View Full Version : Unknown problem - Urgent!
Some synptoms:
a) Programs don't appear on Start Bar at all. I fixed it with a VBS script and even rebooted my computer a couple of times, and all was fine. The problem reappeared a day after.
1) Windows logon takes ages to appear, even in Safe Mode.
2) When I try to delete something, it says that Recycle Bin is corrupted.
3) Drag and Drop disabled.
4) Copy and Paste disabled.
5) Internet Explorer shuts down as soon as it appears. Imagine a flash and it's gone.
6) When I had diskeeper on it, the service refused to work, so I uninstalled.
7) Spysweeper, the probable solution to my problem, refuses to install properly. Upon restart, the program says that I have to reinstall. I couldn't get it to work even with a repeat installation (Spysweeper cannot repair).
Before all this, the computer was fine and well. I even scanned it with NOD32 and picked up 6 trojans. It must have been something I installed which caused the infections. NOD32 picked up 2 more trojans after the symptoms above appeared.
Due to IE shutting down all the time, I can't use Panda Activescan or Kaspersky. Trend Micro Housecall came up with a couple of malware/grayware and two other minor infections which I cleared. I don't have the log, though.
Ran S&D and cleared more stuff. Checked PC with the Dr. Web scanner and it was clean.
Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:42 PM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
E:\Security Programs\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.starhub.net.sg:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] "C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe"
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Search - ?p=ZCxdm490YYSG
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191471206220
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\SoDAHK.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 12392 bytes
Addenda:
1) Windows Live Messenger doesn't work, even though the internet connection is fine (over Firefox).
2) System Restore doesn't work. A dialog box pops up and says that System Restore is unable to protect the computer (or something to that effect).
3) Task Manager works.
4) Shutdown, Logoff buttons are there.
The computer looks okay. I can even load wallpapers, even though I am not using one so as to decrease the already slow boot time.
Want a screenshot of the taskbar?
ndmmxiaomayi
2007-10-07, 10:43
Hi alpha22. :)
Welcome to Safer Networking. My name is mayi and I will be helping you. As I am still in training, I will need my fixes checked before posting back to you. Thank you for your patience.
ndmmxiaomayi
2007-10-09, 03:21
Hi alpha22,
Open HijackThis.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.
In your next reply, please post:
A new HijackThis log
The Uninstall list
Forgot to mention that wireless doesn't work. Adobe PDF reader doesn't work too. When Microsoft Powerpoint is opened, the program says that an error has occured, and I should save and close my work.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:32 PM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
E:\Security Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.starhub.net.sg:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] "C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe"
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191471206220
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\SoDAHK.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 11699 bytes
----------------------------------------------
WirelessAccess IBM
Access IBM Message Center
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
CCleaner (remove only)
FlashGet 1.9.4.1063
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
IBM 32-bit Runtime Environment for Java 2, v1.4.1
IBM Access Connections
IBM Active Protection System
IBM DLA
IBM Integrated 56K Modem
IBM RecordNow!
IBM Rescue and Recovery with Rapid Restore
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
IBM ThinkVantage Technologies Welcome Message
IBM TrackPoint Accessibility Features
IBM Update Connector
Intel(R) PRO Network Adapters and Drivers
Intel(R) Sebring API
InterVideo WinDVD
iTunes
Java(TM) 6 Update 2
Messenger Plus! Live
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
OpenMG Limited Patch 4.1-05-14-24-01
OpenMG Secure Module 4.1.00
PC-Doctor for Windows
PyMOL
Python 2.1
QuickTime
SAT GRE Crash Course
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Spybot - Search & Destroy
SpywareBlaster v3.5.1
Storm Codec
StyleXP (remove only)
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
TuneUp Utilities 2007
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Vocaboly 2.1
Vocabulary Wizard 6.7
Wallpapers
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Browser Services
Yahoo! Mail
Your Uninstaller! 2006 Version 5
ndmmxiaomayi
2007-10-12, 03:30
Step 1
Please click on Start > Control Panel and double click on Add/Remove Programs.
Locate these programs and click on Change/Remove to uninstall them. FlashGet 1.9.4.1063 --- Optional, please see the list of clean and infected download managers (http://www.safer-networking.org/en/articles/download-managers.html) Once done, close Add/Remove Programs and Control Panel windows.
Step 2
Open HijackThis and select Do a system scan only.
Put a check (tick) next to these lines (if present):
O20 - AppInit_DLLs: C:\WINDOWS\system32\SoDAHK.DLL
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
If you have not set this yourself or locked down Internet Explorer with Spybot S&D, please checkmarked these two lines as well.
Click Fix checked. Close HijackThis.
Step 3
Please download AVG Anti-Spyware (http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe) and save it to your desktop.
Double click on avgas-setup-7.5.0.50.exe to install AVG Anti-Spyware. Install it in the default location.
Once installed, start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
In the main screen, you should see Your Computer's Security. Next to Resident Shield, click on Change state. It should now be Inactive.
Next to Automatic Updates, click on Change state. It should now be Inactive.
Next to Last Update, click on Update now. If your firewall prompts you, tell your firewall to allow it. Should you be unable to update it, download the updates from here (http://download.ewido.net/avgas-signatures-full-current.exe). Save it to your desktop. Double click to run the installation and the updates will be installed. Make sure AVG Anti-Spyware is closed during the installation.
Right-click the AVG Anti-Spyware icon near the clock and uncheck (untick) Start with Windows. Confirm by clicking Yes. Now click on the Scanner button at the top.
Select the Settings tab.
Under How to act?, click on Recommended actions and select Quarantine.
Under How to scan?, check (tick) all the boxes.
Under Possibly unwanted software:, check (tick) all the boxes.
Under Reports:, uncheck (untick) the Only if threats were found box and select Do not automatically generate report.
Under What to scan?, select Scan every file.Do not run a scan yet. You will run a scan later.
Step 4
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All.
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All.
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All.
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Step 5
Please print out or save this set of instructions as you will not have internet access during the fix.
Reboot into Safe Mode by following the instructions below:
When you see BIOS screen, start pressing F8.
A boot menu will appear shortly.
Using the up down arrows, select Safe Mode and press the Enter key.
Windows will now load.
Log in to your usual account.
Step 6
Open My Computer.
Go to Tools > Folder Options.
Select the View tab.
Scroll down to Hidden files and folders.
Select Show hidden files and folders.
Uncheck (untick) Hide extensions of known file types.
Uncheck (untick) Hide protected operating system files (Recommended).
Click Yes when prompted.
Click OK.
Close My Computer.
Please delete this file.
C:\WINDOWS\system32\SoDAHK.DLL
Step 7
Start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
Click on the Scanner button at the top.
Select the Scan tab.
Click on Complete System Scan to start the scan.
When the scan has finished, follow the instructions below.
