Autoplay Autoplay HiJack This

[evilfantasy]

I worked up this guide fro adding logs as attachments.

It will save me alot of scrolling.

Adding logs as an attachment

Save the log to somewhere you can easily find it. (usually the desktop)

To do this, from within the notepad go to the top of the page and select "File" > "Save As..." enter the file name and click "Save" Be sure the desktop is the location selected to save to.
Please save all files as Text Documents (.txt)

Posting the log

* Before putting text into the reply box select "Preview"
* Scroll down and select "Additional Options..."
* Click "Browse"
* Locate the file you want to attach and double click it to enter it into the window.
* If you have more than one log click "(more attachments)" and a new window will open for adding another log.
* You will need to enter a short message in the text box as well.

[cliffnook2000]

Thanks evilfantasy but this was one of the first things I tried.
I have done another scan and the results tell me that my "C" drive does not support Autoplay and that my CD and DVD drives are ok.

Just to give you a bit more info. I have another pc at a different location which is having the same (maybe worse) Autoplay problems. As far as I can remember I have never shared files between the two pc's, although I have downloaded the same sort of junk from the internet.
I ran ATF-Cleaner and then BitDefender on that pc and BitDefender showed everything was clear, no viruses found.

I have decided not to download any more junk, particularly games, from the internet so anything you find referring to games can be got rid of. I see in the last HiJackThis log a couple of references to games..023Boonty (which you have already picked up on) and 016Worldwinner games. I thought I had uninstalled these but, in any case, they and any other game files can go.

I can get you a HiJackThis log of the other pc if it will help but it will be later on as that pc is at home. If you need the log, I can post it here or start another thread.

Cheers  Frank

[evilfantasy]

OK, lets get rid of the Boonty and then work from there.

Enable Viewing Of Hidden System Files & Folders

1. Right Click Start.
2. Select Control Panel.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide extensions for known file types option.
7. Uncheck the Hide protected operating system files (recommended) option.
8. Click Apply.
9. Click OK.

=====

Click Start -> Run - type SERVICES.MSC & then click on the OK button

   1. Locate the service - Boonty Games
   2. Double-click on it to open the Properties dialog.
      - Change the Startup type to Disabled & then click on the Apply button
      - Stop the service by using the Stop button.
   3. Then start HiJackThis & go to Config... -> Misc.Tools -> Delete an NT service
   4. In the popup box that appears, copy/paste BOONTY
   5. Click on the OK button & answer No if prompted to reboot

Double click the My Computer icon on the desktop, then open C: and continue to navigate to this folder.

C:\Program Files\Common Files\BOONTY Shared <---delete this whole folder

Reboot the computer.

=====

Post a new HijackThis log

[cliffnook2000]

I'm lost now....

Done everything you said up to copy/paste Boonty.

Where do I copy from and what do I copy.
Have been into the HiJackThis log and found the 023 Boonty file. Have tried copying/pasting the whole file, just the BOONTY part and just the part after C\. HiJackThis tells me it doesn't recognise the files....What am I doing wrong?

[evilfantasy]

Sorry that was a little vague.

Open HijackThis, don't select any scan options, instead:

Select "Open misc. tools section" then select "Delete an NT service" a popup box will open and copy paste (or type) BOONTY into that box and on the OK button & answer No if prompted to reboot.

Exit HijackThis

=====

Double click the My Computer icon on the desktop, then open C: and continue to navigate to this folder.

C:\Program Files\Common Files\BOONTY Shared <---delete this whole folder

Reboot the computer.

=====

Next post:
New HijackThis log

[cliffnook2000]

Still not working........

Done everything exactly as you said and still get message box saying:

Service "BOONTY" was not found in the registry
Make sure you entered the name of the service correctly

I typed in BOONTY and then when that didn't work I copy/pasted BOONTY from the HiJackThis log and that didn't work either. Still got the same message.

I am I doing something wrong here?

[evilfantasy]

Post a new log and we will go from there.

[cliffnook2000]

Ok...will be 2 posts though. File still too big


gfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:05, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Brother\Brmfl06a\FAXRX.exe
C:\PROGRA~1\SYSTRAN\5.0\Personal\SYSTRA~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

[cliffnook2000]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0  - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Agent] C:\Program Files\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\Brmfl06a\FAXRX.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra button: Casino-on-Net  - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\Casino.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~2\pacificpoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Medion-UK - {725E17C7-2B9A-42BA-AAE2-754FA08120BD} - http://www.medion.co.uk (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0F42F280-2D6E-4B19-95A9-18D8DADB9309} (BFLauncher Class) - http://www.betfred.com/company/gamessections/common/betfredlauncher.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {48C20DEE-B00A-11D4-9B2F-0060975D990E} (Hi2Lobby Class) - http://80.253.105.3/lobby/atlclient.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {CF164902-C4C0-426a-87B3-FB140274E15F} (Dixons PSA) - http://www.gtwebcheck.com/pcworld/28/install/gtdowndi.cab
O16 - DPF: {F04F4F32-6457-401A-8169-D2773DDFF930} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_1uk.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DEC5791-58D3-4F8D-9143-6A999B9C0C73}: NameServer = 195.92.195.91 195.92.195.90
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 10319 bytes

[evilfantasy]

I worked up this guide for adding logs as attachments.

