Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"warning Spyware Detected On Your Computer"


  • This topic is locked This topic is locked
2 replies to this topic

#1 tnana

tnana

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 05 June 2008 - 09:17 PM

Google brough me here. (and looks like this site will be helpful much beyond malware trouble)

The wallpaper states "Warning! Spyware has been detected on your computer".

Looking at another post here, I don't need to describe the whole thing.

I visited "whatis.com" which is now techtarget.com
I believe it brought this infection.

Here's the Deckard log:
=====================================================================================================

Deckard's System Scanner v20071014.68
Run by owner on 2008-06-05 22:05:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-06-06 02:05:25 UTC - RP10 - Deckard's System Scanner Restore Point
7: 2008-06-05 02:48:00 UTC - RP9 - Spyware Terminator - restore point
6: 2008-06-05 02:34:04 UTC - RP8 - Spyware Terminator - restore point
5: 2008-06-04 15:03:08 UTC - RP7 - Removed Ad-Aware
4: 2008-06-04 13:57:49 UTC - RP6 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-04 01:41:22 UTC - RP3 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:08 PM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PCD32\client32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\TextPad 5\TextPad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\anant\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\anant.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://americas.rabonet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://americas.rabonet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://meetingpoint.rabonet.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Winzip] wscript.exe "C:\PROGRA~1\COMMON~1\WINZIP~1\Winzip\110~1.731\FORCED~1.VBS"
O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: RCS2 PostConnection Launch.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.loksatta.com/daily/dynamic/wfplayer/tdserver.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = am.rabonet.com
O17 - HKLM\Software\..\Telephony: DomainName = am.rabonet.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = am.rabonet.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = am.rabonet.com
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client32 - NetSupport Ltd - C:\PCD32\client32.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\bin\ONRSD.EXE
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6505 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 SafeBoot - c:\windows\system32\drivers\safeboot.sys
R0 SBAlg - c:\windows\system32\drivers\sbalg.sys <Not Verified; Control Break International; SafeBoot Security System>
R1 PCISys - c:\windows\system32\drivers\pcisys.sys <Not Verified; NetSupport Ltd; NetSupport Manager>
R1 RsvLock - c:\windows\system32\drivers\rsvlock.sys <Not Verified; Control Break International; SafeBoot Security System>
R1 SBFlop - c:\windows\system32\drivers\sbflop.sys <Not Verified; Control Break International; SafeBoot Security System>
R1 SbPrcCtl - c:\windows\system32\drivers\sbprcctl.sys <Not Verified; Control Break International; SafeBoot Security System>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 CP_OMDRV (Check Point Office Mode Module) - c:\windows\system32\drivers\omdrv.sys <Not Verified; Check Point Software Technologies; vna>
R2 VNLMemReader - c:\windows\system32\drivers\vnlmemreader.sys <Not Verified; Vector Networks Limited; LANutil32>
R2 VNLPciMap - c:\windows\system32\drivers\vnlpcimap.sys
R2 VPN-1 (VPN-1 Module) - c:\windows\system32\drivers\vpn.sys <Not Verified; Check Point Software Technologies; vpn1>

S2 VNL1394 - c:\windows\system32\drivers\vnl1394.sys
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 gdihook5 - c:\windows\system32\drivers\gdihook5.sys <Not Verified; NetSupport Ltd; NetSupport Manager>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Client32 - c:\pcd32\client32.exe /* * /cclient32.ini <Not Verified; NetSupport Ltd; NetSupport Manager>
R2 OracleMTSRecoveryService - c:\oracle\ora92\bin\omtsreco.exe "oraclemtsrecoveryservice" <Not Verified; Oracle Corporation; Oracle MTS Recovery Service>
R2 SafeBootConfigurationManager (SafeBoot Configuration Manager) - c:\program files\safeboot\sbmgrnt.exe <Not Verified; Control Break International; SafeBoot Security System>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
R2 SR_Service (Check Point VPN-1 Securemote service) - "c:\program files\checkpoint\securemote\bin\sr_service.exe" <Not Verified; Check Point Software Technologies; VPN-1 SecuRemote/SecureClient>
R2 SR_Watchdog (Check Point VPN-1 Securemote watchdog) - "c:\program files\checkpoint\securemote\bin\sr_watchdog.exe" <Not Verified; Check Point Software Technologies; desktop>
R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S3 OracleOraHome92ClientCache - c:\oracle\ora92\bin\onrsd.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {50DD5230-BA8A-11D1-BF5D-0000F805F530}
Description: O2Micro OZ776 USB CCID Smartcard Reader
Device ID: USB\VID_0B97&PID_7772\6&C4C946D&0&2
Manufacturer: O2Micro
Name: O2Micro OZ776 USB CCID Smartcard Reader
PNP Device ID: USB\VID_0B97&PID_7772\6&C4C946D&0&2
Service: guardian2

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 4000 Series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4000 Series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4200
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4200
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet P2015 Series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: HP LaserJet P2015 Series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 4000 Series
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4000 Series
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 4050 Series
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4050 Series
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 1320 series
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: Hewlett-Packard
Name: hp LaserJet 1320 series
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 2100 Series
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: Hewlett-Packard
Name: HP LaserJet 2100 Series
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:

