Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Your computer is infected


  • Please log in to reply
1 reply to this topic

#1 Throttled

Throttled

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 10 December 2008 - 12:07 PM

I keep getting a circled red X at the bottom of my toolbar that keeps popping up Windows has detected spyware infection. If I click on this it says downloading Antivirus Pro 2009 and I delete it before it completes. I've ran several different spyware and malware programs with no luck. Didn't see this particlular virus on your other page for directions on how to remove it. This seems to pop up about every 20 seconds. My internet explorer home page seems to keep resetting itself to it's own page also. I've reset it on many occasions however everytime I restart the computer it goes back to Google. Another problem I have is with Adobe Flash player. Everytime I run the download for this it will either says windows is in safe mode etc...although it is not. Any help would be appreciated. :thumbsup:

Here is my log :


Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-12-10 13:03:12
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 96 GB (64%) free of 149 GB
Total RAM: 1022 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:22 PM, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32CTsvcCDA.exe
C:Program Filesewido anti-malwareewidoctrl.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesPure NetworksNetwork Magicnmsrvc.exe
C:WINDOWSsystem32PnkBstrA.exe
C:Program FilesPure NetworksRouter Servicepnroutsv.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:Program FilesDigital Media Readershwiconem.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:PROGRA~1MUSICM~1MUSICM~1MMDiag.exe
C:Program FilesCreativeSBAudigy2Surround MixerCTSysVol.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesCreativeSBAudigy2DVDAudioCTDVDDet.EXE
C:WINDOWSsystem32CTHELPER.EXE
C:Program FilesMusicmatchMusicmatch Jukeboxmim.exe
C:Program FilesPure NetworksNetwork Magicnmapp.exe
C:Program FilesD-LinkAirPlus GAirGCFG.exe
C:Program FilesANIANIWZCS2 ServiceWZCSLDR2.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesZuneZuneLauncher.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWindows Media PlayerWMPNSCFG.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32brastk.exe
C:Program FilesBigFixBigFix.exe
C:Program FilesYahoo!Yahoo! Music Jukeboxymetray.exe
C:PROGRA~1Yahoo!MESSEN~1ymsgr_tray.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsOwnerLocal SettingsTemporary Internet FilesContent.IE58TN5JWQGRSIT[1].exe
C:Program Filestrend microOwner.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:Program FilesDelicious Add-on for Internet ExplorerDeliciousExtension.dll
O4 - HKLM..Run: [SunKistEM] C:Program FilesDigital Media Readershwiconem.exe
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [Recguard] %WINDIR%SMINSTRECGUARD.EXE
O4 - HKLM..Run: [MimBoot] C:PROGRA~1MUSICM~1MUSICM~1mimboot.exe
O4 - HKLM..Run: [MMTray] "C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe"
O4 - HKLM..Run: [ATIPTA] "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe"
O4 - HKLM..Run: [CTSysVol] C:Program FilesCreativeSBAudigy2Surround MixerCTSysVol.exe /r
O4 - HKLM..Run: [CTDVDDET] C:Program FilesCreativeSBAudigy2DVDAudioCTDVDDet.EXE
O4 - HKLM..Run: [CTHelper] CTHELPER.EXE
O4 - HKLM..Run: [SBDrvDet] C:Program FilesCreativeSB Drive DetSBDrvDet.exe /r
O4 - HKLM..Run: [UpdReg] C:WINDOWSUpdReg.EXE
O4 - HKLM..Run: [nmapp] "C:Program FilesPure NetworksNetwork Magicnmapp.exe" -autorun
O4 - HKLM..Run: [D-Link AirPlus G] C:Program FilesD-LinkAirPlus GAirGCFG.exe
O4 - HKLM..Run: [ANIWZCS2Service] C:Program FilesANIANIWZCS2 ServiceWZCSLDR2.exe
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Zone Labs Client] C:Program FilesZone LabsZoneAlarmzlclient.exe
O4 - HKLM..Run: [Windows Media Connect 2] "C:Program FilesWindows Media Connect 2WMCCFG.exe" /StartQuiet
O4 - HKLM..Run: [Zune Launcher] "C:Program FilesZuneZuneLauncher.exe"
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [ATICustomerCare] "C:Program FilesATIATICustomerCareATICustomerCare.exe"
O4 - HKLM..Run: [JBAZBKKQ] %systemroot%JBAZBKKQ.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [Yahoo! Pager] "C:PROGRA~1Yahoo!MESSEN~1YAHOOM~1.EXE" -quiet
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [brastk] C:WINDOWSsystem32brastk.exe
O4 - HKUSS-1-5-18..Run: [DriverLoad] (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [DriverCheck] (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [SystemDriverLoad] (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [SystemDriver] (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [FDriver] (User 'SYSTEM')
O4 - HKUSS-1-5-18..Run: [ADriver] (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [DriverLoad] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O4 - Global Startup: BigFix.lnk = C:Program FilesBigFixBigFix.exe
O4 - Global Startup: ymetray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:Program FilesAOL Toolbartoolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02binnpjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02binnpjpi150_02.dll
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:Program FilesDelicious Add-on for Internet ExplorerDeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:Program FilesDelicious Add-on for Internet ExplorerDeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:Program FilesDelicious Add-on for Internet ExplorerDeliciousExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:Program FilesPartyGamingPartyPokerRunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:Program FilesBodog PokerBPGame.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:Program FilesPokerStars.NETPokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:Program FilesANIANIWZCS2 ServiceANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Boonty Games - BOONTY - C:Program FilesCommon FilesBOONTY SharedServiceBoonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:Program Filesewido anti-malwareewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:Program FilesPure NetworksNetwork Magicnmsrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe
O23 - Service: Pure Networks Router Manager (pnrouter) - Pure Networks, Inc. - C:Program FilesPure NetworksRouter Servicepnroutsv.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:WINDOWSsystem32ZoneLabsvsmon.exe

