1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

help!!! i got "D:\autorun.vbs"

Discussion in 'All Other Software' started by rrgwapo, Feb 16, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. rrgwapo

    rrgwapo Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    6
    here is my log.... i'm new here... is there still a way to solve the problem?

    Logfile of HijackThis v1.99.1
    Scan saved at 7:17:39 AM, on 2/17/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\SYSTEM32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    D:\WINDOWS\VM_STI.EXE
    D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "D:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
    O4 - HKLM\..\Run: [BigDogPath] "D:\WINDOWS\VM_STI.EXE" A4 Tech USB PC Camera
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SNM] D:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\common\yiesrvc.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
    O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WB - D:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
    O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,278
    Hi and welcome to TSG,


    I'm attaching Getautoruns.zip to this post. Create a new folder on your desktop and unzip it to that new folder.

    You'll now have a file named Getautoruns.bat in that new folder. There will also be a file called removeit.bat but don't run that one yet. We will use it later.

    Be sure your flash drives are connected.

    Double click on Getautoruns.bat and let it run. It will create a file named autos.txt

    Attach autos.txt to your next reply here.
     

    Attached Files:

  3. rrgwapo

    rrgwapo Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    6
    hello... this my autos.txt..


    Drives searched for autorun.inf
    C:, D:,

    Results of Search

    Autorun files found in root of C:

    autorun.bin
    autorun.inf
    autorun.reg
    autorun.txt
    autorun.wsh

    -----------
    autorun.inf on C:
    autorun·ç±©
    [autorun]
    open=

    shell\open=´ò¿ª(&O)
    shell\open\Command=WScript.exe .\autorun.vbs
    shell\open\Default=1
    shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X)
    shell\explore\Command=WScript.exe .\autorun.vbs



    Autorun files found in root of D:

    autorun.bin
    autorun.inf
    autorun.reg
    autorun.txt
    autorun.wsh

    -----------
    autorun.inf on D:
    autorun·ç±©
    [autorun]
    open=

    shell\open=´ò¿ª(&O)
    shell\open\Command=WScript.exe .\autorun.vbs
    shell\open\Default=1
    shell\explore=×ÊÔ´¹ÜÀíÆ÷(&X)
    shell\explore\Command=WScript.exe .\autorun.vbs
     
  4. rrgwapo

    rrgwapo Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    6
    i try to attached.. i
     

    Attached Files:

  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,278
    I'm sorry that was an older version of the batch file that I uploaded for you. Would you please repeat the exact same process but with the attached GetAutoruns.zip. Delete the one you downloaded previously.
     

    Attached Files:

  6. rrgwapo

    rrgwapo Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    6
    it's ok... i hope it will not go to reformat process... :(
     

    Attached Files:

  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,278
    Go to Start - Run and type cmd then press return.

    Then on the black DOS like screen copy the words in bold below and then paste the line at the prompt. To paste in DOS, with the DOS screen open, click on the DOS icon at the top left of your windows and select "edit" then "paste" and hit Enter.

    cd \ & dir /a /s autorun.*

    Copy and paste the results here please.

    To do that:

    Click on the DOS icon at the top left of your window. From the drop down menu click on "Edit" then click on the item "Mark" which pops up in a connected menu. Now click at the beginning of the text you want to copy. Next move to the end of the text you want to copy and click again while holding down the Shift key. Now you have "marked" the section you want to copy. Go click on the DOS icon again, select "Copy" and then "paste" it.
     
  8. rrgwapo

    rrgwapo Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    6
    excuse me but where can i find the return button after i type the "cmd" in the run...
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,278
    Return means "enter" but you can just click OK in the dialog box.
     
  10. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    rrgwapo,

    You also posted at Spykiller and I was helping you at Derek's request. I'll close that thread over there. Continue working here.

    Please don't post the same question at more than one forum. It causes confusion. We are all volunteers and short handed. Two people working on the same post is a waste of our time.

    Mosaic1
     
  11. rrgwapo

    rrgwapo Thread Starter

    Joined:
    Feb 16, 2007
    Messages:
    6
    im so sorry... i was just been panic about the problem.. sory.. i won't do it again...

    i dont know where is the bold thingy here... i attchced the imge so that i can have guide..
     

    Attached Files:

    • 1.JPG
      1.JPG
      File size:
      98.1 KB
      Views:
      119
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,278
    I'm sorry, the words were not bolded in my post so I've gone back and edited it but below is the bolded line:

    cd \ & dir /a /s autorun.*
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,278
    Did you double click on the batch file Mosaic1 uploaded for you at The SpyKiller and let it run?
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/544679

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice