TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Mr Bell on October 22, 2006, 10:59:56 AM

Title: This is getting old
Post by: Mr Bell on October 22, 2006, 10:59:56 AM

Well I went out a bought a d-link fire wall yesterday. But it appears I was a day late. I ran a spybot scan and once again it showed a Zlob trojon on my system. I hit fix and it appears that it repaired the registry however I would like you to look and see if its gone.

Maybe you can explain why I am getting these. I don't download anything but updates. I am so sick of getting this same trojon. Here is my report. Please not that I remove Nortons. Reason I did because it uses to much cpu usage. And I installed AVG instead. I noticed 04 spaywarebot and 016 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab (http://\"https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab\")
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



Logfile of HijackThis v1.99.1
Scan saved at 11:45:33 AM, on 10/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\program files\valve\steam\steam.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eightballclan.branzone.com/admi...ator/index2.php (http://\"http://www.eightballclan.branzone.com/administrator/index2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.eightballclan.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab (http://\"http://download.ewido.net/ewidoOnlineScan.cab\")
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab\")
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab (http://\"https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab\")
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Title: This is getting old
Post by: guestolo on October 22, 2006, 11:04:54 AM

My guess is that Spybot's TeaTimer or Windows Defender keeps resetting those entries

Can you do the following
Download the latest version of  [color=\"red\"]SmitfraudFix[/color] (http://\"http://siri.urz.free.fr/Fix/SmitfraudFix.zip\")[/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

[color=\"#3366FF\"]Note[/color] : [color=\"#FF0000\"]process.exe[/color] [color=\"#3366FF\"]is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]

It doesn't appear that Norton's is completely removed
Can you also supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Title: This is getting old
Post by: Mr Bell on October 22, 2006, 11:30:19 AM

SmitFraudFix v2.102

Scan done at 12:25:46.25, Sun 10/22/2006
Run from C:\Documents and Settings\Randy\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Randy


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Randy\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Randy\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.7
Adobe® Photoshop® Album Starter Edition 3.0
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Explorer
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Free Edition
Belkin Gigabit Ethernet
CheckIt Diagnostics
CleanUp!
ewido anti-spyware 4.0
FileZilla (remove only)
HijackThis 1.99.1
HLSW v1.0.0.48
J2SE Runtime Environment 5.0 Update 9
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 3.0 (Symantec Corporation)
Logitech QuickCam
Logitech SetPoint
Logitech® Camera Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Text-to-Speech Engine 4.0 (English)
mIRC
Quake III Arena
QuickTime
RealPlayer
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Spybot - Search & Destroy 1.4
Steam
Symantec KB-DocID:2003093015493306
TeamSpeak 2 RC2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Ventrilo Client
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver

Title: This is getting old
Post by: guestolo on October 22, 2006, 11:43:46 AM

Do you have Windows Defender's protections disabled?
If not, can you do so now please

Afterwards, the best way to eliminate the problem for now
Can you right click on TeaTimer icon by the clock and shut it down please
Uninstall Spybot 1.4 from add/remove programs
You can reinstall it later
After it's been uninstalled

Reboot the computer

Back in Windows
I see these 2 entries in add/remove programs related to Symantec's
If you have no other programs installed by them you can remove them
LiveUpdate 3.0 (Symantec Corporation)
Symantec KB-DocID:2003093015493306

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKCU\..\Run: [spywarebot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab (http://\"http://download.ewido.net/ewidoOnlineScan.cab\")
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (http://\"http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab\")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (http://\"http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab\")
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab (http://\"https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab\")
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) -

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

I include the 016 from Ewido, you have Ewido installed
No need to have the ActiveX for online scan installed also

Reboot the computer again

Come back here and post a fresh hijackthis log
Don't reinstall Spybot 1.4 yet

Also, let me know the following
What version of Symantec's(Norton's) did you have installed?

Also, can you double click on the AVG icon by the clock to open the control panel
Select Information at the top
Select ABOUT AVG FREE
Can you let me know what Program version your running please

Title: This is getting old
Post by: Mr Bell on October 22, 2006, 12:53:48 PM

I romoved the only symantic entry I saw and spybot like you said but then you post:

 Back in Windows
Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important

Which scan, Smithfraud?

I did not tick those other entries yet because it was unclear as to what scan you wanted me to run first and it said not to fix anything yet. Underneth that part of your post it did say to remove entries and post a new log.

Title: This is getting old
Post by: guestolo on October 22, 2006, 01:00:47 PM

Woops, bad copy and paste, sorry
I edited my last instructions  /blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

I'm just getting ready to go to the movies
I'll see your results later

Title: This is getting old
Post by: Mr Bell on October 22, 2006, 01:41:39 PM

Ok I had Norton systemworks.

AVG file I have now is file version 7.1.0.406

New hyjackthis scan still contains entries O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
 O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
But will wait until you say remove them also:)

Logfile of HijackThis v1.99.1
Scan saved at 2:34:36 PM, on 10/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eightballclan.branzone.com/admi...ator/index2.php (http://\"http://www.eightballclan.branzone.com/administrator/index2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.eightballclan.com
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Title: This is getting old
Post by: guestolo on October 22, 2006, 05:36:29 PM

Quote

Ok I had Norton systemworks.

Is there a version # that comes with that?
Eg...Systemworks 2003

Did you already reinstall Spybot?
Looks as is if you have problems with your version of Sun Java also

When you have Spybot Teatimer activated, and it prompts for a change
Do you Deny everything?
It looks as if you do

Title: This is getting old
Post by: Mr Bell on October 22, 2006, 11:03:49 PM

Nortons Systemworks 2005 as I recall.

No, haven't had time to down load spybot yet. The reason I would deny stuff is because I could not read the tabs approve or deny. When I realized I was denying changes I then started hitting the other tab. But why those tabs are hardly showing is weird.

So what is wrong with my SunJava and how to fix that. You recently had me update it the last time I had Zlob.

My computer is still acting weird. But I need to go to bed now and will down load spybot when I get home from work and return here for further updates.

Title: This is getting old
Post by: guestolo on October 22, 2006, 11:14:50 PM

Don't reinstall Spybot 1.4 till we are done here please
I want to make sure it doesn't interfere with anything
I'll post back later our next steps

Title: This is getting old
Post by: Mr Bell on October 22, 2006, 11:34:43 PM

My goodness. After I posted I felt bad and down loaded it. I'll remove it tomorrow. I need some sleep. Talk to you when I get home. Hope you had a good time at the movies today.

Randy

BTW, no threats were found cause I ran a scan, lol.

Title: This is getting old
Post by: guestolo on October 22, 2006, 11:58:39 PM

Mr. Bell, I'm trying to get things cleaned up without Spybot interference
We can reinstall it after we're done here
Can you uninstall it again, reboot the computer<<ensure you do this
We'll also fix the window in Spybot after, where you can't see Allow or Deny buttons

Can we do these steps please
Let's reinstall Sun Java, without interference from Spybot
and we'll do some other fixes

==Download the latest version of  Java Runtime Environment (JRE) 5.0 Update 9 (http://\"http://java.sun.com/javase/downloads/index.jsp\")

• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  
• Click the "Download" button to the right.
  
• Check the box that says: "Accept License Agreement[/i]".
  
• The page will refresh.
• Click on the link to download Windows Offline Installation Multi-language
  

Save the file to your Desktop.
Don't install it yet

Access your Add/remove programs via Control Panel
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
eg..J2SE Runtime Environment 5.0 Update p

They should have the following icon next to it:  (http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif)
Select it and click Remove

Afterwards

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
NOTE: I'm not sure if that entry is still there, but fix it if it is

Access the following link, we should get rid of the leftovers from Symantecs
Follow the instructions in the link to remove Systemworks 2005
Use INTERNET EXPLORER please to access this link
http://service1.symantec.com/SUPPORT/nsw.n...hho&src=hot (http://\"http://service1.symantec.com/SUPPORT/nsw.nsf/docid/2005070719422107?OpenDocument&lg=en&ct=us&seg=hho&src=hot\")
Do steps 1 and 2
Your computer should reboot at least once after doing the above

Back in Windows
At this time you can install Sun Java from the installer you saved to desktop earlier
Follow the prompts
After installation you can delete the installer from desktop

AVG free edition just updated, you are going to be prompted to update it soon
They have there recommendation how to install the newest version
But I like these steps
Go to the following link
http://free.grisoft.com/freeweb.php/doc/2/ (http://\"http://free.grisoft.com/freeweb.php/doc/2/\")
Then click on the Download Free version link
At the next page
Click on the next link below
AVG Free for Windows installation files

