Tech Support Forum banner
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
8 Posts
Discussion Starter · #1 · (Edited)
I have read some of the guides posted in this forum and I realized that the analyst here would be a great help as they are friendly and very professional. The computer has persistant "Searchportal.information.com" popups with some other popup regularly even when I am not browsing the web. I hope that I could learn more and help out others how to tackle similar problems in the futher. But first I would like to cure this virus. Thanks a million in advance!

*Added information
This virus is probably brought in by an usb flashdrive. My colleague's personal computer infected her flashdrive and then brought to this computer when the flashdrive was plugged into it. I hope that the virus in the flash could also be cured so that she can use the flashdrive for work peacefully.
*End of added Information

Deckard's System Scanner v20071014.68
Run by tankl on 2008-06-10 13:35:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-10 05:35:48 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as tankl.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:35 PM, on 10/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\eManager\admtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\iqtest.exe
C:\WINDOWS\vedioeditor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\HansVision\Hansvision DXT\CalendarNotify.hpg\CalendarNotify.exe
C:\WINDOWS\system32\AlarmS4.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Common Files\Creative\Skin\SkinLoader.exe
C:\Program Files\sos.exe
C:\Program Files\Acer\eManager\admServ.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
M:\Information Technology\Kelvin Tools\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\tankl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {696D8C1E-7039-40c8-9C66-07D9D2A2D00D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Hans TTS - {4647E382-520B-11D2-A0D0-004033D0645D} - C:\Program Files\Creative\HansVision\HansTools\HansTTS\plugin\mybands.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Program Files\Acer\eManager\admtray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IQ] C:\WINDOWS\iqtest.exe
O4 - HKLM\..\Run: [vedioEditor] C:\WINDOWS\vedioeditor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Notify_E159B298-9895-4d52-B836-0765DCC33CF9] C:\Program Files\Creative\HansVision\Hansvision DXT\CalendarNotify.hpg\CalendarNotify.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
O4 - HKUS\S-1-5-21-24336569-758844552-938742375-21311\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-24336569-758844552-938742375-24060\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-24336569-758844552-938742375-24245\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AlarmS4.lnk = C:\WINDOWS\system32\AlarmS4.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ntuc.sg
O17 - HKLM\Software\..\Telephony: DomainName = ntuc.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ntuc.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ntuc.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ntuc.sg
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Hardware Monitoring Program (ADMService) - OSA Technologies Inc - C:\Program Files\Acer\eManager\admServ.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8478 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 OsaFsLoc - c:\windows\system32\drivers\osafsloc.sys <Not Verified; OSA Technologies; >
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; Windows (R) 2000 DDK provider; OSA I/O Port Driver>
R3 int15.sys - c:\program files\acer\erecovery\int15.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 PortRW - c:\windows\system32\drivers\portrw.sys <Not Verified; acer; PortRW>

S3 NdisFilt (OSA NdisFilter Protocol) - c:\windows\system32\drivers\ndisfilt.sys <Not Verified; OSA Technologies; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McTaskManager (McAfee Task Manager) - "c:\program files\mcafee\virusscan enterprise\vstskmgr.exe" <Not Verified; McAfee, Inc.; VirusScan Enterprise>
R3 ADMService (Hardware Monitoring Program) - "c:\program files\acer\emanager\admserv.exe" <Not Verified; OSA Technologies Inc; Acer eManager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-08 01:00:00 282 --a------ C:\WINDOWS\Tasks\shutdown.job
2008-03-07 22:00:03 862 --a------ C:\WINDOWS\Tasks\Friday Backup.job
2005-10-20 10:15:21 912 -----n--- C:\WINDOWS\Tasks\Wednesday Backup.job


