PC infected with autorun.inf

Frec · 02-04-2008, 10:36 PM

Today, my antivirus (Nod32) constantly pops up saying that i have a virus (autorun.inf), and ask me to delete it which i select to delete it, but it keeps popping up. I think i got that virus from a friend's flash drive.

I also can't show my hidden files even though i I set the folder options to show hidden files and folders. I suspect it as a malware's effect.

here is my hijack log

Deckard's System Scanner v20071014.68
Run by -Fc-™ on 2008-02-04 21:29:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
17: 2008-02-05 05:29:28 UTC - RP344 - Deckard's System Scanner Restore Point
16: 2008-02-04 19:35:10 UTC - RP343 - System Checkpoint
15: 2008-02-03 00:54:09 UTC - RP342 - Installed Counter-Strike 1.6
14: 2008-02-03 00:52:31 UTC - RP341 - Removed Counter-Strike 1.6
13: 2008-02-02 19:58:25 UTC - RP340 - System Checkpoint

-- First Restore Point --
1: 2008-01-27 19:55:07 UTC - RP328 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 448 MiB (512 MiB recommended).
System Drive C: has 0.89 GiB (less than 15%) free.

-- HijackThis (run as -Fc-™.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-04 21:30:53
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\PC Auto Shutdown\ShutdownService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
D:\Program Files\PC Auto Shutdown\AutoShutdown.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Documents and Settings\-Fc-™\Desktop\trayit\trayit!.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Frerick\Program\dss.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: (no name) - {116EDAD5-4936-699E-44F1-66D4BEB3AA9A} - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [PC Auto Shutdown] "D:\Program Files\PC Auto Shutdown\AutoShutdown.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: TrayIt!.lnk = C:\Documents and Settings\-Fc-™\Desktop\trayit\trayit!.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} () - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll
O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\Autoexnt.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - D:\Program Files\PC Auto Shutdown\ShutdownService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

--
End of file - 8981 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 FsVga - c:\windows\system32\drivers\fsvga.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>

S0 srescan - c:\windows\system32\zonelabs\srescan.sys (file missing)
S3 AIRPLUS (D-Link AirPlus Wireless Adapter) - c:\windows\system32\drivers\airplus.sys <Not Verified; D-Link; D-Link AirPlus 22 Mbps Wireless Network Adapter>
S3 GoProto (GoProto Protocol Driver) - c:\windows\system32\drivers\goprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>
S3 ltmodem5 (LT Modem Driver) - c:\windows\system32\drivers\ltmdmnt.sys <Not Verified; LT; LT V.92 Data+Fax Modem Version 8.28>
S3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 nm (Network Monitor Driver) - c:\windows\system32\drivers\nmnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 RTLWUSB (NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver) - c:\windows\system32\drivers\wg111v2.sys (file missing)
S3 SDDMI2 - c:\windows\system32\ddmi2.sys <Not Verified; Gteko Ltd.; DDMI>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 WINFLASH - c:\documents and settings\-fc-™\desktop\a\winflash.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>

S3 usprserv (User Privilege Service) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 AutoExNT - c:\windows\system32\autoexnt.exe
S4 FLEXnet Licensing Service -
S4 Macromedia Licensing Service - "c:\program files\common files\macromedia shared\service\macromedia licensing.exe" (file missing)
S4 vsmon (TrueVector Internet Monitor) - c:\windows\system32\zonelabs\vsmon.exe -service (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-01-04 and 2008-02-04 -----------------------------

2008-02-04 21:30:24 218112 --a------ C:\Program Files\-Fc-™.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
2008-02-04 21:18:27 0 d-------- C:\Program Files\SpywareBlaster
2008-02-04 21:15:56 0 dr-h----- C:\Documents and Settings\-Fc-™\Recent
2008-02-04 19:00:17 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-02-04 18:41:21 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-04 08:37:40 66046 --a------ C:\WINDOWS\system32\k12021430581.exe
2008-02-02 16:33:46 24064 --a------ C:\WINDOWS\autoload.exe
2008-02-02 15:56:04 0 d-------- C:\Program Files\SpeedFan
2008-02-02 09:26:54 0 d-------- C:\Program Files\GPLGS
2008-02-02 09:11:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-02-02 08:40:47 0 d-------- C:\Documents and Settings\Tamu\Application Data\NJStar
2008-02-02 08:40:43 0 d-------- C:\Program Files\NJStar Communicator
2008-02-02 08:39:32 0 d-------- C:\Documents and Settings\Tamu\Application Data\Google
2008-01-31 21:22:29 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-28 00:39:32 0 d-------- C:\Documents and Settings\-Fc-™\DoctorWeb
2008-01-27 22:42:30 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-27 18:42:45 0 d-------- C:\Program Files\Microsoft Silverlight
2008-01-27 18:10:14 0 d-------- C:\WINDOWS\network diagnostic
2008-01-27 17:44:25 0 d-------- C:\WINDOWS\system32\System32
2008-01-27 17:27:25 0 d-------- C:\Documents and Settings\-Fc-™\Application Data\Google
2008-01-27 17:26:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-27 17:26:30 0 d-------- C:\Program Files\Google
2008-01-27 17:05:38 0 d-------- C:\Documents and Settings\-Fc-™\Application Data\OfficeUpdate12
2008-01-27 17:00:52 0 d-------- C:\Program Files\Microsoft.NET
2008-01-27 17:00:03 0 d-------- C:\WINDOWS\SHELLNEW
2008-01-27 15:54:33 0 d-------- C:\Program Files\Common Files\L&H
2008-01-26 13:59:09 0 d-------- C:\Documents and Settings\-Fc-™\Application Data\LimeWire
2008-01-26 10:14:53 0 d-------- C:\Program Files\LimeWire
2008-01-23 14:17:33 0 d-------- C:\Program Files\sXe Injected
2008-01-12 23:49:44 0 d-------- C:\WINDOWS\system32\PPLive

