Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By Winzix And Cookies


  • This topic is locked This topic is locked
2 replies to this topic

#1 jaymod

jaymod

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:31 PM

Posted 20 April 2008 - 07:52 AM

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-20 15:41:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
26: 2008-04-20 12:41:33 UTC - RP152 - Deckard's System Scanner Restore Point
25: 2008-04-20 11:56:00 UTC - RP151 - Configured Gears of War
24: 2008-04-20 09:04:29 UTC - RP150 - Removed MapleStory.
23: 2008-04-20 09:01:25 UTC - RP149 - Configured Doom 3
22: 2008-04-19 18:56:51 UTC - RP148 - פעולת שחזור


-- First Restore Point --
1: 2008-04-10 19:26:01 UTC - RP127 - נקודת ביקורת של המערכת


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 17.55 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:27, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\ErrorSmart\ErrorSmart.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\שולחן העבודה\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: The Matrix_ Path of Neo Registration.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\{104EEBB9-9E09-467C-8109-88ADFCFC047F}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &הורד באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &הורד הכל באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ייצוא אל Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: שלח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ש&לח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188552613250
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8472 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; OSA Technologies, An Avocent Company; Windows ® 2000 DDK driver>
R3 AR5211 (TP-LINK Wireless Network Adapter Service) - c:\windows\system32\drivers\ar5211.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 SMBios (Intel ® System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel ® System Management BIOS Driver>
R3 smbusp (Intel® SMBus 2.0 Driver) - c:\windows\system32\drivers\intelsmb.sys <Not Verified; Intel Corporation; Intel® SMBus Controller>

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 MSICPL - d:\install4\msicpl.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AWService (Admin Works Agent X8) - "c:\program files\intel\idu\awserv.exe" <Not Verified; OSA Technologies Inc., An Avocent Company; AdminWorks>
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper® Corporation; Diskeeper ™ Disk Defragmenter>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: PnP BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: PnP BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: d347bus


-- Scheduled Tasks -------------------------------------------------------------

2008-04-20 12:51:20 402 --a------ C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
2008-04-20 02:15:00 442 --a------ C:\WINDOWS\Tasks\SpyHunter Scanner.job


-- Files created between 2008-03-20 and 2008-04-20 -----------------------------

2008-04-20 15:44:15 0 d-------- C:\Program Files\Trend Micro
2008-04-19 21:59:38 0 d-------- C:\Program Files\Norton Security Scan
2008-04-19 21:59:37 0 d-------- C:\WINDOWS\48B8222675E34E9092CCD30F79EA6380.TMP
2008-04-19 21:59:30 0 d-------- C:\Program Files\UnZixWin
2008-04-19 21:59:29 0 d-------- C:\Program Files\VVSN
2008-04-19 21:59:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Registry Cleaner
2008-04-19 21:59:14 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-19 21:58:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-19 21:58:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-04-19 21:58:40 0 d-------- C:\Documents and Settings\All Users\Application Data\third lies itch ford
2008-04-19 21:57:31 0 d-------- C:\Program Files\LucasArts
2008-04-19 21:51:04 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7(3)
2008-04-19 21:38:59 0 d-------- C:\Documents and Settings\Owner\Application Data\TrojanHunter
2008-04-19 21:22:25 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-04-19 21:14:49 0 d-------- C:\Program Files\Panda Security
2008-04-18 22:06:21 0 d-------- C:\Downloads
2008-04-18 21:31:21 0 d-------- C:\$VAULT$.AVG
2008-04-18 15:29:12 0 d-------- C:\Program Files\Enigma Software Group
2008-04-18 14:47:04 88 --ah----- C:\aaw7boot.cmd
2008-04-18 14:12:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Thinstall
2008-04-18 13:14:39 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-04-18 12:52:41 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-04-18 12:52:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-04-18 12:52:09 0 d-------- C:\Program Files\Google
2008-04-18 12:52:07 0 d-------- C:\Program Files\FlashGet
2008-04-18 12:33:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-04-18 12:14:51 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-04-18 12:03:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-18 11:47:10 0 d-------- C:\Program Files\ErrorSmart
2008-04-18 11:37:36 0 d-------- C:\Documents and Settings\Owner\Application Data\ErrorSmart
2008-04-09 21:25:51 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-04-09 21:25:51 0 d-------- C:\Program Files\DAEMON Tools
2008-04-09 21:24:57 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-04-08 18:15:46 0 d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-04-08 18:13:23 0 d-------- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
2008-04-08 17:34:17 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-06 16:09:02 0 d-------- C:\Documents and Settings\Owner\Application Data\Ubisoft
2008-03-31 22:38:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Help