IMPORTANT: Don't click on the Save Scan Report button before you did hit the Apply all Actions button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
In your next reply, please post:
A new HijackThis log
AVG Antispyware scan report
Deleted sodahk.dll using Trojan Remover/TrojanHunter (I forgot which) after my last post. AVG scan was clean, but problems still persist.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:18 PM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\zhoutiantian\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.starhub.net.sg:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191471206220
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 9622 bytes
ndmmxiaomayi
2007-10-13, 08:20
Hi alpha22,
Please open HijackThis. Click on Open the Misc Tools section button.
Click on Open Uninstall Manager... button.
On your left hand side, scroll all the way to Wallpapers. Click on Edit uninstall command button.
Please post the uninstall command in your next reply.
Also, do you have problems copying and pasting text to Firefox?
Please also do a scan using HijackThis in Normal Mode.
In your next reply, please post:
A new HijackThis log
Wallpapers' uninstall command
Any trouble with copying and pasting text to Firefox
Nope, no trouble copying and pasting to any part of Firefox.
Does this problem look like a malware problem? Could it be hardware corruption or the like?
MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
--------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:20 AM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\zhoutiantian\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.starhub.net.sg:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191471206220
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10592 bytes
ndmmxiaomayi
2007-10-14, 19:22
Hi alpha22,
Please download Deckard's System Scanner from Tech Support Forum (http://www.techsupportforum.com/sectools/Deckard/dss.exe) and save it to your desktop. Note: You must be logged onto an account with administrator privileges.
Save all your work and close all opened programs.
Double click on dss.exe to run it. Follow the prompts.
When the scan is complete, two log files will be produced. The first one, main.txt, will be maximized, the second one, extra.txt, will be minimized.
Please post the contents of the 2 log files in your next reply.
In your next reply, please post:
The contents of main.txt and extra.txt
A new HijackThis logNote: You will need multiple posts to prevent the logs from being cut off.
Does this problem look like a malware problem? Could it be hardware corruption or the like?
It may or may not be a malware problem. Deckard's System Scanner will reveal more to determine if it's a malware problem.
main part 1
Deckard's System Scanner v20070905.67
Run by zhoutiantian on 2007-10-15 00:54:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Unable to create WMI object; The operation completed successfully.
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 511 MiB (512 MiB recommended).
-- HijackThis (run as zhoutiantian.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:21 AM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
E:\dss.exe
C:\DOCUME~1\ZHOUTI~1\Desktop\zhoutiantian.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.starhub.net.sg:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191471206220
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10319 bytes
-- HijackThis Fixed Entries (C:\DOCUME~1\ZHOUTI~1\Desktop\backups\) ------------
backup-20071012-093712-531 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20071012-093713-593 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
-- File Associations -----------------------------------------------------------
.hlp - hlpfile - shell\open\command - winhlp32.exe %1
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
3 ac97intc (Intel(r) 82801 Audio Driver Install Service (WDM)) - c:\windows\system32\drivers\ac97intc.sys <Not Verified; Intel Corporation; Intel(r) Integrated Controller Hub Audio Driver>
3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.0.0.8) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.0.0.8>
3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
4 cbidf - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>
3 E1000 (Intel(R) PRO/1000 Adapter Driver) - c:\windows\system32\drivers\e1000325.sys <Not Verified; Intel Corporation; Intel(R) PRO/1000 Adapter>
2 EGATHDRV (IBM Access Support) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
1 FsVga - c:\windows\system32\drivers\fsvga.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 HSFHWICH - c:\windows\system32\drivers\hsfhwich.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
3 hwdatacard (Huawei DataCard USB Modem and USB Serial) - c:\windows\system32\drivers\ewusbmdm.sys <Not Verified; Huawei Technologies Co., Ltd.; Huawei Technologies Co., Ltd. USB Modem/Serial Device Driver>
2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys <Not Verified; IBM; FFE and RRU>
3 IBMPMDRV - c:\windows\system32\drivers\ibmpmdrv.sys <Not Verified; IBM Corp.; IBM ThinkPad>
1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
2 irda (IrDA Protocol) - c:\windows\system32\drivers\irda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
3 ltmodem5 (LT Modem Driver) - c:\windows\system32\drivers\ltmdmnt.sys <Not Verified; LT; LT V.92 Data+Fax Modem Version 8.28>
2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
3 NSCIRDA (NSC Infrared Device Driver) - c:\windows\system32\drivers\nscirda.sys <Not Verified; National Semiconductor Corporation; NSC Fast Infrared Driver.>
3 PAC207 (VideoCAM GF112) - c:\windows\system32\drivers\pfc027.sys
3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
3 QCNDISIF - c:\windows\system32\drivers\qcndisif.sys <Not Verified; IBM Corporation.; IBM ThinkPad Utility>
3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
3 S3SSavage - c:\windows\system32\drivers\s3ssavm.sys <Not Verified; S3 Graphics, Inc.; S3 Graphics SuperSavage Miniport>
1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
3 TwoTrack (IBM PS/2 TrackPoint Filter Driver) - c:\windows\system32\drivers\twotrack.sys <Not Verified; IBM Corporation; IBM PS/2 TrackPoint Support>
3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
2 Apple Mobile Device - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
2 IBM Rapid Restore Ultra Service - c:\program files\ibm\ibm rapid restore ultra\rrpcsb.exe
2 IBMPMSVC (IBM PM Service) - c:\windows\system32\ibmpmsvc.exe
2 Irmon (Infrared Monitor) - c:\windows\system32\svchost.exe
3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing)
2 QCONSVC - c:\windows\system32\qconsvc.exe
2 RegSrvc - c:\windows\system32\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
2 STI Simulator - c:\windows\system32\pastisvc.exe
2 StyleXPService - c:\program files\tgtsoft\stylexp\stylexpservice.exe
2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
2 UxTuneUp (TuneUp Theme Extension) - c:\windows\system32\svchost.exe
3 WLSetupSvc (Windows Live Setup Service) - c:\program files\windows live\installer\wlsetupsvc.exe
-- Device Manager: Disabled ----------------------------------------------------
Unable to create WMI object.
