 Infected With Winantiviruspro, Possibly Winfixer Too, Problems while removing |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jun 14 2008, 03:37 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 3 Joined: 14-June 08 Member No.: 216,112  |
I got infected with WinAntiVirusPro. After trying various removers I managed to remove it with SpyBot Search & Destroy. But some strange things started happening the following day like: 1) Windows closing arbitrarily 2) Files getting deleted unexpectedly. After that I also executed Malwarebytes' Anti-Malware which didn’t seem to detect anything related (In addition while trying to perform a Full Scan with Anti-Malware the system reports an error & reboots). PCtools Spyware Doctor also reports a WinFixer present. I would appreciate any help you can give me since I can no longer determine whether the system is stable or not. DSS-> main.txt Deckard's System Scanner v20071014.68 Run by corallia on 2008-06-14 11:05:15 Computer is in Normal Mode. -------------------------------------------------------------------------------- System Drive C: has 1.15 GiB (less than 15%) free. -- HijackThis (run as corallia.exe) -------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05:18, on 14/6/2008 Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Files\CyberLink\PowerDVD\PDVDServ.exe C:\Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\Files\DAP\DAP.EXE C:\Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe I:\WinXP-ProgramFiles\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe I:\WinXP-ProgramFiles\My Book\WD Backup\uBBMonitor.exe C:\WINDOWS\system32\nvsvc32.exe I:\WinXP-ProgramFiles\Spyware Doctor\pctsAuxs.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe I:\WinXP-ProgramFiles\Spyware Doctor\pctsSvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe J:\Downloads\SpyWare\bleeping Computer Scans\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\corallia.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\WINXP-~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] C:\Files\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=062008 serial=DR12WEX-1504397-KTY lang=EN O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ISTray] "I:\WinXP-ProgramFiles\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WinAntivirusPro] C:\Program Files\WinAntivirusPro3.8\WinAntivirusPro.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: WD Backup Monitor.lnk = I:\WinXP-ProgramFiles\My Book\WD Backup\uBBMonitor.exe O8 - Extra context menu item: &Clean Traces - C:\Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Files\DAP\dapextie.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download &all with DAP - C:\Files\DAP\dapextie2.htm O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\WINXP-~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\WINXP-~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204630530781 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204630879875 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: acaptuser32.dll,C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - I:\WinXP-ProgramFiles\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\WinXP-ProgramFiles\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\WinXP-ProgramFiles\Spyware Doctor\pctsSvc.exe -- End of file - 12232 bytes -- Files created between 2008-05-14 and 2008-06-14 ----------------------------- 2008-06-13 23:32:57 0 d-------- C:\Program Files\Trend Micro 2008-06-12 16:15:17 0 d-------- C:\Documents and Settings\corallia\Application Data\Malwarebytes 2008-06-12 16:15:16 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-12 16:15:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-12 16:13:58 0 d-------- C:\Program Files\Common Files\Download Manager 2008-06-12 14:48:54 0 d-------- C:\WINDOWS\pss 2008-06-08 23:10:52 0 d-------- C:\Documents and Settings\corallia\Application Data\PC Tools 2008-06-08 23:02:49 0 d-------- C:\VundoFix Backups 2008-06-08 22:20:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-08 20:46:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-08 20:46:21 0 d-------- C:\Documents and Settings\corallia\Application Data\SUPERAntiSpyware.com 2008-06-08 20:45:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-08 12:51:45 0 d--h----- C:\$AVG8.VAULT$ 2008-06-01 14:34:13 0 d-------- C:\Program Files\LCSI 2008-06-01 14:34:09 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2008-06-01 14:32:42 327168 --a------ C:\WINDOWS\IsUn0408.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2008-05-25 12:14:30 0 d-------- C:\WINDOWS\system32\drivers\Avg 2008-05-25 12:14:30 0 d-------- C:\Documents and Settings\corallia\Application Data\AVGTOOLBAR 2008-05-25 12:14:27 0 d-------- C:\Program Files\AVG 2008-05-25 12:14:26 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8 -- Find3M Report --------------------------------------------------------------- 2008-06-12 16:13:58 0 d-------- C:\Program Files\Common Files 2008-06-12 01:17:00 0 d-------- C:\Documents and Settings\corallia\Application Data\FileZilla 2008-05-06 10:57:24 0 d-------- C:\Program Files\Picasa2 2008-03-16 13:41:59 1158 --a------ C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] 25/05/2008 12:14 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [25/05/2008 12:14 2050816] [-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}] [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [21/03/2007 17:49 C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [03/05/2005 21:43 C:\WINDOWS\Alcmtr.exe] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [20/03/2007 17:36] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [21/03/2007 19:23] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/04/2007 18:44] "nwiz"="nwiz.exe" [12/04/2007 18:44 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/04/2007 18:44] "RemoteControl"="C:\Files\CyberLink\PowerDVD\PDVDServ.exe" [12/01/2005 04:01] "@"="" [] "Norton Ghost 9.0"="C:\Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [29/07/2004 05:41] "DownloadAccelerator"="C:\Files\DAP\DAP.exe" [28/12/2007 01:45] "Acrobat Assistant 7.0"="C:\Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 21:52] "CorelDRAW Graphics Suite 11b"="C:\Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [25/11/2003 14:39] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [24/11/2006 02:06] "WD Button Manager"="WDBtnMgr.exe" [25/02/2008 23:42 C:\WINDOWS\system32\WDBtnMgr.exe] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [25/02/2008 23:58] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [12/01/2006 15:40] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [25/05/2008 12:14] "ISTray"="I:\WinXP-ProgramFiles\Spyware Doctor\pctsTray.exe" [10/04/2008 15:14] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [12/03/2004 03:18] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [28/12/2007 01:09] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34] "WinAntivirusPro"="C:\Program Files\WinAntivirusPro3.8\WinAntivirusPro.exe" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe [1/1/2008 22:50:20] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [23/10/2006 02:48:20] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [23/10/2006 01:01:50] Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [28/12/2007 01:09:24] WD Backup Monitor.lnk - I:\WinXP-ProgramFiles\My Book\WD Backup\uBBMonitor.exe [25/2/2008 23:47:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= I:\WinXP-ProgramFiles\SASSEH.DLL [13/05/2008 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] I:\WinXP-ProgramFiles\SASWINLO.dll 19/04/2007 13:41 294912 I:\WinXP-ProgramFiles\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=acaptuser32.dll,C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}] AutoRun\command- m9j.com explore\Command- m9j.com open\Command- m9j.com -- End of Deckard's System Scanner: finished at 2008-06-14 11:05:36 ------------ DSS-> extra.txt Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz CPU 1: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz CPU 2: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz CPU 3: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz Percentage of Memory in Use: 33% Physical Memory (total/avail): 2047.04 MiB / 1363.84 MiB Pagefile Memory (total/avail): 3943.23 MiB / 3172.57 MiB Virtual Memory (total/avail): 2047.88 MiB / 1918.59 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 18.63 GiB total, 1.15 GiB free. D: is CDROM (Unformatted) E: is CDROM (No Media) H: is Fixed (NTFS) - 46.57 GiB total, 35.91 GiB free. I: is Fixed (NTFS) - 116.44 GiB total, 107.88 GiB free. J: is Fixed (NTFS) - 116.44 GiB total, 73.46 GiB free. \\.\PHYSICALDRIVE0 - WDC WD3200AAKS-75VYA0 - 298.09 GiB - 4 partitions \PARTITION0 (bootable) - Installable File System - 18.63 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 279.46 GiB - H: - I: - J: -- Security Center ------------------------------------------------------------- AUOptions is disabled. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\corallia\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=NEWPC ComSpec=C:\WINDOWS\system32\cmd.exe DEFAULT_CA_NR=CA8 HOMEDRIVE=C: HOMEPATH=\Documents and Settings\corallia LOGONSERVER=\\NEWPC NUMBER_OF_PROCESSORS=4 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;I:\EasyPHP1-7\php;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\SSH Communications Security\SSH Secure Shell PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\corallia\LOCALS~1\Temp TMP=C:\DOCUME~1\corallia\LOCALS~1\Temp USERDOMAIN=NEWPC USERNAME=corallia USERPROFILE=C:\Documents and Settings\corallia windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- corallia (admin) -- Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Βοηθός εισόδου του Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Add or Remove Adobe Creative Suite 3 Design Premium --> C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe Adobe Acrobat 3D - English, Francais, Deutsch --> msiexec /I {AC76BA86-1033-F400-7760-0000003D0002} Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149} Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8} Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5} Adobe Creative Suite 3 Design Premium --> MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF} Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110} Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3} Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589} Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2} Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A} Adobe InDesign CS2 --> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC} Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E} Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77} Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F} Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002} Adobe Setup --> MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350} Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1} Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9} Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C} Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2} Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2} Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE} Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Advanced Outlook Express Repair v1.2 --> I:\PROGRA~1\AOER\UNWISE.EXE I:\PROGRA~1\AOER\INSTALL.LOG Advanced Outlook Repair v1.4 --> I:\WINXP-~1\AOR\UNWISE.EXE I:\WINXP-~1\AOR\INSTALL.LOG AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} Attansic Ethernet Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly Attansic L1 Gigabit Ethernet Driver --> rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1 AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL CorelDRAW Graphics Suite 12 --> MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647} Crimson Editor (remove only) --> C:\Files\Crimson Editor\uninstall.exe Download Accelerator Plus (DAP) --> C:\Files\DAP\DAPREMOVE.EXE EasyPHP 1.8 --> I:\EasyPHP1-8\unins000.exe ExamDiff 1.7 --> "I:\WinXP-ProgramFiles\ExamDiff\unins000.exe" FileZilla Client 3.0.8.1 --> I:\WinXP-ProgramFiles\FileZilla FTP Client\uninstall.exe Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HotelPlan --> MsiExec.exe /I{1ECB521A-CC82-40AD-B13D-71A5328519A2} Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly K-free Version 1.3 --> "C:\Files\k-free ffnr\unins000.exe" Karen's Replicator --> I:\WinXP-ProgramFiles\Karen Replicator\uninst.exe LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Malwarebytes' RogueRemover --> "I:\WinXP-ProgramFiles\RogueRemover FREE\unins000.exe" Map Game --> I:\WinXP-ProgramFiles\MapGame\Map Game Uninstall.exe Matrix Y2K Website Studio 2005.SE --> "C:\Files\Matrix Y2K Website Studio\unins000.exe" Microsoft Office Access MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0015-0408-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0016-0408-0000-0000000FF1CE} Microsoft Office Groove MUI (Greek) 2007 --> MsiExec.exe /X{90120000-00BA-0408-0000-0000000FF1CE} Microsoft Office InfoPath MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0044-0408-0000-0000000FF1CE} Microsoft Office OneNote MUI (Greek) 2007 --> MsiExec.exe /X{90120000-00A1-0408-0000-0000000FF1CE} Microsoft Office Outlook MUI (Greek) 2007 --> MsiExec.exe /X{90120000-001A-0408-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0018-0408-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Greek) 2007 --> MsiExec.exe /X{90120000-001F-0408-0000-0000000FF1CE} Microsoft Office Proofing (Greek) 2007 --> MsiExec.exe /X{90120000-002C-0408-0000-0000000FF1CE} Microsoft Office Publisher MUI (Greek) 2007 --> MsiExec.exe /X{90120000-0019-0408-0000-0000000FF1CE} Microsoft Office Shared MUI (Greek) 2007 --> MsiExec.exe /X{90120000-006E-0408-0000-0000000FF1CE} Microsoft Office Word MUI (Greek) 2007 --> MsiExec.exe /X{90120000-001B-0408-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MicroWorlds Pro --> C:\WINDOWS\IsUn0408.exe -fi:\winxp-programfiles\MicroWorlds\Uninst.isu MicroWorlds Web Player --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LCSI\MicroWorlds Web Player\Uninst.isu" Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP Nero 6 Enterprise Edition --> I:\WinXP-ProgramFiles\nero\uninstall\UNNERO.exe /UNINSTALL neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Norton Ghost 9.0 --> MsiExec.exe /X{3C759736-8347-4031-BB9C-D75ADFE6B101} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI Opera 9.25 --> MsiExec.exe /X{C619B312-19F3-460A-9F7B-443248379F18} PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PDFCreator --> I:\WinXP-ProgramFiles\PDFCreator\unins000.exe Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x8 -removeonly Sony Ericsson PC Suite --> MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317} Spybot - Search & Destroy --> "I:\WinXP-ProgramFiles\Spybot - Search & Destroy\unins000.exe" Spyware Doctor 5.5 --> I:\WinXP-ProgramFiles\Spyware Doctor\unins000.exe /LOG SSH Secure Shell --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe" SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} WD Backup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A351224F-533A-4EED-89F4-0BF3417FD31D}\setup.exe" -l0x9 WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B} WD Firewire HID Driver --> MsiExec.exe /X{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46} Windows Live installer --> MsiExec.exe /X{1A304004-5798-44EF-9A0D-5C27FC3C4FD4} Windows Live Messenger --> MsiExec.exe /X{7924F96E-93F9-49F5-905F-444D96DCFC91} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe XoftSpySE --> I:\WinXP-ProgramFiles\XoftSpySE\uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type2264 / Success Event Submitted/Written: 06/13/2008 11:07:59 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type2263 / Success Event Submitted/Written: 06/13/2008 11:07:20 PM Event ID/Source: 1800 / SecurityCenter Event Description: The Windows Security Center Service has started. Event Record #/Type2251 / Success Event Submitted/Written: 06/13/2008 02:22:17 PM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. Event Record #/Type2249 / Success Event Submitted/Written: 06/13/2008 02:21:40 PM Event ID/Source: 1800 / SecurityCenter Event Description: The Windows Security Center Service has started. Event Record #/Type2240 / Success Event Submitted/Written: 06/13/2008 11:52:31 AM Event ID/Source: 12001 / usnjsvc Event Description: The Messenger Sharing USN Journal Reader service started successfully. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type4637 / Error Event Submitted/Written: 06/13/2008 11:53:34 AM Event ID/Source: 1003 / System Error Event Description: Error code 1000008e, parameter1 c0000005, parameter2 00000000, parameter3 b55d47e0, parameter4 00000000. Event Record #/Type4620 / Error Event Submitted/Written: 06/13/2008 11:51:52 AM Event ID/Source: 1003 / System Error Event Description: Error code 1000008e, parameter1 c0000005, parameter2 00000000, parameter3 b4e017e0, parameter4 00000000. Event Record #/Type4376 / Error Event Submitted/Written: 06/11/2008 01:37:42 PM Event ID/Source: 7011 / Service Control Manager Event Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service. Event Record #/Type4367 / Warning Event Submitted/Written: 06/11/2008 01:36:29 PM Event ID/Source: 1003 / Dhcp Event Description: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D60C37346. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Event Record #/Type4363 / Warning Event Submitted/Written: 06/11/2008 01:34:28 PM Event ID/Source: 1003 / Dhcp Event Description: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001D60C37346. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. -- End of Deckard's System Scanner: finished at 2008-06-13 23:33:37 ------------ |
 |
 
|
|
Jun 15 2008, 04:50 PM
Post
#2
|
|
 Forum Addict Group: HJT Team Posts: 1,029 Joined: 14-February 08 Member No.: 190,186 |
HI
You have a run key which is set to run "WinAntivirusPro" ... but the file is missing, so it's no problem, however that may be what Spyware Doctor is seeing ... Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKCU\..\Run: [WinAntivirusPro] C:\Program Files\WinAntivirusPro3.8\WinAntivirusPro.exe - You also show signs of a flashdrive infection ... Please run this Flash_Disinfector tool by sUBs ... http://www.techsupportforum.com/sectools/s...Disinfector.exe Just download the exe file and double click on it to run it...then follow instructions A box will pop up telling you to plug in your flash drive and click OK to start the disinfection ... by the way if you try to cross the box of with the X in the corner ... it will run anyway ... after a few seconds a box will pop up saying "done" - When you have done that ... please download "Mountpoints Diagnostic.zip" by Mosaic1 http://www.help2go.com/index2.php?option=c...oad&id=1450 Unzip it & Double click to run it. It will create a report named Diagnostic.txt. When finished, upload Diagnostic.txt in your next post ... steam -------------------- MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004 member of U.N.I.T.E If I have helped you, please consider a small donation to help me continue my online fight in the war against malware  |
|
|
|
|
Jun 16 2008, 02:33 AM
Post
#3
|
|
|
New Member Group: Members Posts: 3 Joined: 14-June 08 Member No.: 216,112 |
Hi steam!
I run hijackthis & I enclose the new log. I also executed Flash_Disinfector on the 2 flash drives I' ve been using lately & I enclose both reports by Mountpoints. Thanx a lot for your help!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:01:22, on 16/6/2008 Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\nvsvc32.exe I:\WinXP-ProgramFiles\Spyware Doctor\pctsAuxs.exe I:\WinXP-ProgramFiles\Spyware Doctor\pctsSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\RTHDCPL.EXE I:\WinXP-ProgramFiles\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Files\CyberLink\PowerDVD\PDVDServ.exe C:\Files\DAP\DAP.EXE C:\Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe I:\WinXP-ProgramFiles\My Book\WD Backup\uBBMonitor.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] C:\Files\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=062008 serial=DR12WEX-1504397-KTY lang=EN O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ISTray] "I:\WinXP-ProgramFiles\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: WD Backup Monitor.lnk = I:\WinXP-ProgramFiles\My Book\WD Backup\uBBMonitor.exe O8 - Extra context menu item: &Clean Traces - C:\Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Files\DAP\dapextie.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download &all with DAP - C:\Files\DAP\dapextie2.htm O8 - Extra context menu item: E&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204630530781 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204630879875 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: acaptuser32.dll,C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - I:\WinXP-ProgramFiles\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\WinXP-ProgramFiles\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\WinXP-ProgramFiles\Spyware Doctor\pctsSvc.exe -- End of file - 11387 bytes Report: Flash Drive 1 - TDK Diagnostic Report ƒœ¬ 16/06/2008 10:06:21,73 Mountpoints > Drives subkeys: ------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03b1e656-b474-11dc-a2cd-806d6172696f}] "BaseClass"="Drive" "_LabelFromReg"="WinXP" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0acf2ddb-e398-11dc-8fc9-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,01,00,00,00,08,07,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0acf2ddb-e398-11dc-8fc9-806d6172696f}\shell] @="None" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0acf2ddb-e398-11dc-8fc9-806d6172696f}\shell\Autoplay] "MUIVerb"="@shell32.dll,-8504" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0acf2ddb-e398-11dc-8fc9-806d6172696f}\shell\Autoplay\DropTarget] "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0acf2ddb-e398-11dc-8fc9-806d6172696f}\_Autorun] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0acf2ddb-e398-11dc-8fc9-806d6172696f}\_Autorun\DefaultIcon] @="F:\\AUTORUN\\WDLOGO.ICO" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd0-b47a-11dc-8f92-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,00,10,00,00,08,03,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd0-b47a-11dc-8f92-806d6172696f}\shell] @="None" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd0-b47a-11dc-8f92-806d6172696f}\shell\Autoplay] "MUIVerb"="@shell32.dll,-8504" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd0-b47a-11dc-8f92-806d6172696f}\shell\Autoplay\DropTarget] "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd1-b47a-11dc-8f92-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,\ 5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,5f,\ 5f,00,00,01,00,00,00,08,00,00,00 ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd3-b47a-11dc-8f92-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,\ 5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,5f,\ 5f,00,00,01,00,00,00,08,00,00,00 "_LabelFromReg"="WinVista" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd4-b47a-11dc-8f92-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,\ 5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,5f,\ 5f,00,00,01,00,00,00,08,00,00,00 "_LabelFromReg"="Forward " ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd5-b47a-11dc-8f92-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,\ 5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,5f,\ 5f,00,00,01,00,00,00,08,00,00,00 "_LabelFromReg"="Downloads" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd6-b47a-11dc-8f92-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,\ 5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,00,10,00,00,08,02,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd6-b47a-11dc-8f92-806d6172696f}\shell] @="None" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd6-b47a-11dc-8f92-806d6172696f}\shell\Autoplay] "MUIVerb"="@shell32.dll,-8504" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd6-b47a-11dc-8f92-806d6172696f}\shell\Autoplay\DropTarget] "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41b64dc2-b479-11dc-8f91-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,\ 5f,cf,cf,cf,cf,5f,cf,01,01,00,5f,ee,ff,ff,ff,ff,ff,00,5f,5f,5f,5f,5f,df,df,\ 5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,60,00,00,00,10,00,00,00 ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4edec126-ffcb-11dc-8ffc-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,00,10,00,00,08,07,00,00 ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e102f42-b475-11dc-acdd-806d6172696f}] "BaseClass"="Drive" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e102f43-b475-11dc-acdd-806d6172696f}] "BaseClass"="Drive" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e102f44-b475-11dc-acdd-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,\ 5f,cf,cf,cf,cf,5f,cf,01,01,00,5f,ff,ff,ff,ff,ff,ff,00,5f,5f,5f,5f,5f,df,df,\ 5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,20,00,00,00,08,02,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e102f44-b475-11dc-acdd-806d6172696f}\_Autorun] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e102f44-b475-11dc-acdd-806d6172696f}\_Autorun\DefaultIcon] @="E:\\AutoPlay\\resdata\\CS3_DesignPremDisk.ico" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,00,10,00,00,09,07,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell] @="None" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\Autoplay] "MUIVerb"="@shell32.dll,-8504" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\Autoplay\DropTarget] "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\AutoRun] "Extended"="" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\AutoRun\command] @="m9j.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\explore] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\explore\Command] @="m9j.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\open] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\open\Command] @="m9j.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\open\Default] @="1" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab23-c9e9-11dc-8fc2-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,00,10,00,00,08,03,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab23-c9e9-11dc-8fc2-806d6172696f}\shell] @="None" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab23-c9e9-11dc-8fc2-806d6172696f}\shell\Autoplay] "MUIVerb"="@shell32.dll,-8504" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab23-c9e9-11dc-8fc2-806d6172696f}\shell\Autoplay\DropTarget] "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab24-c9e9-11dc-8fc2-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,00,10,00,00,08,03,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab24-c9e9-11dc-8fc2-806d6172696f}\shell] @="None" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab24-c9e9-11dc-8fc2-806d6172696f}\shell\Autoplay] "MUIVerb"="@shell32.dll,-8504" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab24-c9e9-11dc-8fc2-806d6172696f}\shell\Autoplay\DropTarget] "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}" ~~~~~~~~~~~~~~~~~~~~~~~~~ No Autorun files found in C:\WINDOWS No Autorun files found in C:\WINDOWS\system32 C:\autorun.inf **folder** found Files in C:\autorun.inf lpt3.This folder was created by Flash_Disinfector No Autorun files found in root of E: G:\autorun.inf **folder** found Files in G:\autorun.inf lpt3.This folder was created by Flash_Disinfector H:\autorun.inf **folder** found Files in H:\autorun.inf lpt3.This folder was created by Flash_Disinfector I:\autorun.inf **folder** found Files in I:\autorun.inf lpt3.This folder was created by Flash_Disinfector J:\autorun.inf **folder** found Files in J:\autorun.inf lpt3.This folder was created by Flash_Disinfector Report: Flash Drive 2 - WD Diagnostic Report ƒœ¬ 16/06/2008 10:11:44,82 Mountpoints > Drives subkeys: ------------------------------------ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03b1e656-b474-11dc-a2cd-806d6172696f}] "BaseClass"="Drive" "_LabelFromReg"="WinXP" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0acf2ddb-e398-11dc-8fc9-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,01,00,00,00,08,00,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0acf2ddb-e398-11dc-8fc9-806d6172696f}\_Autorun] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0acf2ddb-e398-11dc-8fc9-806d6172696f}\_Autorun\DefaultIcon] @="F:\\AUTORUN\\WDLOGO.ICO" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd0-b47a-11dc-8f92-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,00,10,00,00,08,03,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd0-b47a-11dc-8f92-806d6172696f}\shell] @="None" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd0-b47a-11dc-8f92-806d6172696f}\shell\Autoplay] "MUIVerb"="@shell32.dll,-8504" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd0-b47a-11dc-8f92-806d6172696f}\shell\Autoplay\DropTarget] "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd1-b47a-11dc-8f92-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,\ 5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,5f,\ 5f,00,00,01,00,00,00,08,00,00,00 ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd3-b47a-11dc-8f92-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,\ 5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,5f,\ 5f,00,00,01,00,00,00,08,00,00,00 "_LabelFromReg"="WinVista" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd4-b47a-11dc-8f92-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,\ 5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,5f,\ 5f,00,00,01,00,00,00,08,00,00,00 "_LabelFromReg"="Forward " ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd5-b47a-11dc-8f92-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,\ 5f,5f,5f,5f,cf,cf,cf,cf,cf,df,df,df,5f,df,df,00,5f,5f,5f,5f,5f,5f,5f,5f,5f,\ 5f,00,00,01,00,00,00,08,00,00,00 "_LabelFromReg"="Downloads" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd6-b47a-11dc-8f92-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,\ 5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,00,10,00,00,08,02,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd6-b47a-11dc-8f92-806d6172696f}\shell] @="None" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd6-b47a-11dc-8f92-806d6172696f}\shell\Autoplay] "MUIVerb"="@shell32.dll,-8504" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a95fd6-b47a-11dc-8f92-806d6172696f}\shell\Autoplay\DropTarget] "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{41b64dc2-b479-11dc-8f91-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,\ 5f,cf,cf,cf,cf,5f,cf,01,01,00,5f,ee,ff,ff,ff,ff,ff,00,5f,5f,5f,5f,5f,df,df,\ 5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,60,00,00,00,10,00,00,00 ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4edec126-ffcb-11dc-8ffc-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,00,10,00,00,08,07,00,00 ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e102f42-b475-11dc-acdd-806d6172696f}] "BaseClass"="Drive" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e102f43-b475-11dc-acdd-806d6172696f}] "BaseClass"="Drive" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e102f44-b475-11dc-acdd-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,\ 5f,cf,cf,cf,cf,5f,cf,01,01,00,5f,ff,ff,ff,ff,ff,ff,00,5f,5f,5f,5f,5f,df,df,\ 5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,20,00,00,00,08,02,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e102f44-b475-11dc-acdd-806d6172696f}\_Autorun] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e102f44-b475-11dc-acdd-806d6172696f}\_Autorun\DefaultIcon] @="E:\\AutoPlay\\resdata\\CS3_DesignPremDisk.ico" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,00,10,00,00,09,07,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell] @="None" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\Autoplay] "MUIVerb"="@shell32.dll,-8504" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\Autoplay\DropTarget] "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\AutoRun] "Extended"="" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\AutoRun\command] @="m9j.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\explore] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\explore\Command] @="m9j.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\open] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\open\Command] @="m9j.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99af387a-d49c-11dc-8fc7-806d6172696f}\Shell\open\Default] @="1" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab23-c9e9-11dc-8fc2-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,00,10,00,00,08,03,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab23-c9e9-11dc-8fc2-806d6172696f}\shell] @="None" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab23-c9e9-11dc-8fc2-806d6172696f}\shell\Autoplay] "MUIVerb"="@shell32.dll,-8504" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab23-c9e9-11dc-8fc2-806d6172696f}\shell\Autoplay\DropTarget] "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}" ~~~~~~~~~~~~~~~~~~~~~~~~~ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab24-c9e9-11dc-8fc2-806d6172696f}] "BaseClass"="Drive" "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,df,5f,5f,5f,5f,df,df,df,\ 5f,df,df,df,df,5f,df,df,df,df,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\ ff,00,00,00,10,00,00,08,03,00,00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab24-c9e9-11dc-8fc2-806d6172696f}\shell] @="None" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab24-c9e9-11dc-8fc2-806d6172696f}\shell\Autoplay] "MUIVerb"="@shell32.dll,-8504" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd0ab24-c9e9-11dc-8fc2-806d6172696f}\shell\Autoplay\DropTarget] "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}" ~~~~~~~~~~~~~~~~~~~~~~~~~ No Autorun files found in C:\WINDOWS No Autorun files found in C:\WINDOWS\system32 C:\autorun.inf **folder** found Files in C:\autorun.inf lpt3.This folder was created by Flash_Disinfector No Autorun files found in root of E: Files found on F: autorun.inf Contents of autorun.inf on F: [autorun] ICON=AUTORUN\WDLOGO.ICO H:\autorun.inf **folder** found Files in H:\autorun.inf lpt3.This folder was created by Flash_Disinfector I:\autorun.inf **folder** found Files in I:\autorun.inf lpt3.This folder was created by Flash_Disinfector J:\autorun.inf **folder** found Files in J:\autorun.inf lpt3.This folder was created by Flash_Disinfector |
|
|
|