-- Find3M Report ---------------------------------------------------------------

2008-04-20 12:51:19 53 --a------ C:\biosinfo
2008-04-19 21:57:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-18 18:07:15 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-18 16:58:47 0 d-------- C:\Program Files\Steam
2008-04-18 15:56:04 0 d-------- C:\Program Files\Common Files
2008-04-18 14:08:05 0 d-------- C:\Program Files\Ubisoft
2008-04-15 14:08:49 2337865 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-04-15 13:50:01 0 d-------- C:\Program Files\Activision
2008-04-11 09:48:21 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-04-06 15:14:48 0 d-------- C:\Program Files\Unreal Tournament 3
2008-04-06 15:04:59 0 d-------- C:\Program Files\Eidos
2008-04-05 17:07:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Bioshock
2008-03-12 17:38:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-12 17:37:59 0 d-------- C:\Program Files\AGEIA Technologies
2008-03-10 16:49:14 0 d-------- C:\Program Files\Warcraft III
2008-03-08 00:29:18 0 d-------- C:\Program Files\Sierra Entertainment
2008-03-06 18:12:47 0 d-------- C:\Program Files\MSECACHE
2008-03-05 22:30:03 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-03-05 22:08:25 0 d-------- C:\Documents and Settings\Owner\Application Data\My Battle for Middle-earth™ II Files
2008-03-05 22:08:17 0 d-------- C:\Program Files\CAPCOM
2008-03-05 22:07:38 0 d-------- C:\Documents and Settings\Owner\Application Data\THQ
2008-03-05 22:07:32 0 d-------- C:\Program Files\THQ
2008-03-05 21:58:37 0 d-------- C:\Program Files\Doom 3
2008-02-24 19:09:43 0 d-------- C:\Program Files\Lionhead Studios
2008-02-23 04:01:31 311372 --a------ C:\WINDOWS\system32\perfh00d.dat
2008-02-23 04:01:31 57066 --a------ C:\WINDOWS\system32\perfc00d.dat
2008-02-22 17:37:57 0 d-------- C:\Program Files\Common Files\InstallShield
2008-02-22 17:17:36 0 d-------- C:\Program Files\Sierra
2008-02-21 19:01:10 0 d-------- C:\Program Files\GameSpy
2008-02-21 18:47:48 0 d-------- C:\Program Files\Electronic Arts
2008-02-21 17:05:46 0 d-------- C:\Program Files\Radical Games


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 06:14 PM]
"nwiz"="nwiz.exe" [10/04/2007 06:14 PM C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [12/15/2006 05:58 AM]
"SW24"="C:\WINDOWS\system32\sw24.exe" [12/15/2006 05:58 AM]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [12/15/2006 05:59 AM]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [09/21/2006 11:36 AM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [02/24/2006 08:29 PM]
"ipTray.exe"="C:\Program Files\Intel\IDU\iptray.exe" [09/11/2006 06:50 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 06:14 PM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 08:19 PM]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 05:49 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/10/2005 05:57 PM]
"ErrorSmart"="C:\Program Files\ErrorSmart\ErrorSmart.exe" [04/18/2008 11:47 AM]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [09/25/2007 11:10 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 12:25 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/18/2008 01:19 PM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 02:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [03/02/2006 03:00 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [07/31/2006 11:45 AM]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [06/29/2007 04:03 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [04/18/2008 12:52 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\AutoRunCD.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-20 15:45:21 ------------


HI. I HAVE DOWNLOADED winzix i thought its not a scam but its a trjoan. that caused me 2 things:

*Double click on mouse instead of single click
*advertisment pop up all time (and i have blocker)

well i tried everything blocked, high internet security, mouse settings and all, but
winzix tells my mouse to double click instead of doing single click on left mouse button.

also i have full version spyhunter,errorsmart,registry fix and avg antivirus i deleted all winzix they found but yet i have alot of ads popping up and the annoying as hell mouse problem. great thanks for helpers! :thumbsup:((

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:31 AM

Posted 30 April 2008 - 10:45 AM

Hello jaymod,

Welcome to Bleeping Computer :blink:

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:31 AM

Posted 10 May 2008 - 12:20 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users