Sign in to follow this  
Dog Town

Being hijacked to antispynet.com

Recommended Posts

Have run 2 diff adware remove no luck.

Recently my homepage was hijacked by about:blank.

I have ran Ad-aware, Spybot S&D, but still no luck.

 

I have enclosed my hijackthis log below.

Same as another here i see.I am a newbee=idiot on this suff.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 10:34:14 AM, on 8/5/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\System32\WScript.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\Program Files\PowerPanel\Program\PcfMgr.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

c:\progra~1\Support.com\client\bin\tgcmd.exe

C:\WINDOWS\system32\smartdrv.exe

C:\Program Files\SpywareBot\SpywareBot.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\officescan.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\DAVIDF~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[2].zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet

O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)

O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)

O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - (no file)

O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)

O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\system32\office_pnl.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe

O4 - HKLM\..\Run: [spywarebot] "C:\Program Files\spywarebot\spywarebot.exe" -boot

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O4 - Global Startup: PowerPanel.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...=hubbledeepzoom

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://E:\components\Liquid.ocx

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

Share this post


Link to post
Share on other sites

You have a brand new variant of the Smitfraud Hijacker and I need for you to send me some files for analysis so we can get detection for this nasty.

 

First, Make sure your PC is configured to show hidden files

How to Show Hidden Files

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

 

Click Start.

 

Open My Computer.

 

Select the Tools menu and click Folder Options.

 

Select the View Tab.

 

Under the Hidden files and folders heading select Show hidden files and folders.

 

Uncheck the Hide protected operating system files (recommended) option.

 

Click Yes to confirm.

 

Click OK.

.............................

Next:

 

Go here to upload the files as attachments

http://www.thespykiller.co.uk/forum/index.php?board=1.0

Just press new topic (Make the subject: For CalamityJane from Dog Town at LS ),

fill in a short message & then press the browse button and then navigate to & select these files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press the *Post* button to upload the files

 

Files to attach for upload:

C:\WINDOWS\system32\smartdrv.exe

 

C:\WINDOWS\system32\officescan.exe

 

C:\WINDOWS\system32fab.exe

 

C:\WINDOWS\system32\office_pnl.dll

 

C:\WINDOWS\system32\runsrv32.exe

 

C:\WINDOWS\System32\0.864544093608856.exe

 

C:\WINDOWS\System32\winblsrv.dll

 

C:\Program Files\spywarebot <---all files in that folder (you may have to make a second post to get them all in)

 

If any of those are not, found let me know.

 

You DO NOT need to be a member to upload, anybody can upload the files

 

You will not see the files that have been uploaded as they only show to the authorized users who can download them

....................................

After you have uploaded the files, there are two free removal tools I'm going to ask you to run.

 

1. Download this file - combofix.exe

http://download.bleepingcomputer.com/sUBs/combofix.exe

 

2. Double click on combofix.exe & follow the prompts.

 

Note: If you receive a popup with a Disclaimer, read that and answer Y for yes (or N for no)

Y is recommended (if you put N, the tool will exit without fixing and will remove the combofix file and folders)

 

Do NOT click on the window while the fix is running, because that will cause your system to hang and the fix to stall.

 

3. When finished, it shall produce a log for you. Post that log in your next reply

 

...............

Next run this free tool:

 

1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

 

How to extract (decompress) zipped or compressed files

http://www.lvsonline.com/compresstut/index.shtml

 

Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

 

 

2. Reboot into Safe Mode

You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

 

How to start the computer in Safe mode

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

3. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd

 

Select option #2 - Clean by typing 2 and press Enter.

Wait for the tool to complete and disk cleanup to finish.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

 

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

 

4. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.

 

Logs needed in your next post are:

 

rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

 

Fresh HijackThis log

 

ComboFixlog

Share this post


Link to post
Share on other sites
Thanks CJ. Iam slow.I'll be back ASAP.Thanks again!

