« previous next »
Pages: 1 [2] 3

Author Topic: weird sign??  (Read 3073 times)

Offline Moe C

  • Hero Member
  • *****
  • Posts: 1280
  • Karma: +0/-0
    • View Profile
    • http://
weird sign??
« Reply #20 on: April 22, 2007, 07:26:37 AM »
lol.

free bump
Logged
I'm a scammer right? Ban me



OK

Offline Asuyuki

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +0/-0
    • View Profile
weird sign??
« Reply #21 on: April 24, 2007, 03:38:17 AM »
another problem arises again  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />


now my mozilla cannot bookmark webpages
Logged
hope is yet to be found ....

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
weird sign??
« Reply #22 on: April 28, 2007, 10:17:52 AM »
Can i see one more log, I just want to double check on something
After this, I would also suggest that you update your version of firefox as 1.5 has no support next month

Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from combofix please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Asuyuki

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +0/-0
    • View Profile
weird sign??
« Reply #23 on: April 28, 2007, 08:41:08 PM »
ok done ...
just to add on, the "d:\ drive situation" has revert back to its original problem ... meaning a new window is produced upon double clicking it ...



"Pikasword" - 07-04-29  9:26:36    Service Pack 2  
ComboFix 07-04-25.4V - Running from: "D:\ka tsun's stuff\other junks\"


(((((((((((((((((((((((((((((((   Files Created from 2007-03-28 to 2007-04-29  ))))))))))))))))))))))))))))))))))


2007-04-27 17:48   <DIR>   d--------   C:\Program Files\Sing-Gium International Pte Ltd
2007-03-31 17:29   94,552   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-31 17:29   90,112   --a------   C:\WINDOWS\system32\AVASTSS.scr
2007-03-31 17:29   85,952   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-31 17:29   733,824   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-03-31 17:29   43,176   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-31 17:29   26,888   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-31 17:29   23,416   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-31 17:29   <DIR>   d--------   C:\Program Files\Alwil Software
2007-03-31 17:13   32,288   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2007-03-31 17:13   2,080   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-26 16:21   --------   d--------   C:\Program Files\spywareblaster
2007-04-16 17:46   --------   d--------   C:\Program Files\siteadvisor
2007-03-19 23:02   729088   --a------   C:\WINDOWS\iun6002.exe
2007-03-17 21:43   292864   --a------   C:\WINDOWS\system32\winsrv.dll
2007-03-15 17:40   --------   d--------   C:\Program Files\messenger plus! live
2007-03-08 23:36   577536   --a------   C:\WINDOWS\system32\user32.dll
2007-03-08 23:36   40960   --a------   C:\WINDOWS\system32\mf3216.dll
2007-03-08 23:36   281600   --a------   C:\WINDOWS\system32\gdi32.dll
2007-03-08 21:47   1843584   --a------   C:\WINDOWS\system32\win32k.sys
2007-02-28 01:19   --------   d--------   C:\Program Files\microsoft visual studio 8
2007-02-06 04:17   185344   --a------   C:\WINDOWS\system32\upnphost.dll


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{089FD14D-132B-48FC-8861-0048AE113215}   C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
{53707962-6F74-2D53-2644-206D7942484F}   C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5CA3D70E-1895-11CF-8E15-001234567890}   C:\WINDOWS\system32\dla\tfswshx.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}   C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6}   C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"TabletWizard"="C:\\WINDOWS\\help\\SplshWrp.exe"
"TabletTip"="\"C:\\Program Files\\Common Files\\microsoft shared\\ink\\tabtip.exe\" /resume"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"LoadBtnHnd"="C:\\Program Files\\Fujitsu\\BtnHnd\\BtnHnd.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IndicatorUtility"="C:\\Program Files\\Fujitsu\\Fujitsu Hotkey Utility\\IndicatorUty.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Fujitsu Menu"="C:\\Program Files\\Fujitsu\\Utils\\FjMnuIco.exe"
"FJUPDNV_Chitose"="C:\\Program Files\\Fujitsu\\updnavi\\updnavi.exe"
"FjEvents"="C:\\Program Files\\Fujitsu\\Utils\\fjevents.exe"
"FjDspMon"="C:\\Program Files\\Fujitsu\\Utils\\FjDspMon.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"AGRSMMSG"="AGRSMMSG.exe"
@=""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"EOUApp"="C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe"
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WindowsHiderPro"="C:\\Program Files\\WHidePro\\whpro.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"CTSyncU.exe"="\"C:\\Program Files\\Creative\\Sync Manager Unicode\\CTSyncU.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=hex(2):25,77,69,6e,64,69,72,25,5c,68,65,6c,70,5c,77,69,7a,61,72,\
  64,2e,68,74,61,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages   REG_MULTI_SZ      msv1_0
   Security Packages   REG_MULTI_SZ      kerberosmsv1_0schannelwdigest
   Notification Packages   REG_MULTI_SZ      scecli


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter   REG_MULTI_SZ      HTTPFilter
LocalService   REG_MULTI_SZ      AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ      DnsCache
DcomLaunch   REG_MULTI_SZ      DcomLaunchTermService
rpcss   REG_MULTI_SZ      RpcSs
imgsvc   REG_MULTI_SZ      StiSvc
termsvcs   REG_MULTI_SZ      TermService
WudfServiceGroup   REG_MULTI_SZ      WUDFSvc


