Logfile of random's system information tool 1.04 (written by random/random)
Run by danny at 2008-10-21 01:50:15
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 15 GB (80%) free of 19 GB
Total RAM: 191 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:45 AM, on 10/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE
C:\WINDOWS\MWW32\MANAGER\MWSSW32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\WINDOWS\system32\bcmwltry.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE
C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\danny\Desktop\RSIT.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\avciman.exe
C:\Program Files\Trend Micro\HijackThis\danny.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\psimreal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=78622&mkt=en-usO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {70C7270B-ECE9-4FA8-A203-4A2C2D366128} - (no file)
O3 - Toolbar: (no name) - {65952D7F-B04B-4D60-99FF-77662FE2D2EF} - (no file)
O4 - HKLM\..\Run: [Modem Update Reminder] C:\WINDOWS\MWW32\manager\mwremind.exe autorun
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: ThinkPad Modem Copyright.lnk = C:\WINDOWS\MWW32\manager\mwcpyrt.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 1767666652O20 - Winlogon Notify: geBtRiGX - geBtRiGX.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: ThinkPad Modem Service (ThinkPadModemService) - IBM Corporation - C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
--
End of file - 5967 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C7270B-ECE9-4FA8-A203-4A2C2D366128}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{65952D7F-B04B-4D60-99FF-77662FE2D2EF}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Modem Update Reminder"=C:\WINDOWS\MWW32\manager\mwremind.exe [1999-04-01 202752]
"bcmwltry"=C:\WINDOWS\SYSTEM32\bcmwltry.exe [2003-07-25 462848]
"RemoveCpl"=C:\WINDOWS\SYSTEM32\RemoveCpl.exe [2003-01-15 24576]
"kmw_run.exe"=C:\WINDOWS\SYSTEM32\kmw_run.exe [2005-09-01 118784]
"APVXDWIN"=C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE [2008-07-16 857344]
"SCANINICIO"=C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe [2008-07-07 50432]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
ThinkPad Modem Copyright.lnk - C:\WINDOWS\MWW32\manager\mwcpyrt.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
C:\WINDOWS\SYSTEM32\avldr.dll [2008-03-18 58672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geBtRiGX]
geBtRiGX.dll []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\byXPJYst
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
======File associations======
.js - open - C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
.vbs - open - C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
======List of files/folders created in the last 1 months======
2008-10-21 01:50:15 ----DC---- C:\rsit
2008-10-20 18:00:13 ----AC---- C:\WINDOWS\system32\lvkpc.txt
2008-10-20 17:10:31 ----DC---- C:\Documents and Settings\danny\Application Data\Malwarebytes
2008-10-20 17:10:12 ----DC---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-20 17:10:11 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-16 16:12:33 ----DC---- C:\Program Files\Trend Micro
2008-10-16 13:10:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 13:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 13:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 13:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 13:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-09 12:49:04 ----DC---- C:\Documents and Settings\danny\Application Data\Macromedia
2008-10-09 12:49:03 ----DC---- C:\Documents and Settings\danny\Application Data\Adobe
======List of files/folders modified in the last 1 months======
2008-10-21 01:50:34 ----DC---- C:\WINDOWS\Prefetch
2008-10-21 01:50:05 ----DC---- C:\WINDOWS\system32\CatRoot2
2008-10-21 01:41:21 ----DC---- C:\WINDOWS\system32
2008-10-21 01:40:50 ----DC---- C:\WINDOWS
2008-10-21 01:40:50 ----AC---- C:\WINDOWS\TMP0001.TMP
2008-10-21 01:39:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-21 01:34:55 ----DC---- C:\WINDOWS\Temp
2008-10-20 18:00:15 ----AD---- C:\WINDOWS\system32\drivers
2008-10-20 17:10:11 ----RDC---- C:\Program Files
2008-10-18 16:04:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-18 14:11:40 ----DC---- C:\WINDOWS\inf
2008-10-16 15:38:47 ----DC---- C:\Program Files\Windows Live Safety Center
2008-10-16 15:38:23 ----SDC---- C:\WINDOWS\Downloaded Program Files
2008-10-16 13:58:08 ----AC---- C:\WINDOWS\system.ini
2008-10-16 13:25:11 ----D---- C:\c5cef3b1b7bbe749ffe40a31eec4
2008-10-16 13:10:42 ----HDC---- C:\WINDOWS\$hf_mig$
2008-10-16 13:10:06 ----AC---- C:\WINDOWS\imsins.BAK
2008-10-16 13:04:51 ----DC---- C:\Program Files\Internet Explorer
2008-10-16 13:03:22 ----DC---- C:\WINDOWS\ie7updates
2008-10-15 17:28:36 ----DC---- C:\WINDOWS\system32\Macromed
2008-10-15 15:42:59 ----SHDC---- C:\WINDOWS\Installer
2008-10-15 15:42:58 ----HDC---- C:\Config.Msi
2008-10-15 15:42:57 ----DC---- C:\Program Files\Common Files\Microsoft Shared
2008-10-12 12:22:10 ----DC---- C:\WINDOWS\Help
2008-10-11 15:19:54 ----DC---- C:\WINDOWS\Debug
2008-10-11 14:31:14 ----SDC---- C:\Documents and Settings\danny\Application Data\Microsoft
2008-10-09 14:16:41 ----DC---- C:\WINDOWS\system32\NtmsData
2008-10-08 23:38:00 ----SHDC---- C:\RECYCLER
2008-10-08 23:37:59 ----DC---- C:\Documents and Settings
2008-10-08 23:31:24 ----SHD---- C:\System Volume Information
2008-10-08 23:31:24 ----DC---- C:\WINDOWS\system32\Restore
2008-10-08 23:27:28 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-07 14:19:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-03 12:41:15 ----AC---- C:\WINDOWS\system32\ieframe.dll
2008-09-25 19:33:29 ----DC---- C:\WINDOWS\Microsoft.NET
2008-09-25 19:33:19 ----RSDC---- C:\WINDOWS\assembly
2008-09-25 18:16:14 ----DC---- C:\WINDOWS\system32\mui
