Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Autorun.inf getting created in usb drives


  • This topic is locked This topic is locked
4 replies to this topic

#1 pcecil

pcecil

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 13 December 2010 - 06:52 AM

Hi!!
I think there is some malware residing in my system because a autorun.inf is getting created whenever I plugin a usb drive. :o :o However, I am unable to find the process that is creating it. All running processes seen on task manager appear to be legitimate processes. My antivirus (McAffee) is not detecting anything but still I am not quite sure there is nothing wrong. Also, the system has also become slow recently. I have posted the DDS log below and attach.txt and hijackthis.log are attached. Would really appreciate any help in this matter. Thanks for your time!! :thumbup2: :thumbup2:

DDS Log:
**********************************************



DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 16:49:18.27 on Mon 12/13/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2934.1392 [GMT 5.5:30]

FW: McAfee Host Intrusion Prevention Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\stacsv.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\app\Administrator\product\11.1.0\db_1\bin\nmesrvc.exe
C:\app\Administrator\product\11.1.0\db_1\BIN\TNSLSNR.exe
c:\app\administrator\product\11.1.0\db_1\bin\ORACLE.EXE
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtwTracePktWpp.exe
C:\app\Administrator\product\11.1.0\db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
C:\app\Administrator\product\11.1.0\db_1\bin\emagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\app\Administrator\product\11.1.0\db_1\jdk\bin\java.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Belvedere\Belvedere.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\stackv6r2011\studio\bin\winnt\mql.exe
C:\Java\jre6\bin\java.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Texter\texter.exe
C:\stackv6r2011\studio\bin\winnt\business.exe
C:\WINDOWS\system32\mstsc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.in/
uInternet Settings,ProxyServer = 10.1.1.180:65527
uInternet Settings,ProxyOverride = localhost;10.1.*;<local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [conime] conime.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belved~1.lnk - c:\program files\belvedere\Belvedere.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-system: dontdisplaylockeduserid = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF}
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {F6A28BFA-1270-434D-B9DD-E33CC36AFA6C} - hxxp://192.168.4.102/STAGE_F/STGF_TOOLS/STAGEVIEW_AX/STAGEView.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
IFEO: conime.exe - igfxdfk86.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\3upf7wl8.default\
FF - prefs.js: browser.startup.homepage - hxxp://localhost:8080/enovia/emxLogin.jsp
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-11-27 344304]
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-11-27 17072]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2010-6-15 1498224]
R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2010-11-27 35696]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-11-27 60928]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-3-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-10-15 120128]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-3-25 147472]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-3-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-27 69192]
R2 OracleDBConsoledev001;OracleDBConsoledev001;c:\app\administrator\product\11.1.0\db_1\bin\nmesrvc.exe [2010-12-7 25600]
R2 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\administrator\product\11.1.0\db_1\bin\tnslsnr --> c:\app\administrator\product\11.1.0\db_1\bin\TNSLSNR [?]
R2 OracleServiceDEV001;OracleServiceDEV001;c:\app\administrator\product\11.1.0\db_1\bin\oracle.exe dev001 --> c:\app\administrator\product\11.1.0\db_1\bin\ORACLE.EXE DEV001 [?]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-11-27 59392]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-11-27 2320920]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-11-27 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-11-27 113664]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2010-11-27 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-11-27 107960]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-11-27 38680]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-11-27 35552]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-11-27 132352]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-11-27 215040]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-13 91832]
S0 cerc6;cerc6; [x]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2010-11-27 44680]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-13 43288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-13 66600]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2010-12-3 90240]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2010-12-3 14976]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2010-12-3 121856]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [2010-12-3 98688]
S4 OracleJobSchedulerDEV001;OracleJobSchedulerDEV001;c:\app\administrator\product\11.1.0\db_1\bin\extjob.exe dev001 --> c:\app\administrator\product\11.1.0\db_1\bin\extjob.exe DEV001 [?]