--
End of file - 10477 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:Program FilesYahoo!CompanionInstallscpnyt.dll [2005-07-19 342600]
{61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - Delicious Toolbar - C:Program FilesDelicious Add-on for Internet ExplorerDeliciousExtension.dll [2008-08-06 640240]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"SunKistEM"=C:Program FilesDigital Media Readershwiconem.exe [2004-11-15 135168]
"RemoteControl"=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2004-11-02 32768]
"Recguard"=C:WINDOWSSMINSTRECGUARD.EXE [2002-09-14 212992]
"MimBoot"=C:PROGRA~1MUSICM~1MUSICM~1mimboot.exe [2006-11-07 8192]
"MMTray"=C:Program FilesMusicmatchMusicmatch Jukeboxmm_tray.exe [2006-11-07 110592]
"ATIPTA"=C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe [2004-11-03 344064]
"CTSysVol"=C:Program FilesCreativeSBAudigy2Surround MixerCTSysVol.exe [2003-09-17 57344]
"CTDVDDET"=C:Program FilesCreativeSBAudigy2DVDAudioCTDVDDet.EXE [2003-06-18 45056]
"CTHelper"=C:WINDOWSsystem32CTHELPER.EXE [2004-03-19 24576]
"SBDrvDet"=C:Program FilesCreativeSB Drive DetSBDrvDet.exe [2002-12-03 45056]
"UpdReg"=C:WINDOWSUpdReg.EXE [2000-05-11 90112]
"nmapp"=C:Program FilesPure NetworksNetwork Magicnmapp.exe [2005-08-10 487424]
"D-Link AirPlus G"=C:Program FilesD-LinkAirPlus GAirGCFG.exe [2005-03-29 1245184]
"ANIWZCS2Service"=C:Program FilesANIANIWZCS2 ServiceWZCSLDR2.exe [2004-12-16 49152]
"iTunesHelper"=C:Program FilesiTunesiTunesHelper.exe [2006-02-23 278528]
"QuickTime Task"=C:Program FilesQuickTimeqttask.exe [2006-03-10 155648]
"Zone Labs Client"=C:Program FilesZone LabsZoneAlarmzlclient.exe [2006-02-19 755472]
"Windows Media Connect 2"=C:Program FilesWindows Media Connect 2WMCCFG.exe [2006-10-18 8704]
"Zune Launcher"=C:Program FilesZuneZuneLauncher.exe [2007-03-14 24104]
"TkBellExe"=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-04-18 185896]
"StartCCC"=C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-01-21 61440]
"ATICustomerCare"=C:Program FilesATIATICustomerCareATICustomerCare.exe [2007-10-04 307200]
"JBAZBKKQ"=C:WINDOWSJBAZBKKQ.exe []