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2007-01-16 17801]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2004-08-04 87424]
R2 LxrSII1d;Secure II Driver; \??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys []
R2 PAVDRV;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2008-04-28 84024]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R3 BLKWGN;Belkin Wireless G Notebook Card Service; C:\WINDOWS\System32\DRIVERS\BLKWGN.sys [2005-06-02 463872]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 ComFiltr;Panda Anti-Dialer; \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
R3 cwbmidi_device;Crystal WDM MPU-401 UART Driver; C:\WINDOWS\system32\drivers\cwbmidi.sys [2001-08-17 3072]
R3 cwbwdm_device;Crystal WDM Audio Codec Driver; C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 72832]
R3 KMW_KBD;Kensington Input Devices Class filter driver; C:\WINDOWS\System32\DRIVERS\KMW_KBD.sys [2005-09-01 5760]
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver; C:\WINDOWS\System32\DRIVERS\KMW_SYS.sys [2005-09-01 92032]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 neo20xx;neo20xx; C:\WINDOWS\System32\DRIVERS\neo20xx.sys [2001-08-17 39264]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2004-08-04 28672]
R3 PavTPK.sys;PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ThinkPadDSP;ThinkPad DSP Driver Service; C:\WINDOWS\System32\DRIVERS\mwwdm.sys [1999-09-24 39200]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wlanndi5;wlanndi5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\wlanndi5.SYS []
S3 DSB650TX;D-Link DSB-650TX USB 10/100 Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\DSB650TX.sys [2001-09-25 26958]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS []
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2005-05-05 36864]
R2 Gwmsrv;Panda Goodware Cache Manager; C:\WINDOWS\system32\svchost -k Panda []
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe [2008-07-16 181504]
R2 PAVFNSVR;Panda Function Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe [2008-07-10 169216]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe [2008-07-04 288512]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe [2008-06-25 28928]
R2 ThinkPadModemService;ThinkPad Modem Service; C:\WINDOWS\MWW32\MANAGER\MWMDMSVC.EXE [1999-09-24 50688]
R2 TPSrv;Panda TPSrv; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe [2008-07-17 157440]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 LxrSII1s;Lexar Secure II; C:\WINDOWS\SYSTEM32\LxrSII1s.exe [2006-01-09 49152]
-----------------EOF-----------------
------------------------------------------------------------------------------------------
info.txt logfile of random's system information tool 1.04 2008-10-21 01:50:55
======Uninstall list======
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Kensington MouseWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C78937F-0C8E-11D9-A3EB-0001025FA304}\setup.exe" -l0x9 -u
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Panda Antivirus Pro 2009-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E55FB276-73C9-4776-AB53-BC028C0509ED}\SETUP.exe" -l0x9 -removeonly
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Update for Windows XP (KB914882)-->"C:\WINDOWS\$NtUninstallKB914882$\spuninst\spuninst.exe"
Update for Windows XP (KB923845)-->"C:\WINDOWS\$NtUninstallKB923845$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AV: Panda Antivirus Pro 2009
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\Program Files\Panda Security\Panda Antivirus Pro 2009\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 10, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=060a
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
-----------------EOF-----------------
------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.29
Database version: 1304
Windows 5.1.2600 Service Pack 2
10/20/2008 5:58:07 PM
mbam-log-2008-10-20 (17-58-07).txt
Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 62586
Time elapsed: 40 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{040ba7f9-cdc9-4f2a-bafd-5b13501b2dad} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winth87 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\toprates.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wines55 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winex76 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winkc11 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winoa65 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winod76 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winpl11 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winqc76 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winrf88 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsl22 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winwo32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winxp76 (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{040ba7f9-cdc9-4f2a-bafd-5b13501b2dad} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55277-OEM-0015001-67371) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\drivers\Winth87.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Wines55.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winex76.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winkc11.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winoa65.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winod76.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winpl11.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winqc76.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winrf88.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winsl22.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winwo32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\Winxp76.sys (Rootkit.Agent) -> Quarantined and deleted successfully.