 |
 |
|
|
|||||||
|
||||||||
01-02-2008, 11:07 PM
|
#1 (permalink) |
|
Bronze Member
 Join Date: Aug 2005
Posts: 90
|
Search Browser sending link to different location.
Good evening all,
I was hoping I could get some help to the problem I am having with my computer. Wen I use a search browser, ex. google, yahoo, I do a regular search and it comes up with all the choices. I then click on the link to take me to that website and it brings me somewhere else. Some other search engine thing I've never heard of before. Each time I do it it brings me to a different page, so it's not the same page that it redirects me to. When I go back and click on the link again, it goes to the actual website I was trying to get to. I have tried numerous spyware and adware programs such as adaware, spybot, regseeker, super antispyware, and ccleaner. I'm hoping someone has an answer. Here is my HJThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:02:11 PM, on 1/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\System32\alg.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Chad Irwin\Desktop\HiJackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{AF2B65C4-3C84-4FEB-9F0F-1EFDDDA51667}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{F24C3117-2ABD-4766-AF34-5C691547E4D9}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 4084 bytes Thanks. |
|
|
|
01-03-2008, 12:37 AM
|
#2 (permalink) |
|
Silver Member
 
Join Date: Jan 2008
Location: Tulsa, OK
Posts: 113
|
I don't see any antivirus of a firewall running. Do you have these turned off?
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
What DSS will do:
|
|
|
|
|
01-03-2008, 01:49 AM
|
#3 (permalink) |
|
Bronze Member
Join Date: Aug 2005
Posts: 90
|
I do have a firewall that is up and running and I use other anti virus programs.
MAIN: Deckard's System Scanner v20071014.68 Run by Chad Irwin on 2008-01-02 21:44:47 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 106: 2008-01-03 02:44:50 UTC - RP311 - Deckard's System Scanner Restore Point 105: 2008-01-02 23:48:25 UTC - RP310 - Installed SUPERAntiSpyware Free Edition 104: 2008-01-02 19:54:32 UTC - RP309 - System Checkpoint 103: 2008-01-01 19:48:34 UTC - RP308 - System Checkpoint 102: 2007-12-31 18:35:55 UTC - RP307 - System Checkpoint -- First Restore Point -- 1: 2007-11-13 19:25:19 UTC - RP206 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Chad Irwin.exe) ------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:45:01 PM, on 1/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\System32\alg.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Chad Irwin\Desktop\dss.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\DOCUME~1\CHADIR~1\Desktop\Chad Irwin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{AF2B65C4-3C84-4FEB-9F0F-1EFDDDA51667}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{F24C3117-2ABD-4766-AF34-5C691547E4D9}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 3962 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1> R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> S3 GMSIPCI - d:\install\gmsipci.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service> R2 WinVNC4 (VNC Server Version 4) - "c:\program files\realvnc\vnc4\winvnc4.exe" -service <Not Verified; RealVNC Ltd.; VNC Server 4.0> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: Description: Device ID: DISPLAY\NTATIVRV01\5&869B143&0&80000008&01&00 Manufacturer: Name: PNP Device ID: DISPLAY\NTATIVRV01\5&869B143&0&80000008&01&00 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: SM Bus Controller Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_72461462&REV_01\3&241 1E6FE&0&FB Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_72461462&REV_01\3&241 1E6FE&0&FB Service: -- Files created between 2007-12-02 and 2008-01-02 ----------------------------- 2008-01-02 18:48:32 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-01-02 18:48:26 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-01-02 18:48:26 0 d-------- C:\Documents and Settings\Chad Irwin\Application Data\SUPERAntiSpyware.com 2008-01-02 18:05:53 0 dr-h----- C:\Documents and Settings\Chad Irwin\Recent 2007-12-30 19:16:12 0 d-------- C:\Documents and Settings\Chad Irwin\Application Data\Move Networks 2007-12-03 17:58:11 0 d-------- C:\Documents and Settings\Chad Irwin\Application Data\Creative 2007-12-03 17:55:59 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System> 2007-12-03 17:55:39 183 --a------ C:\WINDOWS\setuplog 2007-12-03 17:54:39 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control> 2007-12-03 17:54:39 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access> 2007-12-03 17:54:12 0 d-------- C:\Program Files\Creative -- Find3M Report --------------------------------------------------------------- 2008-01-02 18:48:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-02 18:03:08 0 d-------- C:\Documents and Settings\Chad Irwin\Application Data\OpenOffice.org2 2007-12-25 20:24:13 0 d-------- C:\Program Files\Realtek 2007-12-23 08:12:45 0 d-------- C:\Program Files\Finale NotePad 2007 2007-12-20 17:52:05 0 d---s---- C:\Program Files\Xfire 2007-12-19 21:16:44 0 d-------- C:\Documents and Settings\Chad Irwin\Application Data\Xfire 2007-12-13 19:12:59 0 d-------- C:\Documents and Settings\Chad Irwin\Application Data\FrostWire 2007-12-03 17:55:55 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-11-27 18:00:46 0 d-------- C:\Program Files\Real 2007-11-27 17:58:37 0 d-------- C:\Program Files\Common Files\Real 2007-11-27 17:58:32 0 d-------- C:\Program Files\Common Files 2007-11-27 17:58:25 0 d-------- C:\Documents and Settings\Chad Irwin\Application Data\Real -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SkyTel"="SkyTel.EXE" [05/16/2006 05:04 AM C:\WINDOWS\SkyTel.exe] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [07/12/2006 04:47 AM] "GW Port Controller"="C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE" [06/03/2003 01:05 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [09/09/2007 12:10 PM] "KernelFaultCheck"="C:\WINDOWS\system32\dumpre p 0 -k" [] "RTHDCPL"="RTHDCPL.EXE" [07/21/2006 03:56 AM C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [05/03/2005 05:43 AM C:\WINDOWS\Alcmtr.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "System"="kdgzu.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chad Irwin^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f3428643-25af-11dc-b17d-806d6172696f}] AutoRun\command- E:\RunGame.exe *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM *Newly Created Service* - SASKUTIL -- End of Deckard's System Scanner: finished at 2008-01-02 21:45:25 ------------ |
|
|
|
|
01-03-2008, 01:49 AM
|
#4 (permalink) |
|
Bronze Member
Join Date: Aug 2005
Posts: 90
|
EXTRA:
Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz CPU 1: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz Percentage of Memory in Use: 29% Physical Memory (total/avail): 2046.42 MiB / 1438.45 MiB Pagefile Memory (total/avail): 3939.2 MiB / 3585.3 MiB Virtual Memory (total/avail): 2047.88 MiB / 1948.24 MiB C: is Fixed (NTFS) - 186.31 GiB total, 92 GiB free. D: is CDROM (No Media) E: is CDROM (CDFS) \\.\PHYSICALDRIVE0 - WDC WD2000JS-22NCB1 - 186.31 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 186.31 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire" "C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe"="C:\\Program Files\\EA SPORTS\\MVP Baseball 2005\\mvp2005.exe:*:Enabled:mvp2005" "C:\\Program Files\\Valve\\Steam\\SteamApps\\goyankeesgo27\\cou nter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\goyankeesgo27\\cou nter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"="C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe:*:Enabled:speed" "C:\\Program Files\\Call of Duty\\CoDMP.exe"="C:\\Program Files\\Call of Duty\\CoDMP.exe:*:Enabled:CoDMP" "C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s" "C:\\Program Files\\Valve\\Steam\\SteamApps\\goyankeesgo27\\hal f-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\goyankeesgo27\\hal f-life 2 deathmatch\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam" "C:\\Program Files\\Valve\\Steam\\SteamApps\\goyankeesgo27\\tea m fortress 2\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\goyankeesgo27\\tea m fortress 2\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe:*:Enabled:Crysis_32_sp_dem o" "C:\\Program Files\\Valve\\Steam\\SteamApps\\goyankeesgo27\\dar k messiah might and magic multi-player\\mm.