|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
|
|
Thread Tools |
06-09-2008, 10:49 PM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2008
Posts: 8
OS: XP sp2
|
"Searchportal" and various popup. Help needed.
I have read some of the guides posted in this forum and I realized that the analyst here would be a great help as they are friendly and very professional. The computer has persistant "Searchportal.information.com" popups with some other popup regularly even when I am not browsing the web. I hope that I could learn more and help out others how to tackle similar problems in the futher. But first I would like to cure this virus. Thanks a million in advance!
*Added information This virus is probably brought in by an usb flashdrive. My colleague's personal computer infected her flashdrive and then brought to this computer when the flashdrive was plugged into it. I hope that the virus in the flash could also be cured so that she can use the flashdrive for work peacefully. *End of added Information Deckard's System Scanner v20071014.68 Run by tankl on 2008-06-10 13:35:43 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2008-06-10 05:35:48 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 504 MiB (512 MiB recommended). -- HijackThis (run as tankl.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:36:35 PM, on 10/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Acer\eManager\admtray.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Network Associates\Common Framework\McTray.exe C:\WINDOWS\iqtest.exe C:\WINDOWS\vedioeditor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\HansVision\Hansvision DXT\CalendarNotify.hpg\CalendarNotify.exe C:\WINDOWS\system32\AlarmS4.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\acer\eRecovery\Monitor.exe C:\Program Files\Common Files\Creative\Skin\SkinLoader.exe C:\Program Files\sos.exe C:\Program Files\Acer\eManager\admServ.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe M:\Information Technology\Kelvin Tools\dss.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\TRENDM~1\HIJACK~1\tankl.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {696D8C1E-7039-40c8-9C66-07D9D2A2D00D} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O3 - Toolbar: &Hans TTS - {4647E382-520B-11D2-A0D0-004033D0645D} - C:\Program Files\Creative\HansVision\HansTools\HansTTS\plugin\mybands.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ADMTray.exe] "C:\Program Files\Acer\eManager\admtray.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [IQ] C:\WINDOWS\iqtest.exe O4 - HKLM\..\Run: [vedioEditor] C:\WINDOWS\vedioeditor.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Notify_E159B298-9895-4d52-B836-0765DCC33CF9] C:\Program Files\Creative\HansVision\Hansvision DXT\CalendarNotify.hpg\CalendarNotify.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKLM\..\Policies\Explorer\Run: [status] present O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt O4 - HKUS\S-1-5-21-24336569-758844552-938742375-21311\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-24336569-758844552-938742375-24060\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-24336569-758844552-938742375-24245\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AlarmS4.lnk = C:\WINDOWS\system32\AlarmS4.exe O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntuc.sg O17 - HKLM\Software\..\Telephony: DomainName = ntuc.sg O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntuc.sg O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ntuc.sg O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ntuc.sg O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Hardware Monitoring Program (ADMService) - OSA Technologies Inc - C:\Program Files\Acer\eManager\admServ.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 8478 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 OsaFsLoc - c:\windows\system32\drivers\osafsloc.sys <Not Verified; OSA Technologies; > R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; Windows (R) 2000 DDK provider; OSA I/O Port Driver> R3 int15.sys - c:\program files\acer\erecovery\int15.sys R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; > R3 PortRW - c:\windows\system32\drivers\portrw.sys <Not Verified; acer; PortRW> S3 NdisFilt (OSA NdisFilter Protocol) - c:\windows\system32\drivers\ndisfilt.sys <Not Verified; OSA Technologies; > -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 McTaskManager (McAfee Task Manager) - "c:\program files\mcafee\virusscan enterprise\vstskmgr.exe" <Not Verified; McAfee, Inc.; VirusScan Enterprise> R3 ADMService (Hardware Monitoring Program) - "c:\program files\acer\emanager\admserv.exe" <Not Verified; OSA Technologies Inc; Acer eManager> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-03-08 01:00:00 282 --a------ C:\WINDOWS\Tasks\shutdown.job 2008-03-07 22:00:03 862 --a------ C:\WINDOWS\Tasks\Friday Backup.job 2005-10-20 10:15:21 912 -----n--- C:\WINDOWS\Tasks\Wednesday Backup.job -- Files created between 2008-05-10 and 2008-06-10 ----------------------------- 2008-06-10 11:22:56 0 d-------- C:\Program Files\Lavasoft 2008-06-10 11:22:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-10 11:22:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-09 18:03:58 0 d---s---- C:\Documents and Settings\yapjt\UserData 2008-06-09 18:03:58 0 d--h----- C:\Documents and Settings\yapjt\Templates 2008-06-09 18:03:58 0 dr------- C:\Documents and Settings\yapjt\Start Menu 2008-06-09 18:03:58 0 dr-h----- C:\Documents and Settings\yapjt\SendTo 