Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter #1
Hello, recently my web browser. On google whenever I search for something I click the link and it would take me to a website called daytotals.com, I close that and try the link again and it would take me to another website. This has been happening for the past week or 2 and I have gotten quite sick of this.
I've tried spyware searches, malware, anti-virus scans and everything. They haven't found anything, even if they do it doesn't fix up my problem.

Deckard's System Scanner v20071014.68
Run by JayJay Ciantar on 2008-01-05 21:39:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
31: 2008-01-04 23:08:05 UTC - RP68 - Installed Ad-Aware 2007
30: 2008-01-04 22:46:59 UTC - RP67 - Removed AdwareAlert
29: 2008-01-04 22:43:10 UTC - RP66 - Installed AdwareAlert
28: 2008-01-04 22:18:09 UTC - RP65 - Device Driver Package Install: Lexmark Inkjet Drivers Printers
27: 2008-01-04 22:16:18 UTC - RP64 - Device Driver Package Install: Lexmark Imaging devices


-- First Restore Point --
1: 2007-12-22 12:14:26 UTC - RP34 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as JayJay Ciantar.exe) --------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-05 21:48:05
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\StealthBot\StealthBot v2.6R3.exe
C:\Users\JayJay Ciantar\StealthBot 2\StealthBot v2.6R3.exe
C:\Windows\System32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\JayJay Ciantar\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\JayJay Ciantar.exe
C:\Windows\System32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 127.0.0.2 www.westpac.com.au
O1 - Hosts: 127.0.0.3 westpac.com.au
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [dmvod.exe] C:\Windows\system32\dmvod.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [dmvod.exe] C:\Windows\system32\dmvod.exe
O4 - HKCU\..\Run: [dmiei.tmp] C:\Windows\system32\dmiei.tmp
O4 - HKCU\..\Run: [dmhwa.tmp] C:\Windows\system32\dmhwa.tmp
O4 - HKCU\..\Run: [dmlez.tmp] C:\Windows\system32\dmlez.tmp
O4 - HKCU\..\Run: [dmeia.tmp] C:\Windows\system32\dmeia.tmp
O4 - HKCU\..\Run: [dmbri.tmp] C:\Windows\system32\dmbri.tmp
O4 - HKCU\..\Run: [dmgrf.tmp] C:\Windows\system32\dmgrf.tmp
O4 - HKCU\..\Run: [dmfgv.tmp] C:\Windows\system32\dmfgv.tmp
O4 - HKCU\..\Run: [dmmxv.tmp] C:\Windows\system32\dmmxv.tmp
O4 - HKCU\..\Run: [dmvyt.tmp] C:\Windows\system32\dmvyt.tmp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [dmghj.tmp] C:\Windows\system32\dmghj.tmp
O4 - HKCU\..\Run: [dmwxy.tmp] C:\Windows\system32\dmwxy.tmp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [dmirk.tmp] C:\Windows\system32\dmirk.tmp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: StealthBot Trivia.lnk = C:\Program Files\StealthBot\StealthBot v2.6R3.exe
O4 - Startup: StealthBot v2.6R3 - Shortcut.lnk = C:\Users\JayJay Ciantar\StealthBot 2\StealthBot v2.6R3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{9BDE0E06-F9B2-40DB-9571-349904ADF5FF}: NameServer = 10.0.0.138
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: lxbk_device - Unknown owner - C:\Windows\System32\lxbkcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\System32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


--
End of file - 8606 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>

S0 OemBiosDevice (Royalty OEM Bios Extension) - c:\windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-05 19:50:22 436 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{78AFF1AA-1C65-430A-ABD4-0BF9456AB092}.job
2008-01-05 09:44:08 514 --a------ C:\Windows\Tasks\AdwareAlert Scheduled Scan.job


