Well it isn't doing anything that seems too malicious anymore. I can change my background again, and open internet browsers etc. after blocking it from running. But it's still showing the files, and trying to open on occasion. So for some reason I'm having to block the file from opening many different times.
But here it is re-ran:
MAIN.TXT
-----------------------------
Deckard's System Scanner v20071014.68
Run by brandon on 2008-07-01 19:59:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 5 Restore Point(s) --
6: 2008-07-01 23:07:54 UTC - RP783 - Deckard's System Scanner Restore Point
5: 2008-07-01 21:07:11 UTC - RP782 - Installed Java(TM) 6 Update 5
4: 2008-06-26 04:29:37 UTC - RP781 - System Checkpoint
3: 2008-06-25 04:16:27 UTC - RP780 - Spyware Doctor: Cleaning Threats
2: 2008-06-25 02:00:46 UTC - RP779 - Installed AVG Free 8.0
-- First Restore Point --
1: 2008-06-24 16:06:42 UTC - RP778 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as brandon.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:48 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\brandon\desktop\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\brandon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imAppO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) -
https://actsvr.comcastonline.com/techto ... ntrols.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
O24 - Desktop Component 0: (no name) -
http://s31.photobucket.com/albums/c369/ ... ure266.jpgO24 - Desktop Component 1: (no name) -
http://s31.photobucket.com/albums/c369/ ... ure039.jpgO24 - Desktop Component 2: (no name) -
http://s31.photobucket.com/albums/c369/ ... ure201.jpg--
End of file - 7285 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 OADevice (OADriver) - c:\windows\system32\drivers\oadriver.sys
R1 OAmon - c:\windows\system32\drivers\oamon.sys
R1 OAnet - c:\windows\system32\drivers\oanet.sys
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys
S3 w600bus (Sony Ericsson W600 driver (WDM)) - c:\windows\system32\drivers\w600bus.sys (file missing)
S3 w600mdfl (Sony Ericsson W600 USB WMC Modem Filter) - c:\windows\system32\drivers\w600mdfl.sys (file missing)
S3 w600mdm (Sony Ericsson W600 USB WMC Modem Drivers) - c:\windows\system32\drivers\w600mdm.sys (file missing)
S3 w600mgmt (Sony Ericsson W600 USB WMC Device Management Drivers) - c:\windows\system32\drivers\w600mgmt.sys (file missing)
S3 w600obex (Sony Ericsson W600 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\w600obex.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 SvcOnlineArmor (Online Armor) - "c:\program files\tall emu\online armor\oasrv.exe" <Not Verified; Tall Emu; Online Armor Security Suite>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\system32\winlogon.exe (pid 644)
2008-06-24 22:06:06 100352 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>
C:\WINDOWS\system32\svchost.exe (pid 920)
2008-06-24 22:06:06 100352 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>
C:\WINDOWS\system32\svchost.exe (pid 980)
2007-07-24 16:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>
2008-06-24 22:06:06 100352 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>
C:\WINDOWS\system32\svchost.exe (pid 1072)
2008-06-24 22:06:06 100352 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>
2007-07-24 16:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>
C:\WINDOWS\system32\svchost.exe (pid 1152)
2008-06-24 22:06:06 100352 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>
C:\WINDOWS\system32\svchost.exe (pid 1216)
2008-06-24 22:06:06 100352 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>
C:\WINDOWS\explorer.exe (pid 1744)
2008-06-24 22:06:06 100352 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>
2005-12-08 12:06:10 7168 --a------ C:\WINDOWS\system32\CTAGENT.DLL <Not Verified; Creative Technology Ltd; ctagent>
2006-09-12 21:56:02 73728 --a------ C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll <Not Verified; Nero AG; Nero BackItUp>
2005-11-16 10:00:00 5120 --a------ C:\Program Files\WinZip\WZSHLSTB.DLL <Not Verified; WinZip Computing LP; WinZip>
2006-09-14 00:20:24 126464 --a------ C:\Program Files\WinRAR\RarExt.dll
C:\WINDOWS\system32\svchost.exe (pid 1792)
2008-06-24 22:06:06 100352 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>
C:\WINDOWS\system32\svchost.exe (pid 1056)
2008-06-24 22:06:06 100352 --a------ C:\Program Files\Spyware Doctor\klg.dat <Not Verified; PC Tools; Spyware Doctor>
-- Scheduled Tasks -------------------------------------------------------------
2008-06-19 19:09:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-01 and 2008-07-01 -----------------------------
2008-06-24 21:59:47 0 d-------- C:\Program Files\Spyware Doctor
2008-06-24 21:59:47 0 d-------- C:\Documents and Settings\brandon\Application Data\PC Tools
2008-06-24 20:16:44 0 d--h----- C:\$AVG8.VAULT$
2008-06-24 20:01:47 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-24 20:01:37 0 d-------- C:\Program Files\AVG
2008-06-24 20:01:37 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-24 17:16:31 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 17:15:37 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-24 13:54:47 0 d-------- C:\Documents and Settings\brandon\Application Data\OnlineArmor
2008-06-24 13:54:47 0 d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-06-24 13:52:58 28872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-06-24 13:52:58 32456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-06-24 13:52:58 80584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-06-24 13:52:58 0 d-------- C:\Program Files\Tall Emu
2008-06-24 10:30:11 0 d-------- C:\Program Files\Trend Micro
2008-06-24 10:11:22 0 d-------- C:\Program Files\RogueRemover FREE
2008-06-24 10:05:45 0 d-------- C:\Documents and Settings\brandon\Application Data\rhceofj0enea
2008-06-24 10:05:31 0 d-------- C:\Program Files\rhceofj0enea
2008-06-24 10:05:27 60928 --a------ C:\WINDOWS\system32\blphcaofj0enea.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-24 10:05:17 109056 --a------ C:\WINDOWS\system32\lphcaofj0enea.exe
-- Find3M Report ---------------------------------------------------------------
2008-07-01 15:11:11 0 d-------- C:\Program Files\Java
2008-06-24 17:15:37 0 d-------- C:\Program Files\Common Files
2008-06-19 20:43:16 0 d-------- C:\Documents and Settings\brandon\Application Data\LimeWire
2008-06-08 17:59:57 0 d-------- C:\Program Files\World of Warcraft
2008-05-21 19:38:49 0 d-------- C:\Program Files\LimeWire
2008-05-06 17:33:21 0 d-------- C:\Documents and Settings\brandon\Application Data\AdobeUM
2008-05-03 14:13:53 0 d-------- C:\Program Files\Apple Software Update
2008-04-16 18:51:00 0 --a------ C:\WINDOWS\ativpsrm.bin
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"CTHelper"="CTHELPER.EXE" [12/08/2005 12:06 PM C:\WINDOWS\CTHELPER.EXE]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [09/14/2006 02:09 PM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 10:06 AM C:\WINDOWS\AGRSMMSG.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [11/07/2001 10:45 AM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [04/17/2008 05:25 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/24/2008 08:01 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [06/24/2008 10:07 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [09/13/2006 11:12 AM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 10:15 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [04/17/2008 05:25 AM 671432]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22a7b697-4daf-11db-87cc-00112f4d1c0c}]
AutoRun\command- J:\autorun.exe
-- End of Deckard's System Scanner: finished at 2008-07-01 20:02:57 ------------