-- Find3M Report ---------------------------------------------------------------

2008-02-04 19:40:30 0 d-------- C:\Program Files\RegCure
2008-02-04 19:22:20 0 d-------- C:\Program Files\Bonjour
2008-02-03 22:40:53 0 d-------- C:\Documents and Settings\-Fc-™\Application Data\Adobe
2008-02-03 15:39:36 0 d-------- C:\Documents and Settings\-Fc-™\Application Data\U3
2008-02-03 12:29:57 0 d-------- C:\Program Files\Warcraft III
2008-01-31 21:51:32 0 d-------- C:\Program Files\eMule
2008-01-31 21:22:29 0 d-------- C:\Program Files\Common Files
2008-01-31 21:22:26 0 d-------- C:\Program Files\Real
2008-01-31 21:21:49 0 d-------- C:\Program Files\Common Files\Real
2008-01-27 16:53:46 0 d-------- C:\Program Files\Online Services
2008-01-27 16:52:11 0 d-------- C:\Program Files\Windows NT
2008-01-27 15

32 0 d-------- C:\Program Files\Yahoo!
2008-01-25 21:48:02 0 d-------- C:\Program Files\Winamp
2008-01-06 19:15:46 0 d-------- C:\Program Files\DivX
2008-01-03 12:04:31 0 d-------- C:\Program Files\CCleaner
2008-01-03 11:15:34 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-23 21:41:38 0 d-------- C:\Documents and Settings\-Fc-™\Application Data\Macromedia
2007-12-22 10:30:44 0 d-------- C:\Program Files\WinPcap
2007-12-22 10:30:30 0 d-------- C:\Program Files\Hi-Net Software
2007-12-21 11:55:09 0 d-------- C:\Program Files\Acro Software
2007-12-16 14:27:54 0 d-------- C:\Documents and Settings\-Fc-™\Application Data\Lavasoft
2007-12-14 02:58:01 0 d-------- C:\Documents and Settings\-Fc-™\Application Data\vlc
2007-12-09 00:43:14 0 d-------- C:\Program Files\Windows Live
2007-12-06 09:40:52 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-05 19:53:43 0 d-------- C:\Documents and Settings\-Fc-™\Application Data\uTorrent

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [12/11/2003 08:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [12/20/2004 05:12 PM]
"PC Auto Shutdown"="D:\Program Files\PC Auto Shutdown\AutoShutdown.exe" [11/28/2007 12:40 AM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [11/14/2007 03:05 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 12:32 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 12:32 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/2004 12:31 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 12:32 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/10/2003 10:04 PM]
"nwiz"="nwiz.exe" [01/10/2003 10:04 PM C:\WINDOWS\system32\nwiz.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 02:56 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\-Fc-T\Start Menu\Programs\Startup\
TrayIt!.lnk - C:\Documents and Settings\-Fc-T\Desktop\trayit\trayit!.exe [1/26/2008 5:31:39 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"MaxRecentDocs"=11 (0xb)
"NoRun"=0 (0x0)
"NoClose"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\Adobe Read]
path=Adobe Read
backup=C:\WINDOWS\pss\Adobe ReadCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\????]
path=????
backup=C:\WINDOWS\pss\????Common Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KIT3]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)
"SAVScan"=3 (0x3)
"rpcapd"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"iPod Service"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"gusvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"vsmon"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"AutoExNT"=2 (0x2)
"aawservice"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a55623-affa-11dc-87a0-00301bae7cd9}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77a55624-affa-11dc-87a0-00301bae7cd9}]
Auto\command- G:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

*Newly Created Service* - JPXTHFHLYNQB
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK

-- Hosts -----------------------------------------------------------------------

66.98.148.65 auto.search.msn.com
66.98.148.65 auto.search.msn.es

-- End of Deckard's System Scanner: finished at 2008-02-04 21:31:35 ------------

Frec · 02-10-2008, 01:24 AM

bump.

02-10-2008, 01:24 AM	#2 (permalink)
Frec Registered User Join Date: Feb 2008 Posts: 3 OS: XP Pro SP2	Re: PC infected with autorun.inf bump.