so i did a random scan using FRST to look over and i noticed a registry that wasnt on the last scan i did.
HKU\S-1-5-21-3804374118-1414672728-3398495541-1002.…\MountPoints2: {896d96ed-ffa5-11e5-85c6-806e6f6e6963} - “Explorer.exe” monitor.htm
added the results here
i also did a adwcleaner scan and found something called "AdvinstAnalytics in my appdata\local\temp folder
shortly after i saw it on frst i went into the regedit and saw there was only that explorer monitor.htm thing now i checked it again and found more folders one named " shell/autoplay/droptarget" so now im pretty sure my pc is infected
ok so i think ive just transfered it to my windows tablet through a usb thumb drive as there wasnt any sign in reg edit but as soon as i connected the drive i got a droptaget show up so mcshield isnt picking it up
edit i think i stopped the spread to my tablet by removing the registry quick enough as nothng else has showed up there yet
ive found that this "mountpoints2 folder that they are all in is connected to the USB and am wondering if its safe to just remove the whole folder and that will fix it all
looked over some older frst logs (mainly ones ive uploaded here and found that the monitor.htm thing was there since atleast 22nd feb during the whole false positive issue but wasnt there in the 16th november scan i uploaded.
Is there a way to find out when a registry item was created?
ive read other posts on the net about mountpints 2 issues and they all asked for the regedit section exported for diagnostic so i thought i would do the same here
update: just found out that the “explorer.exe” monitor.htm registry was the driver disk from my BenQ monitor,once i took the disk out the registry entry vanished , i feel stupid.
still dont know what these “shell/autoplay/droptarget” entries are though