1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan Adware.W32.ExpDwnldr

Discussion in 'Virus & Other Malware Removal' started by tiffany77, Jul 8, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. tiffany77

    tiffany77 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    13
    Hi all,
    I'm new here and I've got a problem. I read that many other people ask you for the same reason so I hope you can help me to.
    My problem is the Trojan Adware.W32.ExpDwnldr. I tried every spyware programs but the trojan is still here. What can I do?

    Here sre the nformations about my computer

    Logfile of HijackThis v1.99.1
    Scan saved at 13:46, on 2007-07-08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ACS.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\Programmi\File comuni\Stardock\SDMCP.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\E-Book Systems\FlipViewer\FlipViewerLibrary.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\Programmi\SPYWAREfighter\spftray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Programmi\RamBooster 2.0\Rambooster.exe
    C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\Programmi\SPYWAREfighter\spfprc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\eMule\emule.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\CursorXP\CursorXP.exe
    C:\Programmi\Real\RealPlayer\RealPlay.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Programmi\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSVPS System - {4118A625-1B64-4ED1-A2E9-76DEC529D2D2} - C:\WINDOWS\qnxplugin.dll
    O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRA~1\E-BOOK~1\FLIPVI~1\fplaunch.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [FlipViewer Library] C:\Programmi\E-Book Systems\FlipViewer\\FlipViewerLibrary.exe /showmode=hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SNM] C:\Programmi\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmi\SPYWAREfighter\spftray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [XPRepairPro2007] C:\Programmi\XP Repair Pro 2007\XPRepairPro.exe /r
    O4 - HKCU\..\Run: [RamBooster] C:\Programmi\RamBooster 2.0\Rambooster.exe
    O4 - HKCU\..\Run: [CursorXP] C:\Programmi\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe" -m
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Silica Calender.lnk = C:\Programmi\Stardock\Object Desktop\DesktopX\Widgets\Silica Calendar.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Programmi\FlashKeeper\GetFlash.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Programmi\FlashKeeper\GetFlash.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: MCPClient - C:\Programmi\File comuni\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: msddx - {0A7A5E4B-BEF7-41F1-BBFA-84435B20CA60} - C:\WINDOWS\msddx.dll
    O21 - SSODL: msqnx - {3D41B43E-6DFC-4AAA-B1A7-1F7D708E0919} - C:\WINDOWS\msqnx.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmi\SPYWAREfighter\spfprc.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    Thanks for help
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

    ================================

    Download Combofix and save it to your desktop.
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe


    Note: It is important that it is saved directly to your desktop

    Close any open browsers.

    Double click on combofix.exe & follow the prompts.
    When finished, it shall produce a log for you.

    Post the ComboFix.txt and a fresh Hijackthis log in your next reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  3. tiffany77

    tiffany77 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    13
    Ok, first of all thanx for answering.
    Now these are the logs for the first step report. txt and hijackthis.txt




    SDFix: Version 1.90

    Run by Ten.Col. BRUNO on 2007-07-08 at 15:25

    Microsoft Windows XP [Versione 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:






    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service
    Restoring Missing SharedAccess Service

    Rebooting...


    Normal Mode:
    Checking Files:

    Below files will be copied to Backups folder then removed:

    C:\Documents and Settings\Ten.Col. BRUNO\Desktop\Error Cleaner.url - Deleted
    C:\Documents and Settings\Ten.Col. BRUNO\Preferiti\Error Cleaner.url - Deleted
    C:\Documents and Settings\Ten.Col. BRUNO\Desktop\Privacy Protector.url - Deleted
    C:\Documents and Settings\Ten.Col. BRUNO\Preferiti\Privacy Protector.url - Deleted
    C:\Documents and Settings\Ten.Col. BRUNO\Desktop\Spyware&Malware Protection.url - Deleted
    C:\Documents and Settings\Ten.Col. BRUNO\Preferiti\Spyware&Malware Protection.url - Deleted
    C:\WINDOWS\privacy_danger\index.htm - Deleted
    C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
    C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
    C:\WINDOWS\privacy_danger\images\down.gif - Deleted
    C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
    C:\WINDOWS\dat.txt - Deleted
    C:\WINDOWS\rs.txt - Deleted
    C:\WINDOWS\system32\24A.tmp - Deleted


    Folder C:\WINDOWS\privacy_danger - Removed

    Removing Temp Files...

    ADS Check:

    Checking C:\WINDOWS
    C:\WINDOWS
    No streams found.

    Checking C:\WINDOWS\system32
    C:\WINDOWS\system32
    No streams found.

    Checking C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    No streams found.

    Checking C:\WINDOWS\system32\ntoskrnl.exe
    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Programmi\\eMule\\emule.exe"="C:\\Programmi\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Documents and Settings\\Ten.Col. BRUNO\\Documenti\\Programmi\\FILES DI ORIGINE\\INTERNET\\eMule0.47c\\eMule0.47c\\emule.exe"="C:\\Documents and Settings\\Ten.Col. BRUNO\\Documenti\\Programmi\\FILES DI ORIGINE\\INTERNET\\eMule0.47c\\eMule0.47c\\emule.exe:*:Enabled:eMule"
    "C:\\Programmi\\iTunes\\iTunes.exe"="C:\\Programmi\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\WINDOWS\\$NtUninstallKB888302$\\IEXPLORE.EXE"="C:\\WINDOWS\\$NtUninstallKB888302$\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
    "C:\\Programmi\\ESTsoft\\ALFTP\\ALFTP.exe"="C:\\Programmi\\ESTsoft\\ALFTP\\ALFTP.exe:*:Enabled:ALFTP"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\WINDOWS\\$NtUninstallKB888302$\\IEXPLORE.EXE"="C:\\WINDOWS\\$NtUninstallKB888302$\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Programmi\Autodesk\Autodesk DWF Viewer\_Setupx.dll
    C:\Programmi\eRightSoft\SUPER\cygwin1.dll
    C:\Programmi\eRightSoft\SUPER\cygz.dll
    C:\Programmi\eRightSoft\SUPER\_Setup.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\14_43260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\28_83260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\atrc3260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\cook3260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\ddnt3260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\dnet3260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\drv13260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\drv23260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\drv33260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\drv43260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\dspr3260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\ivvideo.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\qtmlClient.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\raac.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\rnco3260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\rnlt3260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\rv103260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\rv203260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\rv303260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\rv403260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\sipr3260.dll
    C:\Programmi\eRightSoft\SUPER\mencoder\tokr3260.dll
    C:\WINDOWS\system32\flvDX.dll
    C:\WINDOWS\system32\msfDX.dll
    C:\Programmi\Autodesk\Autodesk DWF Viewer\Setup.exe
    C:\Programmi\eRightSoft\SUPER\Setup.exe
    C:\Programmi\File comuni\Adobe\ESD\DLMCleanup.exe
    C:\WINDOWS\system32\5AF6EB2C1B.sys
    C:\WINDOWS\system32\KGyGaAvL.sys
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT14.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT17.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT18.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT19.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT1A.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT1B.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT1F.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT21.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT22.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT23.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT24.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT25.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT26.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT27.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT29.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT2B.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT2C.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT2D.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT2E.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT2F.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT31.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT3F.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT48.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT4D.tmp
    C:\Deckard\System Scanner\20070708100405\backup\DOCUME~1\TENCOL~2.BRU\IMPOST~1\Temp\BIT8.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\esami\Paletnologia\NEOLITICO\~WRL1228.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL0008.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL0280.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL0383.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL0544.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL0961.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL1026.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL1078.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL1103.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL1146.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL1285.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL1428.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL1579.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL1644.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL1805.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL1997.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL2024.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL2309.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL3086.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL3114.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL3237.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL3304.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL3592.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL3680.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL3774.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.1. introduzione\~WRL3986.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.10. comportamenti abituali\~WRL0215.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.11. paleopatologia\~WRL3802.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.2. det sesso\~WRL0003.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.2. det sesso\~WRL0269.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.2. det sesso\~WRL1266.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.2. det sesso\~WRL2061.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.2. det sesso\~WRL2541.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.2. det sesso\~WRL2812.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.2. det sesso\~WRL2859.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.2. det sesso\~WRL2937.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.8. altri caratteri metrici e caratteri discontinui\~WRL0608.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.8. altri caratteri metrici e caratteri discontinui\~WRL0743.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.8. altri caratteri metrici e caratteri discontinui\~WRL1437.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.8. altri caratteri metrici e caratteri discontinui\~WRL1618.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione antropologica\cap 7. studio resti\7.8. altri caratteri metrici e caratteri discontinui\~WRL4080.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione paletnologica\cap 2. tafonomia\~WRL0002.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Documenti\Universit…\Tesi\bibliografia e capitoli\sezione paletnologica\cap 2. tafonomia\~WRL3805.tmp
    C:\Documents and Settings\Ten.Col. BRUNO\Impostazioni locali\Temp\BIT25A.tmp
    C:\WINDOWS\system32\config\default.tmp.LOG
    C:\WINDOWS\system32\config\software.tmp.LOG
    C:\WINDOWS\system32\config\system.tmp.LOG