-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2008-06-10 11:22:56 0 d-------- C:\Program Files\Lavasoft
2008-06-10 11:22:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-10 11:22:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 18:03:58 0 d---s---- C:\Documents and Settings\yapjt\UserData
2008-06-09 18:03:58 0 d--h----- C:\Documents and Settings\yapjt\Templates
2008-06-09 18:03:58 0 dr------- C:\Documents and Settings\yapjt\Start Menu
2008-06-09 18:03:58 0 dr-h----- C:\Documents and Settings\yapjt\SendTo
2008-06-09 18:03:58 0 dr-h----- C:\Documents and Settings\yapjt\Recent
2008-06-09 18:03:58 0 d--h----- C:\Documents and Settings\yapjt\PrintHood
2008-06-09 18:03:58 1048576 --ah----- C:\Documents and Settings\yapjt\NTUSER.DAT
2008-06-09 18:03:58 0 d--h----- C:\Documents and Settings\yapjt\NetHood
2008-06-09 18:03:58 0 dr------- C:\Documents and Settings\yapjt\My Documents
2008-06-09 18:03:58 0 d--h----- C:\Documents and Settings\yapjt\Local Settings
2008-06-09 18:03:58 0 dr------- C:\Documents and Settings\yapjt\Favorites
2008-06-09 18:03:58 0 d-------- C:\Documents and Settings\yapjt\Desktop
2008-06-09 18:03:58 0 d--hs---- C:\Documents and Settings\yapjt\Cookies
2008-06-09 18:03:58 0 dr-h----- C:\Documents and Settings\yapjt\Application Data
2008-06-09 18:03:58 0 d-------- C:\Documents and Settings\yapjt\Application Data\Symantec
2008-06-09 18:03:58 0 d-------- C:\Documents and Settings\yapjt\Application Data\Sun
2008-06-09 18:03:58 0 d---s---- C:\Documents and Settings\yapjt\Application Data\Microsoft
2008-06-09 18:03:58 0 d-------- C:\Documents and Settings\yapjt\Application Data\Macromedia
2008-06-09 18:03:58 0 d-------- C:\Documents and Settings\yapjt\Application Data\Identities
2008-06-09 11:52:52 0 d-------- C:\Program Files\Panda Security
2008-06-06 18:19:05 0 d-------- C:\Documents and Settings\acer\Application Data\SUPERAntiSpyware.com
2008-06-06 18:04:50 0 d-------- C:\Program Files\Trend Micro
2008-06-06 17:24:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-06 17:24:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-06 17:24:29 0 d-------- C:\Documents and Settings\tankl\Application Data\SUPERAntiSpyware.com
2008-06-06 17:00:48 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-03 14:06:59 0 d-------- C:\Documents and Settings\acer\Application Data\Macromedia
2008-06-02 12:42:22 0 d--hs---- C:\heap41a
2008-06-02 12:41:37 0 dr------- C:\Documents and Settings\tankl\Application Data\Brother
2008-05-29 12:17:32 253952 ---h----- C:\install.exe <Not Verified; Microsoft; iqtest>
2008-05-27 16:44:11 176128 ---h----- C:\WINDOWS\vedioeditor.exe <Not Verified; Microsoft; iqtest>
2008-05-27 16:44:07 200704 ---h----- C:\WINDOWS\iqtest.exe <Not Verified; Microsoft; Project1>
2008-05-27 16:44:05 253952 ---h----- C:\Program Files\sos.exe <Not Verified; Microsoft; iqtest>
2008-05-12 17:57:05 0 d-------- C:\Documents and Settings\teoal\Application Data\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-06-10 11:22:08 0 d-------- C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [09/10/2004 01:31 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [09/10/2004 01:27 AM]
"LaunchApp"="Alaunch" []
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [13/08/2004 10:45 AM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"eRecoveryService"="C:\Windows\System32\Check.exe" [25/11/2004 06:34 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [22/10/2003 04:52 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 10:00 PM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 10:00 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 10:00 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 10:00 PM]
"ADMTray.exe"="C:\Program Files\Acer\eManager\admtray.exe" [12/10/2004 10:37 AM]
"SoundMan"="SOUNDMAN.EXE" [03/11/2004 03:53 AM C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [30/11/2004 03:00 AM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [14/10/2004 09:00 AM C:\WINDOWS\ALCMTR.EXE]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [25/02/2008 10:46 AM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [25/05/2004 09:16 AM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [20/07/2004 09:34 AM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [22/02/2007 08:50 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]
"IQ"="C:\WINDOWS\iqtest.exe" [27/05/2008 04:44 PM]
"vedioEditor"="C:\WINDOWS\vedioeditor.exe" [27/05/2008 04:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00 PM]
"Notify_E159B298-9895-4d52-B836-0765DCC33CF9"="C:\Program Files\Creative\HansVision\Hansvision DXT\CalendarNotify.hpg\CalendarNotify.exe" [10/09/2004 04:04 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AlarmS4.lnk - C:\WINDOWS\system32\AlarmS4.exe [23/12/2004 8:43:25 AM]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [17/11/2005 11:09:42 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"status"=present
"winlogon"=C:\heap41a\svchost.exe C:\heap41a\std.txt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AlarmS4.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AlarmS4.lnk
backup=C:\WINDOWS\pss\AlarmS4.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPS]
C:\ACER\PSM.EXE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{164197da-f3a0-11db-90cc-00016cdc1100}]
Auto\command- H:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1260395-bd9c-11dc-91fa-00016cdc1100}]
AutoRun\command- G:\install.exe
explore\Command- G:\install.exe
open\Command- G:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c3f884-469e-11da-9a64-806d6172696f}]
AutoRun\command- jiwsxh39.exe
explore\Command- jiwsxh39.exe
open\Command- jiwsxh39.exe

*Newly Created Service* - AAWSERVICE



-- End of Deckard's System Scanner: finished at 2008-06-10 13:37:29 ------------
 

Attachments

1 - 1 of 1 Posts
Status
Not open for further replies.
Top