-- Scheduled Tasks -------------------------------------------------------------
2007-10-03 16:59:50 404 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2006-08-13 15:57:52 314 --a------ C:\WINDOWS\Tasks\BMMTask.job
main part 2
-- Files created between 2007-09-15 and 2007-10-15 -----------------------------
2007-10-14 22:31:49 0 d-------- C:\Program Files\Trend Micro
2007-10-12 21:48:33 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\TrojanHunter
2007-10-12 21:45:53 0 d-------- C:\Program Files\TrojanHunter 5.0
2007-10-12 09:39:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-10 23:36:18 0 dr------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Start Menu
2007-10-10 23:36:18 0 dr-h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\SendTo
2007-10-10 23:36:18 0 dr-h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Recent
2007-10-10 23:36:18 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\PrintHood
2007-10-10 23:36:18 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\NetHood
2007-10-10 23:36:18 0 dr------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\My Documents
2007-10-10 23:36:18 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Local Settings
2007-10-10 23:36:18 0 dr------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Favorites
2007-10-10 23:36:18 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Desktop
2007-10-10 23:36:18 0 d---s---- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Cookies
2007-10-10 23:36:18 0 dr-h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Application Data
2007-10-10 23:36:18 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Application Data\Symantec
2007-10-10 23:36:18 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Application Data\Sonic
2007-10-10 23:36:18 0 d---s---- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Application Data\Microsoft
2007-10-10 23:36:18 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Application Data\Identities
2007-10-10 23:36:17 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Templates
2007-10-10 23:36:17 786432 --ah----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\NTUSER.DAT
2007-10-07 08:25:33 0 dr-h----- C:\Documents and Settings\zhoutiantian\Recent
2007-10-07 07:21:39 4964 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-06 21:19:18 0 d-------- C:\Sysclean
2007-10-06 17:58:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-06 17:42:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-05 19:51:11 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\uTorrent
2007-10-05 19:37:00 0 d-------- C:\ufixit
2007-10-05 19:36:43 0 d-------- C:\Temp
2007-10-05 19:03:38 0 d-------- C:\Documents and Settings\zhoutiantian\DoctorWeb
2007-10-05 18:54:15 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Application Data\Identities
2007-10-05 18:54:14 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\PrintHood
2007-10-05 18:54:14 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\NetHood
2007-10-05 18:54:14 0 dr------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\My Documents
2007-10-05 18:54:14 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Local Settings
2007-10-05 18:54:14 0 dr------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Favorites
2007-10-05 18:54:14 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Desktop
2007-10-05 18:54:14 0 d---s---- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Cookies
2007-10-05 18:54:14 0 dr-h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Application Data
2007-10-05 18:54:14 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Application Data\Symantec
2007-10-05 18:54:14 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Application Data\Sonic
2007-10-05 18:54:14 0 d---s---- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Application Data\Microsoft
2007-10-05 18:54:13 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Templates
2007-10-05 18:54:13 0 dr------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Start Menu
2007-10-05 18:54:13 0 dr-h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\SendTo
2007-10-05 18:54:13 0 dr-h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Recent
2007-10-05 18:54:12 786432 --ah----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\NTUSER.DAT
2007-10-05 08:08:58 0 d-------- C:\Documents and Settings\zhoutiantian\.housecall6.6
2007-10-05 07:53:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-04 17:50:27 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\PC Tools
2007-10-03 22:26:48 0 d-------- C:\Program Files\iPod
2007-10-03 22:26:23 0 d-------- C:\Program Files\iTunes
2007-10-03 22:24:34 0 d-------- C:\Program Files\Apple Software Update
2007-10-03 22:19:33 0 d-------- C:\Program Files\Ringz Studio
2007-10-03 22:11:05 0 d-------- C:\Program Files\Java
2007-10-03 22:09:12 0 d-------- C:\Program Files\Common Files\Java
2007-10-03 21:44:25 0 d-------- C:\Program Files\FlashGet
2007-10-03 20:38:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-10-03 20:37:31 0 d-------- C:\Program Files\Diskeeper Corporation
2007-10-03 20:22:19 0 d-------- C:\Program Files\TGTSoft
2007-10-03 18:58:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-10-03 18:49:08 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-10-03 18:47:26 0 d-------- C:\Program Files\Messenger Plus! Live
2007-10-03 18:31:53 0 d-------- C:\Program Files\Windows Live
2007-10-03 18:31:39 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-03 18:19:09 0 d-------- C:\Program Files\SpywareBlaster
2007-10-03 18:01:15 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\TweakAssist
2007-10-03 16:59:47 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\TuneUp Software
2007-10-03 16:59:38 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-10-03 16:59:29 0 d-------- C:\Program Files\TuneUp Utilities 2007
2007-10-03 16:58:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-03 16:58:29 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\WinRAR
2007-10-03 16:56:42 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-03 16:32:39 0 d-------- C:\Program Files\CCleaner
2007-10-03 14:20:18 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\URSoft
2007-10-03 14:20:10 0 d-------- C:\Program Files\Your Uninstaller 2006
2007-10-03 14:17:00 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\Thinstall
2007-09-26 21:14:51 221184 --a------ C:\WINDOWS\system32\wmpns.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
2007-09-24 17:12:14 28672 --a------ C:\WINDOWS\system32\drivers\KAVBootC.sys <Not Verified; Kingsoft Corporation; KAVBootC Application>
2007-09-16 18:59:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
-- Find3M Report ---------------------------------------------------------------
2007-10-12 23:05:22 0 d-------- C:\Program Files\Common Files
2007-10-12 23:05:22 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\Real
2007-10-03 14:52:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-03 14:37:06 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-01 20:11:33 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\Adobe
2007-08-15 03:32:04 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\AdobeUM
2007-08-07 05:43:21 170 --a------ C:\WINDOWS\popcinfo.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [10/11/2001 11:32 PM C:\WINDOWS\system32\S3Tray2.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [06/16/2004 10:53 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/16/2004 10:53 AM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [02/04/2004 06:39 PM]
"TpShocks"="TpShocks.exe" [03/26/2004 06:16 PM C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [08/17/2004 12:06 PM]
"TP4EX"="tp4ex.exe" [09/04/2002 01:05 AM C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [12/25/2003 02:04 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 12:52 PM]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [07/14/2004 04:34 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [09/02/2004 01:05 AM]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [03/19/2004 12:12 PM]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [11/09/2004 03:53 AM]
"BMMMONWND"="rundll32.exe" [08/04/2004 12:56 AM C:\WINDOWS\system32\rundll32.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 10:32 PM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/18/2001 02:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/2004 10:31 PM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [03/11/2005 07:08 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 02:42 PM]
"QCTray"="C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe" [11/09/2004 03:53 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/03/2007 06:58 PM]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [05/24/2006 11:31 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoPropertiesRecycleBin"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoPropertiesMyDocuments"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoDesktopCleanupWizard"=0 (0x0)
"DisablePersonalDirChange"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoRun"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoClose"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoStartMenuNetworkPlaces"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoSecConsole"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoSharedDocuments"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 11/09/2004 03:53 AM 262144 C:\WINDOWS\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli pwdmon
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}]
Auto\command- F:\bittorrent.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}]
Auto\command- E:\bittorrent.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}]
Auto\command- BITTOR~1.EXE e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37fc5ce0-14b5-11dc-a708-0012f01f0b62}]
AutoRun\command- ymfqplr.exe
explore\Command- ymfqplr.exe
open\Command- ymfqplr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49bed0d1-f1d0-11db-a6cf-0012f01f0b62}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}]
Auto\command- BITTOR~1.EXE e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ea5e80-45aa-11dc-a764-0012f01f0b62}]
Auto\command- sss.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sss.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689e26f0-60d3-11db-a5fc-0012f01f0b62}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}]