It will save me alot of scrolling.

Adding logs as an attachment

Save the log to somewhere you can easily find it. (usually the desktop)

To do this, from within the notepad go to the top of the page and select "File" > "Save As..." enter the file name and click "Save" Be sure the desktop is the location selected to save to.
Please save all files as Text Documents (.txt)

Posting the log

* Before putting text into the reply box select "Preview"
* Scroll down and select "Additional Options..."
* Click "Browse"
* Locate the file you want to attach and double click it to enter it into the window.
* If you have more than one log click "(more attachments)" and a new window will open for adding another log.
* You will need to enter a short message in the text box as well.

=====

Run HJT and have it remove these entries

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O9 - Extra button: Medion-UK - {725E17C7-2B9A-42BA-AAE2-754FA08120BD} - http://www.medion.co.uk (file missing) (HKCU)
O16 - DPF: {0F42F280-2D6E-4B19-95A9-18D8DADB9309} (BFLauncher Class) - http://www.betfred.com/company/gamessections/common/betfredlauncher.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {48C20DEE-B00A-11D4-9B2F-0060975D990E} (Hi2Lobby Class) - http://80.253.105.3/lobby/atlclient.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45/wordmojo/wordmojo.cabO16 - DPF: {CF164902-C4C0-426a-87B3-FB140274E15F} (Dixons PSA) - http://www.gtwebcheck.com/pcworld/28/install/gtdowndi.cab

Close all windows and click "Fix checked"

=====

How To Create An Uninstall List

1. Start HijackThis
2. Click on the Misc Tools button
3. Click on the Open Uninstall Manager button.
4. Click on the Save list button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.
5. Save it to your desktop
6. Add the uninstall_list.txt as an attachment in the next post.

[cliffnook2000]

OK done all that.

Hope we are getting somewhere now

Cheers Frank

[saving disk space - old attachment deleted by admin]

[evilfantasy]

We can turn autoplay off all together. But this will mean that when you insert a CD or USB flash drive that you will not get any prompts. You may have to go to My Computer and launch it from there.

Let me know and I will work up the info.

[evilfantasy]

Uninstall in add/remove programs:

Betfair Poker
Casino-on-Net
Gold Miner Vegas
Internet Expedition <---This one is malicious
Java 2 Runtime Environment Standard Edition v1.3.1_01
Pacific Poker
Wanadoo Search Toolbar My suggestion is the Google Toolbar for a replacement.

Go to www.java.com and download the newest version of Java 6 Update 3

Follow this link for the Google Toolbar.


Run another Combofix scan and post the log as an attachment.

[cliffnook2000]

Hi evilfantasy.....it would be great if I could just turn off Autoplay altogether as you suggest. In fact this is something I have been trying to do myself.
I subscribe to an online newsletter called Windows Secrets and the last edition gave an article on how to do this. I have copied the relevant part of the article below.
I tried this fix and it has made no difference whatsoever
If you could come up with something to stop Autoplay then that would be great.
 


Block AutoRun for all devices all the time

You might think that you could proect yourself from AutoRun by using two keys in the Registry known as NoDriveAutoRun and NoDriveTypeAutoRun.

However, self-described "low-budget hacker" Nick Brown points out that these keys can be overridden. A Registry key named MountPoints2 stores information about all USB flash drives and other removable media that have ever been connected to your computer. Brown says this cache overrides the Registry settings that turn off AutoRun.

The solution is to globally block autorun.inf files from executing, without trying to use the dialog boxes in XP and Vista to do this. Here's the procedure:

Step 1. Start Notepad or another text editor.

Step 2. Copy the following text from this page and paste it into your text editor (everything between the square brackets should be all on one line):

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

Step 3. Save the file with a name like NoAutoRun.reg, taking care to include the .reg extension.

Step 4. Right-click your .reg file and choose Merge. Confirm any warning prompts to add the information to the Registry.

The next time you insert a flash drive, CD, DVD, or other removable disc into your system, Windows will not execute the information in any autorun.inf file that may be present.

Naturally, taking these steps means that the next time you put a game or installer disc into your CD or DVD drive, its software won't launch automatically. You'll have to open a Windows Explorer window or use a command line to launch the desired executable.

The benefit is a big one: a rogue program that you never intended to launch won't silently take over your system if you happen to insert a Trojan-carrying disc into a drive.

[evilfantasy]

That is the same fix I was going to suggest.

Did you create the .reg file in notepad and merge it with the registry?

Let me know and we can go into the registry manually. It is a few more steps but easy enough.