Thread: Search Browser sending link to different location.
View Single Post
Old 01-03-2008, 03:48 AM   #3 (permalink)
yanks26
Bronze Member
 
Join Date: Aug 2005
Posts: 93
Default
I do have a firewall that is up and running and I use other anti virus programs.

MAIN:

Deckard's System Scanner v20071014.68
Run by Chad Irwin on 2008-01-02 21:44:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
106: 2008-01-03 02:44:50 UTC - RP311 - Deckard's System Scanner Restore Point
105: 2008-01-02 23:48:25 UTC - RP310 - Installed SUPERAntiSpyware Free Edition
104: 2008-01-02 19:54:32 UTC - RP309 - System Checkpoint
103: 2008-01-01 19:48:34 UTC - RP308 - System Checkpoint
102: 2007-12-31 18:35:55 UTC - RP307 - System Checkpoint


-- First Restore Point --
1: 2007-11-13 19:25:19 UTC - RP206 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Chad Irwin.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:01 PM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Chad Irwin\Desktop\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\DOCUME~1\CHADIR~1\Desktop\Chad Irwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [GW Port Controller] C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF2B65C4-3C84-4FEB-9F0F-1EFDDDA51667}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{F24C3117-2ABD-4766-AF34-5C691547E4D9}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 3962 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 WinVNC4 (VNC Server Version 4) - "c:\program files\realvnc\vnc4\winvnc4.exe" -service <Not Verified; RealVNC Ltd.; VNC Server 4.0>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: DISPLAY\NTATIVRV01\5&869B143&0&80000008&01&00
Manufacturer:
Name:
PNP Device ID: DISPLAY\NTATIVRV01\5&869B143&0&80000008&01&00
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_72461462&REV_01\3&241 1E6FE&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_72461462&REV_01\3&241 1E6FE&0&FB
Service:


-- Files created between 2007-12-02 and 2008-01-02 -----------------------------

2008-01-02 18:48:32 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-02 18:48:26 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-02 18:48:26 0 d-------- C:\Documents and Settings\Chad Irwin\Application Data\SUPERAntiSpyware.com
2008-01-02 18:05:53 0 dr-h----- C:\Documents and Settings\Chad Irwin\Recent
2007-12-30 19:16:12 0 d-------- C:\Documents and Settings\Chad Irwin\Application Data\Move Networks
2007-12-03 17:58:11 0 d-------- C:\Documents and Settings\Chad Irwin\Application Data\Creative
2007-12-03 17:55:59 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2007-12-03 17:55:39 183 --a------ C:\WINDOWS\setuplog
2007-12-03 17:54:39 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2007-12-03 17:54:39 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2007-12-03 17:54:12 0 d-------- C:\Program Files\Creative


-- Find3M Report ---------------------------------------------------------------

2008-01-02 18:48:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-02 18:03:08 0 d-------- C:\Documents and Settings\Chad Irwin\Application Data\OpenOffice.org2
2007-12-25 20:24:13 0 d-------- C:\Program Files\Realtek
2007-12-23 08:12:45 0 d-------- C:\Program Files\Finale NotePad 2007
2007-12-20 17:52:05 0 d---s---- C:\Program Files\Xfire
2007-12-19 21:16:44 0 d-------- C:\Documents and Settings\Chad Irwin\Application Data\Xfire
2007-12-13 19:12:59 0 d-------- C:\Documents and Settings\Chad Irwin\Application Data\FrostWire
2007-12-03 17:55:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-27 18:00:46 0 d-------- C:\Program Files\Real
2007-11-27 17:58:37 0 d-------- C:\Program Files\Common Files\Real
2007-11-27 17:58:32 0 d-------- C:\Program Files\Common Files
2007-11-27 17:58:25 0 d-------- C:\Documents and Settings\Chad Irwin\Application Data\Real


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SkyTel"="SkyTel.EXE" [05/16/2006 05:04 AM C:\WINDOWS\SkyTel.exe]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [07/12/2006 04:47 AM]
"GW Port Controller"="C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE" [06/03/2003 01:05 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [09/09/2007 12:10 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumpre p 0 -k" []
"RTHDCPL"="RTHDCPL.EXE" [07/21/2006 03:56 AM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 05:43 AM C:\WINDOWS\Alcmtr.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 06:23 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdgzu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chad Irwin^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\\Steam.exe -silent


[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f3428643-25af-11dc-b17d-806d6172696f}]
AutoRun\command- E:\RunGame.exe

*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL



-- End of Deckard's System Scanner: finished at 2008-01-02 21:45:25 ------------
yanks26 is offline   Reply With Quote