Auto\command- E:\BITTOR~1.EXE e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e77b100-f5f0-11db-a6d4-0012f01f0b62}]
Auto\command- sal.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}]
Auto\command- E:\bittorrent.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b917fb40-a52a-11db-a656-0012f01f0b62}]
0\Command- .\RECYCLER\UExecute.exe
1\Command- .\RECYCLER\UExecute.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\UExecute.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}]
Auto\command- BITTOR~1.EXE e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f4ab90-22d1-11dc-a726-0012f01f0b62}]
AutoRun\command- ymfqplr.exe
explore\Command- ymfqplr.exe
open\Command- ymfqplr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}]
AutoRun\command- E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}]
AutoRun\command- E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}]
Auto\command- wscripT autorun.vbs
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscripT autorun.vbs
-- Hosts -----------------------------------------------------------------------
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 abloga.info #[Spamdexing]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
22477 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2007-10-15 00:57:53 ------------
extra
-- Files created between 2007-09-15 and 2007-10-15 -----------------------------
2007-10-14 22:31:49 0 d-------- C:\Program Files\Trend Micro
2007-10-12 21:48:33 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\TrojanHunter
2007-10-12 21:45:53 0 d-------- C:\Program Files\TrojanHunter 5.0
2007-10-12 09:39:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-10 23:36:18 0 dr------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Start Menu
2007-10-10 23:36:18 0 dr-h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\SendTo
2007-10-10 23:36:18 0 dr-h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Recent
2007-10-10 23:36:18 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\PrintHood
2007-10-10 23:36:18 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\NetHood
2007-10-10 23:36:18 0 dr------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\My Documents
2007-10-10 23:36:18 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Local Settings
2007-10-10 23:36:18 0 dr------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Favorites
2007-10-10 23:36:18 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Desktop
2007-10-10 23:36:18 0 d---s---- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Cookies
2007-10-10 23:36:18 0 dr-h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Application Data
2007-10-10 23:36:18 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Application Data\Symantec
2007-10-10 23:36:18 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Application Data\Sonic
2007-10-10 23:36:18 0 d---s---- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Application Data\Microsoft
2007-10-10 23:36:18 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Application Data\Identities
2007-10-10 23:36:17 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\Templates
2007-10-10 23:36:17 786432 --ah----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2.000\NTUSER.DAT
2007-10-07 08:25:33 0 dr-h----- C:\Documents and Settings\zhoutiantian\Recent
2007-10-07 07:21:39 4964 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-06 21:19:18 0 d-------- C:\Sysclean
2007-10-06 17:58:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-06 17:42:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-05 19:51:11 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\uTorrent
2007-10-05 19:37:00 0 d-------- C:\ufixit
2007-10-05 19:36:43 0 d-------- C:\Temp
2007-10-05 19:03:38 0 d-------- C:\Documents and Settings\zhoutiantian\DoctorWeb
2007-10-05 18:54:15 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Application Data\Identities
2007-10-05 18:54:14 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\PrintHood
2007-10-05 18:54:14 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\NetHood
2007-10-05 18:54:14 0 dr------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\My Documents
2007-10-05 18:54:14 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Local Settings
2007-10-05 18:54:14 0 dr------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Favorites
2007-10-05 18:54:14 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Desktop
2007-10-05 18:54:14 0 d---s---- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Cookies
2007-10-05 18:54:14 0 dr-h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Application Data
2007-10-05 18:54:14 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Application Data\Symantec
2007-10-05 18:54:14 0 d-------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Application Data\Sonic
2007-10-05 18:54:14 0 d---s---- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Application Data\Microsoft
2007-10-05 18:54:13 0 d--h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Templates
2007-10-05 18:54:13 0 dr------- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Start Menu
2007-10-05 18:54:13 0 dr-h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\SendTo
2007-10-05 18:54:13 0 dr-h----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\Recent
2007-10-05 18:54:12 786432 --ah----- C:\Documents and Settings\Guest.IBM-DB1A9324FE2\NTUSER.DAT
2007-10-05 08:08:58 0 d-------- C:\Documents and Settings\zhoutiantian\.housecall6.6
2007-10-05 07:53:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-04 17:50:27 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\PC Tools
2007-10-03 22:26:48 0 d-------- C:\Program Files\iPod
2007-10-03 22:26:23 0 d-------- C:\Program Files\iTunes
2007-10-03 22:24:34 0 d-------- C:\Program Files\Apple Software Update
2007-10-03 22:19:33 0 d-------- C:\Program Files\Ringz Studio
2007-10-03 22:11:05 0 d-------- C:\Program Files\Java
2007-10-03 22:09:12 0 d-------- C:\Program Files\Common Files\Java
2007-10-03 21:44:25 0 d-------- C:\Program Files\FlashGet
2007-10-03 20:38:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-10-03 20:37:31 0 d-------- C:\Program Files\Diskeeper Corporation
2007-10-03 20:22:19 0 d-------- C:\Program Files\TGTSoft
2007-10-03 18:58:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-10-03 18:49:08 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-10-03 18:47:26 0 d-------- C:\Program Files\Messenger Plus! Live
2007-10-03 18:31:53 0 d-------- C:\Program Files\Windows Live
2007-10-03 18:31:39 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-03 18:19:09 0 d-------- C:\Program Files\SpywareBlaster
2007-10-03 18:01:15 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\TweakAssist
2007-10-03 16:59:47 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\TuneUp Software
2007-10-03 16:59:38 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-10-03 16:59:29 0 d-------- C:\Program Files\TuneUp Utilities 2007
2007-10-03 16:58:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-03 16:58:29 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\WinRAR
2007-10-03 16:56:42 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-03 16:32:39 0 d-------- C:\Program Files\CCleaner
2007-10-03 14:20:18 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\URSoft
2007-10-03 14:20:10 0 d-------- C:\Program Files\Your Uninstaller 2006
2007-10-03 14:17:00 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\Thinstall
2007-09-26 21:14:51 221184 --a------ C:\WINDOWS\system32\wmpns.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
2007-09-24 17:12:14 28672 --a------ C:\WINDOWS\system32\drivers\KAVBootC.sys <Not Verified; Kingsoft Corporation; KAVBootC Application>
2007-09-16 18:59:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
-- Find3M Report ---------------------------------------------------------------
2007-10-12 23:05:22 0 d-------- C:\Program Files\Common Files
2007-10-12 23:05:22 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\Real
2007-10-03 14:52:54 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-03 14:37:06 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-01 20:11:33 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\Adobe
2007-08-15 03:32:04 0 d-------- C:\Documents and Settings\zhoutiantian\Application Data\AdobeUM
2007-08-07 05:43:21 170 --a------ C:\WINDOWS\popcinfo.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [10/11/2001 11:32 PM C:\WINDOWS\system32\S3Tray2.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [06/16/2004 10:53 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/16/2004 10:53 AM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [02/04/2004 06:39 PM]
"TpShocks"="TpShocks.exe" [03/26/2004 06:16 PM C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [08/17/2004 12:06 PM]
"TP4EX"="tp4ex.exe" [09/04/2002 01:05 AM C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [12/25/2003 02:04 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 12:52 PM]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [07/14/2004 04:34 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [09/02/2004 01:05 AM]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [03/19/2004 12:12 PM]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [11/09/2004 03:53 AM]
"BMMMONWND"="rundll32.exe" [08/04/2004 12:56 AM C:\WINDOWS\system32\rundll32.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 10:32 PM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/18/2001 02:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/2004 10:31 PM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [03/11/2005 07:08 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 02:42 PM]
"QCTray"="C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe" [11/09/2004 03:53 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/03/2007 06:58 PM]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [05/24/2006 11:31 AM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoPropertiesRecycleBin"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoPropertiesMyDocuments"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoDesktopCleanupWizard"=0 (0x0)
"DisablePersonalDirChange"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoRun"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"NoWindowsUpdate"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoClose"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoStartMenuNetworkPlaces"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoSecConsole"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoSharedDocuments"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 11/09/2004 03:53 AM 262144 C:\WINDOWS\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli pwdmon