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}]
Shell\AutoRun\command   C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(0)\command   F:\Recycled\ctfmon.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}]
Shell\AutoRun\command   F:\setupSNK.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}]
Shell\AutoRun\command   E:\setupSNK.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa0-a1f4-11db-b07b-000e35a85a68}]
Shell\AutoRun\command   F:\IERunner.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}]
Shell\AutoRun\command   C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(0)\command   G:\Recycled\ctfmon.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}]
Shell\AutoRun\command   C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\Recycled\ctfmon.exe
Shell\Open(O)\command   C:\Recycled\Recycled\ctfmon.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}]
Shell\AutoRun\command   C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(0)\command   D:\Recycled\ctfmon.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0e5b2c4-21ae-11da-ad36-000e35a85a68}]
Shell\AutoRun\command   C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(0)\command   J:\Recycled\ctfmon.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Critical Battery Alarm Program.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-29 09:32:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-29  9:33:37
C:\ComboFix-quarantined-files.txt ... 07-04-29 09:33
Logged
hope is yet to be found ....

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
weird sign??
« Reply #24 on: April 29, 2007, 10:04:59 AM »
Here's some info on the infection and the symptons
http://vil.nai.com/vil/content/v_140684.htm

Disconnect your computer from any network
Find the files and delete if they exist

This includes
           %Drive%:\autorun.inf
           %Drive%:\Recycled\desktop.ini
           %Drive%:\Recycled\INFO2
           %Drive%:\Recycled\Recycled\ctfmon.exe
Replace %Drive% with the letters of your drives, eg.. C, D
Removing autorun.inf from D should help to recognize as a harddisk again

Also, make sure that you have
Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Also look for the presence of these files
%Drive%\Recycled\ctfmon.exe
%Drive%\Recycled\smss.exe
%Drive%\Recycled\spoolsv.exe
%Drive%\Recycled\svchost.exe

Ensure that any other computers networked to yours and sharing files run an updated virus scanner
REboot the computer after removal of any of the above files posted by myself or from the McAfee link
ONLY delete them if found in the exact folder

Back in Windows
RIGHT CLICK an empty spot on your desktop and select
NEW>>Text Document
A new text document will be placed on desktop
Name it find.txt

Open find.txt
Copy>>Paste all the text below in the code box to it
Don't include the word 'code'
Close find.txt after you paste the info below and save the changes

Code: [Select]
RegSearch Options File

[Search]
1e733b60-254b-11db-af08-000e35a85a68
49220aa1-a1f4-11db-b07b-000e35a85a68
b5242610-1f44-11da-ad27-806d6172696f
b5242611-1f44-11da-ad27-806d6172696f
d0e5b2c4-21ae-11da-ad36-000e35a85a68

[Options]
Filter=KVDLUI
Download Registry Search to your desktop.

    * Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
    * Open the new folder, and double click on regsearch.exe
    * Click "Import" in the lower left corner and browse to the find.txt file that you just saved on your desktop.
    * Double click on find.txt
    * Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
    * Please reply here with the entire contents of the Notepad file from RegSearch.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Asuyuki

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +0/-0
    • View Profile
weird sign??
« Reply #25 on: April 30, 2007, 10:57:40 PM »
ok done ..
the log here ...
d:\ is still not recognized as a hard drive


Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.4.2

; Results at 5/1/2007 11:50:03 AM for strings:
;  '1e733b60-254b-11db-af08-000e35a85a68'
;  '49220aa1-a1f4-11db-b07b-000e35a85a68'
;  'b5242610-1f44-11da-ad27-806d6172696f'
;  'b5242611-1f44-11da-ad27-806d6172696f'
;  'd0e5b2c4-21ae-11da-ad36-000e35a85a68'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data  
; HKEY_LOCAL_MACHINE  HKEY_USERS  


[HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices]
; Contents of value:
;   õäõä ~      
"\\??\\Volume{b5242610-1f44-11da-ad27-806d6172696f}"=hex:f5,e4,f5,e4,00,7e,00,\
  00,00,00,00,00
; Contents of value:
;   õäõä  Ã‘¨  
"\\??\\Volume{b5242611-1f44-11da-ad27-806d6172696f}"=hex:f5,e4,f5,e4,00,00,d1,\
  a8,04,00,00,00
; Contents of value:
;   \ ? ? \ S T O R A G E # R e m o v a b l e M e d i a # 7 & f f e f 7 b 6 & 0 & R M # { 5 3 f 5 6 3 0 d - b 6 b f - 1 1 d 0 - 9 4 f 2 - 0 0 a 0 c 9 1 e f b 8 b }
"\\??\\Volume{d0e5b2c4-21ae-11da-ad36-000e35a85a68}"=hex:5c,00,3f,00,3f,00,5c,\
  00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
  76,00,61,00,62,00,6c,00,65,00,4d,00,65,00,64,00,69,00,61,00,23,00,37,00,26,\
  00,66,00,66,00,65,00,66,00,37,00,62,00,36,00,26,00,30,00,26,00,52,00,4d,00,\
  23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,\
  00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,\
  2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,\
  00,7d,00
; Contents of value:
;   \ ? ? \ S T O R A G E # R e m o v a b l e M e d i a # 7 & a e 4 2 b 4 e & 0 & R M # { 5 3 f 5 6 3 0 d - b 6 b f - 1 1 d 0 - 9 4 f 2 - 0 0 a 0 c 9 1 e f b 8 b }
"\\??\\Volume{1e733b60-254b-11db-af08-000e35a85a68}"=hex:5c,00,3f,00,3f,00,5c,\
  00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
  76,00,61,00,62,00,6c,00,65,00,4d,00,65,00,64,00,69,00,61,00,23,00,37,00,26,\
  00,61,00,65,00,34,00,32,00,62,00,34,00,65,00,26,00,30,00,26,00,52,00,4d,00,\
  23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,\
  00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,\
  2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,\
  00,7d,00
; Contents of value:
;   \ ? ? \ S T O R A G E # R e m o v a b l e M e d i a # 7 & 6 c 6 a f 5 1 & 0 & R M # { 5 3 f 5 6 3 0 d - b 6 b f - 1 1 d 0 - 9 4 f 2 - 0 0 a 0 c 9 1 e f b 8 b }
"\\??\\Volume{49220aa1-a1f4-11db-b07b-000e35a85a68}"=hex:5c,00,3f,00,3f,00,5c,\
  00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
  76,00,61,00,62,00,6c,00,65,00,4d,00,65,00,64,00,69,00,61,00,23,00,37,00,26,\
  00,36,00,63,00,36,00,61,00,66,00,35,00,31,00,26,00,30,00,26,00,52,00,4d,00,\
  23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,\
  00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,\
  2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,\
  00,7d,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\Autoplay]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\Autoplay\DropTarget]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\AutoRun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\AutoRun\command]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\Open(0)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\Open(0)\command]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\Autoplay]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\Autoplay\DropTarget]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\AutoRun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\AutoRun\command]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\Open(0)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\Open(0)\command]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\AutoRun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\AutoRun\command]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\Open(O)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\Open(O)\command]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\AutoRun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\AutoRun\command]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\Open(0)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\Open(0)\command]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0e5b2c4-21ae-11da-ad36-000e35a85a68}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0e5b2c4-21ae-11da-ad36-000e35a85a68}\Shell]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0e5b2c4-21ae-11da-ad36-000e35a85a68}\Shell\Autoplay]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0e5b2c4-21ae-11da-ad36-000e35a85a68}\Shell\Autoplay\DropTarget]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0e5b2c4-21ae-11da-ad36-000e35a85a68}\Shell\AutoRun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0e5b2c4-21ae-11da-ad36-000e35a85a68}\Shell\AutoRun\command]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0e5b2c4-21ae-11da-ad36-000e35a85a68}\Shell\Open(0)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0e5b2c4-21ae-11da-ad36-000e35a85a68}\Shell\Open(0)\command]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b5242610-1f44-11da-ad27-806d6172696f}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b5242611-1f44-11da-ad27-806d6172696f}]

; End Of The Log...
Logged
hope is yet to be found ....

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
weird sign??
« Reply #26 on: May 01, 2007, 12:04:07 AM »
Can you try the following
And this is important, as more and more infections are spreading by thumbdrives and such
ENSURE you have your USB thumbdrive (Flashdrive)  Connected to your computer

1. Create a new folder. You will need it to extract some files too

2.  Download and save clean-autoruns.zip
Extract the files in clean autoruns.zip into the new folder you created

Again, be sure your Flash drive is plugged in

3.Open the folder you extracted the files too
Run Clean autoruns.bat by double clicking on it.
If any autoruns are found, it will move them to a backup folder.

If any autoruns are found on the root of your drives, they will be moved to a backup folder.

All Shell Subkeys in your MountPoints(2) keys will be removed.
The MountPoints(2) key will be backed up first.

Part1.txt will be created. It will show the pre-cleaning state.

Part2.txt will be created. It will show the post cleaning state.

Post the contents of Part1.txt and then Part2.txt in your reply on the forums.


** It is important that you follow these directions exactly.

Any autorun files found in the root of your drives, or the Windows, or System32 directories will be deleted. Backups of these files will be created in a folder named as the date and time the last file was deleted.

This batch will not remove any other related files. If other related files are listed in part1.txt in the registry export section, you must find and delete those files if they still exist.

This batch only deals with autorun.* files and the MountPoints(2) registry keys.
« Last Edit: May 01, 2007, 12:20:18 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Asuyuki

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +0/-0
    • View Profile
weird sign??
« Reply #27 on: May 02, 2007, 04:33:37 AM »
ok done ..


part 1


Part1 Report
Wed 05/02/2007 17:27:47.43

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{005fa591-4ce3-11da-ad77-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{005fa591-4ce3-11da-ad77-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{005fa591-4ce3-11da-ad77-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{005fa591-4ce3-11da-ad77-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{005fa591-4ce3-11da-ad77-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{005fa591-4ce3-11da-ad77-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{035259b0-59d7-11db-af7f-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{035259b0-59d7-11db-af7f-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{035259b0-59d7-11db-af7f-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{035259b0-59d7-11db-af7f-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{035259b0-59d7-11db-af7f-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{035259b0-59d7-11db-af7f-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{096dd881-4027-11d9-92da-806d6172696f}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{096dd881-4027-11d9-92da-806d6172696f}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{096dd881-4027-11d9-92da-806d6172696f}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{096dd881-4027-11d9-92da-806d6172696f}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{096dd881-4027-11d9-92da-806d6172696f}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{096dd881-4027-11d9-92da-806d6172696f}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{096dd881-4027-11d9-92da-806d6172696f}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{096dd881-4027-11d9-92da-806d6172696f}\_Autorun\DefaultIcon]
@="E:\\Norman.ico"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{096dd881-4027-11d9-92da-806d6172696f}\_Autorun\DefaultIcon]
@="E:\\Norman.ico"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{168bc280-4944-11da-ad6d-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{168bc280-4944-11da-ad6d-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{168bc280-4944-11da-ad6d-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{168bc280-4944-11da-ad6d-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{168bc280-4944-11da-ad6d-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{168bc280-4944-11da-ad6d-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{185eb410-7922-11db-b005-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{185eb410-7922-11db-b005-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{185eb410-7922-11db-b005-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{185eb410-7922-11db-b005-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{185eb410-7922-11db-b005-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{185eb410-7922-11db-b005-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18908810-c531-11da-ae20-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18908810-c531-11da-ae20-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18908810-c531-11da-ae20-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18908810-c531-11da-ae20-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18908810-c531-11da-ae20-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18908810-c531-11da-ae20-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19bb3830-aa01-11db-b08f-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19bb3830-aa01-11db-b08f-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19bb3830-aa01-11db-b08f-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19bb3830-aa01-11db-b08f-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19bb3830-aa01-11db-b08f-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19bb3830-aa01-11db-b08f-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b842031-203b-11db-aefd-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b842031-203b-11db-aefd-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b842031-203b-11db-aefd-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b842031-203b-11db-aefd-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b842031-203b-11db-aefd-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b842031-203b-11db-aefd-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b842032-203b-11db-aefd-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b842032-203b-11db-aefd-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b842032-203b-11db-aefd-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b842032-203b-11db-aefd-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b842032-203b-11db-aefd-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b842032-203b-11db-aefd-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell]
@="Open(0)"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\ctfmon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\Open(0)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\Open(0)\command]
@="F:\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\Open(0)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\Open(0)\command]
@="F:\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b60-254b-11db-af08-000e35a85a68}\Shell\Open(0)\command]
@="F:\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b61-254b-11db-af08-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b61-254b-11db-af08-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b61-254b-11db-af08-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b61-254b-11db-af08-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b61-254b-11db-af08-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e733b61-254b-11db-af08-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de6bd62-8259-11da-adb5-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de6bd62-8259-11da-adb5-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de6bd62-8259-11da-adb5-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de6bd62-8259-11da-adb5-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de6bd62-8259-11da-adb5-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de6bd62-8259-11da-adb5-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307f6e20-572a-11da-ad8b-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307f6e20-572a-11da-ad8b-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307f6e20-572a-11da-ad8b-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307f6e20-572a-11da-ad8b-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307f6e20-572a-11da-ad8b-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307f6e20-572a-11da-ad8b-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33364430-16f0-11db-aed4-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33364430-16f0-11db-aed4-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33364430-16f0-11db-aed4-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33364430-16f0-11db-aed4-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33364430-16f0-11db-aed4-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33364430-16f0-11db-aed4-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b833370-0e86-11db-aec6-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b833370-0e86-11db-aec6-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b833370-0e86-11db-aec6-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b833370-0e86-11db-aec6-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b833370-0e86-11db-aec6-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b833370-0e86-11db-aec6-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\Shell]
@="Open"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\Shell\AutoRun]
"Extended"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\Shell\AutoRun\command]
@="F:\\setupSNK.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\Shell\AutoRun]
"Extended"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\Shell\AutoRun\command]
@="F:\\setupSNK.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\Shell\AutoRun\command]
@="F:\\setupSNK.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\_Autorun\Action]
@="Wireless Network Setup Wizard"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\_Autorun\DefaultIcon]
@="F:\\\\SMRTNTKY\\fcw.ico"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\_Autorun\Action]
@="Wireless Network Setup Wizard"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3edb72a0-98ad-11da-add3-000e35a85a68}\_Autorun\DefaultIcon]
@="F:\\\\SMRTNTKY\\fcw.ico"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\Shell]
@="Open"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\Shell\AutoRun]
"Extended"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\Shell\AutoRun\command]
@="E:\\setupSNK.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\Shell\AutoRun]
"Extended"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\Shell\AutoRun\command]
@="E:\\setupSNK.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\Shell\AutoRun\command]
@="E:\\setupSNK.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\_Autorun\Action]
@="Wireless Network Setup Wizard"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\_Autorun\DefaultIcon]
@="E:\\\\SMRTNTKY\\fcw.ico"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\_Autorun\Action]
@="Wireless Network Setup Wizard"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4879e902-0673-11d9-890c-95efe4991ac0}\_Autorun\DefaultIcon]
@="E:\\\\SMRTNTKY\\fcw.ico"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa0-a1f4-11db-b07b-000e35a85a68}\Shell]
@="AutoRun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa0-a1f4-11db-b07b-000e35a85a68}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa0-a1f4-11db-b07b-000e35a85a68}\Shell\AutoRun\command]
@="F:\\IERunner.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa0-a1f4-11db-b07b-000e35a85a68}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa0-a1f4-11db-b07b-000e35a85a68}\Shell\AutoRun\command]
@="F:\\IERunner.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa0-a1f4-11db-b07b-000e35a85a68}\Shell\AutoRun\command]
@="F:\\IERunner.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell]
@="Open(0)"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\ctfmon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\Open(0)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\Open(0)\command]
@="G:\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\Open(0)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\Open(0)\command]
@="G:\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49220aa1-a1f4-11db-b07b-000e35a85a68}\Shell\Open(0)\command]
@="G:\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a80610-f82d-11da-ae9b-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a80610-f82d-11da-ae9b-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a80610-f82d-11da-ae9b-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a80610-f82d-11da-ae9b-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a80610-f82d-11da-ae9b-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a80610-f82d-11da-ae9b-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a80611-f82d-11da-ae9b-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a80611-f82d-11da-ae9b-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a80611-f82d-11da-ae9b-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a80611-f82d-11da-ae9b-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a80611-f82d-11da-ae9b-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58a80611-f82d-11da-ae9b-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69147cc0-e5a5-11da-ae68-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69147cc0-e5a5-11da-ae68-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69147cc0-e5a5-11da-ae68-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69147cc0-e5a5-11da-ae68-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69147cc0-e5a5-11da-ae68-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69147cc0-e5a5-11da-ae68-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b4fe3d1-500d-11d9-9e28-806d6172696f}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b4fe3d1-500d-11d9-9e28-806d6172696f}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b4fe3d1-500d-11d9-9e28-806d6172696f}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b4fe3d1-500d-11d9-9e28-806d6172696f}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b4fe3d1-500d-11d9-9e28-806d6172696f}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b4fe3d1-500d-11d9-9e28-806d6172696f}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e3e7020-4787-11da-ad6b-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e3e7020-4787-11da-ad6b-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e3e7020-4787-11da-ad6b-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e3e7020-4787-11da-ad6b-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e3e7020-4787-11da-ad6b-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e3e7020-4787-11da-ad6b-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef69fc3-9534-11da-adcf-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef69fc3-9534-11da-adcf-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef69fc3-9534-11da-adcf-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef69fc3-9534-11da-adcf-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef69fc3-9534-11da-adcf-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ef69fc3-9534-11da-adcf-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{749ac950-fca8-11d8-bd9c-00e000c287a9}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{749ac950-fca8-11d8-bd9c-00e000c287a9}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{749ac950-fca8-11d8-bd9c-00e000c287a9}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{749ac950-fca8-11d8-bd9c-00e000c287a9}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{749ac950-fca8-11d8-bd9c-00e000c287a9}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{749ac950-fca8-11d8-bd9c-00e000c287a9}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78e9769d-a5ed-11da-adeb-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78e9769d-a5ed-11da-adeb-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78e9769d-a5ed-11da-adeb-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78e9769d-a5ed-11da-adeb-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78e9769d-a5ed-11da-adeb-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78e9769d-a5ed-11da-adeb-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79be0810-0570-11db-aeb5-ed6b28a988e5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79be0810-0570-11db-aeb5-ed6b28a988e5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79be0810-0570-11db-aeb5-ed6b28a988e5}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79be0810-0570-11db-aeb5-ed6b28a988e5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79be0810-0570-11db-aeb5-ed6b28a988e5}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79be0810-0570-11db-aeb5-ed6b28a988e5}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79be0811-0570-11db-aeb5-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79be0811-0570-11db-aeb5-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79be0811-0570-11db-aeb5-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79be0811-0570-11db-aeb5-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79be0811-0570-11db-aeb5-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79be0811-0570-11db-aeb5-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c92e982-19c1-11da-96e6-806d6172696f}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c92e982-19c1-11da-96e6-806d6172696f}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c92e982-19c1-11da-96e6-806d6172696f}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c92e982-19c1-11da-96e6-806d6172696f}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c92e982-19c1-11da-96e6-806d6172696f}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c92e982-19c1-11da-96e6-806d6172696f}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c92e982-19c1-11da-96e6-806d6172696f}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c92e982-19c1-11da-96e6-806d6172696f}\_Autorun\DefaultIcon]
@="E:\\AUTORUN\\I386\\SETUPPAD.EXE,2"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c92e982-19c1-11da-96e6-806d6172696f}\_Autorun\DefaultIcon]
@="E:\\AUTORUN\\I386\\SETUPPAD.EXE,2"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{819eb6f0-1648-11db-aed3-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{819eb6f0-1648-11db-aed3-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{819eb6f0-1648-11db-aed3-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{819eb6f0-1648-11db-aed3-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{819eb6f0-1648-11db-aed3-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{819eb6f0-1648-11db-aed3-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e0-219e-11da-ad35-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e0-219e-11da-ad35-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e0-219e-11da-ad35-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e0-219e-11da-ad35-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e0-219e-11da-ad35-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e0-219e-11da-ad35-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e1-219e-11da-ad35-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e1-219e-11da-ad35-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e1-219e-11da-ad35-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e1-219e-11da-ad35-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e1-219e-11da-ad35-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e1-219e-11da-ad35-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e2-219e-11da-ad35-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e2-219e-11da-ad35-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e2-219e-11da-ad35-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e2-219e-11da-ad35-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e2-219e-11da-ad35-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{979290e2-219e-11da-ad35-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9901bc70-ae64-11da-adfc-000e35a85a68}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9901bc70-ae64-11da-adfc-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9901bc70-ae64-11da-adfc-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9901bc70-ae64-11da-adfc-000e35a85a68}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9901bc70-ae64-11da-adfc-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9901bc70-ae64-11da-adfc-000e35a85a68}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ac134f0-4028-11d9-92db-000e358a6002}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ac134f0-4028-11d9-92db-000e358a6002}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ac134f0-4028-11d9-92db-000e358a6002}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ac134f0-4028-11d9-92db-000e358a6002}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ac134f0-4028-11d9-92db-000e358a6002}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ac134f0-4028-11d9-92db-000e358a6002}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell]
@="Open(0)"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
« Last Edit: May 02, 2007, 04:54:51 AM by dRkFiErY »
Logged
hope is yet to be found ....