    Finished

    ___________________________________________________

    Logfile of HijackThis v1.99.1
    Scan saved at 15:38, on 2007-07-08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ACS.exe
    C:\Programmi\File comuni\Stardock\SDMCP.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\E-Book Systems\FlipViewer\FlipViewerLibrary.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\Programmi\SPYWAREfighter\spftray.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\Programmi\RamBooster 2.0\Rambooster.exe
    C:\Programmi\CursorXP\CursorXP.exe
    C:\Programmi\SPYWAREfighter\spfprc.exe
    C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe
    C:\Programmi\HijackThis\HijackThis.exe
    C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
    C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\RAMASST.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSVPS System - {4118A625-1B64-4ED1-A2E9-76DEC529D2D2} - C:\WINDOWS\qnxplugin.dll
    O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRA~1\E-BOOK~1\FLIPVI~1\fplaunch.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [FlipViewer Library] C:\Programmi\E-Book Systems\FlipViewer\\FlipViewerLibrary.exe /showmode=hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SNM] C:\Programmi\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmi\SPYWAREfighter\spftray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [XPRepairPro2007] C:\Programmi\XP Repair Pro 2007\XPRepairPro.exe /r
    O4 - HKCU\..\Run: [RamBooster] C:\Programmi\RamBooster 2.0\Rambooster.exe
    O4 - HKCU\..\Run: [CursorXP] C:\Programmi\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe" -m
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Silica Calender.lnk = C:\Programmi\Stardock\Object Desktop\DesktopX\Widgets\Silica Calendar.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Programmi\FlashKeeper\GetFlash.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Programmi\FlashKeeper\GetFlash.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: MCPClient - C:\Programmi\File comuni\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: msddx - {0A7A5E4B-BEF7-41F1-BBFA-84435B20CA60} - C:\WINDOWS\msddx.dll
    O21 - SSODL: msqnx - {3D41B43E-6DFC-4AAA-B1A7-1F7D708E0919} - C:\WINDOWS\msqnx.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmi\SPYWAREfighter\spfprc.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe



    =========================================
     
  4. tiffany77

    tiffany77 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    13
    ..and these are the logs for the second step, ComboFix.txt and hijackthis.txt

    "Ten.Col. BRUNO" - 2007-07-08 15:42:37 - ComboFix 07-07-07.3 - Service Pack 2


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\TENCOL~2.BRU\Desktop.\Error Cleaner.url
    C:\DOCUME~1\TENCOL~2.BRU\Desktop.\Privacy Protector.url
    C:\DOCUME~1\TENCOL~2.BRU\Desktop.\Spyware&Malware Protection.url
    C:\DOCUME~1\TENCOL~2.BRU\PREFER~1.\Error Cleaner.url
    C:\DOCUME~1\TENCOL~2.BRU\PREFER~1.\Privacy Protector.url
    C:\DOCUME~1\TENCOL~2.BRU\PREFER~1.\Spyware&Malware Protection.url
    C:\WINDOWS\privacy_danger
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\index.htm


    ((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))