Save the installer to your desktop, DON'T install it yet

Right click on the AVG icon by the clock and select
"Quit AVG control center"
YES to the prompt
Go to START>>RUN>>type in
services.msc
Hit OK
In the new window that opens, look on the right hand side
for the following
AVG Email Scanner
AVG7 Alert Manager
AVG7 Update Service
Double click on each and click the STOP button to stop the service if running
Exit out of there

Now, access your add/remove programs and remove
AVG Free Edition
After it's successfully removed
REBOOT the computer

Back in Windows
Double click and run the installer on the newest version of AVG free edition
Follow the prompts to install
Allow to check for updates
Up to you to run a scan and make backup disks
You can refuse those 2 if you like

BEFORE you reinstall Spybot 1.4, come back here and post a fresh hijackthis log and let me know how things are running
Also, Before you reinstall Spybot, let's see if we can deal with your CD/DVD

Title: This is getting old
Post by: Mr Bell on October 23, 2006, 06:55:39 PM

A couple error boxes popped up while I installed Java but it installed.There is still one entry left with symamtic. But here is new log:

Logfile of HijackThis v1.99.1
Scan saved at 7:52:11 PM, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eightballclan.branzone.com/admi...ator/index2.php (http://\"http://www.eightballclan.branzone.com/administrator/index2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.eightballclan.com
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Title: This is getting old
Post by: guestolo on October 23, 2006, 09:16:33 PM

Can you do the following
Go to START>>RUN>>type in
services.msc
Hit OK

In the new window look for these 2 service names
Automatic LiveUpdate Scheduler
and
Symantec Core LC

Double click on each
Click the STOP button>>In the startup type drop down box, set to DISABLED
APPLY and OK each

Are you sure you had SystemWorks 2005 installed?
Or was it 2004?

If it was 2004, can you do the following
# download and save [color=\"#0000FF\"]SymNRT.exe[/color] (http://\"ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SymNRT.exe\") to your desktop.
# Close all programs and double click on the tool.
# Follow the on-screen instructions.
# Restart the computer if asked.
# Then delete the SymNRT.exe tool from your desktop.
# Open the Program Files folder on your local disk ( normally C: )
# Find and delete the following folders (if present):

    * Norton AntiVirus
    * Norton Internet Security
    * Norton SystemWorks
    * Norton Personal Firewall

Quote

A couple error boxes popped up while I installed Java but it installed

What errors. Is Java running properly?
See if it is by visiting the following link to verify your installation
http://www.java.com/en/download/installed.jsp (http://\"http://www.java.com/en/download/installed.jsp\")

Also, can you do the following
Related to CD/DVD problems
I'm not sure if this will help, but lets' check it out
Create a .bat file for me
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as export.bat

Save this file on the desktop
 

Code: [Select]

regedit /e Export.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}"
Double click on export.bat, a text file by the name of Export.txt will be placed on desktop
Open it and copy>>paste back here the whole contents with a fresh hijackthis log

Title: This is getting old
Post by: Mr Bell on October 24, 2006, 12:13:15 AM

Here is the export.txt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"Class"="CDROM"
@="DVD/CD-ROM drives"
"EnumPropPages32"="MmSys.Cpl,MediaPropPageProvider"
"Installer32"="storprop.dll,DvdClassInstaller"
"SilentInstall"="1"
"NoInstallClass"="1"
"TroubleShooter-0"="hcp://help/tshoot/tsdrive.htm"
"Icon"="-51"
"LowerFilters"=hex(7):50,00,78,00,48,00,65,00,6c,00,70,00,32,00,30,00,00,00,00,\
  00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}000]
"EnumPropPages32"="storprop.dll,DvdPropPageProvider"
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2535.0"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}000\DigitalAudio]
"RegistryVersion"=dword:00000001
"NumberOfBuffers"=dword:00000008
"SectorsPerRead"=dword:00000010
"SectorsPerReadMask"=dword:ffffffff
"CDDASupported"=dword:00000001
"CDDAAccurate"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}001]
"EnumPropPages32"="storprop.dll,DvdPropPageProvider"
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2535.0"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}001\DigitalAudio]
"RegistryVersion"=dword:00000001
"NumberOfBuffers"=dword:00000008
"SectorsPerRead"=dword:00000010
"SectorsPerReadMask"=dword:ffffffff
"CDDASupported"=dword:00000001
"CDDAAccurate"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}002]
"EnumPropPages32"="storprop.dll,DvdPropPageProvider"
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2535.0"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}002\DigitalAudio]
"RegistryVersion"=dword:00000001
"NumberOfBuffers"=dword:00000008
"SectorsPerRead"=dword:00000010
"SectorsPerReadMask"=dword:ffffffff
"CDDASupported"=dword:00000001
"CDDAAccurate"=dword:00000001

Here is the fresh Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 1:09:16 AM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eightballclan.branzone.com/admi...ator/index2.php (http://\"http://www.eightballclan.branzone.com/administrator/index2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.eightballclan.com
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Title: This is getting old
Post by: guestolo on October 24, 2006, 12:28:47 AM

Can't you install the latest Java?
I see your back to update 6, the latest is 9 that I linked you too earlier
You don't want update 6 and update both installed, just update 9


What problems did you have installing the latest?
I haven't heard of anyone having problems with installing it yet
Can you explain please

Title: This is getting old
Post by: Mr Bell on October 24, 2006, 01:12:28 AM

I removed versions of Java JRE and Downloaded and installed from scratch.  Did installation verif and it came back confirmed.

here's new hijack report:

Logfile of HijackThis v1.99.1
Scan saved at 2:10:49 AM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eightballclan.branzone.com/admi...ator/index2.php (http://\"http://www.eightballclan.branzone.com/administrator/index2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.eightballclan.com
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Title: This is getting old
Post by: Mr Bell on October 24, 2006, 04:53:51 AM

The error that occured was probably due to using wrong browswer to down load it with.

Title: This is getting old
Post by: guestolo on October 24, 2006, 08:50:01 AM

Is this the computer that has the problems with the Cd/Dvd?
If it is, I hope you haven't reinstalled Spybot yet
If it is can you do the following
Create a new system restore point
Go to START>>Programs>>Accessories>>System Tools>>system restore
Click on "create a new restore Point"
Name it and then click "create"
Close this area after it has successfully created a new restore point

Create a .reg file for me
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

 

Code: [Select]

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"LowerFilters"=-
We'll need it in a bit

Right click on "MyComputer" icon and select Properties
Open the Hardware tab and select Device Manager
Expand(+) on DVD/CD ROM drive
Right click on each drive and choose "Uninstall"
Follow and OK the prompts, uninstall both

DO NOT reboot the computer yet, exit out of device manager

Double click on fix.reg and allow to add/merge to the registry at the prompt
Reboot the computer
Let the drives reinstall
Any help?

Title: This is getting old
Post by: rstrader on October 24, 2006, 02:27:31 PM

...

Title: This is getting old
Post by: Mr Bell on October 24, 2006, 06:26:41 PM

Yes it is that same computer that has the cd/dvd draw problems. I put those other codes in from your previos posts and now my cd-rw draw won't open lol.  

Spybot has not been installed yet.

I'll look at these new codes

Title: This is getting old
Post by: Mr Bell on October 24, 2006, 07:07:43 PM

Installed new registry key. DVD draw opens. But doesn't play movies. Cd-rw draw does not open.

New restore point made.

Title: This is getting old
Post by: guestolo on October 24, 2006, 07:20:39 PM

Can the DVD play and discs?
Also, double click on Export.bat again and post the new contents of Export.txt

What is the make and model of CD and DVD rom?

What software do you use to watch DVD's with, Did your DVD come with a disk?
Is this a retail movie DVD or a burnt copy?