-- Files created between 2007-12-05 and 2008-01-05 -----------------------------

2008-01-05 21:43:58 0 d-------- C:\Program Files\Trend Micro
2008-01-05 21:26:20 0 d-------- C:\Users\JayJay Ciantar\Documents
2008-01-05 17:03:01 0 d-------- C:\VundoFix Backups
2008-01-05 10:08:31 0 d-------- C:\Users\All Users\Lavasoft
2008-01-05 10:08:31 0 d-------- C:\Program Files\Lavasoft
2008-01-05 10:07:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 09:16:32 0 d-------- C:\Windows\LastGood
2008-01-05 09:16:03 0 d-------- C:\Program Files\Lexmark X1100 Series
2008-01-05 09:15:51 274432 --a------ C:\Windows\system32\LXBKinst.dll
2008-01-05 09:15:51 323584 --a------ C:\Windows\system32\LXBKhcp.dll <Not Verified; ; Printer Communication System>
2008-01-05 09:11:02 0 d-------- C:\drivers
2008-01-05 09:07:59 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-05 09:05:21 0 dr-h----- C:\MSOCache
2008-01-04 16:00:51 0 d-------- C:\Program Files\THQ
2008-01-04 10:46:44 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-04 10:43:06 0 d-------- C:\Program Files\Java
2008-01-04 10:43:05 0 d-------- C:\Program Files\Common Files\Java
2008-01-03 18:30:13 0 d-------- C:\Program Files\Call of Duty
2008-01-03 14:19:34 0 d-------- C:\WebServer
2008-01-02 13:37:02 106 --a------ C:\delete.bat
2008-01-01 15:21:26 0 d-------- C:\Program Files\DotA Gaming Network
2008-01-01 01:12:37 0 d-------- C:\Program Files\Winamp
2008-01-01 00:55:19 0 --a------ C:\Windows\nsreg.dat
2007-12-31 18:45:55 0 d-------- C:\Users\All Users\Grisoft
2007-12-29 00:22:33 0 d-------- C:\Users\JayJay Ciantar\StealthBot 2
2007-12-28 16:49:13 0 d-------- C:\Users\JayJay Ciantar\Shared
2007-12-28 16:49:12 0 d-------- C:\Users\JayJay Ciantar\Incomplete
2007-12-28 16:39:30 0 d-------- C:\Program Files\LimeWire
2007-12-27 22:37:04 0 d-------- C:\Program Files\StealthBot 2
2007-12-27 02:19:21 6656 -ra------ C:\Windows\system32\drivers\PortIo.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver>
2007-12-27 02:02:19 3840 --a------ C:\Windows\system32\drivers\BANTExt.sys
2007-12-27 02:02:19 0 d-------- C:\Program Files\Belarc
2007-12-26 12:08:42 0 d-------- C:\Users\All Users\Xfire
2007-12-26 12:08:41 0 d-------- C:\Program Files\Xfire
2007-12-25 18:36:35 0 d-------- C:\Program Files\Microsoft Synchronization Services
2007-12-25 18:32:05 0 d-------- C:\Program Files\Microsoft.NET
2007-12-25 18:32:04 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2007-12-25 18:32:03 0 d-------- C:\Users\All Users\Microsoft Help
2007-12-25 18:31:39 0 d-------- C:\Program Files\Microsoft SDKs
2007-12-25 17:08:29 0 d-------- C:\Program Files\Microsoft Silverlight
2007-12-25 13:44:09 0 d-------- C:\Users\All Users\DVD Shrink
2007-12-25 13:44:07 0 d-------- C:\Program Files\DVD Shrink
2007-12-24 11:52:38 1368064 --a------ C:\Windows\system32\vistaundo.exe <Not Verified; WareSoft Software; vistasmokerpro>
2007-12-24 11:52:37 119808 --a------ C:\Windows\system32\Msstdfmt.dll <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-12-24 11:52:36 0 d-------- C:\Program Files\Vista Smoker