    2007-07-08 15:23 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-07-08 03:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2007-07-08 02:52 <DIR> d-------- C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Uniblue
    2007-07-08 02:51 <DIR> d-------- C:\Programmi\Uniblue
    2007-07-08 02:36 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-08 02:29 <DIR> d-------- C:\Deckard
    2007-07-07 23:49 <DIR> d-------- C:\Programmi\SPYWAREfighter
    2007-07-07 23:49 <DIR> d-------- C:\Programmi\File comuni\Application
    2007-07-07 20:39 <DIR> d-------- C:\Programmi\NoAdware5.0
    2007-07-07 20:28 1,152 --a------ C:\WINDOWS\system32\windrv.sys
    2007-07-07 18:59 204,800 --a------ C:\WINDOWS\qnxplugin.dll
    2007-07-07 18:59 173,056 --a------ C:\WINDOWS\msqnx.dll
    2007-07-07 18:59 172,032 --a------ C:\WINDOWS\msddx.dll
    2007-06-28 16:26 <DIR> d-------- C:\Python24
    2007-06-28 16:20 <DIR> d-------- C:\Programmi\Blender Foundation
    2007-06-27 22:32 <DIR> d-------- C:\Programmi\AnswerWorks 4.0
    2007-06-27 22:27 <DIR> d-------- C:\Programmi\AutoCAD 2007
    2007-06-27 22:23 <DIR> d-------- C:\Programmi\File comuni\Autodesk Shared
    2007-06-27 11:12 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2007-06-27 11:12 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2007-06-26 14:08 <DIR> d-------- C:\Programmi\VOXEL-MAN 3D-Navigator
    2007-06-20 19:17 <DIR> d-------- C:\Programmi\PixAround.com
    2007-06-20 19:17 <DIR> d-------- C:\My PixAround
    2007-06-17 22:31 57,436 --a------ C:\WINDOWS\DASShp.dll
    2007-06-17 22:31 <DIR> d-------- C:\Programmi\Microsoft Reader
    2007-06-17 19:15 <DIR> d-------- C:\WINDOWS\Lhsp
    2007-06-17 19:13 <DIR> d-------- C:\Programmi\VocalReader
    2007-06-12 13:13 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
    2007-06-12 13:13 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
    2007-06-12 13:13 383 --a------ C:\WINDOWS\system32\haspdos.sys
    2007-06-12 13:11 29,028 --a------ C:\WINDOWS\system32\MSPLIT.EXE
    2007-06-12 13:11 21,638 --a------ C:\WINDOWS\system32\Mpack.exe
    2007-06-12 13:11 17,858 --a------ C:\WINDOWS\system32\Munpack.exe
    2007-06-12 13:11 15,956 --a------ C:\WINDOWS\system32\MJOIN.EXE
    2007-06-12 13:10 <DIR> d-------- C:\Mcam9
    2007-06-11 03:30 <DIR> d-------- C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\DassaultSystemes
    2007-06-11 03:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\DassaultSystemes
    2007-06-11 03:27 <DIR> d-------- C:\Office10
    2007-06-11 03:24 <DIR> d-------- C:\Programmi\INUS Technology
    2007-06-11 03:24 <DIR> d-------- C:\Programmi\File comuni\Crystal Decisions
    2007-06-11 03:24 <DIR> d-------- C:\Programmi\Crystal Decisions
    2007-06-11 03:18 733,296 --a------ C:\WINDOWS\system\OPENGL32.DLL
    2007-06-11 03:18 66,560 --a------ C:\WINDOWS\system32\s2dtconv.dll
    2007-06-11 03:18 48,128 --a------ C:\WINDOWS\system32\wnaspi32.dll
    2007-06-11 03:18 26,384 --a------ C:\WINDOWS\system32\FM20ENU.DLL
    2007-06-11 03:18 24,576 --a------ C:\WINDOWS\system32\Sbtrvd32.dll
    2007-06-11 03:18 139,712 --a------ C:\WINDOWS\system\GLU32.DLL
    2007-06-10 19:05 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
    2007-06-10 19:05 <DIR> d-------- C:\Programmi\Mobipocket.com
    2007-06-10 18:56 <DIR> d-------- C:\Programmi\ICE Book Reader Professional
    2007-06-10 18:20 <DIR> d-------- C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Mobipocket
    2007-06-08 11:52 947,096 --a------ C:\WINDOWS\system32\_ISource30.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-08 13:14:23 -------- d-----w C:\Programmi\eMule
    2007-07-08 11:56:15 -------- d-----w C:\Programmi\RamBooster 2.0
    2007-07-08 11:53:12 -------- d-----w C:\Programmi\Messenger
    2007-07-08 11:53:00 -------- d-----w C:\Programmi\iTunes
    2007-07-08 11:50:07 -------- d-----w C:\Programmi\Google
    2007-07-08 11:50:01 -------- d-----w C:\Programmi\FlashKeeper
    2007-07-08 11:49:57 -------- d-----w C:\Programmi\File comuni\stardock
    2007-07-08 09:55:08 -------- d-----w C:\Programmi\CursorXP
    2007-07-08 00:19:03 -------- d-----w C:\Programmi\EAdwareRemoval
    2007-07-04 22:15:58 -------- d--h--w C:\Programmi\InstallShield Installation Information
    2007-06-29 22:15:33 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\gtk-2.0
    2007-06-27 20:27:11 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Autodesk
    2007-06-27 20:23:51 -------- d-----w C:\Programmi\Autodesk
    2007-06-17 20:46:47 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\ESTsoft
    2007-06-17 20:46:32 -------- d-----w C:\Programmi\ESTsoft
    2007-06-09 12:23:49 -------- d-----w C:\Programmi\Aladdin
    2007-06-09 10:10:28 12 ----a-w C:\WINDOWS\system32\haspaddr.dat
    2007-06-05 22:21:54 -------- d-----w C:\Programmi\DivX
    2007-06-03 22:08:34 -------- d-----w C:\Programmi\Emule Speed Up Pro
    2007-06-03 21:35:19 -------- d-----w C:\Programmi\Icon Constructor 3
    2007-06-03 20:30:10 -------- d-----w C:\Programmi\Stardock
    2007-06-03 16:46:41 -------- d-----w C:\Programmi\AareSoft
    2007-06-03 15:08:03 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
    2007-06-01 14:44:56 -------- d-----w C:\Programmi\Microsoft SQL Server
    2007-06-01 14:27:29 -------- d-----w C:\Programmi\Easypano
    2007-05-31 17:54:32 -------- d-----w C:\Programmi\VirtualDub
    2007-05-31 17:50:50 -------- d-----w C:\Programmi\Gabest
    2007-05-31 13:57:46 -------- d-----w C:\Programmi\Singular Inversions
    2007-05-31 13:45:04 -------- d-----w C:\Programmi\File comuni\McNeel Shared
    2007-05-31 13:44:18 -------- d-----w C:\Programmi\Rhinoceros 4.0
    2007-05-31 10:43:16 80,368 -c--a-w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\GDIPFONTCACHEV1.DAT
    2007-05-31 10:32:20 1,080 -c--a-w C:\WINDOWS\AUTOLNCH.REG
    2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-05-29 22:01:14 -------- d-----w C:\Programmi\Rainbow Technologies
    2007-05-29 21:16:56 -------- d-----w C:\Programmi\File comuni\InstallShield
    2007-05-29 21:15:42 -------- d-----w C:\Programmi\infragistics
    2007-05-29 21:15:38 -------- d-----w C:\Programmi\codejock software
    2007-05-28 18:42:28 -------- d-----w C:\Programmi\Virtual MODELA
    2007-05-28 18:41:56 -------- d-----w C:\Programmi\MODELA Player 4
    2007-05-24 12:25:41 -------- d-----w C:\Programmi\Exact Audio Copy
    2007-05-23 11:52:59 -------- d-----w C:\Programmi\Vextractor
    2007-05-21 22:34:04 -------- d-----w C:\Programmi\Combined Community Codec Pack
    2007-05-20 21:16:42 -------- d-----w C:\Programmi\ElectricSheep Windows Media Player Visualization
    2007-05-20 21:15:30 -------- d-----w C:\Programmi\Mediacenter
    2007-05-20 21:12:52 -------- d-----w C:\Programmi\File comuni\Nullsoft
    2007-05-20 15:47:02 -------- d-----w C:\Programmi\XP Repair Pro 2007
    2007-05-20 15:29:46 -------- d-----w C:\Programmi\Victoria Clothes Organizer
    2007-05-20 12:25:20 -------- d-----w C:\Programmi\Crawler
    2007-05-20 00:21:50 8 ----a-w C:\WINDOWS\system32\F73859.bin
    2007-05-19 23:28:59 1,080,827 ----a-w C:\new_year_group.exe