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}]
Auto\command- F:\bittorrent.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}]
Auto\command- E:\bittorrent.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}]
Auto\command- BITTOR~1.EXE e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37fc5ce0-14b5-11dc-a708-0012f01f0b62}]
AutoRun\command- ymfqplr.exe
explore\Command- ymfqplr.exe
open\Command- ymfqplr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49bed0d1-f1d0-11db-a6cf-0012f01f0b62}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}]
Auto\command- BITTOR~1.EXE e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ea5e80-45aa-11dc-a764-0012f01f0b62}]
Auto\command- sss.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sss.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689e26f0-60d3-11db-a5fc-0012f01f0b62}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}]
Auto\command- E:\BITTOR~1.EXE e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e77b100-f5f0-11db-a6d4-0012f01f0b62}]
Auto\command- sal.xls.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}]
Auto\command- E:\bittorrent.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b917fb40-a52a-11db-a656-0012f01f0b62}]
0\Command- .\RECYCLER\UExecute.exe
1\Command- .\RECYCLER\UExecute.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\UExecute.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}]
Auto\command- BITTOR~1.EXE e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f4ab90-22d1-11dc-a726-0012f01f0b62}]
AutoRun\command- ymfqplr.exe
explore\Command- ymfqplr.exe
open\Command- ymfqplr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}]
AutoRun\command- E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}]
AutoRun\command- E:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}]
Auto\command- wscripT autorun.vbs
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscripT autorun.vbs
-- Hosts -----------------------------------------------------------------------
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 abloga.info #[Spamdexing]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
22477 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2007-10-15 00:57:53 ------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:30 AM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\zhoutiantian\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.starhub.net.sg:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191471206220
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10323 bytes
ndmmxiaomayi
2007-10-15, 20:44
Hi alpha22,
Please download Flash Disinfector from Tech Support Forum (http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe) and save it to your desktop.
Double click to run it. Follow the prompts that appear.
After this, please copy and paste the following in the Code box into Notepad:
regedit /e C:\look.txt "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2"
start notepad C:\look.txt
Click on File > Save As.
In the File Name box, copy and paste in look.bat
In the Save As Type box, select All Files from the drop-down list.
Click Save.
Double click on look.bat to run it. Notepad will open shortly. Please post the contents of this Notepad file in your next reply.
In your next reply, please post:
The contents of Notepad produced by look.bat (C:\look.txt)
A new HijackThis log
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\_Autorun\DefaultIcon]
@="D:\\images/c7e.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\_Autorun\DefaultIcon]
@="E:\\LaunchU3.exe,0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,03,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\Auto\command]
@="F:\\bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d7b33f1-58ea-11db-a5f1-0012f01f0b62}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell\Auto\command]
@="E:\\bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,09,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\1]
@="Open"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\1\Command]
@=".\\RECYCLER\\RECYCLER\\autorun.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\2]
@="Browser"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\2\Command]
@=".\\RECYCLER\\RECYCLER\\autorun.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\\RECYCLER\\RECYCLER\\autorun.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,\
ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f2c681-6599-11dc-a7ad-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,03,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\Auto\command]
@="BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37fc5ce0-14b5-11dc-a708-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37fc5ce0-14b5-11dc-a708-0012f01f0b62}\Shell]
@="Open"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37fc5ce0-14b5-11dc-a708-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37fc5ce0-14b5-11dc-a708-0012f01f0b62}\Shell\AutoRun\command]
@="ymfqplr.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37fc5ce0-14b5-11dc-a708-0012f01f0b62}\Shell\explore]
@="资源管理器(&X)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37fc5ce0-14b5-11dc-a708-0012f01f0b62}\Shell\explore\Command]
@="ymfqplr.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37fc5ce0-14b5-11dc-a708-0012f01f0b62}\Shell\open]
@="打开(&O)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37fc5ce0-14b5-11dc-a708-0012f01f0b62}\Shell\open\Command]
@="ymfqplr.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37fc5ce0-14b5-11dc-a708-0012f01f0b62}\Shell\open\Default]
@="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f0-49f8-11dc-a76c-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f0-49f8-11dc-a76c-0012f01f0b62}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f0-49f8-11dc-a76c-0012f01f0b62}\_Autorun\DefaultIcon]
@="E:\\LaunchU3.exe,0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f1-49f8-11dc-a76c-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,03,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49bed0d1-f1d0-11db-a6cf-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49bed0d1-f1d0-11db-a6cf-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49bed0d1-f1d0-11db-a6cf-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49bed0d1-f1d0-11db-a6cf-0012f01f0b62}\Shell\Auto\command]
@="RavMonE.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49bed0d1-f1d0-11db-a6cf-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49bed0d1-f1d0-11db-a6cf-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49bed0d1-f1d0-11db-a6cf-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49bed0d1-f1d0-11db-a6cf-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\Auto\command]
@="BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell\AutoRun]
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ea5e80-45aa-11dc-a764-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,09,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ea5e80-45aa-11dc-a764-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ea5e80-45aa-11dc-a764-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ea5e80-45aa-11dc-a764-0012f01f0b62}\Shell\Auto\command]
@="sss.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ea5e80-45aa-11dc-a764-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ea5e80-45aa-11dc-a764-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ea5e80-45aa-11dc-a764-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ea5e80-45aa-11dc-a764-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sss.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689e26f0-60d3-11db-a5fc-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,09,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689e26f0-60d3-11db-a5fc-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689e26f0-60d3-11db-a5fc-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689e26f0-60d3-11db-a5fc-0012f01f0b62}\Shell\Auto\command]
@="RavMonE.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689e26f0-60d3-11db-a5fc-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689e26f0-60d3-11db-a5fc-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689e26f0-60d3-11db-a5fc-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689e26f0-60d3-11db-a5fc-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\Auto\command]
@="E:\\BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e77b100-f5f0-11db-a6d4-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,03,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e77b100-f5f0-11db-a6d4-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e77b100-f5f0-11db-a6d4-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e77b100-f5f0-11db-a6d4-0012f01f0b62}\Shell\Auto\command]
@="sal.xls.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e77b100-f5f0-11db-a6d4-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e77b100-f5f0-11db-a6d4-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e77b100-f5f0-11db-a6d4-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e77b100-f5f0-11db-a6d4-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,09,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\Auto\command]
@="E:\\bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,00,\
00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd42-44b1-11d7-91e5-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd43-44b1-11d7-91e5-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a13f4a50-2b19-11db-9461-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b917fb40-a52a-11db-a656-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,03,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b917fb40-a52a-11db-a656-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b917fb40-a52a-11db-a656-0012f01f0b62}\Shell\0]
@="打开(&O)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b917fb40-a52a-11db-a656-0012f01f0b62}\Shell\0\Command]
@=".\\RECYCLER\\UExecute.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b917fb40-a52a-11db-a656-0012f01f0b62}\Shell\1]
@="浏览(&B)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b917fb40-a52a-11db-a656-0012f01f0b62}\Shell\1\Command]
