LinkBack URL
About LinkBacks
Recently I installed a webcam program that customizes my on-screen virtual appearance with avatars. But the program did not install nicely. After installation I couldn't run the program thus I uninstalled the program. Some time after that I found out that there's a foreign program (autorun.exe) running on my computer when I launched windows taskmanager. Initially I thought it was a virus as I'm quite used to seeing viruses with that name. But I found out that it was actually a left over by the webcam program that I installed. Is there anyway to remove the leftover? I've tried reinstalling and uninstalling plus after restart I used CCleaner to remove any potential leftover candidates. But it still reappears everytime I restart my windows.
Results 1 to 10 of 10
- Newbie
- Join Date
- Nov 2007
- Posts
- 9
- Liked
- 0 times
- Points
- 3,557
- Administrator
- Join Date
- Nov 2006
- Location
- Malaysia
- Posts
- 9,802
- Liked
- 1656 times
- Points
- 48,740
Thomasyke, go to Start > Run > type msconfig and click OK.
You should see System Configuration Utility.
Click on Startup tab and try to look for autorun.exe there.
- Newbie
- Join Date
- Nov 2007
- Posts
- 9
- Liked
- 0 times
- Points
- 3,557
I'm sorry but msconfig did not show autorun.exe
- Administrator
- Join Date
- Nov 2006
- Location
- Malaysia
- Posts
- 9,802
- Liked
- 1656 times
- Points
- 48,740
If you can't find it in msconfig, then try using HijackThis.
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.zip
- Newbie
- Join Date
- Nov 2007
- Posts
- 9
- Liked
- 0 times
- Points
- 3,557
Do I post my hijack this log here? or do I email the log to you?
- Administrator
- Join Date
- Nov 2006
- Location
- Malaysia
- Posts
- 9,802
- Liked
- 1656 times
- Points
- 48,740
It's ok for you to post it here.
- Newbie
- Join Date
- Nov 2007
- Posts
- 9
- Liked
- 0 times
- Points
- 3,557
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:32 AM, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\updater\explorer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Vimicro\Vimicro USB PC Camera (VC0332)\x86\VMonitor.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\DOCUME~1\Thomas\LOCALS~1\Temp\ir_ext_temp_1\autorun.exe
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [VMonitorVMA200] "C:\Program Files\Vimicro\Vimicro USB PC Camera (VC0332)\x86\VMonitor.exe" VMA200
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BF105D9-326F-4EB5-8D0C-09ABEF99F90E}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD056A7-87D4-4440-9A8C-DA89F3DDE8E5}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: NST ToolTipFixer (TTFixerService) - NeoSmart Technologies - C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
--
End of file - 7292 bytes
- Administrator
- Join Date
- Nov 2006
- Location
- Malaysia
- Posts
- 9,802
- Liked
- 1656 times
- Points
- 48,740
Explorer.exe FROM System32\updater\ might be the culprit that's causing the autorun.exe to auto appear everytime. It is a W32/Rbot-SG worm.
Try to end this 2 process first.
C:\WINDOWS\system32\updater\explorer.exe
C:\DOCUME~1\Thomas\LOCALS~1\Temp\ir_ext_temp_1\autorun.exe
Then remove the following using Hijackthis.
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
- Newbie
- Join Date
- Nov 2007
- Posts
- 9
- Liked
- 0 times
- Points
- 3,557
Thank you Raymond!!~ Problem solved.
- Administrator
- Join Date
- Nov 2006
- Location
- Malaysia
- Posts
- 9,802
- Liked
- 1656 times
- Points
- 48,740
No problem.
Reply With QuoteSimilar Threads
-
expert in AutoPlay Media Studio 6.0 help please
By snipper_gsm in forum SoftwareReplies: 0Last Post: 07-01-2011, 05:43 PM -
Autoplay Media Studio V8.0
By zband in forum Freebies!Replies: 21Last Post: 09-10-2010, 01:56 AM -
Autorun Angel — powerful cloud autorun manager and security analyzer
By sujay in forum Security BulletinReplies: 9Last Post: 09-02-2010, 11:56 PM -
How to Enable/Disable Autorun in Removable Media
By ha14 in forum TutorialsReplies: 10Last Post: 10-06-2009, 08:39 PM -
how a cpu is created a picture story
By hardnet009@gmail.com in forum HardwareReplies: 3Last Post: 08-02-2009, 09:16 PM