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
"WMPNSCFG"=C:Program FilesWindows Media PlayerWMPNSCFG.exe [2006-10-18 204288]
"Yahoo! Pager"=C:PROGRA~1Yahoo!MESSEN~1YAHOOM~1.EXE [2006-11-30 4662776]
"MSMSGS"=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]
"brastk"=C:WINDOWSsystem32brastk.exe [2008-11-16 10240]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk - C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
BigFix.lnk - C:Program FilesBigFixBigFix.exe
ymetray.lnk - C:Program FilesYahoo!Yahoo! Music Jukeboxymetray.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2008-06-02 139264]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:Program Filesewido anti-malwareshellhook.dll [2004-09-30 39488]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll,

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableTaskMgr"=0
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesCommon FilesAOLACSAOLDial.exe"="C:Program FilesCommon FilesAOLACSAOLDial.exe:*:Enabled:AOL"
"C:Program FilesCommon FilesAOLACSAOLacsd.exe"="C:Program FilesCommon FilesAOLACSAOLacsd.exe:*:Enabled:AOL"
"C:Program FilesAmerica Online 9.0waol.exe"="C:Program FilesAmerica Online 9.0waol.exe:*:Enabled:AOL"
"C:Program FilesEA GAMESBattlefield 2 DemoBF2.exe"="C:Program FilesEA GAMESBattlefield 2 DemoBF2.exe:*:Enabled:Battlefield 2"
"C:Program FilesEA GAMESBattlefield 2BF2.exe"="C:Program FilesEA GAMESBattlefield 2BF2.exe:*:Enabled:Battlefield 2"
"C:Program FilesiTunesiTunes.exe"="C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes"
"C:Program FilesMessengermsmsgs.exe"="C:Program FilesMessengermsmsgs.exe:*:Enabled:Windows Messenger"
"C:Program FilesLimeWireLimeWire.exe"="C:Program FilesLimeWireLimeWire.exe:*:Enabled:LimeWire"
"C:Program FilesYahoo!MessengerYahooMessenger.exe"="C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:Program FilesYahoo!MessengerYServer.exe"="C:Program FilesYahoo!MessengerYServer.exe:*:Enabled:Yahoo! FT Server"
"C:Program FilesYahoo!Yahoo! Music JukeboxYahooMusicEngine.exe"="C:Program FilesYahoo!Yahoo! Music JukeboxYahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:Program FilesElectronic ArtsCrytekCrysis SP DemoBin32Crysis.exe"="C:Program FilesElectronic ArtsCrytekCrysis SP DemoBin32Crysis.exe:*:Enabled:Crysis_32_sp_demo"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:WINDOWSneos.exe"="C:WINDOWSneos.exe:*:Enabled:enable"
"C:WINDOWSsystem32sysrest32.exe"="C:WINDOWSsystem32sysrest32.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesCommon FilesAOLACSAOLDial.exe"="C:Program FilesCommon FilesAOLACSAOLDial.exe:*:Enabled:AOL"
"C:Program FilesCommon FilesAOLACSAOLacsd.exe"="C:Program FilesCommon FilesAOLACSAOLacsd.exe:*:Enabled:AOL"
"C:Program FilesAmerica Online 9.0waol.exe"="C:Program FilesAmerica Online 9.0waol.exe:*:Enabled:AOL"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2D]
shellAutoRuncommand - C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2J]
shellAutoRuncommand - J:LaunchU3.exe -a