2007-12-23 13:16:26 0 d-a------ C:\Users\All Users\TEMP
2007-12-23 13:16:25 0 d-------- C:\Fraps
2007-12-22 19:02:44 0 d-------- C:\Program Files\Google
2007-12-22 18:12:10 240128 --a------ C:\Windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
2007-12-21 22:33:43 0 d-------- C:\Program Files\Electronic Arts
2007-12-21 12:25:45 0 d-------- C:\Program Files\StickMen Screen Saver
2007-12-20 22:32:26 94208 --a------ C:\Windows\RTKAUDIOSERVICE.EXE <Not Verified; Realtek Semiconductor; Realtek Audio Service>
2007-12-20 22:32:05 0 d-------- C:\Windows\system32\RTCOM
2007-12-20 22:31:29 0 d-------- C:\Program Files\Realtek
2007-12-20 22:31:27 520192 --a------ C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-12-20 22:04:49 315392 --a------ C:\Windows\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-12-20 10:10:47 0 d-------- C:\Users\All Users\FLEXnet
2007-12-20 10:07:07 0 d-------- C:\Users\All Users\Adobe
2007-12-20 10:06:36 0 d-------- C:\Program Files\Bonjour
2007-12-20 10:00:01 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-20 09:59:07 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-20 09:51:12 0 d-------- C:\Program Files\PowerISO
2007-12-20 05:29:55 0 d-------- C:\Windows\Panther
2007-12-20 05:24:53 0 d--h----- C:\$WINDOWS.~Q
2007-12-20 05:24:50 0 d--h----- C:\$INPLACE.~TR
2007-12-20 00:56:00 0 d-------- C:\Users\JayJay Ciantar\StealthBot - Copy
2007-12-19 23:34:02 0 d-------- C:\Users\JayJay Ciantar\Neglected Fury
2007-12-19 23:33:42 0 d-------- C:\Program Files\StealthBot
2007-12-19 22:00:04 679936 --a------ C:\Windows\system32\D3DX81ab.dll <Not Verified; Generated for JEDI. www.delphi-jedi.org; D3DX81>
2007-12-19 21:57:37 0 d-------- C:\Program Files\WinPcap
2007-12-19 21:57:14 0 d-------- C:\Program Files\WC3Banlist
2007-12-19 20:57:34 0 d--hs---- C:\Windows\Installer
2007-12-19 20:57:33 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-19 20:54:35 0 d--hs---- C:\System Volume Information
2007-12-19 20:47:01 0 d-------- C:\Windows\system32\drivers\disdn
2007-12-19 20:47:01 0 d-------- C:\Windows\system32\3com_dmi
2007-12-19 20:47:01 0 d-------- C:\Windows\system32\1033
2007-12-19 20:47:01 0 d-------- C:\Windows\PeerNet
2007-12-19 20:47:01 0 d-------- C:\Windows\msapps
2007-12-19 20:47:01 0 d-------- C:\Windows\java
2007-12-19 20:47:01 0 d-------- C:\Windows\addins
2007-12-19 20:43:55 0 d-------- C:\Program Files\DAEMON Tools Pro
2007-12-19 20:41:32 685816 --a------ C:\Windows\system32\drivers\sptd.sys
2007-12-19 18:41:09 0 d-------- C:\Program Files\Empire Interactive
2007-12-19 17:03:01 0 d-------- C:\Program Files\America's Army
2007-12-19 16:38:35 0 d-------- C:\Program Files\America's Army Server Manager
2007-12-19 16:24:49 0 d-------- C:\Program Files\EA GAMES
2007-12-19 16:24:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-19 16:16:10 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-19 13:47:06 76543 --a------ C:\Windows\War3Unin.dat
2007-12-19 13:47:05 2829 --a------ C:\Windows\War3Unin.pif