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
weird sign??
« Reply #28 on: May 02, 2007, 07:09:03 PM »
Please keep me updated how things are running

Can you do the following

Using Internet Explorer, run this online scanner
http://www.kaspersky.com/virusscanner
Click on "Kaspersky Online Scanner"
A new smaller window will pop up. Press on "Accept". After reading the contents.
Now Kaspersky will update the anti-virus database. Let it run.
Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
Then click on "My Computer", and the scan will start.
Once finished, save the log as "KAV.txt" to the desktop.

Reboot your computer

Post back with the Kaspersky log.
« Last Edit: May 02, 2007, 07:09:24 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Asuyuki

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +0/-0
    • View Profile
weird sign??
« Reply #29 on: May 03, 2007, 09:27:01 AM »
omg .... wan to die le la ...


after 4 hours of scanning .... the scanner came bck wif 4 virus and 20 suspicious files .....


and there was an error in the report ...hence i cannot see or copy it down .... zzz ..


will probably scan again another day ...
« Last Edit: May 03, 2007, 09:27:51 AM by dRkFiErY »
Logged
hope is yet to be found ....

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
weird sign??
« Reply #30 on: May 03, 2007, 11:33:08 PM »
This post started on this date
Feb 21 2007

This is the second time since that date you can't find time to run a scan or I can't understand what the heck your saying
Please be literal!!!!
What up with that  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

You won't keep me updated how things are running and won't complete the scan
Let me see, both major scans I asked you to do would take a total of probably at the most 4 hours
In your case 4 hours per
You can't seem to find the time to do them, get back to me when you can find the time
Quote
after 4 hours of scanning .... the scanner came bck wif 4 virus and 20 suspicious files .....


and there was an error in the report ...hence i cannot see or copy it down .... zzz ..


will probably scan again another day ...
I was hoping you could be more informative
This topic is now locked
« Last Edit: May 03, 2007, 11:58:46 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Asuyuki

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +0/-0
    • View Profile
weird sign??
« Reply #31 on: May 04, 2007, 01:44:39 AM »
ok ..... i got time to do the scan tis morning ....

on the report of my situation ... the d:\ is still the same(creates pop up upon clicking)

the firefox is slightly better .... can create bookmarks now(as long as i create my own name for tat bookmark and not use the default name) ... but it still opens as a minimised window ..



ok ... so abt the report of kaspersky ....



-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Friday, May 04, 2007 2:11:29 PM
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.83.0
 Kaspersky Anti-Virus database last update:  4/05/2007
 Kaspersky Anti-Virus database records: 313003
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\
   E:\

Scan Statistics:
   Total number of scanned objects: 106170
   Number of viruses found: 4
   Number of infected objects: 20 / 0
   Number of suspicious objects: 0
   Duration of the scan process: 02:10:31

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Microsoft\IMJP8_1\imjp81u.dic   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\cert8.db   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\foxmarks.log   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\history.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\key3.db   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\parent.lock   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\search.sqlite   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\urlclassifier2.sqlite   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\SiteAdvisor\SiteAdv.csh   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-33d76220/BaaaaBaa.class   Infected: Trojan.Java.ClassLoader.ao   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-33d76220/VaaaaaaaBaa.class   Infected: Trojan.Java.ClassLoader.ao   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-33d76220/Baaaaa.class   Infected: Trojan.Java.ClassLoader.ao   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-33d76220   ZIP: infected - 3   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\53\243cac35-59b13e5f/BlackBox.class   Infected: Exploit.Java.ByteVerify   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\53\243cac35-59b13e5f/VerifierBug.class   Infected: Exploit.Java.ByteVerify   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\53\243cac35-59b13e5f/Beyond.class   Infected: Trojan-Downloader.Java.OpenConnection.aa   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\6.0\53\243cac35-59b13e5f   ZIP: infected - 3   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-365482d9.zip/BlackBox.class   Infected: Exploit.Java.ByteVerify   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-365482d9.zip/VerifierBug.class   Infected: Exploit.Java.ByteVerify   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-365482d9.zip/Beyond.class   Infected: Trojan-Downloader.Java.OpenConnection.aa   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-28d8de12-365482d9.zip   ZIP: infected - 3   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-6a642033.zip/BaaaaBaa.class   Infected: Trojan.Java.ClassLoader.ao   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-6a642033.zip/VaaaaaaaBaa.class   Infected: Trojan.Java.ClassLoader.ao   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-6a642033.zip/Baaaaa.class   Infected: Trojan.Java.ClassLoader.ao   skipped
C:\Documents and Settings\PUN KA TSUN\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-6a642033.zip   ZIP: infected - 3   skipped
C:\Documents and Settings\PUN KA TSUN\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\ApplicationHistory\TCServer.exe.7c11743d.ini.inuse   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Windows Live Contacts\pikaswordEmail Removed\real\members.stg   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Microsoft\Windows Live Contacts\pikaswordEmail Removed\shadow\members.stg   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\Cache\_CACHE_001_   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\Cache\_CACHE_002_   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\Cache\_CACHE_003_   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Application Data\Mozilla\Firefox\Profiles\13k7wy5z.default\Cache\_CACHE_MAP_   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\History\History.IE5\MSHist012007050420070505\index.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temp\~DF3A1A.tmp   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temp\~DF3A4D.tmp   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temp\~DF5034.tmp   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temp\~DF5047.tmp   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temp\~DF92BA.tmp   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\ntuser.dat   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\NTUSER.DAT.LOG   Object is locked   skipped
C:\Documents and Settings\PUN KA TSUN\Start Menu\Programs\Startup\ctfmon.exe   Infected: Trojan.Win32.VB.aqt   skipped
C:\Documents and Settings\PUN KA TSUN\UserData\index.dat   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt   Object is locked   skipped
C:\Recycled\ctfmon.exe   Infected: Trojan.Win32.VB.aqt   skipped
C:\Recycled\Recycled\ctfmon.exe   Infected: Trojan.Win32.VB.aqt   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{CD86FDB5-0670-4FAB-ACB4-DA759319F787}\RP255\change.log   Object is locked   skipped
C:\WINDOWS\CSC0000001   Object is locked   skipped
C:\WINDOWS\Debug\Netlogon.log   Object is locked   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\Sti_Trace.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\CcmExec.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\CertificateMaintenance.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\ClientIDManagerStartup.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\DataTransferService.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\execmgr.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\LocationServices.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\mtrmgr.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\PatchInstall.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\PatchUIMonitor.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgent.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgentProvider.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\PolicyEvaluator.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\Scheduler.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\SrcUpdateMgr.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\Logs\StatusAgent.log   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint0000039.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint0000039.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent0000006.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent0000006.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations0000004.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations0000004.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup0000032.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup0000032.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup000001A.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup000001A.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator00000V4.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator00000V4.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments0000007.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments0000007.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments00000AR.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments00000AR.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen0000002.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen0000002.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager000009J.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager000009J.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint0000002.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint0000002.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint0000001.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint0000001.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint0000002.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint0000002.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver0000003.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver0000003.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_locationmanager000000Z.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_locationmanager000000Z.que   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager000009I.msg   Object is locked   skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager000009I.que   Object is locked   skipped
C:\WINDOWS\system32\config\Antivirus.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\DEFAULT   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\Internet.evt   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SOFTWARE   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SYSTEM   Object is locked   skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\Temp\Perflib_Perfdata_134.dat   Object is locked   skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt   Object is locked   skipped
C:\WINDOWS\wiadebug.log   Object is locked   skipped
C:\WINDOWS\wiaservc.log   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped
D:\Recycled\ctfmon.exe   Infected: Trojan.Win32.VB.aqt   skipped
D:\System Volume Information\_restore{CD86FDB5-0670-4FAB-ACB4-DA759319F787}\RP255\change.log   Object is locked   skipped

Scan process completed.
« Last Edit: May 04, 2007, 01:47:26 AM by dRkFiErY »
Logged
hope is yet to be found ....

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
weird sign??
« Reply #32 on: May 04, 2007, 09:58:46 PM »
Let's try the following
Open your Windows Control Panel and open the Java icon
Click the "Delete Files" button
Leave all 3 selections checked and click OK
Exit Java

Or if your using the latest version of Java
Click on Settings, under temp internet files>>Delete Files

Download [color=\"#FF0000\"]The Avenger.zip[/color] by Swandog46 to your Desktop.

    * Click on Avenger.zip to open the file
    * Extract avenger.exe to your desktop

Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
Make sure you include "Folders to delete:"
=============================================================
[color=\"#0000FF\"]
Folders to delete:
C:\Recycled\Recycled

Files to delete:
C:\Documents and Settings\PUN KA TSUN\Start Menu\Programs\Startup\ctfmon.exe
C:\Recycled\ctfmon.exe
D:\Recycled\ctfmon.exe[/color]

==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt

    * Under "Script file to execute" choose"Input Script Manually".
    * Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    * Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    * Click Done
    * Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
    * Answer "Yes" twice when prompted.

Avenger should now Reboot your computer
After reboot, avenger will finish cleaning, it will produce a log I will need to see later>>C:Avenger.txt

Back in Windows
Do the following
Open the folder you extracted all the contents of Clean Autoruns.zip
Delete all files EXCEPT for cleanautoruns.bat
Run Clean autoruns.bat by double clicking on it.
If any autoruns are found, it will move them to a backup folder.

If any autoruns are found on the root of your drives, they will be moved to a backup folder.

All Shell Subkeys in your MountPoints(2) keys will be removed.
The MountPoints(2) key will be backed up first.

Part1.txt will be created. It will show the pre-cleaning state.

Part2.txt will be created. It will show the post cleaning state.

Post the contents of Part1.txt and then Part2.txt in your reply
Also, Post the log from Avenger


** It is important that you follow these directions exactly.

Any autorun files found in the root of your drives, or the Windows, or System32 directories will be deleted. Backups of these files will be created in a folder named as the date and time the last file was deleted.

This batch will not remove any other related files. If other related files are listed in part1.txt in the registry export section, you must find and delete those files if they still exist.