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{87d0bcef-c8a3-11d9-9ff5-806d6172696f}]
shellAutoRuncommand - C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-12-10 13:03:13 ----D---- C:Program Filestrend micro
2008-12-10 13:03:12 ----D---- C:rsit
2008-12-10 03:05:35 ----HDC---- C:WINDOWS$NtUninstallKB952069_WM9$
2008-12-10 03:05:31 ----HDC---- C:WINDOWS$NtUninstallKB955839$
2008-12-10 03:02:13 ----HDC---- C:WINDOWS$NtUninstallKB954600$
2008-12-10 03:02:05 ----HDC---- C:WINDOWS$NtUninstallKB956802$
2008-11-22 18:52:23 ----D---- C:Documents and SettingsAll UsersApplication DataTVU Networks
2008-11-21 01:00:32 ----A---- C:WINDOWSsystem32ujur.bat
2008-11-21 01:00:32 ----A---- C:Program FilesCommon Filesypiqosomit.vbs
2008-11-21 01:00:32 ----A---- C:Program FilesCommon Filespeparyd.bat
2008-11-21 01:00:32 ----A---- C:Documents and SettingsOwnerApplication Datainoqis.vbs
2008-11-21 01:00:32 ----A---- C:Documents and SettingsAll UsersApplication Dataexyfem.com
2008-11-21 01:00:32 ----A---- C:Documents and SettingsAll UsersApplication Dataaxocovi.com
2008-11-20 02:14:12 ----D---- C:Program FilesRockstar Games
2008-11-18 03:07:37 ----D---- C:5d2d72d675e77bbb41ca9e828649
2008-11-16 17:32:46 ----A---- C:WINDOWSsystem32wini10255.exe
2008-11-16 17:31:40 ----A---- C:WINDOWSbrastk.exe
2008-11-16 17:30:05 ----A---- C:WINDOWSsystem32brastk.exe
2008-11-13 12:51:51 ----HDC---- C:WINDOWS$NtUninstallKB957097$
2008-11-13 12:50:32 ----HDC---- C:WINDOWS$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-10 13:03:22 ----D---- C:WINDOWSPrefetch
2008-12-10 13:03:17 ----D---- C:WINDOWStemp
2008-12-10 13:03:13 ----AD---- C:Program Files
2008-12-10 12:54:42 ----D---- C:Program FilesMozilla Firefox
2008-12-10 11:48:36 ----A---- C:WINDOWSwin.ini
2008-12-10 11:48:22 ----D---- C:WINDOWSsystem32CatRoot2
2008-12-10 11:46:36 ----A---- C:WINDOWSSchedLgU.Txt
2008-12-10 10:17:39 ----D---- C:WINDOWSInternet Logs
2008-12-10 03:12:56 ----D---- C:WINDOWS
2008-12-10 03:12:24 ----D---- C:WINDOWSsystem32
2008-12-10 03:05:45 ----RSHDC---- C:WINDOWSsystem32dllcache
2008-12-10 03:05:45 ----HD---- C:WINDOWSinf
2008-12-10 03:05:33 ----A---- C:WINDOWSimsins.BAK
2008-12-10 03:04:48 ----D---- C:Program FilesInternet Explorer
2008-12-10 03:04:38 ----D---- C:WINDOWSie7updates
2008-12-10 03:04:35 ----HD---- C:WINDOWS$hf_mig$
2008-12-05 15:58:04 ----D---- C:Program FilesRhapsody
2008-11-22 18:52:23 ----SD---- C:WINDOWSDownloaded Program Files
2008-11-21 01:00:32 ----D---- C:Program FilesCommon Files
2008-11-20 02:14:12 ----HD---- C:Program FilesInstallShield Installation Information
2008-11-20 00:46:55 ----D---- C:WINDOWSMinidump
2008-11-16 19:42:07 ----D---- C:WINDOWSsystem32drivers
2008-11-16 17:29:34 ----D---- C:Program FilesVisualTool
2008-11-16 17:13:36 ----D---- C:Documents and SettingsOwnerApplication DataDelicious IE Extension
2008-11-14 22:13:37 ----D---- C:WINDOWSHelp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATITool;ATITool Overclocking Utility; C:WINDOWSsystem32DRIVERSATITool.sys [2005-05-30 28160]