    2007-05-19 23:28:18 1,051,377 ----a-w C:\mother_day_baby.exe
    2007-05-19 23:28:07 1,481,771 ----a-w C:\daboyz2.exe
    2007-05-19 23:23:59 8 ----a-w C:\WINDOWS\system32\e9243f.bin
    2007-05-19 22:36:28 -------- d-----w C:\Programmi\GlobFX Technologies
    2007-05-19 22:17:54 -------- d-----w C:\Programmi\eRightSoft
    2007-05-19 19:40:17 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\DivX
    2007-05-19 19:32:36 56 --sh--r C:\WINDOWS\system32\5AF6EB2C1B.sys
    2007-05-19 19:32:36 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-05-19 19:01:49 -------- d-----w C:\Programmi\FLVPlayer
    2007-05-19 18:35:39 4,562 ----a-w C:\WINDOWS\mozver.dat
    2007-05-19 13:06:25 -------- d-----w C:\Programmi\123 AVI to GIF Converter
    2007-05-18 13:28:42 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Real
    2007-05-18 13:27:22 -------- d-----w C:\Programmi\File comuni\xing shared
    2007-05-18 13:27:15 -------- d-----w C:\Programmi\File comuni\Real
    2007-05-18 13:26:32 -------- d-----w C:\Programmi\Real
    2007-05-18 00:50:01 -------- d-----w C:\Programmi\Windows Media Bonus Pack for Windows XP
    2007-05-17 23:50:48 0 ----a-w C:\WINDOWS\nsreg.dat
    2007-05-17 23:50:37 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Talkback
    2007-05-17 23:50:14 99,970 ----a-w C:\WINDOWS\UninstallFirefox.exe
    2007-05-17 22:23:34 -------- d-----w C:\Programmi\File comuni\Symantec Shared
    2007-05-17 22:19:48 -------- d-----w C:\Programmi\Symantec
    2007-05-17 22:11:40 -------- d-----w C:\Programmi\McAfee.com
    2007-05-16 15:12:56 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-15 17:48:33 -------- d-----w C:\Programmi\Autodesk Architectural Desktop 2007
    2007-05-14 22:42:46 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Inkscape
    2007-05-14 22:31:53 -------- d-----w C:\Programmi\Inkscape
    2007-05-14 19:55:25 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Ahead
    2007-05-14 17:28:16 -------- d-----w C:\Programmi\Team MediaPortal
    2007-05-14 13:17:09 -------- d-----w C:\Programmi\AntiDialer
    2007-05-14 12:59:50 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
    2007-05-13 22:09:50 -------- d-----w C:\Programmi\Alwil Software
    2007-05-13 22:02:05 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Lavasoft
    2007-05-13 15:27:09 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Video DVD Maker FREE
    2007-05-13 15:24:42 -------- d-----w C:\Programmi\Ahead
    2007-05-13 15:24:29 -------- d-----w C:\Programmi\File comuni\Ahead
    2007-05-13 15:04:16 1,024,000 ----a-w C:\WINDOWS\system32\ewmpegco.dll
    2007-05-13 15:03:19 -------- d-----w C:\Programmi\Video DVD Maker FREE
    2007-05-11 16:52:36 -------- d-----w C:\Programmi\Carl The Caveman
    2007-05-11 16:49:27 -------- d-----w C:\Programmi\ReflexiveArcade
    2007-05-11 15:50:15 -------- d-----w C:\Programmi\Prince Persia
    2007-05-09 12:29:25 -------- d-----w C:\Programmi\ArcheoVR
    2007-05-06 22:11:05 8,464 -c--a-w C:\WINDOWS\system32\sporder.dll
    2007-05-03 12:00:44 75,586 -c--a-w C:\WINDOWS\system32\perfc010.dat
    2007-05-03 12:00:44 449,714 -c--a-w C:\WINDOWS\system32\perfh010.dat
    2007-04-30 15:46:10 745,600 -c--a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:35:28 95,872 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
    2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    2005-11-21 16:54 399424 --a--c--- C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-12-18 04:16 59032 --a------ C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}]
    2007-07-07 18:33 204800 --a------ C:\WINDOWS\qnxplugin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}]
    2004-08-04 12:18 49152 --a------ C:\PROGRA~1\E-BOOK~1\FLIPVI~1\fplaunch.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    2005-05-31 05:33 118844 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-19 23:56 2423872 -ra--c--- c:\programmi\google\googletoolbar2.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 00:28]
    "SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 00:26]
    "PadTouch"="C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56]
    "TPSMain"="TPSMain.exe" [2005-02-17 11:11 C:\WINDOWS\system32\TPSMain.exe]
    "QuickTime Task"="C:\Programmi\QuickTime Alternative\qttask.exe" [2006-10-25 19:58]
    "iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
    "CloneDVDElbyDelay"="C:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 08:33]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 00:41 C:\WINDOWS\agrsmmsg.exe]
    "FlipViewer Library"="C:\Programmi\E-Book Systems\FlipViewer\\FlipViewerLibrary.exe" [2007-04-29 18:31]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-05-18 15:26]
    "SNM"="C:\Programmi\SpyNoMore\SNM.exe" []
    "spywarefighterguard"="C:\Programmi\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39]
    "MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-01 00:11]
    "updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
    "XPRepairPro2007"="C:\Programmi\XP Repair Pro 2007\XPRepairPro.exe" []
    "RamBooster"="C:\Programmi\RamBooster 2.0\Rambooster.exe" [2005-11-17 07:32]
    "CursorXP"="C:\Programmi\CursorXP\CursorXP.exe" [2005-01-19 17:34]
    "Uniblue SpyEraser"="C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe" [2007-07-03 13:53]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoResolveSearch"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= file:///C:\WINDOWS\privacy_danger\index.htm
    FriendlyName= Privacy Protection

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"="C:\Programmi\File comuni\stardock\MCPCore.dll" [2003-10-20 13:30]
    "{0A7A5E4B-BEF7-41F1-BBFA-84435B20CA60}"="C:\WINDOWS\msddx.dll" [2007-07-07 18:33]
    "{3D41B43E-6DFC-4AAA-B1A7-1F7D708E0919}"="C:\WINDOWS\msqnx.dll" [2007-07-07 18:33]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
    C:\Programmi\File comuni\Stardock\mcpstub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SPBBCSvc"=3 (0x3)
    "SNDSrvc"=2 (0x2)
    "SBService"=2 (0x2)
    "SAVScan"=3 (0x3)
    "navapsvc"=2 (0x2)
    "ccSetMgr"=2 (0x2)
    "ccPwdSvc"=3 (0x3)
    "ccProxy"=2 (0x2)
    "ccEvtMgr"=2 (0x2)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command- F:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}]
    Auto\command- Cn911.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}]
    Auto\command- Cn911.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5b707d4-0ff9-11db-9e31-806d6172696f}]
    AutoRun\command- E:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5b707d5-0ff9-11db-9e31-806d6172696f}]
    AutoRun\command- F:\Autorun.exe


    Contents of the 'Scheduled Tasks' folder
    2007-07-05 19:20:12 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-07-08 13:40:44 C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
    2007-07-08 01:45:30 C:\WINDOWS\tasks\Uniblue SpyEraser.job
    2007-07-08 00:35:14 C:\WINDOWS\tasks\User_Feed_Synchronization-{1E731FA1-206A-41D8-A6F6-1B3B3167BDF3}.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-08 15:47:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-08 15:48:17
    C:\ComboFix-quarantined-files.txt ... 2007-07-08 15:48

