Thread: autorun.inf trojan
View Single Post
Old 12-02-2008, 10:43 PM   #1 (permalink)
ikevin
Registered User
 
Join Date: Dec 2008
Posts: 6
OS: Windows XP SP3


Cry autorun.inf trojan
Hi,

I'm running NOD32 in Windows XP SP3 and it keeps telling me that my laptop is infected with autorun.inf trojan. It quarantined it but the trojan keeps coming back for some reason. My wireless internet connection is no longer working since I got this, it keeps authenticating but never connects. Please help.



DDS (Version 1.0) - NTFSx86
Run by Billy Ngo at 21:30:26.70 on Tue 12/02/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1503 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Billy Ngo\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.suprememastertv.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [jvsoft] c:\windows\system32\j3ewro.exe
uRun: [tasoft] c:\windows\system32\kxvo.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-6-10 34312]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\cyberlink\powerdvd8\000.fcl [2008-5-15 61424]
R2 ekrn;Eset Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" [2008-6-10 468224]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-28 105984]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;\??\c:\windows\system32\drivers\OEM02Afx.sys [2007-6-7 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2007-3-5 7424]

=============== Created Last 30 ================

2008-12-02 21:23 250 a------- c:\windows\gmer.ini
2008-12-01 23:16 110,623 ---shr-- C:\kjibu.com
2008-12-01 23:00 147,456 ---shr-- c:\windows\system32\jwedsfdo0.dll
2008-12-01 22:44 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-01 22:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-01 22:39 <DIR> --d----- c:\program files\SpywareBlaster
2008-11-20 00:07 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-16 07:56 81,408 ---shr-- c:\windows\system32\kxvo0.dll

==================== Find3M ====================

2008-12-02 00:13 147,456 ---shr-- c:\windows\system32\jwedsfdo1.dll
2008-12-02 00:13 110,623 ---shr-- c:\windows\system32\j3ewro.exe
2008-12-01 22:32 107,123 ---shr-- c:\windows\system32\kxvo.exe
2008-10-24 15:58 <DIR> --d----- c:\program files\HuyBien
2008-09-22 17:58 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 17:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-04 20:41 <DIR> --d----- c:\docume~1\billyn~1\applic~1\Windows Search
2008-09-04 20:39 <DIR> --d----- c:\docume~1\billyn~1\applic~1\Windows Desktop Search
2008-09-04 09:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-28 23:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2008-08-28 23:05 <DIR> --d----- c:\docume~1\billyn~1\applic~1\TMP
2008-08-28 23:10 76 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 21:30:44.57 ===============
Attached Files
File Type: txt Gmer.txt (10.0 KB, 1 views)
File Type: txt Attach.txt (8.8 KB, 3 views)
ikevin is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here