R1 Cdr4_xp;Cdr4_xp; C:WINDOWSsystem32driversCdr4_xp.sys [2006-10-18 2432]
R1 Cdralw2k;Cdralw2k; C:WINDOWSsystem32driversCdralw2k.sys [2006-10-18 2560]
R1 vsdatant;vsdatant; C:WINDOWSSystem32vsdatant.sys [2006-02-19 372816]
R2 ANIO;ANIO Service; ??C:WINDOWSsystem32ANIO.SYS []
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2004-03-17 13059]
R2 PfModNT;PfModNT; ??C:WINDOWSsystem32driversPfModNT.sys []
R2 PNVYWONM;PNVYWONM; ??C:WINDOWSsystem32pnvywonm.kgb []
R3 ATI Remote Wonder II;ATI Remote Wonder II; C:WINDOWSsystem32driversATIRWVD.SYS [2004-01-23 258044]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys [2008-06-03 3100160]
R3 ctac32k;Creative AC3 Software Decoder; C:WINDOWSsystem32driversctac32k.sys [2004-04-06 646128]
R3 ctaud2k;Creative Audio Driver (WDM); C:WINDOWSsystem32driversctaud2k.sys [2004-04-28 374000]
R3 ctprxy2k;Creative Proxy Driver; C:WINDOWSsystem32driversctprxy2k.sys [2004-03-15 6096]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:WINDOWSsystem32driversctsfm2k.sys [2004-03-15 130384]
R3 emupia;E-mu Plug-in Architecture Driver; C:WINDOWSsystem32driversemupia2k.sys [2004-03-15 147088]
R3 GEARAspiWDM;GEARAspiWDM; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2005-02-02 14408]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:WINDOWSsystem32driversha10kx2k.sys [2004-06-15 952144]
R3 hap17v2k;Creative P17V HAL Driver; C:WINDOWSsystem32drivershap17v2k.sys [2004-05-03 147696]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:WINDOWSsystem32DRIVERSHSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:WINDOWSsystem32DRIVERSHSFHWBS2.sys [2004-06-17 220032]
R3 ossrv;Creative OS Services Driver; C:WINDOWSsystem32driversctoss2k.sys [2004-03-15 178736]
R3 rt2500usb;DWL-G122(rev.:) USB Wireless LAN Driver; C:WINDOWSsystem32DRIVERSrt2500usb.sys [2005-03-12 243456]
R3 SunkFilt;Alcor Micro Corp Reader; ??C:WINDOWSSystem32Driverssunkfilt.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
R3 winachsf;winachsf; C:WINDOWSsystem32DRIVERSHSF_CNXT.sys [2004-06-17 685056]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:WINDOWSsystem32driversWmBEnum.sys [2005-04-12 10144]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:WINDOWSsystem32driversWmBEnum.sys [2005-04-12 10144]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:WINDOWSsystem32driversWmFilter.sys [2005-04-12 22240]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:WINDOWSsystem32driversWmXlCore.sys [2005-04-12 45504]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2004-08-03 14848]
S1 P3;Intel PentiumIII Processor Driver; C:WINDOWSsystem32DRIVERSp3.sys [2004-08-04 42496]
S2 MCSTRM;MCSTRM; C:WINDOWSsystem32driversMCSTRM.sys []
S3 Arp1394;1394 ARP Client Protocol; C:WINDOWSsystem32DRIVERSarp1394.sys [2004-08-04 60800]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:WINDOWSsystem32driversctdvda2k.sys [2004-03-15 337056]
S3 ctljystk;Creative SBLive! Gameport; C:WINDOWSsystem32DRIVERSctljystk.sys [2001-08-17 3712]
S3 emu10k;Creative SB Live! (WDM); C:WINDOWSsystem32driversemu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:WINDOWSsystem32driversctlfacem.sys [2001-08-17 6912]