Class GUID: {4D36E977-E325-11CE-BFC1-08002BE10318}
Description: Intel PCIC compatible PCMCIA controller
Device ID: ROOT\PCMCIA\0000
Manufacturer: Intel
Name: Intel PCIC compatible PCMCIA controller
PNP Device ID: ROOT\PCMCIA\0000
Service: pcmcia


-- Files created between 2008-05-05 and 2008-06-05 -----------------------------

2008-06-04 22:18:46 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-04 22:18:46 0 d-------- C:\Documents and Settings\anant\Application Data\Spyware Terminator
2008-06-04 22:18:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-06-04 22:18:43 0 d-------- C:\Program Files\Spyware Terminator
2008-06-04 21:47:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-04 21:47:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-04 20:51:06 378 --a------ C:\look.bat
2008-06-04 20:48:49 0 d-------- C:\Program Files\Trend Micro
2008-06-04 11:03:26 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-04 10:22:30 0 d--h----- C:\Documents and Settings\Blasacn.am\Templates
2008-06-04 10:22:30 0 dr------- C:\Documents and Settings\Blasacn.am\Start Menu
2008-06-04 10:22:30 0 dr-h----- C:\Documents and Settings\Blasacn.am\SendTo
2008-06-04 10:22:30 0 dr-h----- C:\Documents and Settings\Blasacn.am\Recent
2008-06-04 10:22:30 0 d--h----- C:\Documents and Settings\Blasacn.am\PrintHood
2008-06-04 10:22:30 786432 --ah----- C:\Documents and Settings\Blasacn.am\NTUSER.DAT
2008-06-04 10:22:30 0 d--h----- C:\Documents and Settings\Blasacn.am\NetHood
2008-06-04 10:22:30 0 dr------- C:\Documents and Settings\Blasacn.am\My Documents
2008-06-04 10:22:30 0 d--h----- C:\Documents and Settings\Blasacn.am\Local Settings
2008-06-04 10:22:30 0 dr------- C:\Documents and Settings\Blasacn.am\Favorites
2008-06-04 10:22:30 0 d-------- C:\Documents and Settings\Blasacn.am\Desktop
2008-06-04 10:22:30 0 d---s---- C:\Documents and Settings\Blasacn.am\Cookies
2008-06-04 10:22:30 0 dr-h----- C:\Documents and Settings\Blasacn.am\Application Data
2008-06-04 10:22:30 0 d---s---- C:\Documents and Settings\Blasacn.am\Application Data\Microsoft
2008-06-04 09:57:59 0 d-------- C:\Program Files\MSXML 4.0
2008-06-03 21:54:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-03 21:33:53 52736 --a------ C:\WINDOWS\system32\blphcebgj0egbc.scr <Not Verified; Peter's Productions; Bugs!>
2008-06-03 20:16:40 0 d-------- C:\Program Files\Virtools
2008-05-29 18:14:59 0 d-------- C:\Program Files\Common Files\HP
2008-05-29 18:14:56 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-29 18:14:55 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-29 18:13:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-29 18:11:03 12998 -ra------ C:\WINDOWS\hpwscr14.dat
2008-05-29 18:10:59 0 d-------- C:\WINDOWS\braveheart
2008-05-29 18:09:55 0 d-------- C:\Program Files\HP
2008-05-29 18:03:36 1108 -ra------ C:\WINDOWS\hpwmdl14.dat
2008-05-29 18:03:36 179893 --a------ C:\WINDOWS\hpwins14.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-05 07:23:01 0 d-------- C:\Program Files\SafeBoot
2008-06-04 11:03:26 0 d-------- C:\Program Files\Common Files
2008-05-17 11:40:38 0 d-------- C:\Documents and Settings\anant\Application Data\U3
2008-04-13 11:52:59 0 d-------- C:\Documents and Settings\anant\Application Data\ICAClient


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [07/27/2007 09:00 AM C:\WINDOWS\stsystra.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 07:49 PM]
"Winzip"="wscript.exe" [08/04/2004 08:00 AM C:\WINDOWS\system32\wscript.exe]
"SBMGRNT.EXE"="C:\PROGRA~1\SafeBoot\SBMGRNT.exe" [11/26/2007 11:22 AM]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 08:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [1/8/2008 11:14:55 PM]
RCS2 PostConnection Launch.lnk - C:\WINDOWS\Installer\{59E1E220-2961-4C77-AEC9-7EB65E1E89E2}\Icon9A6BBB021.ico [11/23/2007 6:32:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"=0 (0x0)
"SB_NoDispScrSavPage"=0 (0x0)
"NoDispBackgroundPage"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"=0 (0x0)
"SB_NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoSMMyPictures"=1 (0x1)
"NoStartMenuMyMusic"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoMSAppLogo5ChannelNotify"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 06/19/2005 02:11 PM 24669 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08
HPService HPSLPSVC


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6a6d8ef-a68e-11dc-b276-001dd94a1ea7}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE




-- End of Deckard's System Scanner: finished at 2008-06-05 22:09:04 ------------



Thanks in advance

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:06 PM

Posted 01 July 2008 - 07:05 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:06 PM

Posted 08 July 2008 - 10:12 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users