=============== File Associations ===============

vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

=============== Created Last 30 ================

2010-12-13 06:44:35 91832 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-12-13 06:44:35 66600 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-12-13 06:44:35 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-12-13 06:44:35 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2010-12-13 06:44:25 -------- d-----w- c:\program files\common files\McAfee
2010-12-13 06:36:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-13 06:35:34 -------- d-----w- C:\Java
2010-12-13 03:39:18 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-12-10 09:39:53 -------- d-----w- C:\shortcuts
2010-12-10 04:52:27 -------- d-----w- c:\docume~1\admini~1\applic~1\TeraCopy
2010-12-10 04:47:07 -------- d-----w- c:\program files\CCleaner
2010-12-10 04:47:04 -------- d-----w- c:\program files\VS Revo Group
2010-12-10 04:47:03 -------- d-----w- c:\program files\TeraCopy
2010-12-10 04:46:59 -------- d-----w- c:\program files\Belvedere
2010-12-10 04:46:54 -------- d-----w- c:\program files\Texter
2010-12-10 04:36:14 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Google
2010-12-10 04:14:48 -------- d-----w- C:\downloads
2010-12-10 04:04:44 -------- d-s---w- c:\documents and settings\administrator\UserData
2010-12-09 10:56:37 254464 --sh--r- c:\windows\system32\igfxdfk86.exe
2010-12-09 09:19:36 -------- d-----w- C:\code
2010-12-09 05:17:14 -------- d--h--w- c:\windows\PIF
2010-12-09 04:53:10 -------- d-----w- C:\datascan
2010-12-08 07:02:53 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla
2010-12-07 12:09:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\DassaultSystemes
2010-12-07 10:43:01 -------- d-----w- c:\documents and settings\administrator\Oracle
2010-12-07 10:29:26 -------- d-----w- C:\stackv6r2011
2010-12-07 10:21:12 -------- d-----w- c:\windows\system32\appmgmt
2010-12-07 10:07:35 -------- d-----w- C:\TEMP
2010-12-07 09:47:12 -------- d-----w- C:\app
2010-12-07 09:40:20 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Adobe
2010-12-07 09:39:28 -------- d-----w- c:\program files\Sun
2010-12-07 09:39:24 411368 ----a-w- c:\program files\mozilla firefox\plugins\npdeploytk.dll
2010-12-07 09:17:27 -------- d-----w- c:\documents and settings\administrator\Bluetooth Software
2010-12-07 09:17:25 -------- d-----w- c:\docume~1\admini~1\applic~1\McAfee
2010-12-07 09:17:16 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-12-07 04:19:50 32768 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\objpscnv.dll
2010-12-07 04:19:50 262144 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IScrCnv.dll
2010-12-07 04:19:50 180224 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\iGdiCnv.dll
2010-12-07 04:19:49 409600 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\ISRT.dll
2010-12-07 04:19:49 172032 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IUserCnv.dll
2010-12-07 04:19:48 761856 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IDriver.exe
2010-12-07 04:19:48 540772 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\_ISRES1033.dll
2010-12-06 09:58:11 -------- d-----w- c:\program files\Samurize
2010-12-06 09:34:35 -------- d-----w- C:\software
2010-12-04 06:35:26 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-12-04 06:35:26 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-12-04 05:47:45 -------- d-----w- c:\program files\Direct Folders
2010-12-04 05:32:59 -------- d-----w- c:\program files\Sleep Moon Xpress
2010-12-04 05:30:27 -------- d-----w- C:\apache-tomcat-6.0.20
2010-12-04 05:28:38 -------- d-----w- c:\program files\IDM Computer Solutions
2010-12-04 05:27:56 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-12-04 05:27:56 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-12-04 05:27:36 -------- d-----w- c:\windows\system32\IOSUBSYS
2010-12-04 05:27:34 -------- d-----w- c:\program files\Resolware
2010-12-04 05:24:37 -------- d-----w- C:\ProjectManagement
2010-12-04 04:58:44 -------- d-----w- c:\windows\system32\Adobe
2010-12-04 04:54:59 327168 ----a-w- c:\windows\IsUninst.exe
2010-12-04 04:50:52 503808 ----a-w- c:\windows\system32\ChilkatFTP.dll
2010-12-04 04:50:52 1022464 ----a-w- c:\windows\system32\CpcViewAX.ocx
2010-12-04 04:50:52 -------- d-----w- c:\program files\SESViewer
2010-12-04 04:49:55 286720 ------w- c:\windows\Setup1.exe
2010-12-04 04:49:54 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-12-03 11:40:36 98688 ----a-r- c:\windows\system32\drivers\ssceserd.sys
2010-12-03 11:40:29 14976 ----a-r- c:\windows\system32\drivers\sscemdfl.sys
2010-12-03 11:40:28 121856 ----a-r- c:\windows\system32\drivers\sscemdm.sys
2010-12-03 11:40:28 12160 ----a-r- c:\windows\system32\drivers\sscecmnt.sys
2010-12-03 11:40:28 12160 ----a-r- c:\windows\system32\drivers\sscecm.sys
2010-12-03 11:40:25 12160 ----a-r- c:\windows\system32\drivers\sscewhnt.sys
2010-12-03 11:40:24 90240 ----a-r- c:\windows\system32\drivers\sscebus.sys
2010-12-03 11:40:24 12160 ----a-r- c:\windows\system32\drivers\sscewh.sys
2010-12-03 11:39:53 -------- d-----w- c:\program files\Samsung
2010-12-03 11:39:38 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-12-03 08:57:21 40328 ----a-w- c:\windows\system32\HIPIS0e011b5.dll
2010-12-01 07:30:42 -------- d-----w- C:\Quarantine

==================== Find3M ====================

2010-12-13 06:36:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-11-27 15:57:49 546304 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-11-27 14:19:43 37888 ----a-w- c:\windows\system32\setupnt.dll
2010-10-06 19:58:38 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2006-03-11 11:43:36 254464 --sh--r- c:\windows\system32\igfxdfk86.exe

============= FINISH: 16:50:19.80 ===============


Attached File  Attach.txt   7.91KB   0 downloads
Attached File  hijackthis.log   10.85KB   0 downloads

BC AdBot (Login to Remove)

 


#2 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:06:10 PM

Posted 22 December 2010 - 07:28 AM

Hello and welcome to Bleeping Computer

I'm judicandus and I'll be helping you out.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

Please post a DDS log and Gmer log. For instructions please read this post:
http://www.bleepingcomputer.com/forums/topic34773.html

#3 pcecil

pcecil
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:40 AM

Posted 22 December 2010 - 01:58 PM

Thank you for replying. I can access the infected machine only after 12 hours but I will revert with the DDS and GMER logs asap. Meanwhile, I must tell you that my company technician ran combofix the next day after the problem was reported and that seems to have fixed the problem but I am not sure. Even though you have advised to the contrary, I am sorry - it could not be helped as it was a production machine. Thank you for your patience.

#4 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:06:10 PM

Posted 22 December 2010 - 02:57 PM

Hi pcecil,

We don't recommend the execution of Combofix without the assistance of a malware helper because in some cases it can damage the computer or make it even become unbootable. It is a marvelous tool though that is of great assistance in removing malware :)

If you still have the combofix log please post it so I can take a look at it.

#5 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:06:10 PM

Posted 12 January 2011 - 02:47 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users