@=".\\RECYCLER\\UExecute.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b917fb40-a52a-11db-a656-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b917fb40-a52a-11db-a656-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b917fb40-a52a-11db-a656-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b917fb40-a52a-11db-a656-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\\RECYCLER\\UExecute.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,\
ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,06,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\Auto\command]
@="BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5d8fe50-71f5-11dc-a7c8-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f4ab90-22d1-11dc-a726-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f4ab90-22d1-11dc-a726-0012f01f0b62}\Shell]
@="Open"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f4ab90-22d1-11dc-a726-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f4ab90-22d1-11dc-a726-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f4ab90-22d1-11dc-a726-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f4ab90-22d1-11dc-a726-0012f01f0b62}\Shell\AutoRun\command]
@="ymfqplr.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f4ab90-22d1-11dc-a726-0012f01f0b62}\Shell\explore]
@="资源管理器(&X)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f4ab90-22d1-11dc-a726-0012f01f0b62}\Shell\explore\Command]
@="ymfqplr.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f4ab90-22d1-11dc-a726-0012f01f0b62}\Shell\open]
@="打开(&O)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f4ab90-22d1-11dc-a726-0012f01f0b62}\Shell\open\Command]
@="ymfqplr.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f4ab90-22d1-11dc-a726-0012f01f0b62}\Shell\open\Default]
@="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun]
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun\command]
@="E:\\VMC_PBStarter.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\Action]
@="Run VMCLite"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultIcon]
@="E:\\icon.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultLabel]
@="VMCLite V2.1.6.1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun]
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun\command]
@="E:\\VMC_PBStarter.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\Action]
@="Run VMCLite"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultIcon]
@="E:\\icon.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultLabel]
@="VMCLite V2.1.6.1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947440-2b1f-11db-a5bb-806d6172696f}]
"BaseClass"="Drive"
"_LabelFromReg"="Tiantian's Hard Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947441-2b1f-11db-a5bb-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947441-2b1f-11db-a5bb-806d6172696f}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947441-2b1f-11db-a5bb-806d6172696f}\_Autorun\DefaultIcon]
@="D:\\images/c7e.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,09,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}\Shell\Auto\command]
@="wscripT autorun.vbs"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscripT autorun.vbs"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0a6e550-85bf-11db-a63f-00112514889c}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:15 AM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\zhoutiantian\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.starhub.net.sg:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191471206220
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10375 bytes
ndmmxiaomayi
2007-10-16, 20:38
Hi alpha22,
Step 1
Open My Computer.
Go to Tools > Folder Options.
Select the View tab.
Scroll down to Hidden files and folders.
Select Show hidden files and folders.
Uncheck (untick) Hide extensions of known file types.
Uncheck (untick) Hide protected operating system files (Recommended).
Click Yes when prompted.
Click OK.
Close My Computer.
Step 2
Please plug in your thumbdrive. At the same time, hold down the Shift key so that it doesn't auto run.
Double click on your drive to view the files in your thumbdrive.
Make sure that these files don't exist:
ymfqplr.exe
RavMone.exe
sss.exe
sxs.xls.exe
autorun.inf
Step 3
Please backup your registry before proceeding to any of the steps.
Download ERUNT from Derfisch (http://www.derfisch.de/lars/erunt-setup.exe) or Aumha (http://www.aumha.org/downloads/erunt-setup.exe) and save it to your desktop. Follow Step 4 onwards of this site (http://www.silentrunners.org/sr_eruntuse.html) to back up your registry.
Step 4
Please copy and paste the following in the Code box into Notepad:
REGEDIT4
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37fc5ce0-14b5-11dc-a708-0012f01f0b62}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49bed0d1-f1d0-11db-a6cf-0012f01f0b62}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ea5e80-45aa-11dc-a764-0012f01f0b62}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689e26f0-60d3-11db-a5fc-0012f01f0b62}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e77b100-f5f0-11db-a6d4-0012f01f0b62}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b917fb40-a52a-11db-a656-0012f01f0b62}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f4ab90-22d1-11dc-a726-0012f01f0b62}]
Click on File > Save As....
In the File Name box, copy and paste in fix.reg
In the Save As Type box, select All Files from the drop-down list.
Click Save.
Double click on fix.reg to run it. You will be prompted. Click Yes.
Step 5
Please re-run the look.bat file and post back the contents of the Notepad file as well as a new HijackThis log in your next reply.
In your next reply, please post:
Contents of the Notepad file from Step 5 (C:\look.txt)
A new HijackThis log
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\_Autorun\DefaultIcon]
@="D:\\images/c7e.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\_Autorun\DefaultIcon]
@="E:\\LaunchU3.exe,0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,03,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\Auto\command]
@="F:\\bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d7b33f1-58ea-11db-a5f1-0012f01f0b62}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell\Auto\command]
@="E:\\bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,09,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\1]
@="Open"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\1\Command]
@=".\\RECYCLER\\RECYCLER\\autorun.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\2]
@="Browser"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\2\Command]
@=".\\RECYCLER\\RECYCLER\\autorun.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\\RECYCLER\\RECYCLER\\autorun.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,\
ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f2c681-6599-11dc-a7ad-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,03,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\Auto\command]
@="BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f0-49f8-11dc-a76c-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f0-49f8-11dc-a76c-0012f01f0b62}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f0-49f8-11dc-a76c-0012f01f0b62}\_Autorun\DefaultIcon]
@="E:\\LaunchU3.exe,0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f1-49f8-11dc-a76c-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,03,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\Auto\command]
@="BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell\AutoRun]
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\Auto\command]
@="E:\\BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,09,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\Auto\command]
@="E:\\bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,00,\
00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd42-44b1-11d7-91e5-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd43-44b1-11d7-91e5-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a13f4a50-2b19-11db-9461-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,\
ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,06,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\Auto\command]
@="BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5d8fe50-71f5-11dc-a7c8-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun]
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun\command]
@="E:\\VMC_PBStarter.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\Action]
@="Run VMCLite"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultIcon]
@="E:\\icon.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultLabel]
@="VMCLite V2.1.6.1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun]
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun\command]
@="E:\\VMC_PBStarter.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\Action]
@="Run VMCLite"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultIcon]
@="E:\\icon.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultLabel]
@="VMCLite V2.1.6.1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947440-2b1f-11db-a5bb-806d6172696f}]
"BaseClass"="Drive"
"_LabelFromReg"="Tiantian's Hard Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947441-2b1f-11db-a5bb-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947441-2b1f-11db-a5bb-806d6172696f}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947441-2b1f-11db-a5bb-806d6172696f}\_Autorun\DefaultIcon]
@="D:\\images/c7e.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,09,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}\Shell\Auto\command]
@="wscripT autorun.vbs"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscripT autorun.vbs"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0a6e550-85bf-11db-a63f-00112514889c}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:57 AM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\zhoutiantian\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.starhub.net.sg:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191471206220
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10421 bytes
ndmmxiaomayi
2007-10-19, 03:51
Hi alpha22,
Please delete these files and folder from your thumbdrive:
autorun.vbs <-- this file
autorun.inf <-- this file
RECYCLER <-- this folder
Please open Notepad and copy and paste the following in the Code box into Notepad:
REGEDIT4
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d6-55dc-11dc-a783-0012f01f0b62}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e66593-5045-11db-a5e6-0012f01f0b62}]
Click on File > Save As....
In the File Name box, copy and paste in fix1.reg
In the Save As Type box, select All Files from the drop-down list.
Click Save.
Double click fix1.reg to run it. You will be prompted. Click Yes.
Re-run look.bat. Notepad will open shortly afterwards. Post back the contents of this Notepad file as well as a new HijackThis log.
I didn't have those files anywhere in my thumbdrive, but I moved everything out anyway.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\_Autorun\DefaultIcon]
@="D:\\images/c7e.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\_Autorun\DefaultIcon]
@="E:\\LaunchU3.exe,0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,03,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\Auto\command]
@="F:\\bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d7b33f1-58ea-11db-a5f1-0012f01f0b62}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell\Auto\command]
@="E:\\bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,\
ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f2c681-6599-11dc-a7ad-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,03,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\Auto\command]
@="BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f0-49f8-11dc-a76c-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f0-49f8-11dc-a76c-0012f01f0b62}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f0-49f8-11dc-a76c-0012f01f0b62}\_Autorun\DefaultIcon]
@="E:\\LaunchU3.exe,0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f1-49f8-11dc-a76c-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,03,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\Auto\command]
@="BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell\AutoRun]
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\Auto\command]
@="E:\\BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,00,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,09,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\Auto\command]
@="E:\\bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,00,\
00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd42-44b1-11d7-91e5-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd43-44b1-11d7-91e5-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a13f4a50-2b19-11db-9461-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,\
ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,06,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,09,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell]
@="Auto"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\Auto]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\Auto\command]
@="BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\AutoRun]
"Extended"=""
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}\Shell\AutoRun\command]
@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL BITTOR~1.EXE e"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5d8fe50-71f5-11dc-a7c8-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun]
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun\command]
@="E:\\VMC_PBStarter.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\Action]
@="Run VMCLite"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultIcon]
@="E:\\icon.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultLabel]
@="VMCLite V2.1.6.1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun]
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun\command]
@="E:\\VMC_PBStarter.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\Action]
@="Run VMCLite"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultIcon]
@="E:\\icon.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultLabel]
@="VMCLite V2.1.6.1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947440-2b1f-11db-a5bb-806d6172696f}]
"BaseClass"="Drive"
"_LabelFromReg"="Tiantian's Hard Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947441-2b1f-11db-a5bb-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947441-2b1f-11db-a5bb-806d6172696f}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947441-2b1f-11db-a5bb-806d6172696f}\_Autorun\DefaultIcon]
@="D:\\images/c7e.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0a6e550-85bf-11db-a63f-00112514889c}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:30 AM, on 10/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\zhoutiantian\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.starhub.net.sg:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191471206220
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10376 bytes
ndmmxiaomayi
2007-10-20, 17:13
Hi alpha22,
Please open Notepad and copy and paste the following in the Code box into Notepad:
REGEDIT4
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09f25b42-41cc-11db-a5d2-0012f01f0b62}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e6656f-5045-11db-a5e6-0012f01f0b62}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37392f08-92f3-11db-a647-00112514889c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba0-4ba6-11db-a5e0-0012f01f0b62}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52ee9bb0-d5db-11db-a6a4-0012f01f0b62}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d333860-3d71-11db-a5c8-0012f01f0b62}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90d140f0-3f8d-11db-a5cc-0012f01f0b62}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2863720-9129-11db-a644-00112514889c}]
Click on File > Save As....
In the File Name box, copy and paste in fix2.reg
In the Save As Type box, select All Files from the drop-down list.
Click Save.
Double click on fix2.reg to run it. You will be prompted. Click Yes.
Please re-run the look.bat file and post back the contents of the Notepad file as well as a new HijackThis log in your next reply.
In your next reply, please post:
Contents of the Notepad file from Step 5 (C:\look.txt)
A new HijackThis log
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\_Autorun\DefaultIcon]
@="D:\\images/c7e.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E\_Autorun\DefaultIcon]
@="E:\\LaunchU3.exe,0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a42-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a44-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{034b7a45-bf17-11db-a67a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d7b33f1-58ea-11db-a5f1-0012f01f0b62}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d5a450e-39a5-11dc-a755-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,\
ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a482960-0684-11dc-a6f1-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31f2c681-6599-11dc-a7ad-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,09,03,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e4a5dc2-e6da-11db-a6c0-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f0-49f8-11dc-a76c-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f0-49f8-11dc-a76c-0012f01f0b62}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f0-49f8-11dc-a76c-0012f01f0b62}\_Autorun\DefaultIcon]
@="E:\\LaunchU3.exe,0"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f7cf5f1-49f8-11dc-a76c-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,03,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba1-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52711ba2-4ba6-11db-a5e0-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538d68d3-b27f-11db-a665-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{646c7043-5765-11db-a5ed-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73eb690d-6277-11db-a5fd-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85c853c0-b807-11db-a66e-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{907b1e62-7f0f-11db-a639-00112514889c}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,20,00,00,00,00,\
00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd41-44b1-11d7-91e5-806d6172696f}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd42-44b1-11d7-91e5-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a098fd43-44b1-11d7-91e5-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a13f4a50-2b19-11db-9461-806d6172696f}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,cf,cf,cf,cf,cf,01,01,01,\
ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca04ee0-1c53-11dc-a71a-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,06,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9830-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17e9831-2474-11dc-a72b-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c5d8fe50-71f5-11dc-a7c8-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun]
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun\command]
@="E:\\VMC_PBStarter.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\Action]
@="Run VMCLite"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultIcon]
@="E:\\icon.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e0-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultLabel]
@="VMCLite V2.1.6.1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\Shell]
@="AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun]
@="Auto&Play"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\Shell\AutoRun\command]
@="E:\\VMC_PBStarter.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\Action]
@="Run VMCLite"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultIcon]
@="E:\\icon.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c95fa9e1-5ffe-11dc-a7a3-0012f01f0b62}\_Autorun\DefaultLabel]
@="VMCLite V2.1.6.1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947440-2b1f-11db-a5bb-806d6172696f}]
"BaseClass"="Drive"
"_LabelFromReg"="Tiantian's Hard Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947441-2b1f-11db-a5bb-806d6172696f}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,01,00,01,01,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,20,00,00,00,09,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947441-2b1f-11db-a5bb-806d6172696f}\_Autorun]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947441-2b1f-11db-a5bb-806d6172696f}\_Autorun\DefaultIcon]
@="D:\\images/c7e.ico"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947442-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb947443-2b1f-11db-a5bb-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455d5-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c455da-55dc-11dc-a783-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0a6e550-85bf-11db-a63f-00112514889c}]
"BaseClass"="Drive"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,01,00,00,00,08,07,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4312e50-5354-11db-a5e8-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}]
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,\
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,\
5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,cf,5f,5f,5f,5f,01,01,00,ee,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,10,00,00,08,02,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}\shell]
@="None"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8504"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fac85344-6b33-11dc-a7ba-0012f01f0b62}\shell\Autoplay\DropTarget]
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:25 PM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\zhoutiantian\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.starhub.net.sg:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-3893021082-494934620-3959003612-1005\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191471206220
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 10376 bytes
ndmmxiaomayi
2007-10-21, 07:35
Hi alpha22,
Please go to Kaspersky website (http://www.kaspersky.com/virusscanner) and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.
