|
Re: recurring identification of "so7.exe"
Thank you very much.
Contents of rsit log.txt:
Logfile of random's system information tool 1.04 (written by random/random)
Run by [my real name here] at 2008-11-06 11:12:07
Microsoft Windows XP Professional Service Pack 2
System drive C: has 11 GB (53%) free of 20 GB
Total RAM: 447 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:08 AM, on 11/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\[myname]\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\[myname].exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDF1FBD-3AB8-43B0-AA23-C09C0DBC211D}: NameServer = 125.22.47.125,202.56.250.5
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 4060 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\At1.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-19 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-03-26 794624]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-22 266497]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"status"=present []
"winlogon"=C:\heap41a\svchost.exe C:\heap41a\std.txt []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-25 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
???
?� []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
C:\Program Files\VIA\RAID\raid_tool.exe [2005-04-28 589824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ResumeQuickupDownload]
C:\PROGRA~1\QUICKH~1\acappaa.exe [2008-02-08 46456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
???
?� []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
C:\WINDOWS\system32\VTTimer.exe [2005-03-09 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
C:\WINDOWS\system32\VTtrayp.exe [2005-03-13 147456]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NofolderOptions"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a7da86f-9b29-11db-8bda-806d6172696f}]
shell\AutoRun\command - H:\setup.exe /AUTORUN
shell\configure\command - H:\setup.exe
shell\install\command - H:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{294baef4-e8e7-11dc-a7fb-0015f2304547}]
shell\AutoRun\command - oufddh.exe
shell\explore\command - oufddh.exe
shell\open\command - oufddh.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a46cc8a-fa22-11dc-a85c-0015f2304547}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL regsvr.exe
shell\Open\command - regsvr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d89faa99-f3f2-11dc-a834-0015f2304547}]
shell\AutoRun\command - I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eda6510f-4261-11dd-a8f3-0015f2304547}]
shell\AutoRun\command - I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - I:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
======File associations======
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2008-11-06 11:12:07 ----D---- C:\rsit
2008-11-06 11:10:13 ----A---- C:\WINDOWS\gmer.ini
2008-11-06 11:10:12 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-06 11:10:12 ----A---- C:\WINDOWS\gmer.exe
2008-11-06 11:10:12 ----A---- C:\WINDOWS\gmer.dll
2008-10-30 15:32:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-30 13:08:48 ----D---- C:\Documents and Settings\[myname]\Application Data\vlc
2008-10-30 12:15:58 ----D---- C:\Program Files\Free Offers from Freeze.com
2008-10-30 12:13:28 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-30 12:04:18 ----D---- C:\Program Files\VideoLAN
2008-10-30 12:01:34 ----D---- C:\Program Files\Trend Micro
2008-10-18 01:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-18 01:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-18 01:04:51 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-18 01:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-18 01:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
======List of files/folders modified in the last 1 months======
2008-11-06 11:10:22 ----D---- C:\WINDOWS\Prefetch
2008-11-06 11:10:13 ----D---- C:\WINDOWS
2008-11-06 11:10:12 ----D---- C:\WINDOWS\system32\drivers
2008-11-06 11:09:33 ----D---- C:\WINDOWS\Temp
2008-11-06 11:08:03 ----RD---- C:\Program Files
2008-11-06 11:07:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-06 10:44:39 ----D---- C:\WINDOWS\system32
2008-10-30 15:32:58 ----HD---- C:\WINDOWS\inf
2008-10-30 15:32:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-30 15:32:08 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-30 15:32:06 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-30 14:54:31 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-30 13:45:16 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-30 12:55:39 ----SH---- C:\boot.ini
2008-10-30 12:55:39 ----A---- C:\WINDOWS\win.ini
2008-10-30 12:55:39 ----A---- C:\WINDOWS\system.ini
2008-10-30 12:13:28 ----D---- C:\WINDOWS\Debug
2008-10-20 09:50:28 ----D---- C:\WINDOWS\Minidump
2008-10-18 01:05:03 ----A---- C:\WINDOWS\imsins.BAK
2008-10-18 01:04:42 ----D---- C:\Program Files\Internet Explorer
2008-10-18 01:04:33 ----D---- C:\WINDOWS\ie7updates
2008-10-15 22:27:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-08 00:49:40 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-07-22 75072]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-08 116176]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-15 5810]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-27 381056]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-07 266880]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-05-20 227200]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2004-07-24 42496]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-06 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-22 235100]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-30 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-30 151297]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2008-08-25 54784]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-24 138168]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 CSNetManagerXp;CSNetManagerXp; C:\WINDOWS\system32\isass.exe []
-----------------EOF-----------------
Thank you.
__________________
This boy, he drove me to internet suicide...
|
10-24-2008, 10:09 PM