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\goyankeesgo27\\dar k messiah might and magic multi-player\\mm.exe:*:Enabled:mm" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Chad Irwin\Application Data CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=CHAD ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Chad Irwin LOGONSERVER=\\CHAD NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\ System32\Wbem;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f06 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\CHADIR~1\LOCALS~1\Temp TMP=C:\DOCUME~1\CHADIR~1\LOCALS~1\Temp USERDOMAIN=CHAD USERNAME=Chad Irwin USERPROFILE=C:\Documents and Settings\Chad Irwin windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Chad Irwin (admin) -- Add/Remove Programs --------------------------------------------------------- --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2547E065-D92D-11D6-8586-006008CA5356}\setup.exe" -l0x9 uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{333D93A7-505C-11D6-857A-006008CA5356}\setup.exe" -l0x9 uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{501F5586-5040-11D6-857A-006008CA5356}\setup.exe" -l0x9 uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94854D4-505E-11D6-857A-006008CA5356}\setup.exe" -l0x9 uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9485541-505E-11D6-857A-006008CA5356}\setup.exe" -l0x9 uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94855AD-505E-11D6-857A-006008CA5356}\setup.exe" -l0x9 uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E226D4BA-4FAD-11D6-857A-006008CA5356}\setup.exe" -l0x9 uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware 2007 --> MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244} Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Amazing Slow Downer (remove only) --> "C:\Program Files\Roni Music\Amazing Slow Downer\uninstall.exe" ASUSDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallI NFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class  ISPLAY -cleanBand-in-a-Box 2006 Demo --> "c:\bbdemo\unins000.exe" Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly Bioshock Demo --> "c:\program files\Valve\Steam\steam.exe" steam://uninstall/7710 Call of Duty --> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033 CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Counter-Strike: Source --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/240 Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove Crysis(R) SP Demo --> MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746} Dark Messiah --> C:\Program Files\InstallShield Installation Information\{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}\setup.exe -runfromtemp -l0x0009 -removeonly Dark Messiah Might and Magic Multi-Player --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/2130 Dark Messiah Might and Magic Single Player --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/2100 Finale NotePad 2007 --> C:\Program Files\Finale NotePad 2007\uninstallNP.exe FrostWire 4.13.1.7 BETA --> C:\Program Files\FrostWire\Uninstall.exe Half-Life 2: Deathmatch --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/320 Half-Life 2: Episode One --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/380 Half-Life 2: Episode Two --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/420 Half-Life(R) 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA} High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spun inst.exe" HijackThis 2.0.2 --> "C:\Documents and Settings\Chad Irwin\Desktop\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe" Intel(R) PRO Network Connections Drivers --> Prounstl.exe J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\Setup.exe" -l0x9 -removeonly Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe" Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\I Driver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MVP Baseball 2005 --> C:\Program Files\EA SPORTS\MVP Baseball 2005\EAUninstall.exe Need for Speed™ Most Wanted --> C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe OpenOffice.org 2.2 --> MsiExec.exe /I{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2} Portal --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/400 QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328} Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Remote Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCA6A663-110C-40C6-B085-9C2469923326}\setup.exe" Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log Rome - Total War(TM) --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\ID river.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} /l1033 S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0003] --> "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe" Samsung SCX-4x16 Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D2EDE81-878F-400D-A5C3-3EC445F47750}\setup.exe" -l0x9 SCX-4x16 Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCE29E8E-4D4E-46CB-997A-3BEECFD0AED0}\setup.exe" SmarThru --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CE06390-46D0-11D6-8578-006008CA5356}\SETUP.EXE" -l0x9 uninstall -l0009 Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Team Fortress 2 --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/440 VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe VNC 4.0 --> "C:\Program Files\RealVNC\VNC4\unins000.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type1388 / Error Event Submitted/Written: 01/02/2008 06:51:19 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application SUPERAntiSpyware.exe, version 3.9.0.1008, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type1373 / Error Event Submitted/Written: 01/01/2008 01:27:38 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application jusched.exe, version 6.0.0.105, faulting module jusched.exe, version 6.0.0.105, fault address 0x00001cdb. Processing media-specific event for [jusched.exe!ws!] Event Record #/Type1369 / Error Event Submitted/Written: 12/31/2007 09:17:06 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application jusched.exe, version 6.0.0.105, faulting module jusched.exe, version 6.0.0.105, fault address 0x00001cdb. Processing media-specific event for [jusched.exe!ws!] Event Record #/Type1365 / Error Event Submitted/Written: 12/30/2007 06:29:12 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application jusched.exe, version 6.0.0.105, faulting module jusched.exe, version 6.0.0.105, fault address 0x00001cdb. Processing media-specific event for [jusched.exe!ws!] Event Record #/Type1361 / Error Event Submitted/Written: 12/30/2007 00:35:02 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application jusched.exe, version 6.0.0.105, faulting module jusched.exe, version 6.0.0.105, fault address 0x00001cdb. Processing media-specific event for [jusched.exe!ws!] -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type9508 / Warning Event Submitted/Written: 01/02/2008 06:28:08 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type9492 / Warning Event Submitted/Written: 01/02/2008 06:22:39 AM Event ID/Source: 1003 / Dhcp Event Description: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001617D82FA1. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Event Record #/Type9487 / Warning Event Submitted/Written: 01/01/2008 09:45:44 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type9461 / Warning Event Submitted/Written: 01/01/2008 01:25:08 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Event Record #/Type9441 / Warning Event Submitted/Written: 12/31/2007 07:37:20 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. -- End of Deckard's System Scanner: finished at 2008-01-02 21:45:25 ------------ Thank you. |
|
|
|
|
01-03-2008, 02:30 AM
|
#5 (permalink) |
|
Silver Member
Join Date: Jan 2008
Location: Tulsa, OK
Posts: 113
|
I don't understand "other anti virus programs". There is none running so it is unsafe.
Please download Combofix by sUBs from either here or here Important Save Combofix.exe to your your Desktop.
Do not mouseclick combofix's window while it's running. That may cause your computer to stall |
|
|
|
|
01-03-2008, 10:42 AM
|
#6 (permalink) |
|
Bronze Member
Join Date: Aug 2005
Posts: 90
|
Isn't spybot and adaware and programs like them anti virus? I use them regularly.
ComboFix 08-01-03.4 - Chad Irwin 2008-01-03 6:34:30.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1557 [GMT -5:00] Running from: C:\Documents and Settings\Chad Irwin\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\kdgzu.exe . ((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))) . 2008-01-03 06:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-02 21:44 . 2008-01-02 21:44 <DIR> d-------- C:\Deckard 2008-01-02 18:48 . 2008-01-02 18:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-01-02 18:48 . 2008-01-02 18:48 <DIR> d-------- C:\Documents and Settings\Chad Irwin\Application Data\SUPERAntiSpyware.com 2008-01-02 18:48 . 2008-01-02 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-12-30 19:16 . 2007-12-31 09:28 <DIR> d-------- C:\Documents and Settings\Chad Irwin\Application Data\Move Networks 2007-12-25 20:24 . 2005-05-03 05:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2007-12-15 17:41 . 2007-12-29 19:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-15 17:41 . 2007-12-15 17:41 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-03 17:58 . 2007-12-03 18:28 <DIR> d-------- C:\Documents and Settings\Chad Irwin\Application Data\Creative 2007-12-03 17:55 . 2000-05-22 03:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2007-12-03 17:55 . 1999-10-10 12:00 41,984 --------- C:\WINDOWS\Ctregrun.exe 2007-12-03 17:55 . 2007-12-03 17:55 183 --a------ C:\WINDOWS\setuplog 2007-12-03 17:54 . 2007-12-03 17:55 <DIR> d-------- C:\Program Files\Creative 2007-12-03 17:54 . 1999-12-12 12:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE 2007-12-03 17:54 . 1999-11-17 12:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-01-03 02:42 --------- d-----w C:\Documents and Settings\Chad Irwin\Application Data\OpenOffice.org2 2008-01-02 23:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-02 23:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-26 01:24 --------- d-----w C:\Program Files\Realtek 2007-12-23 13:12 --------- d-----w C:\Program Files\Finale NotePad 2007 2007-12-20 22:52 --------- d-s---w C:\Program Files\Xfire 2007-12-20 02:16 --------- d-----w C:\Documents and Settings\Chad Irwin\Application Data\Xfire 2007-12-14 00:12 --------- d-----w C:\Documents and Settings\Chad Irwin\Application Data\FrostWire 2007-12-03 22:55 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-27 23:00 --------- d-----w C:\Program Files\Real 2007-11-27 22:58 --------- d-----w C:\Program Files\Common Files\Real 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 05:04 2879488 C:\WINDOWS\SkyTel.exe] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-07-12 04:47 352256] "GW Port Controller"="C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE" [2003-06-03 13:05 163840] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-09-09 12:10 77824] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 03:56 16261632 C:\WINDOWS\RTHDCPL.exe] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chad Irwin^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\MSMSGS.EXE /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2003-10-31 18:42 32768 --a------ C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-03 06:38:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-01-03 6:39:47 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-03 11:39:45 . 2007-12-21 11:29:23 --- E O F --- |
|
|
|
|
01-03-2008, 10:52 AM
|
#7 (permalink) | |
|
Silver Member
Join Date: Jan 2008
Location: Tulsa, OK
Posts: 113
|
Quote:
Pick one of these. They are both good and free. I use both, on different computers. http://filehippo.com/download_avast_antivirus/ http://filehippo.com/download_avg_antivirus/ |
|
|
|
|
|
01-03-2008, 10:57 AM
|
#8 (permalink) |
|
Silver Member
Join Date: Jan 2008
Location: Tulsa, OK
Posts: 113
|
I think the combofix got it.
Do a scan with the new antivirus and post back if it found anything. Also test out your searches to see if they are still redirected. Let me know how the antivirus scan went. |
|
|
|
|
01-03-2008, 01:20 PM
|
#9 (permalink) |
|
Diamond Member
 
Join Date: Dec 2007
Location: Croatia
Age: 16
Posts: 2,932
|
And new Hijackthis log perhaps? Just in case...
__________________
Register and participate onAnti-Hackers website and help us bring the hackers down! |
|
|
|
|
01-03-2008, 09:23 PM
|
#10 (permalink) |
|
Bronze Member
Join Date: Aug 2005
Posts: 90
|
The antivirus did not find anything. It said it couldn't check a couple of the files because they were "compressions bombs" or something like that.
Well, I tried searching again and it no longer redirects me. So that's a plus. And here is a new HJThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:22:42 PM, on 1/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Chad Irwin\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{AF2B65C4-3C84-4FEB-9F0F-1EFDDDA51667}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{F24C3117-2ABD-4766-AF34-5C691547E4D9}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 4414 bytes Thanks for all your help! |
|
|
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Only works in IE7? | Bootup05 | Internet Discussion | 8 | 12-10-2006 11:01 AM |
| How to search the registry | PC Hobbyist | Operating Systems | 3 | 10-07-2006 07:38 AM |
| Web Browser "Page cannot be displayed" | Gregus | Computer Security | 3 | 08-03-2006 08:44 PM |
| Browser problems | cprhou | Internet Discussion | 3 | 09-01-2004 01:59 PM |
Linear Mode