Click on Kaspersky Online Scanner button.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
When the downloads have finished, click on Next button.
Click on Scan Settings button.
Select extended under Scan using the following antivirus database:
Check (tick) these boxes under Scan options: Scan Archives
Scan Mail Bases Click OK
Click on My Computer under Please select a target to scan:
Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
Copy and paste this log in your next reply.
In your next reply, please post:
Kaspersky Antivirus scan report
A new HijackThis log
I can't run IE, remember? Even installing Kaspersky Internet Security does not work, since Microsoft Installer is also not working.
Will try some other scanner in Firefox.
IE6 works. I will try running Kaspersky Online Scanner now.
Javascript is somehow disabled even though under Security in IE, it is enabled. I can't run any online scanner at all!
Any other ideas?
I'm actually doing my friend a favour by trying to help sort out her laptop. She desperately needs it back, too. May I know how long more this entire process would take?
I'm guessing that the "Little Red Dot" is where I'm at. Can we just meet and settle this once and for all?
ndmmxiaomayi
2007-10-21, 20:54
Please download SUPERAntiSpyware Home Edition (free) (http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE)
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click "Yes",
Let it through your firewall!
Under "Configuration and Preferences", click the "Preferences" button.
Click the "Scanning Control" tab.
Under "Scanner Options" make sure the following are checked:
1>> Close browsers before scanning
2>> Scan for tracking cookies
3>> Terminate memory threats before quarantining.
4>> Ignore System Restore/Volume Information on ME and XP
5>> Please leave the others unchecked.
6>> Click the Close button to leave the control center screen.
On the main screen, under "Scan for Harmful Software" click "Scan your
computer".
On the left check "C:\Fixed Drive".
On the right, under "Complete Scan", choose "Perform Complete Scan".
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click "OK".
Make sure everything in the white box has a check next to it, then click "Next".
It will quarantine what it found and if it asks if you want to reboot, click
"Yes".
To retrieve the removal information - please do the following:
1>> After reboot, double-click the "SUPERAntispyware icon" on your desktop.
2>> Click "Preferences". Click the "Statistics/Logs tab".
3>> Under "Scanner Logs", double-click "SUPERAntiSpyware Scan Log".
4>> It will open in your default text editor (such as Notepad/Wordpad).
5>> Please highlight everything , then right-click and choose copy.
6>> Click close and close again to exit the program.
In your next reply, please post:
SUPERAntispyware scan report
A new HijackThis log
Windows Installer not working (I mentioned this before). Tried reinstalling it, but the installation file required the Crytographic service which I could not start.
How now?
ndmmxiaomayi
2007-10-23, 18:20
Hi alpha22,
It looks like your system is near the stage of being unstable and continuing may not help.
You will need to re-install XP to regain the stability of the OS.
From your log, it tells me that you are using a Thinkpad. IBM/Lenovo would have provided you with some recovery CDs, or has a recovery partition in the hard disk itself (usually by pressing some buttons during booting).
You could use it to restore XP back to factory state.
Malware can cause all that? Can't I just get rid of the malware somehow?
ndmmxiaomayi
2007-10-23, 22:43
Hi alpha22,
Yes, malware may cause that, but for now, it seems like it's more of a damaged system files issue rather than malware issue.
If you prefer not to reinstall your operating system, we can still go ahead and try other methods.
I'm not very confident with reinstalling Windows, so let's try more methods.
ndmmxiaomayi
2007-10-26, 12:18
Hi alpha22.
Sorry for the delay.
Step 1
Open My Computer.
Go to Tools > Folder Options.
Select the View tab.
Scroll down to Hidden files and folders.
Select Show hidden files and folders.
Uncheck (untick) Hide extensions of known file types.
Uncheck (untick) Hide protected operating system files (Recommended).
Click Yes when prompted.
Click OK.
Close My Computer.
Step 2
Create a folder called Combofix on your desktop.
Please Tech Support Forum (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe). Save it to the Combofix folder created.
Right click on Combofix and select Extract Here...
Locate this file called catchme.cfexe.
Rename it to catchme.exe.
Locate swreg.cfexe and rename it to swreg.exe.
Open Notepad and copy and paste the following in the Code box into Notepad:
@echo off
(catchme -apx
echo Running services... &echo.
sc query type= service | findstr -i "service_name" &echo.
echo Stopped services... &echo.
sc query type= service | findstr -i "service_name" &echo.
echo Running drivers...
sc query type= driver | findstr -i "service_name" &echo.
echo Drivers that are not running... &echo.
sc query type= driver | findstr -i "service_name" &echo.
swreg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost" /s)> look.txt
start notepad look.txt
Click on File > Save As.... Locate the Combofix folder.
In the File Name box, copy and paste in look.bat
In the Save As Type box, select All Files.
Click Save.
Double click on look.bat. A Command Prompt window will open and close quickly; this is normal. Once done, Notepad will open. Please post the contents of this Notepad file along with a new HijackThis log in your next reply.
In your next reply, please post:
The contents of the Notepad file (in the Combofix folder)
A new HijackThis log
ndmmxiaomayi
2007-11-04, 14:46
Hi alpha22,
Do you still need help?
alpha22, this topic has been archived due to lack of a response.
If you would like to request it be re-opened, please send me a private message (pm) and provide a link to the thread.
Applies only to the original poster, anyone else with similar problems please start a new topic.
Thank you ndmmxiaomayi.