This batch only deals with autorun.* files and the MountPoints(2) registry keys.
« Last Edit: May 04, 2007, 10:00:19 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Asuyuki

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +0/-0
    • View Profile
weird sign??
« Reply #33 on: May 05, 2007, 01:15:12 AM »
ok done ..... here's the logs ... and to add on, the d:\ is alright after the cleanautorun .... but the firefox is still the same


part 1


Part1 Report
Sat 05/05/2007 14:04:35.77

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell]
@="Open(0)"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\Recycled\\ctfmon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\Open(O)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\Open(O)\command]
@="Recycled\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\Open(O)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\Open(O)\command]
@="Recycled\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242610-1f44-11da-ad27-806d6172696f}\Shell\Open(O)\command]
@="Recycled\\Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell]
@="Open(0)"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\ctfmon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\Open(0)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\Open(0)\command]
@="Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\AutoRun]
@="Auto&Play"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\Open(0)]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\Open(0)\command]
@="Recycled\\ctfmon.exe"

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5242611-1f44-11da-ad27-806d6172696f}\Shell\Open(0)\command]
@="Recycled\\ctfmon.exe"

 
No Autorun files found in C:\WINDOWS

No Autorun files found in C:\WINDOWS\system32

Files found on C:
autorun.inf

 
Contents of autorun.inf on  C:
[autorun]
shellexecute=Recycled\Recycled\ctfmon.exe
shell\Open(O)\command=Recycled\Recycled\ctfmon.exe
shell=Open(0)


Files found on D:
autorun.inf

 
Contents of autorun.inf on  D:
[autorun]
shellexecute=Recycled\ctfmon.exe
shell\Open(0)\command=Recycled\ctfmon.exe
shell=Open(0)



part 2


Part2 Report
Sat 05/05/2007 14:04:37.47
 
No shell subkeys found in MountPoints Registry entries

No Autorun files found in C:\WINDOWS  

No Autorun files found in C:\WINDOWS\system32
 
No Autorun files found in root of C:

 
No Autorun files found in root of D:

 


avenger log


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vab^htnw

*******************

Script file located at: \??\C:\cubkudmu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Recycled\Recycled deleted successfully.
File C:\Documents and Settings\PUN KA TSUN\Start Menu\Programs\Startup\ctfmon.exe deleted successfully.
File C:\Recycled\ctfmon.exe deleted successfully.
File D:\Recycled\ctfmon.exe deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
Logged
hope is yet to be found ....

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
weird sign??
« Reply #34 on: May 06, 2007, 09:22:30 AM »
Hi again, let's try and sort out the Firefox bookmarks problem
As mentioned ealier, you are using an older version of Firefox
I would opt to update to the latest version

First: Download the latest version from this link and save too desktop
http://www.mozilla.com/en-US/firefox/all.html

Close all browser windows and uninstall your version of Firefox
Then install the new version
As mentioned, support for Firefox 1.5 will cease very soon
Here's a quote

Quote
Wanted to notify the community that Mozilla will only supply security and stability upgrades for Firefox 1.5 until mid-May of this year. We encourage all Firefox 1.5 users to visit http://getfirefox.com to download the latest version of Firefox today. We will provide updates as we get closer to the date.

We are focused on delivering a faster and more secure online experience. We want all of our users to benefit from the new features in Firefox 2.0.

After you have done that, can I see one last hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Asuyuki

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +0/-0
    • View Profile
weird sign??
« Reply #35 on: May 07, 2007, 02:40:11 AM »
actually ... when u told me last time ... i have already changed to the new version .... but there seems to be no difference ..

anyway ... hijack log ..

Logfile of HijackThis v1.99.1
Scan saved at 3:35:07 PM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Fujitsu\updnavi\updnavi.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WHidePro\whpro.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\ka tsun's stuff\other junks\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updnavi.exe
O4 - HKLM\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe
O4 - HKLM\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsHiderPro] C:\Program Files\WHidePro\whpro.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://s.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125504900410
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = chs.moe.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = chs.moe.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = chs.moe.edu.sg
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
Logged
hope is yet to be found ....

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
weird sign??
« Reply #36 on: May 07, 2007, 11:43:13 PM »
Did you try a clean install of Firefox?
It may be that you have a corrupt  localstore.rdf
With firefox closed, try deleting loacalstore.rdf in your user profile
Or run Firefox in IT's safe mode and reset toolbar and controls

Take a look at this link
http://kb.mozillazine.org/Lost_bookmarks
That would be a good step since we have you clear of malware

If the above doesn't work, I would try a complete clean install of firefox< NOT just a reinstall
http://kb.mozillazine.org/Uninstalling_Firefox
« Last Edit: May 07, 2007, 11:44:11 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Asuyuki

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +0/-0
    • View Profile
weird sign??
« Reply #37 on: May 08, 2007, 03:22:25 AM »
hmm ... i think u forgot about the browser size problem .... anyway ... it is also related to the localstore.rdf .... thus the problem is solved .... all problems solved now  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' />
Logged
hope is yet to be found ....

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
weird sign??
« Reply #38 on: May 08, 2007, 05:15:10 PM »
I reopened this topic  merged the 2 topics back together so I don't have to go back and forth between the 2 of them to see what steps we had done

It sounds like everything is well on your end

I suggest that you do the following
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name and click Create
When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

Ensure that you keep your AntiVirus updated and running protections
Also keep SpywareBlaster updated
If you haven't done so already, you can go back and Reset Windows to Hide hidden files and folders
* Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Do Not Show hidden files and folders.
    * Check the Hide protected operating system files (recommended) option.
    * Click OK.

If everything else is ok, let me know and I'll lock this topic
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Asuyuki

  • Jr. Member
  • **
  • Posts: 84
  • Karma: +0/-0
    • View Profile
weird sign??
« Reply #39 on: May 09, 2007, 04:06:42 AM »
should be no problem le ... thx a lot ..
Logged
hope is yet to be found ....
Pages: 1 [2] 3
« previous next »