I dont see any of those files. sure i am doing something wrong. I doo see a bunch of unistall with weird light blue writing in my windows folder under my computer. When I push browse.the box pops up but I dont' know where to go with the browse.SORRY I am not faster at this

 

My computer has no F, will it be C.That is my main drive?

Share this post


Link to post
Share on other sites
I dont see any of those files. sure i am doing something wrong. I doo see a bunch of unistall with weird light blue writing in my windows folder under my computer. When I push browse.the box pops up but I dont' know where to go with the browse.SORRY I am not faster at this

 

My computer has no F, will it be C.That is my main drive?

 

Scratch that I figed out, I think ,gosh I suck.

Share this post


Link to post
Share on other sites
,gosh I suck.

You do NOT! This forum postig takes a bit to get used to if you are new at it :P

 

We're used to that and if you can't find the files or are having a problem let me know. I have workarounds for all these types of things :D

Share this post


Link to post
Share on other sites

No, I don't need the quarantine logs if it if from Spybot Search and Destroy.

 

The folder I was looking for was the rogue program: Spywarebot (imitates a legitimate program)

 

Al of my files Say Spywarebot,not spy bot?

Share this post


Link to post
Share on other sites
No, I don't need the quarantine logs if it if from Spybot Search and Destroy.

 

The folder I was looking for was the rogue program: Spywarebot (imitates a legitimate program)

 

Al of my files Say Spywarebot,not spy bot?

 

 

SORRY AGAIN!

I have spywareBot 1.4.0.0

Installed todat Definition file version 8.8.1

Tahts what it says on the screen when running it.Hope that helps!

Share this post


Link to post
Share on other sites
No, I don't need the quarantine logs if it if from Spybot Search and Destroy.

 

The folder I was looking for was the rogue program: Spywarebot (imitates a legitimate program)

 

Al of my files Say Spywarebot,not spy bot?

Ok, spywarebot is the baddie.

 

Can you put those into a zip file and attach at the upload site?

 

Don't feel lost. These files you are uploading are helping - we'll get a removal process for you. :P

 

I'd also like to see a report from these two (free) tools:

 

Post a report from this tool

 

Download the free beta trial of this tool from F-Secure called Blacklight

F-Secure Blacklight:

https://europe.f-secure.com/blacklight/try.shtml

Doubleclick on bibeta.exe to run it.

Click the *I accept* button near the bottom of that page.

Download and run blacklite click > scan then > next, next again then exit

there will be a new text file near blacklite.Post it please. The text file is named:

fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)

!!Do not rename any files yet

 

.....................................

And another from this tool please.

Please download Rootkit Revealer

http://www.sysinternals.com/utilities/rootkitrevealer.html

 

(link is at the very bottom of the page)

Unzip it to your desktop.

Open the rootkitrevealer folder and double-click rootkitrevealer.exe

Click the Scan button (bottom right)

It may take a while to scan (don't do anything else while it's running)

When it's done, go up to File > Save. Choose to save it to your desktop.

Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

Share this post


Link to post
Share on other sites

Don't worry about it.

 

The author of SmitfraudFix (S!ri) has updated the removal tool based upon the files you all uploaded :P

 

We'll use that.

 

1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

 

How to extract (decompress) zipped or compressed files

http://www.lvsonline.com/compresstut/index.shtml

 

Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

 

 

2. Reboot into Safe Mode

You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

 

How to start the computer in Safe mode

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

3. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd

 

Select option #2 - Clean by typing 2 and press Enter.

Wait for the tool to complete and disk cleanup to finish.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

 

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

 

4. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.

 

Logs needed in your next post are:

 

rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

 

Fresh HijackThis log

Share this post


Link to post
Share on other sites
Ok, spywarebot is the baddie.

 

Can you put those into a zip file and attach at the upload site?

 

Don't feel lost. These files you are uploading are helping - we'll get a removal process for you. :P

 

I'd also like to see a report from these two (free) tools:

 

Post a report from this tool

 

Download the free beta trial of this tool from F-Secure called Blacklight

F-Secure Blacklight:

https://europe.f-secure.com/blacklight/try.shtml

Doubleclick on bibeta.exe to run it.

Click the *I accept* button near the bottom of that page.

Download and run blacklite click > scan then > next, next again then exit

there will be a new text file near blacklite.Post it please. The text file is named:

fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)

!!Do not rename any files yet

 

.....................................

And another from this tool please.

Please download Rootkit Revealer

http://www.sysinternals.com/utilities/rootkitrevealer.html

 

(link is at the very bottom of the page)

Unzip it to your desktop.

Open the rootkitrevealer folder and double-click rootkitrevealer.exe

Click the Scan button (bottom right)

It may take a while to scan (don't do anything else while it's running)

When it's done, go up to File > Save. Choose to save it to your desktop.

Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

 

 

Think I got the zip part going to the upload than I will do the other thingd you said. D*mn I WANNA BEAT SOMEONES BOTTOM etc............. THNK YOU!

 

 

So STOP THE UPLOAD?

Share this post


Link to post
Share on other sites

Ok here goes down loaded Smitfraud all looks cool so far. Going to scarrryy world now.The whole safe mode thing has me sweating. See ya soon .Wish me luck, I'll need it.

THANKS AGAIN!

Share this post


Link to post
Share on other sites

Well I think this is what you wanted. Taht was not so bad. Still sweating though. No little pop up demon boxes though! Stllgot fingers crossed. THANK YOU!!!!!!!!!!!!!!!!!

 

 

SmitFraudFix v2.80

 

Scan done at 14:11:59.33, Sat 08/05/2006

Run from C:\Documents and Settings\DAVID FAUSSER\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix ran in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\adware-sheriff-box.gif Deleted

C:\WINDOWS\adware-sheriff-header.gif Deleted

C:\WINDOWS\antispylab-logo.gif Deleted

C:\WINDOWS\about_spyware_bg.gif Deleted

C:\WINDOWS\about_spyware_bottom.gif Deleted

C:\WINDOWS\as.gif Deleted

C:\WINDOWS\as_header.gif Deleted

C:\WINDOWS\bg.gif Deleted

C:\WINDOWS\bg_bg.gif Deleted

C:\WINDOWS\big_red_x.gif Deleted

C:\WINDOWS\blue-bg.gif Deleted

C:\WINDOWS\box_1.gif Deleted

C:\WINDOWS\box_2.gif Deleted

C:\WINDOWS\box_3.gif Deleted

C:\WINDOWS\button_buynow.gif Deleted

C:\WINDOWS\button_freescan.gif Deleted

C:\WINDOWS\buy_now.gif Deleted

C:\WINDOWS\buy-now-btn.gif Deleted

C:\WINDOWS\click_for_free_scan.gif Deleted

C:\WINDOWS\close-bar.gif Deleted

C:\WINDOWS\close_ico.gif Deleted

C:\WINDOWS\corner-left.gif Deleted

C:\WINDOWS\corner-right.gif Deleted

C:\WINDOWS\download.gif Deleted

C:\WINDOWS\download_box.gif Deleted

C:\WINDOWS\download_product.gif Deleted

C:\WINDOWS\facts.gif Deleted

C:\WINDOWS\features.gif Deleted

C:\WINDOWS\footer.gif Deleted

C:\WINDOWS\footer_back.gif Deleted

C:\WINDOWS\footer_back.jpg Deleted

C:\WINDOWS\free_scan_red_btn.gif Deleted

C:\WINDOWS\free-scan-btn.gif Deleted

C:\WINDOWS\h-line-gradient.gif Deleted

C:\WINDOWS\header_1.gif Deleted

C:\WINDOWS\header_2.gif Deleted

C:\WINDOWS\header_3.gif Deleted

C:\WINDOWS\header_4.gif Deleted

C:\WINDOWS\header-bg.gif Deleted

C:\WINDOWS\icon_warning_big.gif Deleted

C:\WINDOWS\infected.gif Deleted

C:\WINDOWS\infected_top_bg.gif Deleted

C:\WINDOWS\info.gif Deleted

C:\WINDOWS\logo.gif Deleted

C:\WINDOWS\main_back.gif Deleted

C:\WINDOWS\navibar_bg.gif Deleted

C:\WINDOWS\navibar_corner_left.gif Deleted

C:\WINDOWS\navibar_corner_right.gif Deleted

C:\WINDOWS\no-icon.gif Deleted

C:\WINDOWS\product_box.gif Deleted

C:\WINDOWS\red_warning_ico.gif Deleted

C:\WINDOWS\reg-freeze-box.gif Deleted

C:\WINDOWS\reg-freeze-header.gif Deleted

C:\WINDOWS\remove_spyware_header.gif Deleted

C:\WINDOWS\remove-spyware-btn.gif Deleted

C:\WINDOWS\rf.gif Deleted

C:\WINDOWS\rf_header.gif Deleted

C:\WINDOWS\safe_and_trusted.gif Deleted

C:\WINDOWS\scan_btn.gif Deleted

C:\WINDOWS\security-center-bg.gif Deleted

C:\WINDOWS\security-center-logo.gif Deleted

C:\WINDOWS\security_center_caption.gif Deleted

C:\WINDOWS\sep_hor.gif Deleted

C:\WINDOWS\sep_vert.gif Deleted

C:\WINDOWS\spacer.gif Deleted

C:\WINDOWS\spyware_detected.gif Deleted

C:\WINDOWS\spyware-detected.gif Deleted

C:\WINDOWS\spyware-sheriff-header.gif Deleted

C:\WINDOWS\spyware-sheriff-box.gif Deleted

C:\WINDOWS\star.gif Deleted

C:\WINDOWS\star-grey.gif Deleted

C:\WINDOWS\star_gray.gif Deleted

C:\WINDOWS\star_gray_small.gif Deleted

C:\WINDOWS\star_small.gif Deleted

C:\WINDOWS\true-stories.gif Deleted

C:\WINDOWS\ts.gif Deleted

C:\WINDOWS\ts_header.gif Deleted

C:\WINDOWS\System32fab.exe Deleted

C:\WINDOWS\v.gif Deleted

C:\WINDOWS\warning_icon.gif Deleted

C:\WINDOWS\warning-bar-ico.gif Deleted

C:\WINDOWS\win_logo.gif Deleted

C:\WINDOWS\win-sec-center-logo.gif Deleted

C:\WINDOWS\windows-compatible.gif Deleted

C:\WINDOWS\x.gif Deleted

C:\WINDOWS\yellow_warning_ico.gif Deleted

C:\WINDOWS\yes-icon.gif Deleted

C:\WINDOWS\system32\office_pnl.dll Deleted

C:\WINDOWS\system32\officescan.exe Deleted

C:\WINDOWS\system32\parad.raw.exe Deleted

C:\WINDOWS\system32\repigsp.exe Deleted

C:\WINDOWS\system32\smaexp32.dll Deleted

C:\WINDOWS\system32\smartdrv.exe Deleted

C:\WINDOWS\system32\taskdir.exe Deleted

C:\WINDOWS\system32\users32.exe Deleted

C:\WINDOWS\system32\winapi32.dll Deleted

C:\WINDOWS\system32\winbl32.dll Deleted

C:\WINDOWS\system32\winblsrv.dll Deleted

C:\WINDOWS\system32\zlbw.dll Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Reboot

 

C:\WINDOWS\system32\winsrv32.exe Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

