54 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-21 11:04:07 ----D---- C:\WINDOWS\AppPatch
2008-11-21 11:04:05 ----D---- C:\Program Files\SmartFTP Client
2008-11-21 11:04:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-21 11:03:54 ----D---- C:\WINDOWS\system32\wbem
2008-11-21 11:03:52 ----D---- C:\WINDOWS\system32\QuickTime
2008-11-21 11:03:52 ----D---- C:\Program Files\QuickTime
2008-11-21 11:03:47 ----D---- C:\Program Files\Linksys EasyLink Advisor
2008-11-21 11:03:43 ----D---- C:\Program Files\Messenger
2008-11-21 11:03:42 ----D---- C:\Program Files\PrintKey2000
2008-11-21 11:03:30 ----D---- C:\Program Files\Outlook Express
2008-11-21 11:03:29 ----D---- C:\Program Files\Common Files\System
2008-11-21 11:03:28 ----D---- C:\Program Files\Internet Explorer
2008-11-20 22:17:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-20 06:36:35 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-20 06:35:49 ----HD---- C:\WINDOWS\inf
2008-11-20 06:35:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-18 17:57:02 ----A---- C:\WINDOWS\wininit.ini
2008-11-18 13:43:39 ----D---- C:\Program Files\WinRAR
2008-11-17 19:47:27 ----D---- C:\WINDOWS\system32\config
2008-11-17 17:26:52 ----D---- C:\Program Files\Common Files\LightScribe
2008-11-17 16:52:38 ----SHD---- C:\WINDOWS\CSC
2008-11-16 23:35:04 ----D---- C:\Program Files\FLAC
2008-11-16 23:32:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-16 23:17:46 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-16 09:38:38 ----D---- C:\Documents and Settings
2008-11-15 13:55:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-11-13 22:26:17 ----D---- C:\WINDOWS\Debug
2008-11-13 03:01:24 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:00:38 ----D---- C:\WINDOWS\WinSxS
2008-11-10 18:58:46 ----D---- C:\Program Files\VCW VicMan's Photo Editor
2008-11-06 21:15:38 ----D---- C:\Program Files\Common Files\Adobe
2008-11-06 21:15:26 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-06 21:15:15 ----D---- C:\Program Files\Adobe
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 09:52:15 ----RSD---- C:\WINDOWS\Fonts
2008-10-29 20:39:13 ----D---- C:\Program Files\WS_FTP Pro
2008-10-26 10:03:06 ----RSD---- C:\WINDOWS\assembly
2008-10-26 10:03:06 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-26 09:49:26 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 APPFLT;App Filter Plugin; \??\C:\WINDOWS\system32\Drivers\APPFLT.SYS []
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-01-13 64208]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-01-13 24839]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-01-13 249344]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2003-12-05 36918]
R1 DSAFLT;DSA Filter Plugin; \??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS []
R1 FNETMON;NetMon Filter Plugin; \??\C:\WINDOWS\system32\Drivers\fnetmon.SYS []
R1 IDSFLT;Ids Filter Plugin; \??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NETFLTDI;Panda Net Driver [TDI Layer]; \??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS []
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-01-13 118422]
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-08-29 26752]
R1 SMSFLT;SMS Filter Plugin; \??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS []
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-01-13 206464]
R1 WNMFLT;Wifi Monitor Filter Plugin; \??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 cpoint;Panda CPoint Driver; C:\WINDOWS\system32\Drivers\cpoint.sys [2005-08-12 16640]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2003-11-16 38737]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R2 PAVDRV;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2006-02-22 71552]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-06-19 752764]
R3 AvFlt;Antivirus Filter Driver; C:\WINDOWS\system32\drivers\av5flt.sys []
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-01-13 21654]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
R3 PavSRK.sys;PavSRK.sys; \??\C:\WINDOWS\system32\PavSRK.sys []
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 USBAV708;Instant VideoMPX; C:\WINDOWS\SYSTEM32\DRIVERS\USBAV708.SYS [2004-07-06 101120]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2004-02-19 148529]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2003-09-30 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2003-09-30 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2003-12-05 68182]
S3 GoProto;GoProto Protocol Driver; C:\WINDOWS\system32\DRIVERS\goprot51.sys [2007-08-08 28672]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-01-13 22758]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PavTPK.sys;PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys []
S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-29 611664]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2004-02-19 301624]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 PAVFNSVR;Panda Function Service; C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe [2006-07-21 159744]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe [2005-07-25 32768]
R2 PAVSRV;Panda anti-virus service; C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe [2006-08-08 151552]
R2 pmshellsrv;Panda Antispam Engine; C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe [2006-03-31 411096]
R2 PNMSRV;Panda Network Manager; c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE [2006-08-02 811008]
R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe [2006-07-04 102400]
R2 ScsiAccess;ScsiAccess; C:\WINDOWS\system32\ScsiAccess.EXE [2003-02-04 181312]
R2 TPSrv;Panda TPSrv; C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe [2006-10-09 348160]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-02-26 49152]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
-----------------EOF-----------------