    --- E O F ---


    ----------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 15.49.43, on 08/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ACS.exe
    C:\Programmi\File comuni\Stardock\SDMCP.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\E-Book Systems\FlipViewer\FlipViewerLibrary.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\Programmi\SPYWAREfighter\spftray.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\Programmi\RamBooster 2.0\Rambooster.exe
    C:\Programmi\CursorXP\CursorXP.exe
    C:\Programmi\SPYWAREfighter\spfprc.exe
    C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Programmi\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\notepad.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSVPS System - {4118A625-1B64-4ED1-A2E9-76DEC529D2D2} - C:\WINDOWS\qnxplugin.dll
    O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRA~1\E-BOOK~1\FLIPVI~1\fplaunch.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [FlipViewer Library] C:\Programmi\E-Book Systems\FlipViewer\\FlipViewerLibrary.exe /showmode=hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SNM] C:\Programmi\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmi\SPYWAREfighter\spftray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [XPRepairPro2007] C:\Programmi\XP Repair Pro 2007\XPRepairPro.exe /r
    O4 - HKCU\..\Run: [RamBooster] C:\Programmi\RamBooster 2.0\Rambooster.exe
    O4 - HKCU\..\Run: [CursorXP] C:\Programmi\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe" -m
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Silica Calender.lnk = C:\Programmi\Stardock\Object Desktop\DesktopX\Widgets\Silica Calendar.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Programmi\FlashKeeper\GetFlash.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Programmi\FlashKeeper\GetFlash.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: MCPClient - C:\Programmi\File comuni\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: msddx - {0A7A5E4B-BEF7-41F1-BBFA-84435B20CA60} - C:\WINDOWS\msddx.dll
    O21 - SSODL: msqnx - {3D41B43E-6DFC-4AAA-B1A7-1F7D708E0919} - C:\WINDOWS\msqnx.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Programmi\SPYWAREfighter\spfprc.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    ===================================


    I'm waiting for your next instructions.....
     
  5. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please navigate to Add/Remove Programs and remove Spyware Fighter or SpamFighter


    please visit SpyKillers forum here

    http://www.thespykiller.co.uk/forum/index.php?board=1.0

    Read the instructions for uploading files which is the first topic on the forum then start a new Topic named 'Files for AndyManchesta' , please then post a link to this thread and upload the requested files
    C:\WINDOWS\qnxplugin.dll
    C:\WINDOWS\msqnx.dll
    C:\WINDOWS\msddx.dll



    =================================

    Please download the attached file named ComboFix-Do.txt and Save it to your Desktop.

    [​IMG]

    Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe


    In your next reply, please post a fresh Combofix log and a fresh Hijackthis log.


    Do not run on any other computer!!!! The Attached file CFScript.txt is created for this specfic computer. Running it on another system could cause it to crash or worse.
     

    Attached Files:

  6. tiffany77

    tiffany77 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    13
    Great!!! icons disappeared, no more pop up and on my desktop I can see again the composition VII by Kandinsky.

    Ok, I post the new logs:


    "Ten.Col. BRUNO" - 2007-07-08 15:42:37 - ComboFix 07-07-07.3 - Service Pack 2


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\TENCOL~2.BRU\Desktop.\Error Cleaner.url
    C:\DOCUME~1\TENCOL~2.BRU\Desktop.\Privacy Protector.url
    C:\DOCUME~1\TENCOL~2.BRU\Desktop.\Spyware&Malware Protection.url
    C:\DOCUME~1\TENCOL~2.BRU\PREFER~1.\Error Cleaner.url
    C:\DOCUME~1\TENCOL~2.BRU\PREFER~1.\Privacy Protector.url
    C:\DOCUME~1\TENCOL~2.BRU\PREFER~1.\Spyware&Malware Protection.url
    C:\WINDOWS\privacy_danger
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\index.htm


    ((((((((((((((((((((((((( Files Created from 2007-06-08 to 2007-07-08 )))))))))))))))))))))))))))))))