Title: This is getting old
Post by: Mr Bell on October 24, 2006, 09:57:44 PM

Here is the new export.bat :

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]
"Class"="CDROM"
@="DVD/CD-ROM drives"
"EnumPropPages32"="MmSys.Cpl,MediaPropPageProvider"
"Installer32"="storprop.dll,DvdClassInstaller"
"SilentInstall"="1"
"NoInstallClass"="1"
"TroubleShooter-0"="hcp://help/tshoot/tsdrive.htm"
"Icon"="-51"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}000]
"EnumPropPages32"="storprop.dll,DvdPropPageProvider"
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2535.0"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}000\DigitalAudio]
"RegistryVersion"=dword:00000001
"NumberOfBuffers"=dword:00000008
"SectorsPerRead"=dword:00000010
"SectorsPerReadMask"=dword:ffffffff
"CDDASupported"=dword:00000001
"CDDAAccurate"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}001]
"EnumPropPages32"="storprop.dll,DvdPropPageProvider"
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2535.0"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}001\DigitalAudio]
"RegistryVersion"=dword:00000001
"NumberOfBuffers"=dword:00000008
"SectorsPerRead"=dword:00000010
"SectorsPerReadMask"=dword:ffffffff
"CDDASupported"=dword:00000001
"CDDAAccurate"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}002]
"EnumPropPages32"="storprop.dll,DvdPropPageProvider"
"InfPath"="cdrom.inf"
"InfSection"="cdrom_install"
"ProviderName"="Microsoft"
"DriverDateData"=hex:00,80,62,c5,c0,01,c1,01
"DriverDate"="7-1-2001"
"DriverVersion"="5.1.2535.0"
"MatchingDeviceId"="gencdrom"
"DriverDesc"="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}002\DigitalAudio]
"RegistryVersion"=dword:00000001
"NumberOfBuffers"=dword:00000008
"SectorsPerRead"=dword:00000010
"SectorsPerReadMask"=dword:ffffffff
"CDDASupported"=dword:00000001
"CDDAAccurate"=dword:00000001

The DVD PLAYER: IDE DVD-ROM 16X

The CD/CD-R: WSM-52Z

I used Windows Media Player to view DVD's/ listen to CD's

Nero for Burning/Copying

BTW:I used to also use Musicmatch when they worked.

Title: This is getting old
Post by: guestolo on October 24, 2006, 11:06:36 PM

Can the Dvd player play anything else besides movies
Music cd's, etc..
You never let me know that

Your DVD should of shipped with a Disk that had Decoder software with it
If it didn't

Try this free media player
VLC media player for Windows
http://www.videolan.org/vlc/ (http://\"http://www.videolan.org/vlc/\")

It should be fairly straightforward to setup

Title: This is getting old
Post by: Mr Bell on October 24, 2006, 11:37:50 PM

The movie I put in was NOT a burnt copy. Windows media center was set for my default player but nothing. Now both draws won't open. What now? Mean while I'll install VLC

Ok I rebooted and DVD draw opens. Lights flicker but it don't play NADA. Lights shine up like a christmas tree on my cd-rw draw but that sucker is locked.

Title: This is getting old
Post by: guestolo on October 25, 2006, 01:17:24 AM

I take it you can't get nothing to play in VLC?

Follow the other steps in this link
http://h10025.www1.hp.com/ewfrf/wc/documen...2#bph07146_win3 (http://\"http://h10025.www1.hp.com/ewfrf/wc/document?docname=bph07146&lc=en&cc=us&dlc=&product=61072#bph07146_win3\")

Is there a tiny hole in the front of the CD drawer you can stick something like a hairpin into with the power off and open the tray?
Look at all the suggestions on that link I gave you

Title: This is getting old
Post by: Mr Bell on October 25, 2006, 11:22:19 PM

The tiny hole failed to open draw. I'm going to have to either get new ones or take the system to the geeks.

So lets forget the cf-rw and dvd draws for now and move back to making sure my system is'nt compromised with any more zlob.

Title: This is getting old
Post by: guestolo on October 26, 2006, 06:15:56 PM

Go ahead and reinstall Spybot 1.4
After it is updated
Ensure to use the Immunization feature
Immunize>>OK>>Immunize at the top green cross

Post one last hijackthis log to ensure it's still clean

Title: This is getting old
Post by: Mr Bell on October 26, 2006, 07:27:43 PM

Ok spybot will be installed tomorrow. Thanks a lot for you help. Once again you were very helpfull. Here is latest report. I think it looks good.

Logfile of HijackThis v1.99.1
Scan saved at 8:23:44 PM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eightballclan.branzone.com/admi...ator/index2.php (http://\"http://www.eightballclan.branzone.com/administrator/index2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.eightballclan.com
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Title: This is getting old
Post by: guestolo on October 26, 2006, 07:28:30 PM

Yup, looks good

Title: This is getting old
Post by: Mr Bell on October 28, 2006, 07:28:14 AM

No not really. Its Saturday morning and I just ran an adware scan. There is a download trojan on it: Here is the log of that scan:

Logfile Created on:Saturday, October 28, 2006 8:11:09 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R129 26.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):20 total references
Tracking Cookie(TAC index:3):5 total references
Win32.Trojan.Downloader(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


10-28-2006 8:11:09 AM - Scan started. (Full System Scan)

 MRU List Object Recognized!
    Location:          : C:\Documents and Settings\Randy\recent
    Description        : list of recently opened documents


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct3d


 MRU List Object Recognized!
    Location:          : software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct3d


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct X


 MRU List Object Recognized!
    Location:          : software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct X


 MRU List Object Recognized!
    Location:          : software\microsoft\directdraw\mostrecentapplication
    Description        : most recent application to use microsoft directdraw


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\directinput\mostrecentapplication
    Description        : most recent application to use microsoft directinput


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\directinput\mostrecentapplication
    Description        : most recent application to use microsoft directinput


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\internet explorer
    Description        : last download directory used in microsoft internet explorer


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\internet explorer\typedurls
    Description        : list of recently entered addresses in microsoft internet explorer


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\mediaplayer\preferences
    Description        : last playlist index loaded in microsoft windows media player


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\mediaplayer\preferences
    Description        : last playlist loaded in microsoft windows media player


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\microsoft management console\recent file list
    Description        : list of recent snap-ins used in the microsoft management console


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\search assistant\acmru
    Description        : list of recent search terms used with the search assistant


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description        : list of recent programs opened


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description        : list of recently saved files, stored according to file extension


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs
    Description        : list of recent documents opened


 MRU List Object Recognized!
    Location:          : .DEFAULT\software\microsoft\windows media\wmsdk\general
    Description        : windows media sdk


 MRU List Object Recognized!
    Location:          : S-1-5-18\software\microsoft\windows media\wmsdk\general
    Description        : windows media sdk


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\windows media\wmsdk\general
    Description        : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
    FilePath           : \SystemRoot\System32\
    ProcessID          : 672
    ThreadCreationTime : 10-28-2006 8:53:21 AM
    BasePriority       : Normal


#:2 [csrss.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 744
    ThreadCreationTime : 10-28-2006 8:53:26 AM
    BasePriority       : Normal


#:3 [winlogon.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 772
    ThreadCreationTime : 10-28-2006 8:53:30 AM
    BasePriority       : High


#:4 [services.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 816
    ThreadCreationTime : 10-28-2006 8:53:34 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Services and Controller app
    InternalName       : services.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : services.exe

#:5 [lsass.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 828
    ThreadCreationTime : 10-28-2006 8:53:34 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Shell (Export Version)
    InternalName       : lsass.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : lsass.exe

#:6 [ati2evxx.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 996
    ThreadCreationTime : 10-28-2006 8:53:38 AM
    BasePriority       : Normal
    FileVersion        : 6.14.10.4142
    ProductVersion     : 6.14.10.4142
    ProductName        : ATI External Event Utility for Windows
    CompanyName        : ATI Technologies Inc.
    FileDescription    : ATI External Event Utility EXE Module
    InternalName       : ATI2EVXX.EXE
    LegalCopyright     : Copyright © 1999-2006 ATI Technologies Inc.
    OriginalFilename   : ATI2EVXX.EXE

#:7 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1016
    ThreadCreationTime : 10-28-2006 8:53:38 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:8 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1100
    ThreadCreationTime : 10-28-2006 8:53:40 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:9 [msmpeng.exe]
    FilePath           : C:\Program Files\Windows Defender\
    ProcessID          : 1260
    ThreadCreationTime : 10-28-2006 8:53:41 AM
    BasePriority       : Normal
    FileVersion        : 1.1.1347.0
    ProductVersion     : 1.1.1347.0
    ProductName        : Windows Defender
    CompanyName        : Microsoft Corporation
    FileDescription    : Service Executable
    InternalName       : MsMpEng.exe
    LegalCopyright     : © Microsoft Corporation.  All rights reserved.
    OriginalFilename   : MsMpEng.exe

#:10 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1300
    ThreadCreationTime : 10-28-2006 8:53:42 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:11 [ati2evxx.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1428
    ThreadCreationTime : 10-28-2006 8:53:42 AM
    BasePriority       : Normal
    FileVersion        : 6.14.10.4142
    ProductVersion     : 6.14.10.4142
    ProductName        : ATI External Event Utility for Windows
    CompanyName        : ATI Technologies Inc.
    FileDescription    : ATI External Event Utility EXE Module
    InternalName       : ATI2EVXX.EXE
    LegalCopyright     : Copyright © 1999-2006 ATI Technologies Inc.
    OriginalFilename   : ATI2EVXX.EXE

#:12 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1520
    ThreadCreationTime : 10-28-2006 8:53:42 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:13 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1684
    ThreadCreationTime : 10-28-2006 8:53:43 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:14 [spoolsv.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1920
    ThreadCreationTime : 10-28-2006 8:53:49 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion     : 5.1.2600.2696
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Spooler SubSystem App
    InternalName       : spoolsv.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : spoolsv.exe

#:15 [aolacsd.exe]
    FilePath           : C:\Program Files\Common Files\AOL\ACS\
    ProcessID          : 152
    ThreadCreationTime : 10-28-2006 8:53:52 AM
    BasePriority       : Normal
    FileVersion        : 4.0.0.0
    ProductVersion     : 4.0.0.0
    ProductName        : AOL Connectivity Service
    CompanyName        : America Online
    FileDescription    : AOL Connectivity Service
    InternalName       : AOLacsd
    LegalCopyright     : Copyright © 2004-2005 America Online
    OriginalFilename   : AOLacsd.exe

#:16 [aoltsmon.exe]
    FilePath           : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
    ProcessID          : 160
    ThreadCreationTime : 10-28-2006 8:53:53 AM
    BasePriority       : Normal
    FileVersion        : 2, 0, 0, 0
    ProductVersion     : 2, 0, 0, 0
    ProductName        : AOL TopSpeed(tm) Monitor
    CompanyName        : America Online, Inc
    FileDescription    : AOL TopSpeed(tm) Monitor
    InternalName       : AOL TopSpeed(tm) Monitor
    LegalCopyright     : Copyright © 2004 America Online, Inc.
    OriginalFilename   : aoltsmon.exe

#:17 [aoltpspd.exe]
    FilePath           : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
    ProcessID          : 196
    ThreadCreationTime : 10-28-2006 8:53:53 AM
    BasePriority       : Normal
    FileVersion        : 2, 0, 0, 0
    ProductVersion     : 2, 0, 0, 0
    ProductName        : AOL TopSpeed(tm)
    CompanyName        : America Online Inc
    FileDescription    : AOL TopSpeed(tm)
    InternalName       : AOL TopSpeed(tm) Loader
    LegalCopyright     : Copyright © 2003-2004
    LegalTrademarks    : AOL TopSpeed(tm)
    OriginalFilename   : aoltpspd.exe

#:18 [avgamsvr.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 208
    ThreadCreationTime : 10-28-2006 8:53:56 AM
    BasePriority       : Normal
    FileVersion        : 7.5.0.420
    ProductVersion     : 7.5.0.420
    ProductName        : AVG 7.5 Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Alert Manager
    InternalName       : avgamsvr
    LegalCopyright     : Copyright © 2006 GRISOFT, s.r.o.
    OriginalFilename   : avgamsvr.EXE

#:19 [avgupsvc.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 272
    ThreadCreationTime : 10-28-2006 8:53:58 AM
    BasePriority       : Normal
    FileVersion        : 7.5.0.420
    ProductVersion     : 7.5.0.420
    ProductName        : AVG 7.5 Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Update Service
    InternalName       : avgupsvc
    LegalCopyright     : Copyright © 2006 GRISOFT, s.r.o.
    OriginalFilename   : avgupdsvc.EXE

#:20 [avgemc.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 292
    ThreadCreationTime : 10-28-2006 8:53:58 AM
    BasePriority       : Normal
    FileVersion        : 7.5.0.423
    ProductVersion     : 7.5.0.423
    ProductName        : AVG Anti-Virus system
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG E-Mail Scanner
    InternalName       : avgemc
    LegalCopyright     : Copyright © 2006 GRISOFT, s.r.o.
    OriginalFilename   : avgemc.exe

#:21 [guard.exe]
    FilePath           : C:\Program Files\ewido anti-spyware 4.0\
    ProcessID          : 320
    ThreadCreationTime : 10-28-2006 8:53:58 AM
    BasePriority       : Normal
    FileVersion        : 4, 0, 0, 172
    ProductVersion     : 4, 0, 0, 172
    ProductName        : ewido anti-spyware
    CompanyName        : Anti-Malware Development a.s.
    FileDescription    : ewido anti-spyware guard
    InternalName       : ewido anti-spywareguard
    LegalCopyright     : Copyright © 2005 Anti-Malware Development a.s.
    OriginalFilename   : guard.exe

#:22 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 412
    ThreadCreationTime : 10-28-2006 8:53:59 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:23 [wdfmgr.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 428
    ThreadCreationTime : 10-28-2006 8:54:00 AM
    BasePriority       : Normal
    FileVersion        : 5.2.3790.1230 built by: dnsrv(bld4act)
    ProductVersion     : 5.2.3790.1230
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows User Mode Driver Manager
    InternalName       : WdfMgr
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : WdfMgr.exe

#:24 [wanmpsvc.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 460
    ThreadCreationTime : 10-28-2006 8:54:00 AM
    BasePriority       : Normal
    FileVersion        : 9, 0, 0, 0
    ProductVersion     : 9, 0, 0, 0
    ProductName        : America Online
    CompanyName        : America Online, Inc.
    FileDescription    : Wan Miniport (ATW) Service
    InternalName       : WanMPSvc
    LegalCopyright     : Copyright © 2001 America Online, Inc.
    OriginalFilename   : WanMPSvc.exe

#:25 [alg.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1356
    ThreadCreationTime : 10-28-2006 8:54:06 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Application Layer Gateway Service
    InternalName       : ALG.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : ALG.exe

#:26 [explorer.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 1744
    ThreadCreationTime : 10-28-2006 11:08:37 AM
    BasePriority       : Normal
    FileVersion        : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 6.00.2900.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Explorer
    InternalName       : explorer
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : EXPLORER.EXE

#:27 [cli.exe]
    FilePath           : C:\Program Files\ATI Technologies\ATI.ACE\
    ProcessID          : 380
    ThreadCreationTime : 10-28-2006 11:08:42 AM
    BasePriority       : Normal


#:28 [jusched.exe]
    FilePath           : C:\Program Files\Java\jre1.5.0_09\bin\
    ProcessID          : 1984
    ThreadCreationTime : 10-28-2006 11:08:42 AM
    BasePriority       : Normal


#:29 [steam.exe]
    FilePath           : C:\program files\valve\steam\
    ProcessID          : 532
    ThreadCreationTime : 10-28-2006 11:08:43 AM
    BasePriority       : Normal
    FileVersion        : 1.0.0.0
    ProductVersion     : 1.0.0.0
    ProductName        : Steam
    CompanyName        : Valve Corporation
    FileDescription    : Steam
    LegalCopyright     : © Copyright 2000-2003 Valve Corporation All rights reserved.
    OriginalFilename   : Steam.exe

#:30 [ventrilo.exe]
    FilePath           : C:\Program Files\Ventrilo\
    ProcessID          : 2864
    ThreadCreationTime : 10-28-2006 11:09:33 AM
    BasePriority       : Normal
    FileVersion        : 2, 3, 0, 0
    ProductVersion     : 2, 3, 0, 0
    ProductName        : Ventrilo Application
    FileDescription    : Ventrilo by Flagship Industries, Inc.
    InternalName       : Ventrilo
    LegalCopyright     : Copyright © 1999-2005 Flagship Industries, Inc.
    LegalTrademarks    : Ventrilo
    OriginalFilename   : Ventrilo.EXE

#:31 [cli.exe]
    FilePath           : C:\Program Files\ATI Technologies\ATI.ACE\
    ProcessID          : 3404
    ThreadCreationTime : 10-28-2006 11:09:50 AM
    BasePriority       : Normal


#:32 [wEmail Removedexe]
    FilePath           : C:\Program Files\America Online 9.0\
    ProcessID          : 2468
    ThreadCreationTime : 10-28-2006 11:29:00 AM
    BasePriority       : Idle


#:33 [shellmon.exe]
    FilePath           : C:\Program Files\America Online 9.0\
    ProcessID          : 2580
    ThreadCreationTime : 10-28-2006 11:29:05 AM
    BasePriority       : Idle


#:34 [ad-aware.exe]
    FilePath           : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID          : 3312
    ThreadCreationTime : 10-28-2006 12:10:16 PM
    BasePriority       : Normal
    FileVersion        : 6.2.0.236
    ProductVersion     : SE 106
    ProductName        : Lavasoft Ad-Aware SE
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-Aware SE Core application
    InternalName       : Ad-Aware.exe
    LegalCopyright     : Copyright © Lavasoft AB Sweden
    OriginalFilename   : Ad-Aware.exe
    Comments           : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 Win32.Trojan.Downloader Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 10
    Category           : Malware
    Comment            :
    Rootkey            : HKEY_USERS
    Object             : S-1-5-19\software\classes\software\microsoft\internet explorer\toolbar

 Win32.Trojan.Downloader Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 10
    Category           : Malware
    Comment            :
    Rootkey            : HKEY_USERS
    Object             : S-1-5-20\software\classes\software\microsoft\internet explorer\toolbar

 Win32.Trojan.Downloader Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 10
    Category           : Malware
    Comment            :
    Rootkey            : HKEY_USERS
    Object             : S-1-5-21-527237240-2139871995-839522115-1004\software\classes\software\microsoft\internet explorer\toolbar

 Win32.Trojan.Downloader Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 10
    Category           : Malware
    Comment            :
    Rootkey            : HKEY_CLASSES_ROOT
    Object             : software\microsoft\internet explorer\toolbar

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 24


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : randy@tribalfusion[1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            : Hits:5
    Value              : Cookie:[email protected]/
    Expires            : 11-3-2006 5:42:08 AM
    LastSync           : Hits:5
    UseCount           : 0
    Hits               : 5

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : randy@overture[1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            : Hits:1
    Value              : Cookie:[email protected]/
    Expires            : 10-24-2016 5:40:28 AM
    LastSync           : Hits:1
    UseCount           : 0
    Hits               : 1

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : randy@tripod[1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            : Hits:1
    Value              : Cookie:[email protected]/
    Expires            : 10-26-2007 9:01:28 PM
    LastSync           : Hits:1
    UseCount           : 0
    Hits               : 1

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : randy@serving-sys[1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            : Hits:5
    Value              : Cookie:[email protected]/
    Expires            : 12-31-2037 6:00:00 PM
    LastSync           : Hits:5
    UseCount           : 0
    Hits               : 5

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : randy@2o7[1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            : Hits:8
    Value              : Cookie:[email protected]/
    Expires            : 10-27-2011 7:28:14 AM
    LastSync           : Hits:8
    UseCount           : 0
    Hits               : 8

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 29



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 29


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 29




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 Win32.Trojan.Downloader Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 10
    Category           : Malware
    Comment            :
    Rootkey            : HKEY_CURRENT_USER
    Object             : software\microsoft\windows\currentversion\policies\activedesktop

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 30

8:18:29 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:20.469
Objects scanned:134216
Objects identified:10
Objects ignored:0
New critical objects:10


AND HERE IS A NEW HYJACKTHIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 8:26:22 AM, on 10/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eightballclan.branzone.com/admi...ator/index2.php (http://\"http://www.eightballclan.branzone.com/administrator/index2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.eightballclan.com
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Title: This is getting old
Post by: Mr Bell on October 28, 2006, 10:42:11 AM

bump

Title: This is getting old
Post by: Mr Bell on October 28, 2006, 05:14:15 PM

bump

Title: This is getting old
Post by: guestolo on October 28, 2006, 05:28:27 PM

Ensure you have rebooted since cleaning with Ad-Aware
Run a fresh scan with Ad-Aware
Besides MRU list and cookies

Is Ad-Aware finding anything Critical?

Are you using the Immunzation featute in Spybot 1.4
I know I recommended that you install SpywareBlaster 3.5.1 before
You didn't want to install it I guess

Title: This is getting old
Post by: Mr Bell on October 28, 2006, 10:18:00 PM

I will dl spyblster right now.

This is my results of the Adware smart scan only:

Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, October 28, 2006 11:08:18 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R129 26.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):1 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


10-28-2006 11:08:18 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
    FilePath           : \SystemRoot\System32\
    ProcessID          : 668
    ThreadCreationTime : 10-29-2006 2:31:33 AM
    BasePriority       : Normal


#:2 [csrss.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 736
    ThreadCreationTime : 10-29-2006 2:31:34 AM
    BasePriority       : Normal


#:3 [winlogon.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 772
    ThreadCreationTime : 10-29-2006 2:31:39 AM
    BasePriority       : High


#:4 [services.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 816
    ThreadCreationTime : 10-29-2006 2:31:39 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Services and Controller app
    InternalName       : services.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : services.exe

#:5 [lsass.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 828
    ThreadCreationTime : 10-29-2006 2:31:39 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Shell (Export Version)
    InternalName       : lsass.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : lsass.exe

#:6 [ati2evxx.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1000
    ThreadCreationTime : 10-29-2006 2:31:40 AM
    BasePriority       : Normal
    FileVersion        : 6.14.10.4142
    ProductVersion     : 6.14.10.4142
    ProductName        : ATI External Event Utility for Windows
    CompanyName        : ATI Technologies Inc.
    FileDescription    : ATI External Event Utility EXE Module
    InternalName       : ATI2EVXX.EXE
    LegalCopyright     : Copyright © 1999-2006 ATI Technologies Inc.
    OriginalFilename   : ATI2EVXX.EXE

#:7 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1020
    ThreadCreationTime : 10-29-2006 2:31:40 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:8 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1068
    ThreadCreationTime : 10-29-2006 2:31:40 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:9 [msmpeng.exe]
    FilePath           : C:\Program Files\Windows Defender\
    ProcessID          : 1228
    ThreadCreationTime : 10-29-2006 2:31:41 AM
    BasePriority       : Normal
    FileVersion        : 1.1.1347.0
    ProductVersion     : 1.1.1347.0
    ProductName        : Windows Defender
    CompanyName        : Microsoft Corporation
    FileDescription    : Service Executable
    InternalName       : MsMpEng.exe
    LegalCopyright     : © Microsoft Corporation.  All rights reserved.
    OriginalFilename   : MsMpEng.exe

#:10 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1268
    ThreadCreationTime : 10-29-2006 2:31:41 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:11 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1340
    ThreadCreationTime : 10-29-2006 2:31:41 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:12 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1536
    ThreadCreationTime : 10-29-2006 2:31:41 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:13 [ati2evxx.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1580
    ThreadCreationTime : 10-29-2006 2:31:41 AM
    BasePriority       : Normal
    FileVersion        : 6.14.10.4142
    ProductVersion     : 6.14.10.4142
    ProductName        : ATI External Event Utility for Windows
    CompanyName        : ATI Technologies Inc.
    FileDescription    : ATI External Event Utility EXE Module
    InternalName       : ATI2EVXX.EXE
    LegalCopyright     : Copyright © 1999-2006 ATI Technologies Inc.
    OriginalFilename   : ATI2EVXX.EXE

#:14 [spoolsv.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1844
    ThreadCreationTime : 10-29-2006 2:31:42 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion     : 5.1.2600.2696
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Spooler SubSystem App
    InternalName       : spoolsv.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : spoolsv.exe

#:15 [aolacsd.exe]
    FilePath           : C:\Program Files\Common Files\AOL\ACS\
    ProcessID          : 148
    ThreadCreationTime : 10-29-2006 2:31:51 AM
    BasePriority       : Normal
    FileVersion        : 4.0.0.0
    ProductVersion     : 4.0.0.0
    ProductName        : AOL Connectivity Service
    CompanyName        : America Online
    FileDescription    : AOL Connectivity Service
    InternalName       : AOLacsd
    LegalCopyright     : Copyright © 2004-2005 America Online
    OriginalFilename   : AOLacsd.exe

#:16 [aoltsmon.exe]
    FilePath           : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
    ProcessID          : 140
    ThreadCreationTime : 10-29-2006 2:31:51 AM
    BasePriority       : Normal
    FileVersion        : 2, 0, 0, 0
    ProductVersion     : 2, 0, 0, 0
    ProductName        : AOL TopSpeed(tm) Monitor
    CompanyName        : America Online, Inc
    FileDescription    : AOL TopSpeed(tm) Monitor
    InternalName       : AOL TopSpeed(tm) Monitor
    LegalCopyright     : Copyright © 2004 America Online, Inc.
    OriginalFilename   : aoltsmon.exe

#:17 [avgamsvr.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 180
    ThreadCreationTime : 10-29-2006 2:31:52 AM
    BasePriority       : Normal
    FileVersion        : 7.5.0.420
    ProductVersion     : 7.5.0.420
    ProductName        : AVG 7.5 Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Alert Manager
    InternalName       : avgamsvr
    LegalCopyright     : Copyright © 2006 GRISOFT, s.r.o.
    OriginalFilename   : avgamsvr.EXE

#:18 [avgupsvc.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 208
    ThreadCreationTime : 10-29-2006 2:31:54 AM
    BasePriority       : Normal
    FileVersion        : 7.5.0.420
    ProductVersion     : 7.5.0.420
    ProductName        : AVG 7.5 Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Update Service
    InternalName       : avgupsvc
    LegalCopyright     : Copyright © 2006 GRISOFT, s.r.o.
    OriginalFilename   : avgupdsvc.EXE

#:19 [aoltpspd.exe]
    FilePath           : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
    ProcessID          : 212
    ThreadCreationTime : 10-29-2006 2:31:54 AM
    BasePriority       : Normal
    FileVersion        : 2, 0, 0, 0
    ProductVersion     : 2, 0, 0, 0
    ProductName        : AOL TopSpeed(tm)
    CompanyName        : America Online Inc
    FileDescription    : AOL TopSpeed(tm)
    InternalName       : AOL TopSpeed(tm) Loader
    LegalCopyright     : Copyright © 2003-2004
    LegalTrademarks    : AOL TopSpeed(tm)
    OriginalFilename   : aoltpspd.exe

#:20 [avgemc.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 260
    ThreadCreationTime : 10-29-2006 2:31:54 AM
    BasePriority       : Normal
    FileVersion        : 7.5.0.423
    ProductVersion     : 7.5.0.423
    ProductName        : AVG Anti-Virus system
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG E-Mail Scanner
    InternalName       : avgemc
    LegalCopyright     : Copyright © 2006 GRISOFT, s.r.o.
    OriginalFilename   : avgemc.exe

#:21 [guard.exe]
    FilePath           : C:\Program Files\ewido anti-spyware 4.0\
    ProcessID          : 304
    ThreadCreationTime : 10-29-2006 2:31:54 AM
    BasePriority       : Normal
    FileVersion        : 4, 0, 0, 172
    ProductVersion     : 4, 0, 0, 172
    ProductName        : ewido anti-spyware
    CompanyName        : Anti-Malware Development a.s.
    FileDescription    : ewido anti-spyware guard
    InternalName       : ewido anti-spywareguard
    LegalCopyright     : Copyright © 2005 Anti-Malware Development a.s.
    OriginalFilename   : guard.exe

#:22 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 484
    ThreadCreationTime : 10-29-2006 2:31:55 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:23 [wdfmgr.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 584
    ThreadCreationTime : 10-29-2006 2:31:55 AM
    BasePriority       : Normal
    FileVersion        : 5.2.3790.1230 built by: dnsrv(bld4act)
    ProductVersion     : 5.2.3790.1230
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows User Mode Driver Manager
    InternalName       : WdfMgr
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : WdfMgr.exe

#:24 [wanmpsvc.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 596
    ThreadCreationTime : 10-29-2006 2:31:55 AM
    BasePriority       : Normal
    FileVersion        : 9, 0, 0, 0
    ProductVersion     : 9, 0, 0, 0
    ProductName        : America Online
    CompanyName        : America Online, Inc.
    FileDescription    : Wan Miniport (ATW) Service
    InternalName       : WanMPSvc
    LegalCopyright     : Copyright © 2001 America Online, Inc.
    OriginalFilename   : WanMPSvc.exe

#:25 [alg.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1404
    ThreadCreationTime : 10-29-2006 2:31:56 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Application Layer Gateway Service
    InternalName       : ALG.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : ALG.exe

#:26 [explorer.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 1532
    ThreadCreationTime : 10-29-2006 3:04:45 AM
    BasePriority       : Normal
    FileVersion        : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 6.00.2900.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Explorer
    InternalName       : explorer
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : EXPLORER.EXE

#:27 [msascui.exe]
    FilePath           : C:\Program Files\Windows Defender\
    ProcessID          : 1780
    ThreadCreationTime : 10-29-2006 3:04:49 AM
    BasePriority       : Normal
    FileVersion        : 1.1.1347.0
    ProductVersion     : 1.1.1347.0
    ProductName        : Windows Defender
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Defender User Interface
    InternalName       : MSASCUI
    LegalCopyright     : © Microsoft Corporation.  All rights reserved.
    OriginalFilename   : MSASCUI.exe

#:28 [teatimer.exe]
    FilePath           : C:\Program Files\Spybot - Search & Destroy\
    ProcessID          : 1336
    ThreadCreationTime : 10-29-2006 3:04:50 AM
    BasePriority       : Idle
    FileVersion        : 1, 4, 0, 2
    ProductVersion     : 1, 4, 0, 3
    ProductName        : Spybot - Search & Destroy
    CompanyName        : Safer Networking Limited
    FileDescription    : System settings protector
    InternalName       : TeaTimer
    LegalCopyright     : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
    LegalTrademarks    : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
    OriginalFilename   : TeaTimer.exe
    Comments           : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:29 [wEmail Removedexe]
    FilePath           : C:\Program Files\America Online 9.0\
    ProcessID          : 1696
    ThreadCreationTime : 10-29-2006 3:04:52 AM
    BasePriority       : Idle


#:30 [shellmon.exe]
    FilePath           : C:\Program Files\America Online 9.0\
    ProcessID          : 2228
    ThreadCreationTime : 10-29-2006 3:05:09 AM
    BasePriority       : Normal


#:31 [ad-aware.exe]
    FilePath           : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID          : 2740
    ThreadCreationTime : 10-29-2006 3:05:44 AM
    BasePriority       : Normal
    FileVersion        : 6.2.0.236
    ProductVersion     : SE 106
    ProductName        : Lavasoft Ad-Aware SE
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-Aware SE Core application
    InternalName       : Ad-Aware.exe
    LegalCopyright     : Copyright © Lavasoft AB Sweden
    OriginalFilename   : Ad-Aware.exe
    Comments           : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : randy@2o7[2].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            :
    Value              : C:\Documents and Settings\Randy\Cookies\randy@2o7[2].txt

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : [email protected][1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            :
    Value              : C:\Documents and Settings\Randy\Cookies\[email protected][1].txt

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : randy@overture[1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            :
    Value              : C:\Documents and Settings\Randy\Cookies\randy@overture[1].txt

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : randy@serving-sys[1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            :
    Value              : C:\Documents and Settings\Randy\Cookies\randy@serving-sys[1].txt

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : randy@tripod[1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            :
    Value              : C:\Documents and Settings\Randy\Cookies\randy@tripod[1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Disk Scan Result for C:\DOCUME~1\Randy\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 5



 MRU List Object Recognized!
    Location:          : software\microsoft\directdraw\mostrecentapplication
    Description        : most recent application to use microsoft directdraw



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6

11:09:13 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:54.296
Objects scanned:86054
Objects identified:5
Objects ignored:0
New critical objects:5

Title: This is getting old
Post by: Mr Bell on October 29, 2006, 12:30:52 AM

HERE IS A SCAN ONLY HJT LOG: WHAT IS REAL.COM ALL ABOUT?

Logfile of HijackThis v1.99.1
Scan saved at 1:27:35 AM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com (http://\"http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eightballclan.branzone.com/admi...ator/index2.php (http://\"http://www.eightballclan.branzone.com/administrator/index2.php\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\Email RemovedEXE" -b
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.eightballclan.com
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Title: This is getting old
Post by: guestolo on October 29, 2006, 01:38:53 AM

Ad-aware didn't find nothing but cookies this time

I use SpywareBlaster
I was hoping you would too
Here's the instructions again

*Install  SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")  

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Quote

WHAT IS REAL.COM ALL ABOUT?

It's related to RealPlayer, which you have installed

To fix the issue with ALLOW>>DENY buttons in TeaTimer
1) Download this file
http://murdo.digitalicedesigns.com/S&D14GUIPatch.zip (http://\"http://murdo.digitalicedesigns.com/S&D14GUIPatch.zip\") and save to desktop

2) Extract the contents to your SpyBot S&D folder
C:\Program Files\Spybot - Search & Destroy <-this folder

3) Close "Spybot-SD Resident" from your systray by:
"RIGHT CLICK" > "Exit Spybot-SD Resident"

4) Execute "S&D14 GUI PATCH.exe" from within your SpyBot folder

Press the "Start" button
OK the prompt

You can restart TeaTimer by double clicking on TeaTimer.exe in the Spybot folder

Title: This is getting old
Post by: Mr Bell on October 29, 2006, 08:09:47 AM

I already down loaded Spyblaster like you reccomended.

Patch is installed for Spybot S&D as well.

I'm going to run a bunch of scans this morning and hope all is well.

I will be kicking in another donation as soon as I leave the site. Thanks for your fast responces and help.

Title: This is getting old
Post by: Mr Bell on October 29, 2006, 09:26:49 AM

Ok. Spybot found no threats.

However Ad-Aware SE found this. What is Data miner and why am I getting these threats continually.
I have Spyblaster. Doesn't this program run automaticlly in background?

Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, October 29, 2006 9:09:05 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R129 26.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):15 total references
Tracking Cookie(TAC index:3):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


10-29-2006 9:09:05 AM - Scan started. (Full System Scan)

 MRU List Object Recognized!
    Location:          : C:\Documents and Settings\Randy\recent
    Description        : list of recently opened documents


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct3d


 MRU List Object Recognized!
    Location:          : software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct3d


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct X


 MRU List Object Recognized!
    Location:          : software\microsoft\direct3d\mostrecentapplication
    Description        : most recent application to use microsoft direct X


 MRU List Object Recognized!
    Location:          : software\microsoft\directdraw\mostrecentapplication
    Description        : most recent application to use microsoft directdraw


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\directinput\mostrecentapplication
    Description        : most recent application to use microsoft directinput


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\directinput\mostrecentapplication
    Description        : most recent application to use microsoft directinput


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\internet explorer
    Description        : last download directory used in microsoft internet explorer


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\internet explorer\typedurls
    Description        : list of recently entered addresses in microsoft internet explorer


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
    Description        : list of recent programs opened


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
    Description        : list of recently saved files, stored according to file extension


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs
    Description        : list of recent documents opened


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\windows\currentversion\explorer\runmru
    Description        : mru list for items opened in start | run


 MRU List Object Recognized!
    Location:          : S-1-5-21-527237240-2139871995-839522115-1004\software\microsoft\windows media\wmsdk\general
    Description        : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
    FilePath           : \SystemRoot\System32\
    ProcessID          : 668
    ThreadCreationTime : 10-29-2006 2:31:33 AM
    BasePriority       : Normal


#:2 [csrss.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 736
    ThreadCreationTime : 10-29-2006 2:31:34 AM
    BasePriority       : Normal


#:3 [winlogon.exe]
    FilePath           : \??\C:\WINDOWS\system32\
    ProcessID          : 772
    ThreadCreationTime : 10-29-2006 2:31:39 AM
    BasePriority       : High


#:4 [services.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 816
    ThreadCreationTime : 10-29-2006 2:31:39 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Services and Controller app
    InternalName       : services.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : services.exe

#:5 [lsass.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 828
    ThreadCreationTime : 10-29-2006 2:31:39 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : LSA Shell (Export Version)
    InternalName       : lsass.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : lsass.exe

#:6 [ati2evxx.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1000
    ThreadCreationTime : 10-29-2006 2:31:40 AM
    BasePriority       : Normal
    FileVersion        : 6.14.10.4142
    ProductVersion     : 6.14.10.4142
    ProductName        : ATI External Event Utility for Windows
    CompanyName        : ATI Technologies Inc.
    FileDescription    : ATI External Event Utility EXE Module
    InternalName       : ATI2EVXX.EXE
    LegalCopyright     : Copyright © 1999-2006 ATI Technologies Inc.
    OriginalFilename   : ATI2EVXX.EXE

#:7 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1020
    ThreadCreationTime : 10-29-2006 2:31:40 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:8 [svchost.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1068
    ThreadCreationTime : 10-29-2006 2:31:40 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:9 [msmpeng.exe]
    FilePath           : C:\Program Files\Windows Defender\
    ProcessID          : 1228
    ThreadCreationTime : 10-29-2006 2:31:41 AM
    BasePriority       : Normal
    FileVersion        : 1.1.1347.0
    ProductVersion     : 1.1.1347.0
    ProductName        : Windows Defender
    CompanyName        : Microsoft Corporation
    FileDescription    : Service Executable
    InternalName       : MsMpEng.exe
    LegalCopyright     : © Microsoft Corporation.  All rights reserved.
    OriginalFilename   : MsMpEng.exe

#:10 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1268
    ThreadCreationTime : 10-29-2006 2:31:41 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:11 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1340
    ThreadCreationTime : 10-29-2006 2:31:41 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:12 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1536
    ThreadCreationTime : 10-29-2006 2:31:41 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:13 [ati2evxx.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1580
    ThreadCreationTime : 10-29-2006 2:31:41 AM
    BasePriority       : Normal
    FileVersion        : 6.14.10.4142
    ProductVersion     : 6.14.10.4142
    ProductName        : ATI External Event Utility for Windows
    CompanyName        : ATI Technologies Inc.
    FileDescription    : ATI External Event Utility EXE Module
    InternalName       : ATI2EVXX.EXE
    LegalCopyright     : Copyright © 1999-2006 ATI Technologies Inc.
    OriginalFilename   : ATI2EVXX.EXE

#:14 [spoolsv.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 1844
    ThreadCreationTime : 10-29-2006 2:31:42 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion     : 5.1.2600.2696
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Spooler SubSystem App
    InternalName       : spoolsv.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : spoolsv.exe

#:15 [aolacsd.exe]
    FilePath           : C:\Program Files\Common Files\AOL\ACS\
    ProcessID          : 148
    ThreadCreationTime : 10-29-2006 2:31:51 AM
    BasePriority       : Normal
    FileVersion        : 4.0.0.0
    ProductVersion     : 4.0.0.0
    ProductName        : AOL Connectivity Service
    CompanyName        : America Online
    FileDescription    : AOL Connectivity Service
    InternalName       : AOLacsd
    LegalCopyright     : Copyright © 2004-2005 America Online
    OriginalFilename   : AOLacsd.exe

#:16 [aoltsmon.exe]
    FilePath           : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
    ProcessID          : 140
    ThreadCreationTime : 10-29-2006 2:31:51 AM
    BasePriority       : Normal
    FileVersion        : 2, 0, 0, 0
    ProductVersion     : 2, 0, 0, 0
    ProductName        : AOL TopSpeed(tm) Monitor
    CompanyName        : America Online, Inc
    FileDescription    : AOL TopSpeed(tm) Monitor
    InternalName       : AOL TopSpeed(tm) Monitor
    LegalCopyright     : Copyright © 2004 America Online, Inc.
    OriginalFilename   : aoltsmon.exe

#:17 [avgamsvr.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 180
    ThreadCreationTime : 10-29-2006 2:31:52 AM
    BasePriority       : Normal
    FileVersion        : 7.5.0.420
    ProductVersion     : 7.5.0.420
    ProductName        : AVG 7.5 Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Alert Manager
    InternalName       : avgamsvr
    LegalCopyright     : Copyright © 2006 GRISOFT, s.r.o.
    OriginalFilename   : avgamsvr.EXE

#:18 [avgupsvc.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 208
    ThreadCreationTime : 10-29-2006 2:31:54 AM
    BasePriority       : Normal
    FileVersion        : 7.5.0.420
    ProductVersion     : 7.5.0.420
    ProductName        : AVG 7.5 Anti-Virus System
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG Update Service
    InternalName       : avgupsvc
    LegalCopyright     : Copyright © 2006 GRISOFT, s.r.o.
    OriginalFilename   : avgupdsvc.EXE

#:19 [aoltpspd.exe]
    FilePath           : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
    ProcessID          : 212
    ThreadCreationTime : 10-29-2006 2:31:54 AM
    BasePriority       : Normal
    FileVersion        : 2, 0, 0, 0
    ProductVersion     : 2, 0, 0, 0
    ProductName        : AOL TopSpeed(tm)
    CompanyName        : America Online Inc
    FileDescription    : AOL TopSpeed(tm)
    InternalName       : AOL TopSpeed(tm) Loader
    LegalCopyright     : Copyright © 2003-2004
    LegalTrademarks    : AOL TopSpeed(tm)
    OriginalFilename   : aoltpspd.exe

#:20 [avgemc.exe]
    FilePath           : C:\PROGRA~1\Grisoft\AVGFRE~1\
    ProcessID          : 260
    ThreadCreationTime : 10-29-2006 2:31:54 AM
    BasePriority       : Normal
    FileVersion        : 7.5.0.423
    ProductVersion     : 7.5.0.423
    ProductName        : AVG Anti-Virus system
    CompanyName        : GRISOFT, s.r.o.
    FileDescription    : AVG E-Mail Scanner
    InternalName       : avgemc
    LegalCopyright     : Copyright © 2006 GRISOFT, s.r.o.
    OriginalFilename   : avgemc.exe

#:21 [guard.exe]
    FilePath           : C:\Program Files\ewido anti-spyware 4.0\
    ProcessID          : 304
    ThreadCreationTime : 10-29-2006 2:31:54 AM
    BasePriority       : Normal
    FileVersion        : 4, 0, 0, 172
    ProductVersion     : 4, 0, 0, 172
    ProductName        : ewido anti-spyware
    CompanyName        : Anti-Malware Development a.s.
    FileDescription    : ewido anti-spyware guard
    InternalName       : ewido anti-spywareguard
    LegalCopyright     : Copyright © 2005 Anti-Malware Development a.s.
    OriginalFilename   : guard.exe

#:22 [svchost.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 484
    ThreadCreationTime : 10-29-2006 2:31:55 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Generic Host Process for Win32 Services
    InternalName       : svchost.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : svchost.exe

#:23 [wdfmgr.exe]
    FilePath           : C:\WINDOWS\system32\
    ProcessID          : 584
    ThreadCreationTime : 10-29-2006 2:31:55 AM
    BasePriority       : Normal
    FileVersion        : 5.2.3790.1230 built by: dnsrv(bld4act)
    ProductVersion     : 5.2.3790.1230
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows User Mode Driver Manager
    InternalName       : WdfMgr
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : WdfMgr.exe

#:24 [wanmpsvc.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 596
    ThreadCreationTime : 10-29-2006 2:31:55 AM
    BasePriority       : Normal
    FileVersion        : 9, 0, 0, 0
    ProductVersion     : 9, 0, 0, 0
    ProductName        : America Online
    CompanyName        : America Online, Inc.
    FileDescription    : Wan Miniport (ATW) Service
    InternalName       : WanMPSvc
    LegalCopyright     : Copyright © 2001 America Online, Inc.
    OriginalFilename   : WanMPSvc.exe

#:25 [alg.exe]
    FilePath           : C:\WINDOWS\System32\
    ProcessID          : 1404
    ThreadCreationTime : 10-29-2006 2:31:56 AM
    BasePriority       : Normal
    FileVersion        : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 5.1.2600.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Application Layer Gateway Service
    InternalName       : ALG.exe
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : ALG.exe

#:26 [explorer.exe]
    FilePath           : C:\WINDOWS\
    ProcessID          : 1532
    ThreadCreationTime : 10-29-2006 3:04:45 AM
    BasePriority       : Normal
    FileVersion        : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion     : 6.00.2900.2180
    ProductName        : Microsoft® Windows® Operating System
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Explorer
    InternalName       : explorer
    LegalCopyright     : © Microsoft Corporation. All rights reserved.
    OriginalFilename   : EXPLORER.EXE

#:27 [msascui.exe]
    FilePath           : C:\Program Files\Windows Defender\
    ProcessID          : 1780
    ThreadCreationTime : 10-29-2006 3:04:49 AM
    BasePriority       : Normal
    FileVersion        : 1.1.1347.0
    ProductVersion     : 1.1.1347.0
    ProductName        : Windows Defender
    CompanyName        : Microsoft Corporation
    FileDescription    : Windows Defender User Interface
    InternalName       : MSASCUI
    LegalCopyright     : © Microsoft Corporation.  All rights reserved.
    OriginalFilename   : MSASCUI.exe

#:28 [ventrilo.exe]
    FilePath           : C:\Program Files\Ventrilo\
    ProcessID          : 3200
    ThreadCreationTime : 10-29-2006 4:17:43 AM
    BasePriority       : Normal
    FileVersion        : 2, 3, 0, 0
    ProductVersion     : 2, 3, 0, 0
    ProductName        : Ventrilo Application
    FileDescription    : Ventrilo by Flagship Industries, Inc.
    InternalName       : Ventrilo
    LegalCopyright     : Copyright © 1999-2005 Flagship Industries, Inc.
    LegalTrademarks    : Ventrilo
    OriginalFilename   : Ventrilo.EXE

#:29 [steam.exe]
    FilePath           : C:\Program Files\Valve\Steam\
    ProcessID          : 4056
    ThreadCreationTime : 10-29-2006 4:21:26 AM
    BasePriority       : Normal
    FileVersion        : 1.0.0.0
    ProductVersion     : 1.0.0.0
    ProductName        : Steam
    CompanyName        : Valve Corporation
    FileDescription    : Steam
    LegalCopyright     : © Copyright 2000-2003 Valve Corporation All rights reserved.
    OriginalFilename   : Steam.exe

#:30 [mirc.exe]
    FilePath           : C:\Program Files\mIRC\
    ProcessID          : 2552
    ThreadCreationTime : 10-29-2006 5:32:43 AM
    BasePriority       : Normal
    FileVersion        : 6.2
    ProductVersion     : 6.2
    ProductName        : mIRC
    CompanyName        : mIRC Co. Ltd.
    FileDescription    : mIRC
    InternalName       : mIRC
    LegalCopyright     : Copyright © 1995-2006 mIRC Co. Ltd.
    LegalTrademarks    : mIRC® is a Registered Trademark of mIRC Co. Ltd.
    OriginalFilename   : mirc.exe

#:31 [wEmail Removedexe]
    FilePath           : C:\Program Files\America Online 9.0\
    ProcessID          : 3676
    ThreadCreationTime : 10-29-2006 1:17:02 PM
    BasePriority       : Idle


#:32 [shellmon.exe]
    FilePath           : C:\Program Files\America Online 9.0\
    ProcessID          : 2128
    ThreadCreationTime : 10-29-2006 1:17:03 PM
    BasePriority       : Idle


#:33 [teatimer.exe]
    FilePath           : C:\Program Files\Spybot - Search & Destroy\
    ProcessID          : 3004
    ThreadCreationTime : 10-29-2006 1:54:05 PM
    BasePriority       : Idle
    FileVersion        : 1, 4, 0, 2
    ProductVersion     : 1, 4, 0, 3
    ProductName        : Spybot - Search & Destroy
    CompanyName        : Safer Networking Limited
    FileDescription    : System settings protector
    InternalName       : TeaTimer
    LegalCopyright     : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
    LegalTrademarks    : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
    OriginalFilename   : TeaTimer.exe
    Comments           : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:34 [ad-aware.exe]
    FilePath           : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
    ProcessID          : 3544
    ThreadCreationTime : 10-29-2006 2:08:33 PM
    BasePriority       : Normal
    FileVersion        : 6.2.0.236
    ProductVersion     : SE 106
    ProductName        : Lavasoft Ad-Aware SE
    CompanyName        : Lavasoft Sweden
    FileDescription    : Ad-Aware SE Core application
    InternalName       : Ad-Aware.exe
    LegalCopyright     : Copyright © Lavasoft AB Sweden
    OriginalFilename   : Ad-Aware.exe
    Comments           : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : [email protected][1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            : Hits:1
    Value              : Cookie:[email protected]/
    Expires            : 12-31-2037 5:00:00 PM
    LastSync           : Hits:1
    UseCount           : 0
    Hits               : 1

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : randy@tribalfusion[1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            : Hits:3
    Value              : Cookie:[email protected]/
    Expires            : 12-31-2037 7:00:00 PM
    LastSync           : Hits:3
    UseCount           : 0
    Hits               : 3

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : randy@overture[1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            : Hits:1
    Value              : Cookie:[email protected]/
    Expires            : 10-25-2016 10:13:22 AM
    LastSync           : Hits:1
    UseCount           : 0
    Hits               : 1

 Tracking Cookie Object Recognized!
    Type               : IECache Entry
    Data               : randy@serving-sys[1].txt
    TAC Rating         : 3
    Category           : Data Miner
    Comment            : Hits:5
    Value              : Cookie:[email protected]/
    Expires            : 12-31-2037 5:00:00 PM
    LastSync           : Hits:5
    UseCount           : 0
    Hits               : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 19



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 19




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19

9:15:59 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:53.891
Objects scanned:133663
Objects identified:4
Objects ignored:0
New critical objects:4

Title: This is getting old
Post by: guestolo on October 29, 2006, 10:24:30 AM

Looks good, remember, all that Ad-aware is finding are a few cookies and Most recently used list
All's ok
If you visit a site it may set a cookie, don't get too alarmed by it
This site will set a cookie when you login

Quote

Holds information on the times and dates you have visited web sites. Other information can also be saved to your hard disk in these text files
eg.. validation information about you for members-only web sites, and more.

Quote

I have Spyblaster. Doesn't this program run automaticlly in background?

I hope you mean SpywareBlaster
SpywareBlaster doesn't need to run in the background, it just set's killbits in the registry to help prevent malware

Title: This is getting old
Post by: Mr Bell on October 29, 2006, 11:05:20 AM

I know what cookies are brother. Its just when Ad_ware SE calls them critical is when I get concerned. I know now that there not actual that critical. And yes, Spywareblaster.

Ok and again thanks for the help.
Hope you have a good day.

Randy

Title: This is getting old
Post by: guestolo on October 29, 2006, 11:12:42 AM

You have a good day also Mr.Bell
I'm off to help a friend Move>>Not looking forward to it /ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' />

I'll lock this topic as most of your problems are resolved, take care