[joey16g]

I've been trying a few different things and I think that I got it. I think that ZEsoft was something BAD so I deleted it entirely and that was a good thing. AdAware and Spybot dont find anything when I boot up XP normally now and I'll share with you my HJT log below. What do you think then? Has it been eridicated? Should I breathe easy now? Let me know, I hope that you feel better and have a good Thanksgiving:

Logfile of HijackThis v1.98.2
Scan saved at 1:43:32 AM, on 11/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\sony\giga pocket\usbsircs.exe
C:\Program Files\sony\giga pocket\reservemodule.exe
C:\Program Files\sony\giga pocket\gps.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Sony\GIGAPO~1\Sgpcom.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\HJT\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Giga Pocket Remocon Driver.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Timer Recording Manager.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenu...AutoLaunch.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100933715187
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemp...veSecurity.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.logitech.com/compan.../bin/imvid.cab

[Flrman1]

Clean!

[joey16g]

A couple more things:

1) would you recommending deleting the SONY VAIO support software. It loads up on bootup and gives me and icon in the system tray and I'm all not to sure about it.

2) how do you get rid of the recycle bin on the desktop in WINXP. I have it in my menu and I'm trying to clear off the desktop.

I think that the spyware is gone though. Thanks.

[Flrman1]

1) You don't really need to delete the Vaio software. You can just disable it in msconfig so that it doesn't load at startup.

2) http://www.petri.co.il/delete_recycl...in_xp_2003.htm

[joey16g]

Thanks about the recycle bin, thats cool. About the SONY stuff, Im looking in my ADD/DELETE programs list and wondering about a few things that I could get rid of and some of the stuff that came with the install disks that I don't use. Can you please confirm for me that deleting this stuff wont mess anything up and may help? I tried deleting this PC Chillin thing too (Came with SONY software, and I think that I deleted the original program but the patch remains) and it says it needs a disk, doh. Anyways, I'll bold the stuff in the list that I want to delete. Please check it out when you get a chance, and thanks so much. Also, do you know what MSN Music Assistant does? I don't think that I want that either...

Joe G

ADD/REMOVE Programs List:

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
Advanced Networking Pack for Windows
Agere Systems Ac'97 Modem
AOL Instant Messenger
Art Explosion Greeting Card Factory
Click to DVD 1.3
DeductionPro 2003
DirectX 9 Hotfix
DivX 4.12 Codec
DVD Decrypter
DVgate
Easy Thumbnails
Experience Vaio
Forte Agent
Giga Pocket 5.0
HighMAT Extension to MS Windows
iDEN CompanionPro
iDEN Packet Data Applet
iDEN Phonebook Manager
Internet Explorer Q867801
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79.1
Lucent Technologies Soft Modem AMR
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Microsoft .NET Framework 1.1
Microsoft Data Access Components
Microsoft Money 2004
Microsoft Office 2000 SR-1 Pro
Motion JPEG Software Decoder
MovieShaker 3.3
Mozilla (1.6)
MSN Music Assistant
Music Visualizer Library 1.4.00
Nero 6 Ultra Edition
Norton AntiVirus 2004
Norton SystemWorks2003
Norton WMI Update
NVIDIA Windows 2000/XP Display Drivers
OpenMG Secure Module 3.1
Outlook Express
PhotoMax Pro
PicoPlayer
PicoPlayer Demo
PicoPlayerSplashScreen
PictureGear Studio 1.0
POP Peeper
PowerDVD
Quicken 2002 New User Edition
Quicktime
RealOne Player
RealProducter Basic 8.5
Recommended Hotfix
Savings Bond Wizard
Screenblast ACID 2.0a
Screenblast Sound Forge 1.0b
Sis Compatable VGS V2.09a
SonicStage 1.5.00
Sony Certificate PCH
Sony DV Shared Library
Spybot - Search and Destroy 1.3
SpywareBlaster v3.2
Support Actions WinXP
TaxCut 2003
Trend Micro PC-cillin 90-Day Trial Period Patch
VAIO Edit Components LE
VAIO Help and Support
VAIO Media 2.0
VAIO Media Installer 2.0
VAIO Media Music Server 2.0
VAIO Media Photo Server 2.0
VAIO Media Platform 2.0
VAIO Registration
VAIO Support
VERITAS RecordNow DX
VERITAS RecordNow DX Update Manager
VX2 Cleaner plug-in for Ad-Aware SE
Windows Blaster Worm Removal Tool
Windows Media Format Runtime
Windows Media Player 10
(2) Windows Media Player Hotfixes
(A bunch of) Windows XP Hotfixes
WinRAR archiver
Yahoo! Address AutoComplete
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar
yEnc32

[joey16g]

Thanks, ... I am trying to uninstall the SONY VAIO stuff but it gives me errors for missing files in the ADD/REMOVE programs window and keeps them there. I'm thinking that maybe I deleted some stuff along the way and I don't know what to do now to completely wipe the stuff...

This is the ERROR I'm getting for each:

Error loading C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll

[joey16g]

I'm having an additional problem. I made a folder for the desktop in which I was storing all my HJT logs. I was clearing out the desktop, got rid of the recycle bin and this was the last folder left. Now when I move it or try to delete it my whole background turns blue and is unrecoverable. If I move the folder back, the background comes back. Any ideas? This one is really driving me mad...thanks...

[joey16g]

OK, its not the folder itself but the last item that leaves the desktop makes the screen go blue...what is the deal? Do you have any idea?

[joey16g]

Fixed the problem with the desktop, It was something in advanced properties for displays...

Anyways, I'm happy about that, and just wondering about the startup now using msconfig...I disabled 2 things that didn't have descriptions by them...I'm curious as to why they might not, any ideas? I also disabled quicktime task as I don't think that I need that running can you confirm?

Lastly, do you know what ezSP_PX.exe is and why it is running, thanks !

[dvk01]

http://www.windowsstartup.com/wso/detail.php?id=933

[joey16g]

So this is OK to keep running? Things seem fine now, I appreciate all your help for this!

[joey16g]

I was trying to clean up my Inbox in MS Office 2000 SR-1 Pro and I can't delete certain messages in my inbox - i get the following message:

The messaging interface has returned an unknown error. If the problem persists, restart Outlook.

i have a LOT of email here, and i can't just delete it all (that is, start over with a new pst file). i've already tried the inbox repair tool.

any help would be GREATLY appreciated.

Thanks!