Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't access two drives


  • This topic is locked This topic is locked
19 replies to this topic

#1 geotan

geotan

  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bromsgrove, UK
  • Local time:10:32 AM

Posted 23 January 2009 - 05:57 PM

Hello yet again to you Gurus,
Running Windows XP Home.
I have three Hard Drives on my computer [C. F. and G].
If I try to access F or G I get the following message:-
C:\rescled\ntldr.com is not a valid win32 application.
I have run Malwarebytes, nothing found. I have done a system restore without any change. This computer is networked and I can access these two drives through the network without problem.
Would appreciate your help.
T.I.A.,
GEORGE.

(Moderator edit: Thread moved to more appropriate forum.jgw)

Edited by jgweed, 25 January 2009 - 08:14 AM.


BC AdBot (Login to Remove)

 


#2 geotan

geotan
  • Topic Starter

  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bromsgrove, UK
  • Local time:10:32 AM

Posted 23 January 2009 - 06:09 PM

UPDATE.
Did another Restore and am now getting a different message:-
Windows cannot find C:\resycled\ntldr.com. Make sure that you typed the name corectly.
I ran Restore again and put it back to the previous date and still get the same message.

#3 geotan

geotan
  • Topic Starter

  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bromsgrove, UK
  • Local time:10:32 AM

Posted 24 January 2009 - 02:23 AM

UPDATE.
Computer has been switched off overnight. Tried this morning to do Restore again. Cannot get passed Confirm Restore Date. It just hangs. The "Next" button is active but no response.

#4 geotan

geotan
  • Topic Starter

  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bromsgrove, UK
  • Local time:10:32 AM

Posted 25 January 2009 - 06:05 AM

ANOTHER UPDATE.

Ran AVG this morning and it found three viruses:-
C\autorun.inf
F\autorun.inf
G\autorun.inf
Finished scan and the viruses were deleted. Ran AVG again and the same three viruses were there again!!!

PLEASE can anyone help me?

#5 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 25 January 2009 - 06:20 AM

Hello there geotan,

Please try a couple of these free online scanners to see if anything has slipped by your protection:
(Be advised that some of these scanners will pickup things in "quarantine" from other anti-virus programs - so review the results carefully)

http://www.pandasecurity.com/homeusers/solutions/activescan/
http://us.mcafee.com/root/mfs/default.asp
http://housecall.trendmicro.com
http://www.bitdefender.com/scan8/ie.html
http://support.f-secure.com/enu/home/ols.shtml
http://onlinescan.avast.com/
http://ca.com/us/securityadvisor/virusinfo/scan.aspx
http://www.eset.com/onlinescan/

http://www.kaspersky.com/virusscanner Scan Only - no removal


If you find that you're infected (or the scan doesn't complete or closes unexpectedly), post in the Am I Infected forum located here: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

regards,
The weatherman

Edited by The weatherman, 25 January 2009 - 06:21 AM.


#6 geotan

geotan
  • Topic Starter

  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bromsgrove, UK

Posted 25 January 2009 - 09:02 AM

This is my original posting:-

Hello yet again to you Gurus,
Running Windows XP Home.
I have three Hard Drives on my computer [C. F. and G].
If I try to access F or G I get the following message:-
C:\rescled\ntldr.com is not a valid win32 application.
I have run Malwarebytes, nothing found. I have done a system restore without any change. This computer is networked and I can access these two drives through the network without problem.
Would appreciate your help.
T.I.A.,
GEORGE

It was suggested trying the following sites and then posting here:-

http://www.pandasecurity.com/homeusers/solutions/activescan/
http://us.mcafee.com/root/mfs/default.asp
http://housecall.trendmicro.com
http://www.bitdefender.com/scan8/ie.html
http://support.f-secure.com/enu/home/ols.shtml
http://onlinescan.avast.com/
http://ca.com/us/securityadvisor/virusinfo/scan.aspx
http://www.eset.com/onlinescan/

http://www.kaspersky.com/virusscanner

The first four would not run for various reasons - no active x or no Java [which I have]
The fifth one [f-secure] found four viruses and four spyware]
The sixth one I couldn't point it to any files, just showed up as blank.
The seventh one ws NOT FOUND
The eigth one was Cannot Display Web Page.
Kaspersky would not update.

Here are my other posts on the subject:-

1. UPDATE.
Did another Restore and am now getting a different message:-
Windows cannot find C:\resycled\ntldr.com. Make sure that you typed the name corectly.
I ran Restore again and put it back to the previous date and still get the same message.

2. UPDATE.
Computer has been switched off overnight. Tried this morning to do Restore again. Cannot get passed Confirm Restore Date. It just hangs. The "Next" button is active but no response.

3. ANOTHER UPDATE.

Ran AVG this morning and it found three viruses:-
C\autorun.inf
F\autorun.inf
G\autorun.inf
Finished scan and the viruses were deleted. Ran AVG again and the same three viruses were there again!!!

If anyone can help me I would really appreciate it.