    2007-07-08 15:23 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-07-08 03:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2007-07-08 02:52 <DIR> d-------- C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Uniblue
    2007-07-08 02:51 <DIR> d-------- C:\Programmi\Uniblue
    2007-07-08 02:36 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-08 02:29 <DIR> d-------- C:\Deckard
    2007-07-07 23:49 <DIR> d-------- C:\Programmi\SPYWAREfighter
    2007-07-07 23:49 <DIR> d-------- C:\Programmi\File comuni\Application
    2007-07-07 20:39 <DIR> d-------- C:\Programmi\NoAdware5.0
    2007-07-07 20:28 1,152 --a------ C:\WINDOWS\system32\windrv.sys
    2007-07-07 18:59 204,800 --a------ C:\WINDOWS\qnxplugin.dll
    2007-07-07 18:59 173,056 --a------ C:\WINDOWS\msqnx.dll
    2007-07-07 18:59 172,032 --a------ C:\WINDOWS\msddx.dll
    2007-06-28 16:26 <DIR> d-------- C:\Python24
    2007-06-28 16:20 <DIR> d-------- C:\Programmi\Blender Foundation
    2007-06-27 22:32 <DIR> d-------- C:\Programmi\AnswerWorks 4.0
    2007-06-27 22:27 <DIR> d-------- C:\Programmi\AutoCAD 2007
    2007-06-27 22:23 <DIR> d-------- C:\Programmi\File comuni\Autodesk Shared
    2007-06-27 11:12 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2007-06-27 11:12 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2007-06-26 14:08 <DIR> d-------- C:\Programmi\VOXEL-MAN 3D-Navigator
    2007-06-20 19:17 <DIR> d-------- C:\Programmi\PixAround.com
    2007-06-20 19:17 <DIR> d-------- C:\My PixAround
    2007-06-17 22:31 57,436 --a------ C:\WINDOWS\DASShp.dll
    2007-06-17 22:31 <DIR> d-------- C:\Programmi\Microsoft Reader
    2007-06-17 19:15 <DIR> d-------- C:\WINDOWS\Lhsp
    2007-06-17 19:13 <DIR> d-------- C:\Programmi\VocalReader
    2007-06-12 13:13 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
    2007-06-12 13:13 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
    2007-06-12 13:13 383 --a------ C:\WINDOWS\system32\haspdos.sys
    2007-06-12 13:11 29,028 --a------ C:\WINDOWS\system32\MSPLIT.EXE
    2007-06-12 13:11 21,638 --a------ C:\WINDOWS\system32\Mpack.exe
    2007-06-12 13:11 17,858 --a------ C:\WINDOWS\system32\Munpack.exe
    2007-06-12 13:11 15,956 --a------ C:\WINDOWS\system32\MJOIN.EXE
    2007-06-12 13:10 <DIR> d-------- C:\Mcam9
    2007-06-11 03:30 <DIR> d-------- C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\DassaultSystemes
    2007-06-11 03:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\DassaultSystemes
    2007-06-11 03:27 <DIR> d-------- C:\Office10
    2007-06-11 03:24 <DIR> d-------- C:\Programmi\INUS Technology
    2007-06-11 03:24 <DIR> d-------- C:\Programmi\File comuni\Crystal Decisions
    2007-06-11 03:24 <DIR> d-------- C:\Programmi\Crystal Decisions
    2007-06-11 03:18 733,296 --a------ C:\WINDOWS\system\OPENGL32.DLL
    2007-06-11 03:18 66,560 --a------ C:\WINDOWS\system32\s2dtconv.dll
    2007-06-11 03:18 48,128 --a------ C:\WINDOWS\system32\wnaspi32.dll
    2007-06-11 03:18 26,384 --a------ C:\WINDOWS\system32\FM20ENU.DLL
    2007-06-11 03:18 24,576 --a------ C:\WINDOWS\system32\Sbtrvd32.dll
    2007-06-11 03:18 139,712 --a------ C:\WINDOWS\system\GLU32.DLL
    2007-06-10 19:05 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
    2007-06-10 19:05 <DIR> d-------- C:\Programmi\Mobipocket.com
    2007-06-10 18:56 <DIR> d-------- C:\Programmi\ICE Book Reader Professional
    2007-06-10 18:20 <DIR> d-------- C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Mobipocket
    2007-06-08 11:52 947,096 --a------ C:\WINDOWS\system32\_ISource30.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-08 13:14:23 -------- d-----w C:\Programmi\eMule
    2007-07-08 11:56:15 -------- d-----w C:\Programmi\RamBooster 2.0
    2007-07-08 11:53:12 -------- d-----w C:\Programmi\Messenger
    2007-07-08 11:53:00 -------- d-----w C:\Programmi\iTunes
    2007-07-08 11:50:07 -------- d-----w C:\Programmi\Google
    2007-07-08 11:50:01 -------- d-----w C:\Programmi\FlashKeeper
    2007-07-08 11:49:57 -------- d-----w C:\Programmi\File comuni\stardock
    2007-07-08 09:55:08 -------- d-----w C:\Programmi\CursorXP
    2007-07-08 00:19:03 -------- d-----w C:\Programmi\EAdwareRemoval
    2007-07-04 22:15:58 -------- d--h--w C:\Programmi\InstallShield Installation Information
    2007-06-29 22:15:33 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\gtk-2.0
    2007-06-27 20:27:11 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Autodesk
    2007-06-27 20:23:51 -------- d-----w C:\Programmi\Autodesk
    2007-06-17 20:46:47 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\ESTsoft
    2007-06-17 20:46:32 -------- d-----w C:\Programmi\ESTsoft
    2007-06-09 12:23:49 -------- d-----w C:\Programmi\Aladdin
    2007-06-09 10:10:28 12 ----a-w C:\WINDOWS\system32\haspaddr.dat
    2007-06-05 22:21:54 -------- d-----w C:\Programmi\DivX
    2007-06-03 22:08:34 -------- d-----w C:\Programmi\Emule Speed Up Pro
    2007-06-03 21:35:19 -------- d-----w C:\Programmi\Icon Constructor 3
    2007-06-03 20:30:10 -------- d-----w C:\Programmi\Stardock
    2007-06-03 16:46:41 -------- d-----w C:\Programmi\AareSoft
    2007-06-03 15:08:03 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
    2007-06-01 14:44:56 -------- d-----w C:\Programmi\Microsoft SQL Server
    2007-06-01 14:27:29 -------- d-----w C:\Programmi\Easypano
    2007-05-31 17:54:32 -------- d-----w C:\Programmi\VirtualDub
    2007-05-31 17:50:50 -------- d-----w C:\Programmi\Gabest
    2007-05-31 13:57:46 -------- d-----w C:\Programmi\Singular Inversions
    2007-05-31 13:45:04 -------- d-----w C:\Programmi\File comuni\McNeel Shared
    2007-05-31 13:44:18 -------- d-----w C:\Programmi\Rhinoceros 4.0
    2007-05-31 10:43:16 80,368 -c--a-w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\GDIPFONTCACHEV1.DAT
    2007-05-31 10:32:20 1,080 -c--a-w C:\WINDOWS\AUTOLNCH.REG
    2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-05-29 22:01:14 -------- d-----w C:\Programmi\Rainbow Technologies
    2007-05-29 21:16:56 -------- d-----w C:\Programmi\File comuni\InstallShield
    2007-05-29 21:15:42 -------- d-----w C:\Programmi\infragistics
    2007-05-29 21:15:38 -------- d-----w C:\Programmi\codejock software
    2007-05-28 18:42:28 -------- d-----w C:\Programmi\Virtual MODELA
    2007-05-28 18:41:56 -------- d-----w C:\Programmi\MODELA Player 4
    2007-05-24 12:25:41 -------- d-----w C:\Programmi\Exact Audio Copy
    2007-05-23 11:52:59 -------- d-----w C:\Programmi\Vextractor
    2007-05-21 22:34:04 -------- d-----w C:\Programmi\Combined Community Codec Pack
    2007-05-20 21:16:42 -------- d-----w C:\Programmi\ElectricSheep Windows Media Player Visualization
    2007-05-20 21:15:30 -------- d-----w C:\Programmi\Mediacenter
    2007-05-20 21:12:52 -------- d-----w C:\Programmi\File comuni\Nullsoft
    2007-05-20 15:47:02 -------- d-----w C:\Programmi\XP Repair Pro 2007
    2007-05-20 15:29:46 -------- d-----w C:\Programmi\Victoria Clothes Organizer
    2007-05-20 12:25:20 -------- d-----w C:\Programmi\Crawler
    2007-05-20 00:21:50 8 ----a-w C:\WINDOWS\system32\F73859.bin
    2007-05-19 23:28:59 1,080,827 ----a-w C:\new_year_group.exe
    2007-05-19 23:28:18 1,051,377 ----a-w C:\mother_day_baby.exe
    2007-05-19 23:28:07 1,481,771 ----a-w C:\daboyz2.exe
    2007-05-19 23:23:59 8 ----a-w C:\WINDOWS\system32\e9243f.bin
    2007-05-19 22:36:28 -------- d-----w C:\Programmi\GlobFX Technologies
    2007-05-19 22:17:54 -------- d-----w C:\Programmi\eRightSoft
    2007-05-19 19:40:17 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\DivX
    2007-05-19 19:32:36 56 --sh--r C:\WINDOWS\system32\5AF6EB2C1B.sys
    2007-05-19 19:32:36 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-05-19 19:01:49 -------- d-----w C:\Programmi\FLVPlayer
    2007-05-19 18:35:39 4,562 ----a-w C:\WINDOWS\mozver.dat
    2007-05-19 13:06:25 -------- d-----w C:\Programmi\123 AVI to GIF Converter
    2007-05-18 13:28:42 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Real
    2007-05-18 13:27:22 -------- d-----w C:\Programmi\File comuni\xing shared
    2007-05-18 13:27:15 -------- d-----w C:\Programmi\File comuni\Real
    2007-05-18 13:26:32 -------- d-----w C:\Programmi\Real
    2007-05-18 00:50:01 -------- d-----w C:\Programmi\Windows Media Bonus Pack for Windows XP
    2007-05-17 23:50:48 0 ----a-w C:\WINDOWS\nsreg.dat
    2007-05-17 23:50:37 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Talkback
    2007-05-17 23:50:14 99,970 ----a-w C:\WINDOWS\UninstallFirefox.exe
    2007-05-17 22:23:34 -------- d-----w C:\Programmi\File comuni\Symantec Shared
    2007-05-17 22:19:48 -------- d-----w C:\Programmi\Symantec
    2007-05-17 22:11:40 -------- d-----w C:\Programmi\McAfee.com
    2007-05-16 15:12:56 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-15 17:48:33 -------- d-----w C:\Programmi\Autodesk Architectural Desktop 2007
    2007-05-14 22:42:46 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Inkscape
    2007-05-14 22:31:53 -------- d-----w C:\Programmi\Inkscape
    2007-05-14 19:55:25 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Ahead
    2007-05-14 17:28:16 -------- d-----w C:\Programmi\Team MediaPortal
    2007-05-14 13:17:09 -------- d-----w C:\Programmi\AntiDialer
    2007-05-14 12:59:50 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
    2007-05-13 22:09:50 -------- d-----w C:\Programmi\Alwil Software
    2007-05-13 22:02:05 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Lavasoft
    2007-05-13 15:27:09 -------- d-----w C:\DOCUME~1\TENCOL~2.BRU\DATIAP~1\Video DVD Maker FREE
    2007-05-13 15:24:42 -------- d-----w C:\Programmi\Ahead
    2007-05-13 15:24:29 -------- d-----w C:\Programmi\File comuni\Ahead
    2007-05-13 15:04:16 1,024,000 ----a-w C:\WINDOWS\system32\ewmpegco.dll
    2007-05-13 15:03:19 -------- d-----w C:\Programmi\Video DVD Maker FREE
    2007-05-11 16:52:36 -------- d-----w C:\Programmi\Carl The Caveman
    2007-05-11 16:49:27 -------- d-----w C:\Programmi\ReflexiveArcade
    2007-05-11 15:50:15 -------- d-----w C:\Programmi\Prince Persia
    2007-05-09 12:29:25 -------- d-----w C:\Programmi\ArcheoVR
    2007-05-06 22:11:05 8,464 -c--a-w C:\WINDOWS\system32\sporder.dll
    2007-05-03 12:00:44 75,586 -c--a-w C:\WINDOWS\system32\perfc010.dat
    2007-05-03 12:00:44 449,714 -c--a-w C:\WINDOWS\system32\perfh010.dat
    2007-04-30 15:46:10 745,600 -c--a-w C:\WINDOWS\system32\aswBoot.exe
    2007-04-30 15:35:28 95,872 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
    2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    2005-11-21 16:54 399424 --a--c--- C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-12-18 04:16 59032 --a------ C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4118A625-1B64-4ED1-A2E9-76DEC529D2D2}]
    2007-07-07 18:33 204800 --a------ C:\WINDOWS\qnxplugin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}]
    2004-08-04 12:18 49152 --a------ C:\PROGRA~1\E-BOOK~1\FLIPVI~1\fplaunch.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    2005-05-31 05:33 118844 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-01-19 23:56 2423872 -ra--c--- c:\programmi\google\googletoolbar2.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 00:28]
    "SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 00:26]
    "PadTouch"="C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 10:56]
    "TPSMain"="TPSMain.exe" [2005-02-17 11:11 C:\WINDOWS\system32\TPSMain.exe]
    "QuickTime Task"="C:\Programmi\QuickTime Alternative\qttask.exe" [2006-10-25 19:58]
    "iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
    "CloneDVDElbyDelay"="C:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-02 08:33]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 00:41 C:\WINDOWS\agrsmmsg.exe]
    "FlipViewer Library"="C:\Programmi\E-Book Systems\FlipViewer\\FlipViewerLibrary.exe" [2007-04-29 18:31]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
    "TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-05-18 15:26]
    "SNM"="C:\Programmi\SpyNoMore\SNM.exe" []
    "spywarefighterguard"="C:\Programmi\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39]
    "MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24]
    "swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-01 00:11]
    "updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
    "XPRepairPro2007"="C:\Programmi\XP Repair Pro 2007\XPRepairPro.exe" []
    "RamBooster"="C:\Programmi\RamBooster 2.0\Rambooster.exe" [2005-11-17 07:32]
    "CursorXP"="C:\Programmi\CursorXP\CursorXP.exe" [2005-01-19 17:34]
    "Uniblue SpyEraser"="C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe" [2007-07-03 13:53]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoResolveSearch"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= file:///C:\WINDOWS\privacy_danger\index.htm
    FriendlyName= Privacy Protection

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"="C:\Programmi\File comuni\stardock\MCPCore.dll" [2003-10-20 13:30]
    "{0A7A5E4B-BEF7-41F1-BBFA-84435B20CA60}"="C:\WINDOWS\msddx.dll" [2007-07-07 18:33]
    "{3D41B43E-6DFC-4AAA-B1A7-1F7D708E0919}"="C:\WINDOWS\msqnx.dll" [2007-07-07 18:33]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
    C:\Programmi\File comuni\Stardock\mcpstub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SPBBCSvc"=3 (0x3)
    "SNDSrvc"=2 (0x2)
    "SBService"=2 (0x2)
    "SAVScan"=3 (0x3)
    "navapsvc"=2 (0x2)
    "ccSetMgr"=2 (0x2)
    "ccPwdSvc"=3 (0x3)
    "ccProxy"=2 (0x2)
    "ccEvtMgr"=2 (0x2)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command- F:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}]
    Auto\command- Cn911.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}]
    Auto\command- Cn911.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5b707d4-0ff9-11db-9e31-806d6172696f}]
    AutoRun\command- E:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5b707d5-0ff9-11db-9e31-806d6172696f}]
    AutoRun\command- F:\Autorun.exe


    Contents of the 'Scheduled Tasks' folder
    2007-07-05 19:20:12 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-07-08 13:40:44 C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
    2007-07-08 01:45:30 C:\WINDOWS\tasks\Uniblue SpyEraser.job
    2007-07-08 00:35:14 C:\WINDOWS\tasks\User_Feed_Synchronization-{1E731FA1-206A-41D8-A6F6-1B3B3167BDF3}.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-08 15:47:25
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-08 15:48:17
    C:\ComboFix-quarantined-files.txt ... 2007-07-08 15:48

    --- E O F ---


    ---------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 17.09.04, on 08/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ACS.exe
    C:\Programmi\File comuni\Stardock\SDMCP.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\E-Book Systems\FlipViewer\FlipViewerLibrary.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\Programmi\RamBooster 2.0\Rambooster.exe
    C:\Programmi\CursorXP\CursorXP.exe
    C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\eMule\emule.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Programmi\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRA~1\E-BOOK~1\FLIPVI~1\fplaunch.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [FlipViewer Library] C:\Programmi\E-Book Systems\FlipViewer\\FlipViewerLibrary.exe /showmode=hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SNM] C:\Programmi\SpyNoMore\SNM.exe /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [XPRepairPro2007] C:\Programmi\XP Repair Pro 2007\XPRepairPro.exe /r
    O4 - HKCU\..\Run: [RamBooster] C:\Programmi\RamBooster 2.0\Rambooster.exe
    O4 - HKCU\..\Run: [CursorXP] C:\Programmi\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe" -m
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Silica Calender.lnk = C:\Programmi\Stardock\Object Desktop\DesktopX\Widgets\Silica Calendar.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Programmi\FlashKeeper\GetFlash.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Programmi\FlashKeeper\GetFlash.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: MCPClient - C:\Programmi\File comuni\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: msddx - {0A7A5E4B-BEF7-41F1-BBFA-84435B20CA60} - C:\WINDOWS\msddx.dll (file missing)
    O21 - SSODL: msqnx - {3D41B43E-6DFC-4AAA-B1A7-1F7D708E0919} - C:\WINDOWS\msqnx.dll (file missing)
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe


    Grazie mille!!!!!!!
     
  7. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Run HijackThis, and press "Do a System Scan Only".
    1. When the scan is complete place a check mark next to the following entries:

    O21 - SSODL: msddx - {0A7A5E4B-BEF7-41F1-BBFA-84435B20CA60} - C:\WINDOWS\msddx.dll (file missing)
    O21 - SSODL: msqnx - {3D41B43E-6DFC-4AAA-B1A7-1F7D708E0919} - C:\WINDOWS\msqnx.dll (file missing)

    2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...


    ==================================

    Be sure you have your Flash drive plugged in.



    Download the enclosed folder. Save and extract its contents to the desktop. It is a folder containing a Batch file, get autoruns.bat, Written by Mosaic1. Once extracted, open the folder and double click on the get autoruns.bat to run the fix.

    1. The fix will make a report and if any autoruns are found, move them to a backup folder.
    2. If any autoruns are found on the root of your drives, it will kill explorer so that the registry entries in the MountPoints key are fixed.
    3. A document, Part 1.txt, will be created. It will show the pre-cleaning state.
    4. Run get autoruns.bat again immediately.
    5. It will produce a file named Part2.txt and this one will show the state after the cleaning.
    6. Please post the contents of Part1.txt and Part2.txt then along with a fresh Hjackthis log.

    ** It is important that you follow these directions exactly. Don't skip the second run or the reporting sequence, as we will become confused.
     

    Attached Files:

  8. tiffany77

    tiffany77 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    13
    These are the new .txt


    PART 1

    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##tro-ps-s-7-cifs#sys#datanob#ref_sys#Ref_MS_Appl]
    "BaseClass"="Drive"
    "_CommentFromDesktopINI"=""
    "_LabelFromDesktopINI"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##tro-ps-s-7-cifs#sys#datanob#SW_Dev_Tools]
    "BaseClass"="Drive"
    "_CommentFromDesktopINI"=""
    "_LabelFromDesktopINI"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,20,00,00,00,09,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\_Autorun]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\_Autorun\DefaultIcon]
    @="E:\\Autorun.ico"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
    @="AutoRun"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
    @="AutoPla&y"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
    @="F:\\Autorun.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\_Autorun]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\_Autorun\DefaultIcon]
    @="F:\\Autorun.ico"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a09338-b093-11db-8969-866073a26e21}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a09338-b093-11db-8969-866073a26e21}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a09338-b093-11db-8969-866073a26e21}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a09338-b093-11db-8969-866073a26e21}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08497ab6-1f82-11da-9128-806d6172696f}]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08497ab7-1f82-11da-9128-806d6172696f}]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b09e35e-9271-11db-b561-f577afbab9cd}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,07,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b09e35e-9271-11db-b561-f577afbab9cd}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b09e35e-9271-11db-b561-f577afbab9cd}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b09e35e-9271-11db-b561-f577afbab9cd}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a68b032-426c-11db-b4c7-d040875e9c5b}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,02,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a68b032-426c-11db-b4c7-d040875e9c5b}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a68b032-426c-11db-b4c7-d040875e9c5b}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a68b032-426c-11db-b4c7-d040875e9c5b}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,09,07,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}\Shell]
    @="AutoRun"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}\Shell\Auto]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}\Shell\Auto\command]
    @="Cn911.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}\Shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}\Shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}\Shell\AutoRun]
    "Extended"=""
    @="AutoPla&y"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}\Shell\AutoRun\command]
    @="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e9d9044-a17c-11db-8952-9fd112252229}]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e9d9045-a17c-11db-8952-9fd112252229}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e9d9045-a17c-11db-8952-9fd112252229}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e9d9045-a17c-11db-8952-9fd112252229}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e9d9045-a17c-11db-8952-9fd112252229}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{489b2c78-ca1c-11da-957e-f520804a66f0}]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b7b4d08-97dd-11db-b570-8efeae33e58d}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,03,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b7b4d08-97dd-11db-b570-8efeae33e58d}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b7b4d08-97dd-11db-b570-8efeae33e58d}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b7b4d08-97dd-11db-b570-8efeae33e58d}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65c144e4-0e05-11dc-8a1c-0011f5c02e85}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,02,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65c144e4-0e05-11dc-8a1c-0011f5c02e85}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65c144e4-0e05-11dc-8a1c-0011f5c02e85}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65c144e4-0e05-11dc-8a1c-0011f5c02e85}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6edb0014-9bd3-11db-8948-806d6172696f}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
    5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,df,\
    df,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,00,5f,cf,cf,df,5f,5f,5f,5f,5f,5f,5f,5f,\
    5f,5f,00,60,00,00,00,08,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6edb0014-9bd3-11db-8948-806d6172696f}\_Autorun]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6edb0014-9bd3-11db-8948-806d6172696f}\_Autorun\DefaultIcon]
    @="D:\\Icon 1.ico"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6e-248c-11dc-8a49-0011f5c02e85}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,09,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}\Shell]
    @="AutoRun"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}\Shell\Auto]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}\Shell\Auto\command]
    @="Cn911.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}\Shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}\Shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}\Shell\AutoRun]
    "Extended"=""
    @="AutoPla&y"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}\Shell\AutoRun\command]
    @="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84f044ed-abac-11db-895f-de47f96283c6}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,03,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84f044ed-abac-11db-895f-de47f96283c6}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84f044ed-abac-11db-895f-de47f96283c6}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84f044ed-abac-11db-895f-de47f96283c6}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbb40c74-8b51-11db-b53e-b678195ed9ed}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,02,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbb40c74-8b51-11db-b53e-b678195ed9ed}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbb40c74-8b51-11db-b53e-b678195ed9ed}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbb40c74-8b51-11db-b53e-b678195ed9ed}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb7e96ae-7d0d-11da-9506-00a0d12a8b5c}]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2e6a0e4-24a6-11db-9e43-ec642892ea47}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,02,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2e6a0e4-24a6-11db-9e43-ec642892ea47}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2e6a0e4-24a6-11db-9e43-ec642892ea47}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2e6a0e4-24a6-11db-9e43-ec642892ea47}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5a9bcd8-95a5-11db-b567-c237e7dea472}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7566256-7c39-11da-9505-806d6172696f}]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7566257-7c39-11da-9505-806d6172696f}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
    5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,df,\
    df,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,60,00,00,00,08,04,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d4-0ff9-11db-9e31-806d6172696f}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,20,00,00,00,09,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d4-0ff9-11db-9e31-806d6172696f}\Shell]
    @="AutoRun"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d4-0ff9-11db-9e31-806d6172696f}\Shell\AutoRun]
    @="AutoPla&y"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d4-0ff9-11db-9e31-806d6172696f}\Shell\AutoRun\command]
    @="E:\\Autorun.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d4-0ff9-11db-9e31-806d6172696f}\_Autorun]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d4-0ff9-11db-9e31-806d6172696f}\_Autorun\DefaultIcon]
    @="E:\\Autorun.ico"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d5-0ff9-11db-9e31-806d6172696f}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,20,00,00,00,09,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d5-0ff9-11db-9e31-806d6172696f}\Shell]
    @="AutoRun"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d5-0ff9-11db-9e31-806d6172696f}\Shell\AutoRun]
    @="AutoPla&y"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d5-0ff9-11db-9e31-806d6172696f}\Shell\AutoRun\command]
    @="F:\\Autorun.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d5-0ff9-11db-9e31-806d6172696f}\_Autorun]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d5-0ff9-11db-9e31-806d6172696f}\_Autorun\DefaultIcon]
    @="F:\\Autorun.ico"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fac4df5e-3a7b-11db-9e4a-b06cf3ce02e8}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,02,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fac4df5e-3a7b-11db-9e4a-b06cf3ce02e8}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fac4df5e-3a7b-11db-9e4a-b06cf3ce02e8}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fac4df5e-3a7b-11db-9e4a-b06cf3ce02e8}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48e-aa18-11db-895b-ff141c4e2f82}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48e-aa18-11db-895b-ff141c4e2f82}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48e-aa18-11db-895b-ff141c4e2f82}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48e-aa18-11db-895b-ff141c4e2f82}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48f-aa18-11db-895b-ff141c4e2f82}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,02,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48f-aa18-11db-895b-ff141c4e2f82}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48f-aa18-11db-895b-ff141c4e2f82}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48f-aa18-11db-895b-ff141c4e2f82}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff465833-0943-11dc-8a0f-0011f5c02e85}]
    "BaseClass"="Drive"
    "_CommentFromDesktopINI"="Contiene file musicali e audio."
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff465833-0943-11dc-8a0f-0011f5c02e85}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff465833-0943-11dc-8a0f-0011f5c02e85}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff465833-0943-11dc-8a0f-0011f5c02e85}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{6edb0014-9bd3-11db-8948-806d6172696f}]
    "Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,\
    64,00,52,00,6f,00,6d,00,4d,00,41,00,54,00,53,00,48,00,49,00,54,00,41,00,5f,\
    00,44,00,56,00,44,00,2d,00,52,00,41,00,4d,00,5f,00,55,00,4a,00,2d,00,38,00,\
    34,00,31,00,53,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,\
    00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,31,00,2e,00,30,00,30,00,5f,00,5f,00,\
    5f,00,5f,00,23,00,35,00,26,00,33,00,32,00,39,00,38,00,63,00,32,00,33,00,38,\
    00,26,00,30,00,26,00,30,00,2e,00,30,00,2e,00,30,00,23,00,7b,00,35,00,33,00,\
    66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,\
    00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,\
    30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
    65,00,7b,00,36,00,65,00,64,00,62,00,30,00,30,00,31,00,34,00,2d,00,39,00,62,\
    00,64,00,33,00,2d,00,31,00,31,00,64,00,62,00,2d,00,38,00,39,00,34,00,38,00,\
    2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
    00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,\
    6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,ff,01,00,\
    00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00,\
    00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
    00
    "Generation"=dword:00000001