2008-06-09 18:03:58 0 dr-h----- C:\Documents and Settings\yapjt\Recent 2008-06-09 18:03:58 0 d--h----- C:\Documents and Settings\yapjt\PrintHood 2008-06-09 18:03:58 1048576 --ah----- C:\Documents and Settings\yapjt\NTUSER.DAT 2008-06-09 18:03:58 0 d--h----- C:\Documents and Settings\yapjt\NetHood 2008-06-09 18:03:58 0 dr------- C:\Documents and Settings\yapjt\My Documents 2008-06-09 18:03:58 0 d--h----- C:\Documents and Settings\yapjt\Local Settings 2008-06-09 18:03:58 0 dr------- C:\Documents and Settings\yapjt\Favorites 2008-06-09 18:03:58 0 d-------- C:\Documents and Settings\yapjt\Desktop 2008-06-09 18:03:58 0 d--hs---- C:\Documents and Settings\yapjt\Cookies 2008-06-09 18:03:58 0 dr-h----- C:\Documents and Settings\yapjt\Application Data 2008-06-09 18:03:58 0 d-------- C:\Documents and Settings\yapjt\Application Data\Symantec 2008-06-09 18:03:58 0 d-------- C:\Documents and Settings\yapjt\Application Data\Sun 2008-06-09 18:03:58 0 d---s---- C:\Documents and Settings\yapjt\Application Data\Microsoft 2008-06-09 18:03:58 0 d-------- C:\Documents and Settings\yapjt\Application Data\Macromedia 2008-06-09 18:03:58 0 d-------- C:\Documents and Settings\yapjt\Application Data\Identities 2008-06-09 11:52:52 0 d-------- C:\Program Files\Panda Security 2008-06-06 18:19:05 0 d-------- C:\Documents and Settings\acer\Application Data\SUPERAntiSpyware.com 2008-06-06 18:04:50 0 d-------- C:\Program Files\Trend Micro 2008-06-06 17:24:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-06 17:24:29 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-06-06 17:24:29 0 d-------- C:\Documents and Settings\tankl\Application Data\SUPERAntiSpyware.com 2008-06-06 17:00:48 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-03 14:06:59 0 d-------- C:\Documents and Settings\acer\Application Data\Macromedia 2008-06-02 12:42:22 0 d--hs---- C:\heap41a 2008-06-02 12:41:37 0 dr------- C:\Documents and Settings\tankl\Application Data\Brother 2008-05-29 12:17:32 253952 ---h----- C:\install.exe <Not Verified; Microsoft; iqtest> 2008-05-27 16:44:11 176128 ---h----- C:\WINDOWS\vedioeditor.exe <Not Verified; Microsoft; iqtest> 2008-05-27 16:44:07 200704 ---h----- C:\WINDOWS\iqtest.exe <Not Verified; Microsoft; Project1> 2008-05-27 16:44:05 253952 ---h----- C:\Program Files\sos.exe <Not Verified; Microsoft; iqtest> 2008-05-12 17:57:05 0 d-------- C:\Documents and Settings\teoal\Application Data\Adobe -- Find3M Report --------------------------------------------------------------- 2008-06-10 11:22:08 0 d-------- C:\Program Files\Common Files -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [09/10/2004 01:31 AM] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [09/10/2004 01:27 AM] "LaunchApp"="Alaunch" [] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [13/08/2004 10:45 AM C:\WINDOWS\system32\Hdaudpropshortcut.exe] "eRecoveryService"="C:\Windows\System32\Check.exe" [25/11/2004 06:34 AM] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [22/10/2003 04:52 AM] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 10:00 PM] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 10:00 PM] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 10:00 PM] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 10:00 PM] "ADMTray.exe"="C:\Program Files\Acer\eManager\admtray.exe" [12/10/2004 10:37 AM] "SoundMan"="SOUNDMAN.EXE" [03/11/2004 03:53 AM C:\WINDOWS\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [30/11/2004 03:00 AM C:\WINDOWS\ALCWZRD.EXE] "Alcmtr"="ALCMTR.EXE" [14/10/2004 09:00 AM C:\WINDOWS\ALCMTR.EXE] "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [25/02/2008 10:46 AM] "SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [25/05/2004 09:16 AM] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [20/07/2004 09:34 AM] "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [22/02/2007 08:50 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM] "IQ"="C:\WINDOWS\iqtest.exe" [27/05/2008 04:44 PM] "vedioEditor"="C:\WINDOWS\vedioeditor.exe" [27/05/2008 04:44 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00 PM] "Notify_E159B298-9895-4d52-B836-0765DCC33CF9"="C:\Program Files\Creative\HansVision\Hansvision DXT\CalendarNotify.hpg\CalendarNotify.exe" [10/09/2004 04:04 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ AlarmS4.lnk - C:\WINDOWS\system32\AlarmS4.exe [23/12/2004 8:43:25 AM] Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [17/11/2005 11:09:42 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispScrSavPage"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "status"=present "winlogon"=C:\heap41a\svchost.exe C:\heap41a\std.txt [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AlarmS4.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AlarmS4.lnk backup=C:\WINDOWS\pss\AlarmS4.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPS] C:\ACER\PSM.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{164197da-f3a0-11db-90cc-00016cdc1100}] Auto\command- H:\MicrosoftPowerPoint.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1260395-bd9c-11dc-91fa-00016cdc1100}] AutoRun\command- G:\install.exe explore\Command- G:\install.exe open\Command- G:\install.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c3f884-469e-11da-9a64-806d6172696f}] AutoRun\command- jiwsxh39.exe explore\Command- jiwsxh39.exe open\Command- jiwsxh39.exe *Newly Created Service* - AAWSERVICE -- End of Deckard's System Scanner: finished at 2008-06-10 13:37:29 ------------ Last edited by aorealme : 06-09-2008 at 10:59 PM. |
|
     |
| Thread Tools | |
|
|