2007-12-19 13:47:05 139264 --a------ C:\Windows\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2007-12-19 13:21:58 0 d-------- C:\Program Files\Warcraft III
2007-12-19 12:45:58 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-19 12:25:07 0 d-------- C:\Windows\PCHEALTH
2007-12-19 12:10:21 0 d-------- C:\Users\All Users\ashampoo
2007-12-19 12:10:16 0 d-------- C:\Program Files\Ashampoo
2007-12-19 12:08:16 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-19 12:08:05 0 d-------- C:\Program Files\Windows Live
2007-12-19 12:07:38 0 d-------- C:\Users\All Users\WLInstaller
2007-12-19 11:56:08 0 d-------- C:\Program Files\Alwil Software
2007-12-19 11:35:34 0 --a------ C:\Windows\ativpsrm.bin
2007-12-19 11:31:45 68609 --a------ C:\Windows\system32\dmvod.exe
2007-12-19 11:31:45 68609 --a------ C:\Windows\system32\dmabs.exe
2007-12-19 10:47:48 0 dr------- C:\Users\JayJay Ciantar\Searches
2007-12-19 10:47:40 0 dr------- C:\Users\JayJay Ciantar\Contacts
2007-12-19 10:38:54 22172 --a------ C:\Windows\system32\emptyregdb.dat
2007-12-19 10:34:10 0 dr------- C:\Users\JayJay Ciantar\Videos
2007-12-19 10:34:10 0 d--hs---- C:\Users\JayJay Ciantar\Templates
2007-12-19 10:34:10 0 d--hs---- C:\Users\JayJay Ciantar\Start Menu
2007-12-19 10:34:10 0 d--hs---- C:\Users\JayJay Ciantar\SendTo
2007-12-19 10:34:10 0 dr------- C:\Users\JayJay Ciantar\Saved Games
2007-12-19 10:34:10 0 d--hs---- C:\Users\JayJay Ciantar\Recent
2007-12-19 10:34:10 0 d--h----- C:\Users\JayJay Ciantar\PrintHood
2007-12-19 10:34:10 0 dr------- C:\Users\JayJay Ciantar\Pictures
2007-12-19 10:34:10 2883584 --ahs---- C:\Users\JayJay Ciantar\NTUSER.DAT
2007-12-19 10:34:10 0 d--hs---- C:\Users\JayJay Ciantar\NetHood
2007-12-19 10:34:10 0 d--hs---- C:\Users\JayJay Ciantar\My Documents
2007-12-19 10:34:10 0 dr------- C:\Users\JayJay Ciantar\Music
2007-12-19 10:34:10 0 d--h----- C:\Users\JayJay Ciantar\Local Settings
2007-12-19 10:34:10 0 dr------- C:\Users\JayJay Ciantar\Links
2007-12-19 10:34:10 0 dr------- C:\Users\JayJay Ciantar\Favorites
2007-12-19 10:34:10 0 dr------- C:\Users\JayJay Ciantar\Downloads
2007-12-19 10:34:10 0 dr------- C:\Users\JayJay Ciantar\Desktop
2007-12-19 10:34:10 0 d--hs---- C:\Users\JayJay Ciantar\Cookies
2007-12-19 10:34:10 0 d--hs---- C:\Users\JayJay Ciantar\Application Data
2007-12-19 10:34:10 0 d--h----- C:\Users\JayJay Ciantar\AppData
2007-12-19 10:32:28 0 d-------- C:\Windows\Debug
2007-12-19 10:31:02 0 d-------- C:\Windows\Prefetch
2007-12-19 10:20:37 0 d--hs---- C:\Boot
2007-12-19 10:15:03 0 d------c- C:\Windows\system32\DRVSTORE
2007-12-19 10:10:04 0 d-------- C:\Windows\SoftwareDistribution
2007-12-19 10:06:29 0 d-------- C:\Program Files\microsoft frontpage
2007-12-19 10:06:17 0 -rahs---- C:\MSDOS.SYS
2007-12-19 10:06:17 0 -rahs---- C:\IO.SYS
2007-12-19 10:05:38 0 d--hs---- C:\Users\All Users\DRM
2007-12-19 10:04:21 0 d---s---- C:\Windows\Tasks
2007-12-19 10:04:19 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-19 10:04:13 0 d-------- C:\Windows\system32\Macromed
2007-12-19 10:03:01 0 d-------- C:\Program Files\Online Services
2007-12-19 10:02:51 0 d-------- C:\Program Files\MSN Gaming Zone


-- Find3M Report ---------------------------------------------------------------

2008-01-05 10:07:48 0 d-------- C:\Program Files\Common Files
2008-01-05 09:44:21 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\AdwareAlert
2008-01-03 16:18:07 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\Adobe
2008-01-03 12:22:53 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\Xfire
2008-01-03 12:09:11 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\AdobeUM
2008-01-01 01:16:10 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\Winamp
2008-01-01 00:55:06 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\Mozilla
2007-12-31 18:46:50 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\Grisoft
2007-12-28 16:55:06 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\LimeWire
2007-12-27 02:20:07 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\InstallShield
2007-12-22 19:05:15 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\Google
2007-12-20 17:03:22 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\DMCache
2007-12-19 13:15:09 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\WinRAR
2007-12-19 12:17:24 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\Ashampoo
2007-12-19 12:14:38 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\Macromedia
2007-12-19 11:37:25 174 --ahs---- C:\Program Files\desktop.ini
2007-12-19 11:34:36 0 d-------- C:\Program Files\Windows Calendar
2007-12-19 11:34:34 0 d-------- C:\Program Files\Windows Mail
2007-12-19 11:34:32 0 d-------- C:\Program Files\Windows Defender
2007-12-19 10:35:15 0 d-------- C:\Users\JayJay Ciantar\AppData\Roaming\Identities
2007-10-23 17:06:08 585728 --a------ C:\Windows\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/12/2007 11:30 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/12/2007 12:00 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [07/08/2007 11:05 AM]
"RtHDVCpl"="RtHDVCpl.exe" [05/12/2007 11:31 AM C:\Windows\RtHDVCpl.exe]
"dmvod.exe"="C:\Windows\system32\dmvod.exe" [19/12/2007 11:31 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [21/12/2007 02:16 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"lxbkbmgr.exe"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [26/04/2007 12:02 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/11/2006 11:35 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 11:35 PM]
"dmvod.exe"="C:\Windows\system32\dmvod.exe" [19/12/2007 11:31 AM]
"dmiei.tmp"="C:\Windows\system32\dmiei.tmp" []
"dmhwa.tmp"="C:\Windows\system32\dmhwa.tmp" []
"dmlez.tmp"="C:\Windows\system32\dmlez.tmp" []
"dmeia.tmp"="C:\Windows\system32\dmeia.tmp" []
"dmbri.tmp"="C:\Windows\system32\dmbri.tmp" []
"dmgrf.tmp"="C:\Windows\system32\dmgrf.tmp" []
"dmfgv.tmp"="C:\Windows\system32\dmfgv.tmp" []
"dmmxv.tmp"="C:\Windows\system32\dmmxv.tmp" []
"dmvyt.tmp"="C:\Windows\system32\dmvyt.tmp" []
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34 AM]
"dmghj.tmp"="C:\Windows\system32\dmghj.tmp" []
"dmwxy.tmp"="C:\Windows\system32\dmwxy.tmp" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 04:46 PM]
"dmirk.tmp"="C:\Windows\system32\dmirk.tmp" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 11:36 PM]

C:\Users\JayJay Ciantar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
StealthBot Trivia.lnk - C:\Program Files\StealthBot\StealthBot v2.6R3.exe [20/12/2007 12:56:00 AM]
StealthBot v2.6R3 - Shortcut.lnk - C:\Users\JayJay Ciantar\StealthBot 2\StealthBot v2.6R3.exe [29/12/2007 12:22:33 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableStatusMessages"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoSMMyDocs"=0 (0x0)
"NoSMMyPictures"=0 (0x0)
"NoStartMenuMyMusic"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"ForceActiveDesktopOn"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoStartMenuMyGames"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoStartMenuNetworkPlaces"=0 (0x0)
"NoRun"=0 (0x0)
"NoFind"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSimpleStartMenu"=0 (0x0)
"HideClock"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoDFSTab"=0 (0x0)
"NoSecurityTab"=0 (0x0)
"NoHardwareTab"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"RestrictWelcomeCenter"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44687095-adc1-11dc-a41c-806e6f6e6963}]
AutoRun\command- D:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------


127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

7824 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-05 21:49:34 ------------
 

Attachments

·
Registered
Joined
·
4,582 Posts
Hi, sorry for the delay.

If you still need assistance, please post a fresh main.txt log
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top