S3 hap16v2k;Creative P16V HAL Driver; C:WINDOWSsystem32drivershap16v2k.sys [2004-05-03 150160]
S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:WINDOWSsystem32DRIVERSmxnic.sys [2001-08-17 19968]
S3 NIC1394;1394 Net Driver; C:WINDOWSsystem32DRIVERSnic1394.sys [2004-08-04 61824]
S3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2004-08-04 1897408]
S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtlnicxp.sys [2004-04-13 70144]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:WINDOWSsystem32driverssfmanm.sys [2001-08-17 36480]
S3 sysrest.sys;sysrest.sys; ??C:WINDOWSsystem32sysrest.sys []
S3 usbcm;USB Cable Modem 351000 NDIS Driver; C:WINDOWSsystem32DRIVERSusbcm.sys [2002-04-11 13335]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:WINDOWSsystem32driversWmHidLo.sys [2005-04-12 17632]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:WINDOWSsystem32driversWmVirHid.sys [2005-04-12 5600]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R01000000 papycpu2;papycpu2; C:WINDOWSSystem32DRIVERSpapycpu2.sys [2003-01-24 1984]
R01000000 papyjoy;papyjoy; C:WINDOWSSystem32DRIVERSpapyjoy.sys [2003-01-24 1856]
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe [2008-06-02 552960]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:WINDOWSsystem32CTsvcCDA.exe [1999-12-12 44032]
R2 ewido security suite control;ewido security suite control; C:Program Filesewido anti-malwareewidoctrl.exe [2005-11-30 13888]
R2 nmservice;Pure Networks Network Magic Service; C:Program FilesPure NetworksNetwork Magicnmsrvc.exe [2005-08-10 161344]
R2 PnkBstrA;PnkBstrA; C:WINDOWSsystem32PnkBstrA.exe [2008-02-17 66872]
R2 pnrouter;Pure Networks Router Manager; C:Program FilesPure NetworksRouter Servicepnroutsv.exe [2005-08-10 99904]
R2 PrismXL;PrismXL; C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS [2005-05-09 172032]
R2 vsmon;TrueVector Internet Monitor; C:WINDOWSsystem32ZoneLabsvsmon.exe [2006-02-19 1693448]
R2 WMDM PMSP Service;WMDM PMSP Service; C:WINDOWSsystem32MsPMSPSv.exe [2000-06-26 53520]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
R2 ZuneNetworkSvc;Zune Network Sharing Service; C:Program FilesZuneZuneNss.exe [2007-03-14 975400]
R3 iPodService;iPodService; C:Program FilesiPodbiniPodService.exe [2006-02-23 323584]
S2 ANIWZCSdService;ANIWZCSd Service; C:Program FilesANIANIWZCS2 ServiceANIWZCSdS.exe [2004-10-22 49152]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2008-06-02 593920]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2005-09-23 29896]
S3 Boonty Games;Boonty Games; C:Program FilesCommon FilesBOONTY SharedServiceBoonty.exe [2005-11-15 69120]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

Merged topics then posts. ~ OB

Edited by Orange Blossom, 10 December 2008 - 09:50 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:25 PM

Posted 17 December 2008 - 07:42 AM

Hello Throttled

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new RSit log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users