#7 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:10:32 AM

Posted 25 January 2009 - 11:11 AM

Are the extra drives installed or portable?
Update and run F-secure again and post the log
Older versions of Jave can harbor viruses, Update your Java:
------------------------------------


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

Edited by garmanma, 25 January 2009 - 11:11 AM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#8 geotan

geotan
  • Topic Starter

  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bromsgrove, UK
  • Local time:05:32 AM

Posted 25 January 2009 - 01:32 PM

Garmanma,
All hard drives are internal [between 2 and 3 years old].
Java is JRE 6/11

Ran f-secure. Log:-

Scanning Report
Sunday, January 25, 2009 17:10:41 - 18:24:12
Computer name: SPECIAL
Scanning type: Scan system for malware, rootkits
Target: C:\ F:\ G:\


--------------------------------------------------------------------------------

Result: 5 malware found
TrackingCookie.2o7 (spyware)
System
W32/Packed_FSG.D (virus)
C:\WINDOWS\SYSTEM32\XA1080546.EXE (Submitted)
C:\WINDOWS\SYSTEM32\XA1080781.EXE (Submitted)
C:\WINDOWS\SYSTEM32\XA17082406.EXE (Submitted)
C:\WINDOWS\SYSTEM32\XA17082625.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 52731
System: 3618
Not scanned: 7
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 5
Submitted: 4
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\GEORGE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{022BC18B-DCAE-485F-B8A6-5A1EFC3663AD}

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 3.0.0
F-Secure Hydra: 2.8.8110, 2009-01-25
F-Secure AVP: 7.0.171, 2009-01-25
F-Secure Pegasus: 1.20.0, 1970-00-01
F-Secure Blacklight: 0.0.0
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

#9 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:10:32 AM

Posted 25 January 2009 - 02:43 PM

ATF
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Now SAS,may need an hour
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#10 geotan

geotan
  • Topic Starter

  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bromsgrove, UK
  • Local time:05:32 AM

Posted 25 January 2009 - 05:45 PM

Ran ATF Cleaner.
Had already got latest SAS on my computer. When I booted in safe mode then double clicked on SAS Icon to start itI got the following message:- A device attached to this system is not functioning.

#11 geotan

geotan
  • Topic Starter

  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bromsgrove, UK
  • Local time:10:32 AM

Posted 25 January 2009 - 05:55 PM

Update

sas WILL RUN IN NORMAL MODE.

#12 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:10:32 AM

Posted 25 January 2009 - 07:01 PM

Give it a shot and see what it finds
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#13 geotan

geotan
  • Topic Starter

  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bromsgrove, UK
  • Local time:05:32 AM

Posted 25 January 2009 - 08:59 PM

Ran SAS in Normal Mode - nothing found.
Rebooted in Safe Mode as Administrator>Programme Files>SAS and opened it that way.
Ran Scan - nothing found.

#14 geotan

geotan
  • Topic Starter

  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bromsgrove, UK
  • Local time:10:32 AM

Posted 26 January 2009 - 07:45 AM

UPDATE

Ran AVG this morning. Virus found:- C\autorun.inf.
Still cannot do a Restore.
Now cannot connect to the Internet - Internet Explorer has encountered a problem and needs to close.
Ran Malwarebytes - nothing found.
Ran SAS - nothing found.

#15 geotan

geotan
  • Topic Starter

  • Members
  • 374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bromsgrove, UK
  • Local time:10:32 AM

Posted 26 January 2009 - 09:40 AM

Thank you DZM,
Downloaded Combofix and transferred it to affected computer. Ran it after reading Bleeping Computer's instructions. All seems to be working fine now and also have Internet connection back.
Only thing that is worrying me is that it has duplicated a lot of my Desktop Icons and added a number after the name. Is it safe to Shift>Delete them?

Here is the log from Combofix:-

"George" - 07-03-18 18:58:20 Service Pack 2
ComboFix 07-03-15.2 - Running from: "C:\Documents and Settings\George\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-02-18 to 2007-03-18 ))))))))))))))))))))))))))))))))))


2007-03-17 16:45 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-17 11:54 <DIR> d-------- C:\Program Files\RegCure
2007-03-17 10:00 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-03-17 08:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-03-17 08:49 <DIR> d-------- C:\DOCUME~1\George\APPLIC~1\SUPERAntiSpyware.com
2007-03-17 08:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-03-15 18:23 167,936 --a------ C:\WINDOWS\system32\Engine3D021206.dll
2007-03-15 18:03 <DIR> d-------- C:\Program Files\Blender Foundation
2007-03-03 13:45 <DIR> d-------- C:\WINDOWS\system32\ActiveScan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-17 11:36 -------- d-------- C:\Program Files\messenger
2007-03-17 08:49 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2006-12-28 19:02 4 --a------ C:\WINDOWS\system32\mlcrs0ft.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"EPSON Stylus Photo R220 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAIE.EXE /P30 \"EPSON Stylus Photo R220 Series\" /M \"Stylus Photo R220\" /EF \"HKCU\""
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PCLEPCI"="C:\\PROGRA~1\\Pinnacle\\PPE\\ppe.exe"
"SoundMan"="SOUNDMAN.EXE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"HPHUPD05"="C:\\Program Files\\Hewlett-Packard\\\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe"
"HP Software Update"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe"
"EPSON Stylus Photo R220 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAIE.EXE /P30 \"EPSON Stylus Photo R220 Series\" /O6 \"USB002\" /M \"Stylus Photo R220\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="opware32"
"hkey"="HKLM"
"command"="C:\\Program Files\\Caere\\OmniPagePro90\\opware32.exe"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TAE7ESLP.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{193f71fd-133b-11da-9718-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TAE7ESLP.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20fddbc8-0e7b-11da-9ec4-0013d316b2a8}]

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e370731-0e7a-11da-9ec3-0013d316b2a8}]


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP Usg Daily.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-18 18:59:58




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users