WAS THIS RIGHT!OOOPS HERES THE REST> MY BAD

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 2:34:14 PM, on 8/5/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\System32\WScript.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\spywarebot\spywarebot.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\Program Files\PowerPanel\Program\PcfMgr.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

c:\progra~1\Support.com\client\bin\tgcmd.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\DAVIDF~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - (no file)

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [spywarebot] "C:\Program Files\spywarebot\spywarebot.exe" -boot

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O4 - Global Startup: PowerPanel.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...=hubbledeepzoom

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://E:\components\Liquid.ocx

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

Share this post


Link to post
Share on other sites

I fixed it both reports are there now. What do I do with the Icons and files from f'ing SPYWAREBOT???/

SUGESTIONS??? ALSO WHAT should I use to defend this stuff. Owned a computer 10 years, this first time!Got this while reading "The Colbert Report " web log!

IS IT SAFE TO GO TO ADD/ REMOVE AND REMOVE? IT asks if it is ok to remove all its components. It want remove anything else? Will it?

Share this post


Link to post
Share on other sites

Yes, please go to Add/Remove programs in the Control Panel and remove:

spywarebot

 

Reboot your computer

 

Scan again with HijackThis and post a fresh HijackThis log

 

Oh! And you did great!!!! :)

Share this post


Link to post
Share on other sites

OK me again! Wenta head and did the followin

 

--Add/remove-did that seems to be gone

--Did a search still found a bunch. dleted them no prob, all but two!

one is Spywarebot c:\swb program file

two, SWB c:\program file\swb Aplication

 

When I tried to delete I get a warning box that says this

 

Error deleting file or folder

cannot delete access denied

make sure disk not full etc...

 

--So I went to program files and found them

Same song

 

Cannot Delete( bunches O' numbers and dashes here)

close ant programs that might be using this?

 

 

IT IS THE LAST PART WHICH SCARES ME, is it still running?

Share this post


Link to post
Share on other sites

WELL HERE IT IS! ANY IDEAS ON MY LAST POSTS ABOUT WHAT TO DO TO DEFEND! OR THOSE FILES THAT WON'T GO AWAY? THE FILE OF SWB HOLDS MORE FILES AGAIN LIKE qUARANTEEN ETC,,,

aLSO A STRANGE ICON APPEARED ON MY DESK TOP

[LocalizedFileNames]

Windows Media [email protected]:\WINDOWS\inf\unregmp2.exe,-4

WHEN I TRY TO GET RID OF IT ASKS IF I WANNA DO THAT ,IT MIGHT OT ALLOW TO RUN RIGHT?

 

cOULD IT BE A HIDDEN FILE i USUALLY DON'T SEE?

IN PROGRAM FILES THERE ARE A TON OF UNINSTALL FOLDERS WITH EERY BLUE WRITING! sAME THING MAYBE?

 

AGAIN YOU ARE A GODSEND !

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 3:25:29 PM, on 8/5/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe

C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\atiptaxx.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\WScript.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\Program Files\PowerPanel\Program\PcfMgr.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\WINDOWS\system32\wuauclt.exe

C:\DOCUME~1\DAVIDF~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

c:\progra~1\Support.com\client\bin\tgcmd.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - (no file)

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\adobe\acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O4 - Global Startup: PowerPanel.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...=hubbledeepzoom

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll

O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://E:\components\Liquid.ocx

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

 

COOL ??????

Share this post


Link to post
Share on other sites

GUESS WHO? THINK I DID IT. WENT BACK AND EMPTIED THE FOLDER VIA DELETE,ALLOWED TO GET RID OF IT ALL! wHAT ABOUT THE FILE VISIBILITY THING, GO BACK AND CHANGE IT? WHAT WERE THE ORIGINAL SETTINGS I FORGET? I REALLY AM NOT THIS DUMB ABOUT MOST STUFF. LEARNED ALOT TODAY.

 

 

thank you...........................................

Share this post


Link to post
Share on other sites
Sign in to follow this