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d7566256-7c39-11da-9505-806d6172696f}]
    "Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
    47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
    00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
    67,00,6e,00,61,00,74,00,75,00,72,00,65,00,33,00,36,00,31,00,34,00,45,00,30,\
    00,36,00,34,00,4f,00,66,00,66,00,73,00,65,00,74,00,37,00,45,00,30,00,30,00,\
    4c,00,65,00,6e,00,67,00,74,00,68,00,31,00,32,00,41,00,31,00,43,00,39,00,30,\
    00,34,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,\
    64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,\
    00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,\
    66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
    65,00,7b,00,64,00,37,00,35,00,36,00,36,00,32,00,35,00,36,00,2d,00,37,00,63,\
    00,33,00,39,00,2d,00,31,00,31,00,64,00,61,00,2d,00,39,00,35,00,30,00,35,00,\
    2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
    00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
    54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
    00,ff,00,07,00,ff,00,00,00,16,00,00,00,a4,db,2d,34,00,00,00,00,00,00,00,30,\
    00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
    00
    "Generation"=dword:00000001

    Part1 Report
    08/07/2007 17.37.23,20

    No Autorun files found in C:\WINDOWS

    No Autorun files found in C:\WINDOWS\system32

    No Autorun files found in root of C:


    ==============================
     
  9. tiffany77

    tiffany77 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    13
    PART2

    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##tro-ps-s-7-cifs#sys#datanob#ref_sys#Ref_MS_Appl]
    "BaseClass"="Drive"
    "_CommentFromDesktopINI"=""
    "_LabelFromDesktopINI"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##tro-ps-s-7-cifs#sys#datanob#SW_Dev_Tools]
    "BaseClass"="Drive"
    "_CommentFromDesktopINI"=""
    "_LabelFromDesktopINI"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,20,00,00,00,09,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\_Autorun]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\_Autorun\DefaultIcon]
    @="E:\\Autorun.ico"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
    @="AutoRun"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
    @="AutoPla&y"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
    @="F:\\Autorun.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\_Autorun]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\_Autorun\DefaultIcon]
    @="F:\\Autorun.ico"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a09338-b093-11db-8969-866073a26e21}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a09338-b093-11db-8969-866073a26e21}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a09338-b093-11db-8969-866073a26e21}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04a09338-b093-11db-8969-866073a26e21}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08497ab6-1f82-11da-9128-806d6172696f}]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08497ab7-1f82-11da-9128-806d6172696f}]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b09e35e-9271-11db-b561-f577afbab9cd}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,07,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b09e35e-9271-11db-b561-f577afbab9cd}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b09e35e-9271-11db-b561-f577afbab9cd}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b09e35e-9271-11db-b561-f577afbab9cd}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a68b032-426c-11db-b4c7-d040875e9c5b}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,02,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a68b032-426c-11db-b4c7-d040875e9c5b}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a68b032-426c-11db-b4c7-d040875e9c5b}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a68b032-426c-11db-b4c7-d040875e9c5b}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,09,07,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}\Shell]
    @="AutoRun"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}\Shell\Auto]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}\Shell\Auto\command]
    @="Cn911.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}\Shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}\Shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}\Shell\AutoRun]
    "Extended"=""
    @="AutoPla&y"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d40f2fc-b12d-11db-896a-acad6f1dfb45}\Shell\AutoRun\command]
    @="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e9d9044-a17c-11db-8952-9fd112252229}]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e9d9045-a17c-11db-8952-9fd112252229}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e9d9045-a17c-11db-8952-9fd112252229}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e9d9045-a17c-11db-8952-9fd112252229}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e9d9045-a17c-11db-8952-9fd112252229}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{489b2c78-ca1c-11da-957e-f520804a66f0}]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b7b4d08-97dd-11db-b570-8efeae33e58d}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,03,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b7b4d08-97dd-11db-b570-8efeae33e58d}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b7b4d08-97dd-11db-b570-8efeae33e58d}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b7b4d08-97dd-11db-b570-8efeae33e58d}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65c144e4-0e05-11dc-8a1c-0011f5c02e85}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,02,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65c144e4-0e05-11dc-8a1c-0011f5c02e85}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65c144e4-0e05-11dc-8a1c-0011f5c02e85}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65c144e4-0e05-11dc-8a1c-0011f5c02e85}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6edb0014-9bd3-11db-8948-806d6172696f}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
    5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,df,\
    df,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,00,5f,cf,cf,df,5f,5f,5f,5f,5f,5f,5f,5f,\
    5f,5f,00,60,00,00,00,08,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6edb0014-9bd3-11db-8948-806d6172696f}\_Autorun]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6edb0014-9bd3-11db-8948-806d6172696f}\_Autorun\DefaultIcon]
    @="D:\\Icon 1.ico"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6e-248c-11dc-8a49-0011f5c02e85}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,09,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}\Shell]
    @="AutoRun"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}\Shell\Auto]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}\Shell\Auto\command]
    @="Cn911.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}\Shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}\Shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}\Shell\AutoRun]
    "Extended"=""
    @="AutoPla&y"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a2b8f6f-248c-11dc-8a49-0011f5c02e85}\Shell\AutoRun\command]
    @="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84f044ed-abac-11db-895f-de47f96283c6}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,03,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84f044ed-abac-11db-895f-de47f96283c6}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84f044ed-abac-11db-895f-de47f96283c6}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84f044ed-abac-11db-895f-de47f96283c6}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbb40c74-8b51-11db-b53e-b678195ed9ed}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,02,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbb40c74-8b51-11db-b53e-b678195ed9ed}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbb40c74-8b51-11db-b53e-b678195ed9ed}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bbb40c74-8b51-11db-b53e-b678195ed9ed}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb7e96ae-7d0d-11da-9506-00a0d12a8b5c}]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2e6a0e4-24a6-11db-9e43-ec642892ea47}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,02,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2e6a0e4-24a6-11db-9e43-ec642892ea47}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2e6a0e4-24a6-11db-9e43-ec642892ea47}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2e6a0e4-24a6-11db-9e43-ec642892ea47}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5a9bcd8-95a5-11db-b567-c237e7dea472}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7566256-7c39-11da-9505-806d6172696f}]
    "BaseClass"="Drive"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7566257-7c39-11da-9505-806d6172696f}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,\
    5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,df,\
    df,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,60,00,00,00,08,04,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d4-0ff9-11db-9e31-806d6172696f}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,20,00,00,00,09,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d4-0ff9-11db-9e31-806d6172696f}\Shell]
    @="AutoRun"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d4-0ff9-11db-9e31-806d6172696f}\Shell\AutoRun]
    @="AutoPla&y"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d4-0ff9-11db-9e31-806d6172696f}\Shell\AutoRun\command]
    @="E:\\Autorun.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d4-0ff9-11db-9e31-806d6172696f}\_Autorun]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d4-0ff9-11db-9e31-806d6172696f}\_Autorun\DefaultIcon]
    @="E:\\Autorun.ico"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d5-0ff9-11db-9e31-806d6172696f}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,20,00,00,00,09,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d5-0ff9-11db-9e31-806d6172696f}\Shell]
    @="AutoRun"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d5-0ff9-11db-9e31-806d6172696f}\Shell\AutoRun]
    @="AutoPla&y"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d5-0ff9-11db-9e31-806d6172696f}\Shell\AutoRun\command]
    @="F:\\Autorun.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d5-0ff9-11db-9e31-806d6172696f}\_Autorun]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b707d5-0ff9-11db-9e31-806d6172696f}\_Autorun\DefaultIcon]
    @="F:\\Autorun.ico"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fac4df5e-3a7b-11db-9e4a-b06cf3ce02e8}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,02,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fac4df5e-3a7b-11db-9e4a-b06cf3ce02e8}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fac4df5e-3a7b-11db-9e4a-b06cf3ce02e8}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fac4df5e-3a7b-11db-9e4a-b06cf3ce02e8}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48e-aa18-11db-895b-ff141c4e2f82}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48e-aa18-11db-895b-ff141c4e2f82}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48e-aa18-11db-895b-ff141c4e2f82}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48e-aa18-11db-895b-ff141c4e2f82}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48f-aa18-11db-895b-ff141c4e2f82}]
    "BaseClass"="Drive"
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,02,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48f-aa18-11db-895b-ff141c4e2f82}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48f-aa18-11db-895b-ff141c4e2f82}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb01a48f-aa18-11db-895b-ff141c4e2f82}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff465833-0943-11dc-8a0f-0011f5c02e85}]
    "BaseClass"="Drive"
    "_CommentFromDesktopINI"="Contiene file musicali e audio."
    "_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
    5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
    cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
    ff,ff,00,00,10,00,00,08,00,00,00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff465833-0943-11dc-8a0f-0011f5c02e85}\shell]
    @="None"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff465833-0943-11dc-8a0f-0011f5c02e85}\shell\Autoplay]
    "MUIVerb"="@shell32.dll,-8504"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff465833-0943-11dc-8a0f-0011f5c02e85}\shell\Autoplay\DropTarget]
    "CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{6edb0014-9bd3-11db-8948-806d6172696f}]
    "Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,\
    64,00,52,00,6f,00,6d,00,4d,00,41,00,54,00,53,00,48,00,49,00,54,00,41,00,5f,\
    00,44,00,56,00,44,00,2d,00,52,00,41,00,4d,00,5f,00,55,00,4a,00,2d,00,38,00,\
    34,00,31,00,53,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,\
    00,5f,00,5f,00,5f,00,5f,00,5f,00,5f,00,31,00,2e,00,30,00,30,00,5f,00,5f,00,\
    5f,00,5f,00,23,00,35,00,26,00,33,00,32,00,39,00,38,00,63,00,32,00,33,00,38,\
    00,26,00,30,00,26,00,30,00,2e,00,30,00,2e,00,30,00,23,00,7b,00,35,00,33,00,\
    66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,\
    00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,\
    30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
    65,00,7b,00,36,00,65,00,64,00,62,00,30,00,30,00,31,00,34,00,2d,00,39,00,62,\
    00,64,00,33,00,2d,00,31,00,31,00,64,00,62,00,2d,00,38,00,39,00,34,00,38,00,\
    2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
    00,7d,00,5c,00,00,00,49,00,6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,49,00,\
    6e,00,76,00,61,00,6c,00,69,00,64,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,10,00,00,00,ff,01,00,\
    00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,ba,00,00,00,00,\
    00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
    00
    "Generation"=dword:00000001

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d7566256-7c39-11da-9505-806d6172696f}]
    "Data"=hex:00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,\
    47,00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,31,00,26,00,33,\
    00,30,00,61,00,39,00,36,00,35,00,39,00,38,00,26,00,30,00,26,00,53,00,69,00,\
    67,00,6e,00,61,00,74,00,75,00,72,00,65,00,33,00,36,00,31,00,34,00,45,00,30,\
    00,36,00,34,00,4f,00,66,00,66,00,73,00,65,00,74,00,37,00,45,00,30,00,30,00,\
    4c,00,65,00,6e,00,67,00,74,00,68,00,31,00,32,00,41,00,31,00,43,00,39,00,30,\
    00,34,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,\
    64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,\
    00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,\
    66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,\
    65,00,7b,00,64,00,37,00,35,00,36,00,36,00,32,00,35,00,36,00,2d,00,37,00,63,\
    00,33,00,39,00,2d,00,31,00,31,00,64,00,61,00,2d,00,39,00,35,00,30,00,35,00,\
    2d,00,38,00,30,00,36,00,64,00,36,00,31,00,37,00,32,00,36,00,39,00,36,00,66,\
    00,7d,00,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,\
    54,00,46,00,53,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,08,00,00,00,01,10,00,\
    00,ff,00,07,00,ff,00,00,00,16,00,00,00,a4,db,2d,34,00,00,00,00,00,00,00,30,\
    00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,\
    00
    "Generation"=dword:00000001

    Part2 Report
    08/07/2007 17.37.26,76

    No Autorun files found in C:\WINDOWS

    No Autorun files found in C:\WINDOWS\system32

    No Autorun files found in root of C:


    =======================
     
  10. tiffany77

    tiffany77 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    13
    And the hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 17.38.31, on 08/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ACS.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\File comuni\Stardock\SDMCP.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\E-Book Systems\FlipViewer\FlipViewerLibrary.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Programmi\RamBooster 2.0\Rambooster.exe
    C:\Programmi\CursorXP\CursorXP.exe
    C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Programmi\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice.it
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRA~1\E-BOOK~1\FLIPVI~1\fplaunch.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [FlipViewer Library] C:\Programmi\E-Book Systems\FlipViewer\\FlipViewerLibrary.exe /showmode=hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SNM] C:\Programmi\SpyNoMore\SNM.exe /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [XPRepairPro2007] C:\Programmi\XP Repair Pro 2007\XPRepairPro.exe /r
    O4 - HKCU\..\Run: [RamBooster] C:\Programmi\RamBooster 2.0\Rambooster.exe
    O4 - HKCU\..\Run: [CursorXP] C:\Programmi\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Programmi\Uniblue\SpyEraser\SpyEraser.exe" -m
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Silica Calender.lnk = C:\Programmi\Stardock\Object Desktop\DesktopX\Widgets\Silica Calendar.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Get Flash by FlashKeeper - C:\Programmi\FlashKeeper\GetFlash.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Programmi\FlashKeeper\GetFlash.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: MCPClient - C:\Programmi\File comuni\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
     
  11. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please download the attached file autorunfix.zip, extract/unzip autorunfix.reg to your Desktop. Double-Click on autorunfix.reg and allow it to be merged into Windows Registry.

    Reboot your Computer.


    and run get autorunfix.bat and post the logs.
     

    Attached Files:

  12. tiffany77

    tiffany77 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    13
    Well, I made everything,
    1)double-click on autorunfix.reg - OK
    2)allowed it to be merged into Windows Registry - OK
    3) reboot your computer - OK
    but I can't find get autorunfix.bat.
    Where do I look for it?
     
  13. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    If you have a folder on your Desktop called clean autoruns it will be in there. If not its okay. How is everything running??
     
  14. tiffany77

    tiffany77 Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    13
    Hi!
    Well, the folder is on my desktop but not the file.
    Yesterday I had a little problem, the computer often rebooted when I connected my mp3 reader and my desktop appeared white and there was written that active desktop was not active. I don't know if there is relationship between the two facts but it never happened before. Today is good, it's working without problem.
    I want to thank you, I've never written before in a forum and besides I'm italian (I don't study english since I finished my high school, about 10 years ago) so I was not sure I could make myself clear about the problem or completely understand all your instructions, but it seems that at last there have not been problems about understanding.
    Again thank you, GRAZIE MILLE!!!!
     
  15. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Lets run an online scan just to make sure.

    Please perform a scan with Kaspersky Webscan Online Virus Scanner
    1. Click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
    2. Read the Requirements and Privacy statement, then select "Accept".
    3. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    4. Click "Yes or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    5. When the download is complete it will say ready, click "Next".
    6. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    7. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    8. Click "OK".
    9. Under "Select a target to scan", click on "My Computer".
    10. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!


    In your next reply, please include the kaspersky log. Thanks
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/593168

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice