Dog Town

Members
  • Content Count

    20
  • Joined

  • Last visited

Posts posted by Dog Town


  1. WELL HERE IT IS! ANY IDEAS ON MY LAST POSTS ABOUT WHAT TO DO TO DEFEND! OR THOSE FILES THAT WON'T GO AWAY? THE FILE OF SWB HOLDS MORE FILES AGAIN LIKE qUARANTEEN ETC,,,

    aLSO A STRANGE ICON APPEARED ON MY DESK TOP

    [LocalizedFileNames]

    Windows Media [email protected]:\WINDOWS\inf\unregmp2.exe,-4

    WHEN I TRY TO GET RID OF IT ASKS IF I WANNA DO THAT ,IT MIGHT OT ALLOW TO RUN RIGHT?

     

    cOULD IT BE A HIDDEN FILE i USUALLY DON'T SEE?

    IN PROGRAM FILES THERE ARE A TON OF UNINSTALL FOLDERS WITH EERY BLUE WRITING! sAME THING MAYBE?

     

    AGAIN YOU ARE A GODSEND !

     

     

     

    Logfile of HijackThis v1.99.1

    Scan saved at 3:25:29 PM, on 8/5/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

    C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\atiptaxx.exe

    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Sony\HotKey Utility\HKserv.exe

    C:\WINDOWS\System32\ezSP_Px.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\System32\WScript.exe

    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe

    C:\Program Files\Nikon\NkView6\NkvMon.exe

    C:\Program Files\PowerPanel\Program\PcfMgr.exe

    C:\Program Files\Sony\HotKey Utility\HKWnd.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\DOCUME~1\DAVIDF~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    c:\progra~1\Support.com\client\bin\tgcmd.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - (no file)

    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

    O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

    O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe

    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

    O4 - Global Startup: PowerPanel.lnk = ?

    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net

    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...=hubbledeepzoom

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

    O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://E:\components\Liquid.ocx

    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

    O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)

    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

    O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)

    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

     

    COOL ??????


  2. OK me again! Wenta head and did the followin

     

    --Add/remove-did that seems to be gone

    --Did a search still found a bunch. dleted them no prob, all but two!

    one is Spywarebot c:\swb program file

    two, SWB c:\program file\swb Aplication

     

    When I tried to delete I get a warning box that says this

     

    Error deleting file or folder

    cannot delete access denied

    make sure disk not full etc...

     

    --So I went to program files and found them

    Same song

     

    Cannot Delete( bunches O' numbers and dashes here)

    close ant programs that might be using this?

     

     

    IT IS THE LAST PART WHICH SCARES ME, is it still running?


  3. I fixed it both reports are there now. What do I do with the Icons and files from f'ing SPYWAREBOT???/

    SUGESTIONS??? ALSO WHAT should I use to defend this stuff. Owned a computer 10 years, this first time!Got this while reading "The Colbert Report " web log!

    IS IT SAFE TO GO TO ADD/ REMOVE AND REMOVE? IT asks if it is ok to remove all its components. It want remove anything else? Will it?


  4. Well I think this is what you wanted. Taht was not so bad. Still sweating though. No little pop up demon boxes though! Stllgot fingers crossed. THANK YOU!!!!!!!!!!!!!!!!!

     

     

    SmitFraudFix v2.80

     

    Scan done at 14:11:59.33, Sat 08/05/2006

    Run from C:\Documents and Settings\DAVID FAUSSER\Desktop\SmitfraudFix

    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

    Fix ran in safe mode

     

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

    !!!Attention, following keys are not inevitably infected!!!

     

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

     

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

     

    GenericRenosFix by S!Ri

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

     

    C:\WINDOWS\adware-sheriff-box.gif Deleted

    C:\WINDOWS\adware-sheriff-header.gif Deleted

    C:\WINDOWS\antispylab-logo.gif Deleted

    C:\WINDOWS\about_spyware_bg.gif Deleted

    C:\WINDOWS\about_spyware_bottom.gif Deleted

    C:\WINDOWS\as.gif Deleted

    C:\WINDOWS\as_header.gif Deleted

    C:\WINDOWS\bg.gif Deleted

    C:\WINDOWS\bg_bg.gif Deleted

    C:\WINDOWS\big_red_x.gif Deleted

    C:\WINDOWS\blue-bg.gif Deleted

    C:\WINDOWS\box_1.gif Deleted

    C:\WINDOWS\box_2.gif Deleted

    C:\WINDOWS\box_3.gif Deleted

    C:\WINDOWS\button_buynow.gif Deleted

    C:\WINDOWS\button_freescan.gif Deleted

    C:\WINDOWS\buy_now.gif Deleted

    C:\WINDOWS\buy-now-btn.gif Deleted

    C:\WINDOWS\click_for_free_scan.gif Deleted

    C:\WINDOWS\close-bar.gif Deleted

    C:\WINDOWS\close_ico.gif Deleted

    C:\WINDOWS\corner-left.gif Deleted

    C:\WINDOWS\corner-right.gif Deleted

    C:\WINDOWS\download.gif Deleted

    C:\WINDOWS\download_box.gif Deleted

    C:\WINDOWS\download_product.gif Deleted

    C:\WINDOWS\facts.gif Deleted

    C:\WINDOWS\features.gif Deleted

    C:\WINDOWS\footer.gif Deleted

    C:\WINDOWS\footer_back.gif Deleted

    C:\WINDOWS\footer_back.jpg Deleted

    C:\WINDOWS\free_scan_red_btn.gif Deleted

    C:\WINDOWS\free-scan-btn.gif Deleted

    C:\WINDOWS\h-line-gradient.gif Deleted

    C:\WINDOWS\header_1.gif Deleted

    C:\WINDOWS\header_2.gif Deleted

    C:\WINDOWS\header_3.gif Deleted

    C:\WINDOWS\header_4.gif Deleted

    C:\WINDOWS\header-bg.gif Deleted

    C:\WINDOWS\icon_warning_big.gif Deleted

    C:\WINDOWS\infected.gif Deleted

    C:\WINDOWS\infected_top_bg.gif Deleted

    C:\WINDOWS\info.gif Deleted

    C:\WINDOWS\logo.gif Deleted

    C:\WINDOWS\main_back.gif Deleted

    C:\WINDOWS\navibar_bg.gif Deleted

    C:\WINDOWS\navibar_corner_left.gif Deleted

    C:\WINDOWS\navibar_corner_right.gif Deleted

    C:\WINDOWS\no-icon.gif Deleted

    C:\WINDOWS\product_box.gif Deleted

    C:\WINDOWS\red_warning_ico.gif Deleted

    C:\WINDOWS\reg-freeze-box.gif Deleted

    C:\WINDOWS\reg-freeze-header.gif Deleted

    C:\WINDOWS\remove_spyware_header.gif Deleted

    C:\WINDOWS\remove-spyware-btn.gif Deleted

    C:\WINDOWS\rf.gif Deleted

    C:\WINDOWS\rf_header.gif Deleted

    C:\WINDOWS\safe_and_trusted.gif Deleted

    C:\WINDOWS\scan_btn.gif Deleted

    C:\WINDOWS\security-center-bg.gif Deleted

    C:\WINDOWS\security-center-logo.gif Deleted

    C:\WINDOWS\security_center_caption.gif Deleted

    C:\WINDOWS\sep_hor.gif Deleted

    C:\WINDOWS\sep_vert.gif Deleted

    C:\WINDOWS\spacer.gif Deleted

    C:\WINDOWS\spyware_detected.gif Deleted

    C:\WINDOWS\spyware-detected.gif Deleted

    C:\WINDOWS\spyware-sheriff-header.gif Deleted

    C:\WINDOWS\spyware-sheriff-box.gif Deleted

    C:\WINDOWS\star.gif Deleted

    C:\WINDOWS\star-grey.gif Deleted

    C:\WINDOWS\star_gray.gif Deleted

    C:\WINDOWS\star_gray_small.gif Deleted

    C:\WINDOWS\star_small.gif Deleted

    C:\WINDOWS\true-stories.gif Deleted

    C:\WINDOWS\ts.gif Deleted

    C:\WINDOWS\ts_header.gif Deleted

    C:\WINDOWS\System32fab.exe Deleted

    C:\WINDOWS\v.gif Deleted

    C:\WINDOWS\warning_icon.gif Deleted

    C:\WINDOWS\warning-bar-ico.gif Deleted

    C:\WINDOWS\win_logo.gif Deleted

    C:\WINDOWS\win-sec-center-logo.gif Deleted

    C:\WINDOWS\windows-compatible.gif Deleted

    C:\WINDOWS\x.gif Deleted

    C:\WINDOWS\yellow_warning_ico.gif Deleted

    C:\WINDOWS\yes-icon.gif Deleted

    C:\WINDOWS\system32\office_pnl.dll Deleted

    C:\WINDOWS\system32\officescan.exe Deleted

    C:\WINDOWS\system32\parad.raw.exe Deleted

    C:\WINDOWS\system32\repigsp.exe Deleted

    C:\WINDOWS\system32\smaexp32.dll Deleted

    C:\WINDOWS\system32\smartdrv.exe Deleted

    C:\WINDOWS\system32\taskdir.exe Deleted

    C:\WINDOWS\system32\users32.exe Deleted

    C:\WINDOWS\system32\winapi32.dll Deleted

    C:\WINDOWS\system32\winbl32.dll Deleted

    C:\WINDOWS\system32\winblsrv.dll Deleted

    C:\WINDOWS\system32\zlbw.dll Deleted

     

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

     

    Registry Cleaning done.

     

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

    !!!Attention, following keys are not inevitably infected!!!

     

    SrchSTS.exe by S!Ri

    Search SharedTaskScheduler's .dll

     

     

    »»»»»»»»»»»»»»»»»»»»»»»» Reboot

     

    C:\WINDOWS\system32\winsrv32.exe Deleted

     

    »»»»»»»»»»»»»»»»»»»»»»»» End

     

    WAS THIS RIGHT!OOOPS HERES THE REST> MY BAD

     

     

     

     

    Logfile of HijackThis v1.99.1

    Scan saved at 2:34:14 PM, on 8/5/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

    C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\notepad.exe

    C:\WINDOWS\system32\atiptaxx.exe

    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Sony\HotKey Utility\HKserv.exe

    C:\WINDOWS\System32\ezSP_Px.exe

    C:\WINDOWS\System32\WScript.exe

    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\spywarebot\spywarebot.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe

    C:\Program Files\Nikon\NkView6\NkvMon.exe

    C:\Program Files\PowerPanel\Program\PcfMgr.exe

    C:\Program Files\Sony\HotKey Utility\HKWnd.exe

    c:\progra~1\Support.com\client\bin\tgcmd.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\DOCUME~1\DAVIDF~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - (no file)

    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

    O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

    O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [spywarebot] "C:\Program Files\spywarebot\spywarebot.exe" -boot

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe

    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

    O4 - Global Startup: PowerPanel.lnk = ?

    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net

    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...=hubbledeepzoom

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

    O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://E:\components\Liquid.ocx

    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

    O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)

    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

    O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)

    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe


  5. Ok, spywarebot is the baddie.

     

    Can you put those into a zip file and attach at the upload site?

     

    Don't feel lost. These files you are uploading are helping - we'll get a removal process for you. :P

     

    I'd also like to see a report from these two (free) tools:

     

    Post a report from this tool

     

    Download the free beta trial of this tool from F-Secure called Blacklight

    F-Secure Blacklight:

    https://europe.f-secure.com/blacklight/try.shtml

    Doubleclick on bibeta.exe to run it.

    Click the *I accept* button near the bottom of that page.

    Download and run blacklite click > scan then > next, next again then exit

    there will be a new text file near blacklite.Post it please. The text file is named:

    fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)

    !!Do not rename any files yet

     

    .....................................

    And another from this tool please.

    Please download Rootkit Revealer

    http://www.sysinternals.com/utilities/rootkitrevealer.html

     

    (link is at the very bottom of the page)

    Unzip it to your desktop.

    Open the rootkitrevealer folder and double-click rootkitrevealer.exe

    Click the Scan button (bottom right)

    It may take a while to scan (don't do anything else while it's running)

    When it's done, go up to File > Save. Choose to save it to your desktop.

    Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

     

     

    Think I got the zip part going to the upload than I will do the other thingd you said. D*mn I WANNA BEAT SOMEONES BOTTOM etc............. THNK YOU!

     

     

    So STOP THE UPLOAD?


  6. I dont see any of those files. sure i am doing something wrong. I doo see a bunch of unistall with weird light blue writing in my windows folder under my computer. When I push browse.the box pops up but I dont' know where to go with the browse.SORRY I am not faster at this

     

    My computer has no F, will it be C.That is my main drive?

     

    Scratch that I figed out, I think ,gosh I suck.


  7. Thanks CJ. Iam slow.I'll be back ASAP.Thanks again!

    I dont see any of those files. sure i am doing something wrong. I doo see a bunch of unistall with weird light blue writing in my windows folder under my computer. When I push browse.the box pops up but I dont' know where to go with the browse.SORRY I am not faster at this

     

    My computer has no F, will it be C.That is my main drive?


  8. Have run 2 diff adware remove no luck.

    Recently my homepage was hijacked by about:blank.

    I have ran Ad-aware, Spybot S&D, but still no luck.

     

    I have enclosed my hijackthis log below.

    Same as another here i see.I am a newbee=idiot on this suff.

     

     

    Logfile of HijackThis v1.99.1

    Scan saved at 10:34:14 AM, on 8/5/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

    C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\atiptaxx.exe

    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Sony\HotKey Utility\HKserv.exe

    C:\WINDOWS\System32\ezSP_Px.exe

    C:\WINDOWS\System32\WScript.exe

    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe

    C:\Program Files\Nikon\NkView6\NkvMon.exe

    C:\Program Files\PowerPanel\Program\PcfMgr.exe

    C:\Program Files\Sony\HotKey Utility\HKWnd.exe

    c:\progra~1\Support.com\client\bin\tgcmd.exe

    C:\WINDOWS\system32\smartdrv.exe

    C:\Program Files\SpywareBot\SpywareBot.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\WINDOWS\system32\officescan.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\DOCUME~1\DAVIDF~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[2].zip\HijackThis.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet

    O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)

    O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)

    O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - (no file)

    O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)

    O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\system32\office_pnl.dll

    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

    O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

    O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe

    O4 - HKLM\..\Run: [spywarebot] "C:\Program Files\spywarebot\spywarebot.exe" -boot

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe

    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

    O4 - Global Startup: PowerPanel.lnk = ?

    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

    O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net

    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...=hubbledeepzoom

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

    O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://E:\components\Liquid.ocx

    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

    O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)

    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

    O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)

    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe