1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Can't get rid of dropspam

Discussion in 'Virus & Other Malware Removal' started by lizziebee, Jul 30, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. lizziebee

    lizziebee Thread Starter

    Joined:
    Apr 14, 2006
    Messages:
    15
    Hi - you guys were wonderful with the last stupid virus I got, I was hoping you can help again! I have got dropspam and have tried to get rid of it but it still is not completely gone and now I have to try to start the computer 6 or 7 times before it actually works.

    This is the most recent hijack this file:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:14:04 PM, on 7/24/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\windows\system32\ondsregs.exe
    C:\PROGRA~1\PPPATC~1\wowexec.exe
    C:\WINDOWS\system32\YSTEM~1\NTEPAD~1.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Adobe\Adobe GoLive CS2\GoLive.exe
    C:\WINDOWS\system32\qwinopez.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\Program Files\Adobe\Adobe GoLive CS2\GoLive.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    R3 - URLSearchHook: (no name) - {825C3F00-AFE5-F86E-9E41-F9BAAA151A95} - C:\WINDOWS\system32\ubcii.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\rgvce.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,cbcfons.exe
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Karen\Application Data\Mozilla\Profiles\default\x9q4t632.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2C2CC666-0985-540B-FCE5-03D58C07BFCC} - C:\WINDOWS\system32\kufkm.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {825C3F00-AFE5-F86E-9E41-F9BAAA151A95} - C:\WINDOWS\system32\ubcii.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [{BE-E1-1D-D7-ZN}] C:\windows\system32\ondsregs.exe GID002
    O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinopez.exe GID002
    O4 - HKCU\..\Run: [kwki] C:\PROGRA~1\COMMON~1\kwki\kwkim.exe
    O4 - HKCU\..\Run: [Iinl] "C:\PROGRA~1\PPPATC~1\wowexec.exe" -vt yazb
    O4 - HKCU\..\Run: [Dkzglbmw] C:\WINDOWS\system32\YSTEM~1\NTEPAD~1.EXE
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinopez.exe
    O4 - Startup: Z_Start.lnk = C:\RECYCLER\NPROTECT\00039436.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: (no name) - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Looksitup Toolbar - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138933050125
    O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
    O20 - AppInit_DLLs: mshta.dll C:\WINDOWS\system32\mshta.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

    And a smitfraudfix file:

    SmitFraudFix v2.31

    Scan done at 14:01:09.18, Tue 07/25/2006
    Run from C:\Documents and Settings\Karen\Desktop\virus programs\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» End

    Thank you!!!
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please download Qoofix by Rubber Ducky to your desktop.
    • Right click on the Qoofix folder, and choose "Extract All". Extract Qoofix to your C: drive
    • Close all windows and programs, including internet windows.
    • Go to C:\Qoofix and open the folder, then double click on Qoofix.exe
    • Click Begin Removal and wait for the scan to finish
    • If Qoofix finds an infection, select yes to restart your computer
    • You will now find a log from this tool, located at C:\Qoofix\Qoofix Logfile.txt Copy and paste the contents of that report into your next reply here.
     
  3. lizziebee

    lizziebee Thread Starter

    Joined:
    Apr 14, 2006
    Messages:
    15
    Qoofix v1.02 by http://www.malwarebytes.org
    Scan started on [7/30/2006] at [12:37:01 PM]
    -------------------------------------------------------------
    Terminated module: heexvqe.dll found in Qoofix.exe (5736)
    Terminated module: heexvqe.dll found in explorer.exe (652)
    Terminated module: heexvqe.dll found in bwexei.exe (1080)
    Terminated module: heexvqe.dll found in rgvce.exe (3064)
    Terminated module: heexvqe.dll found in rgvce.exe (1988)
    Terminated module: heexvqe.dll found in rgvce.exe (3148)
    Terminated module: heexvqe.dll found in qttask.exe (3024)
    Terminated module: heexvqe.dll found in ezSP_Px.exe (432)
    Terminated module: heexvqe.dll found in tgcmd.exe (3360)
    Terminated module: heexvqe.dll found in igfxtray.exe (3492)
    Terminated module: heexvqe.dll found in hkcmd.exe (3516)
    Terminated module: heexvqe.dll found in AGRSMMSG.exe (3804)
    Terminated module: heexvqe.dll found in CCAPP.EXE (4044)
    Terminated module: heexvqe.dll found in hpcmpmgr.exe (4088)
    Terminated module: heexvqe.dll found in VersionCueCS2Tray.exe (164)
    Terminated module: heexvqe.dll found in acrotray.exe (176)
    Terminated module: heexvqe.dll found in hpwuSchd2.exe (2412)
    Terminated module: heexvqe.dll found in wowexec.exe (3956)
    Terminated module: heexvqe.dll found in FINDFAST.EXE (2072)
    Terminated module: heexvqe.dll found in GBTray.exe (3996)
    Terminated module: heexvqe.dll found in OSA.EXE (1904)
    Terminated module: heexvqe.dll found in SonyTray.exe (2120)
    Terminated module: heexvqe.dll found in Residence.exe (1216)
    Terminated module: heexvqe.dll found in msmsgs.exe (2204)
    Terminated module: heexvqe.dll found in hpqgalry.exe (2448)
    Terminated module: heexvqe.dll found in n?tepad.exe (1388)
    -------------------------------------------------------------
    C:\WINDOWS\system32\bwexei.exe will be deleted on reboot!
    C:\WINDOWS\system32\cbcfons.exe will be deleted on reboot!
    C:\WINDOWS\system32\gttbq.dat will be deleted on reboot!
    C:\WINDOWS\system32\heexvqe.dll will be deleted on reboot!
    C:\WINDOWS\system32\rgvce.exe will be deleted on reboot!
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\teqyk.exe will be deleted on reboot!

    User prompted YES to reboot, system now rebooting...
    -------------------------------------------------------------
    Scan COMPLETED SUCCESSFULLY on [7/30/2006] at [12:40:05 PM]

    Note: Some registry keys may have been removed.
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download Webroot SpySweeper.

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  5. lizziebee

    lizziebee Thread Starter

    Joined:
    Apr 14, 2006
    Messages:
    15
    Boy, it's scary what's on this computer!

    Spy Sweeper log

    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    1:26 PM: Shield States
    1:26 PM: Spyware Definitions: 729
    1:26 PM: Spy Sweeper 5.0.5.1286 started
    12:55 PM: | End of Session, Sunday, July 30, 2006 |
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    12:52 PM: Shield States
    12:52 PM: Spyware Definitions: 691
    12:52 PM: Spy Sweeper 5.0.5.1286 started
    12:52 PM: Spy Sweeper 5.0.5.1286 started
    12:52 PM: | Start of Session, Sunday, July 30, 2006 |
    ********
    12:57 PM: | End of Session, Sunday, July 30, 2006 |
    12:56 PM: Your spyware definitions have been updated.
    12:55 PM: Sweep Status: 2 Items Found
    12:55 PM: Traces Found: 3
    12:55 PM: Memory Sweep Complete, Elapsed Time: 00:00:12
    12:55 PM: Sweep Canceled
    12:55 PM: Detected running threat: C:\WINDOWS\system32\ibe.dll (ID = 230)
    12:55 PM: Found Adware: purityscan
    12:55 PM: Starting Memory Sweep
    12:55 PM: C:\WINDOWS\system32\qwinopez.exe (ID = 1209951)
    12:55 PM: HKLM\software\microsoft\windows\currentversion\run\ || browserupdatesched (ID = 1209951)
    12:55 PM: Found Adware: zenosearchassistant
    12:55 PM: Sweep initiated using definitions version 691
    12:55 PM: Spy Sweeper 5.0.5.1286 started
    12:55 PM: | Start of Session, Sunday, July 30, 2006 |
    ********
    1:23 PM: Removal process completed. Elapsed time 00:02:08
    1:23 PM: Preparing to restart your computer. Please wait...
    1:22 PM: Warning: Quarantine process could not restart Explorer.
    1:22 PM: Warning: Launched explorer.exe
    1:22 PM: Quarantining All Traces: zedo cookie
    1:22 PM: Quarantining All Traces: stopzilla cookie
    1:22 PM: Quarantining All Traces: burstbeacon cookie
    1:22 PM: Quarantining All Traces: tribalfusion cookie
    1:22 PM: Quarantining All Traces: trafficmp cookie
    1:22 PM: Quarantining All Traces: reliablestats cookie
    1:22 PM: Quarantining All Traces: statcounter cookie
    1:22 PM: Quarantining All Traces: questionmarket cookie
    1:22 PM: Quarantining All Traces: qksrv cookie
    1:22 PM: Quarantining All Traces: partypoker cookie
    1:22 PM: Quarantining All Traces: mygeek cookie
    1:22 PM: Quarantining All Traces: mediaplex cookie
    1:22 PM: Quarantining All Traces: burstnet cookie
    1:22 PM: Quarantining All Traces: atlas dmt cookie
    1:22 PM: Quarantining All Traces: falkag cookie
    1:22 PM: Quarantining All Traces: apmebf cookie
    1:22 PM: Quarantining All Traces: tacoda cookie
    1:22 PM: Quarantining All Traces: advertising cookie
    1:22 PM: Quarantining All Traces: addynamix cookie
    1:22 PM: Quarantining All Traces: adrevolver cookie
    1:22 PM: Quarantining All Traces: adprofile cookie
    1:22 PM: Quarantining All Traces: yieldmanager cookie
    1:22 PM: Quarantining All Traces: 2o7.net cookie
    1:22 PM: Quarantining All Traces: webhancer
    1:22 PM: Quarantining All Traces: pesttrap
    1:22 PM: Quarantining All Traces: ieplugin
    1:22 PM: Quarantining All Traces: dropspam toolbar
    1:22 PM: The Spy Communication shield has blocked access to: UPDATE2.OUTERINFO.COM
    1:22 PM: The Spy Communication shield has blocked access to: UPDATE2.OUTERINFO.COM
    1:22 PM: Quarantining All Traces: targetsaver
    1:22 PM: Quarantining All Traces: clkoptimizer
    1:22 PM: C:\WINDOWS\system32\?ystem\n?tepad.exe is in use. It will be removed on reboot.
    1:22 PM: C:\WINDOWS\system32\mshta.dll is in use. It will be removed on reboot.
    1:22 PM: C:\WINDOWS\system32\?ystem\n?tepad.exe is in use. It will be removed on reboot.
    1:22 PM: purityscan is in use. It will be removed on reboot.
    1:22 PM: The Spy Communication shield has blocked access to: NF.OUTERINFO.COM
    1:22 PM: The Spy Communication shield has blocked access to: NF.OUTERINFO.COM
    1:21 PM: Quarantining All Traces: purityscan
    1:21 PM: Quarantining All Traces: zenosearchassistant
    1:21 PM: Removal process initiated
    1:18 PM: Traces Found: 151
    1:18 PM: Full Sweep has completed. Elapsed time 00:21:01
    1:18 PM: File Sweep Complete, Elapsed Time: 00:17:05
    1:18 PM: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\Zeno.lnk (ID = 1209951)
    1:18 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP23\A0021911.lnk (ID = 1209951)
    1:18 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024151.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP22\A0019792.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0023031.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0025246.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP23\A0021885.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0026308.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP23\A0022971.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP28\A0034454.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024090.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0025230.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP27\A0034370.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP28\A0034393.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP23\A0021867.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024377.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP22\A0021773.lnk (ID = 1209951)
    1:17 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0029371.lnk (ID = 1209951)
    1:16 PM: Warning: Stream read error
    1:15 PM: Warning: Failed to access drive G:
    1:15 PM: Warning: Failed to access drive F:
    1:15 PM: Warning: Failed to access drive E:
    1:15 PM: C:\WINDOWS\system32\zxdnt3d.cfg (ID = 91140)
    1:15 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024333.ini (ID = 188794)
    1:15 PM: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\Z_Start.lnk (ID = 235994)
    1:15 PM: C:\WINDOWS\system32\msnav32.ax (ID = 220229)
    1:15 PM: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\Zeno.lnk (ID = 146127)
    1:15 PM: Warning: Failed to open file "c:\documents and settings\karen\cookies\[email protected][1].txt". The operation completed successfully
    1:15 PM: Warning: Failed to open file "c:\documents and settings\karen\cookies\[email protected][2].txt". The operation completed successfully
    1:14 PM: Warning: Failed to open file "c:\windows\temp\ib28". The operation completed successfully
    1:14 PM: Warning: Failed to open file "c:\windows\temp\ib27". The operation completed successfully
    1:14 PM: Warning: Failed to open file "c:\windows\temp\ib26". The operation completed successfully
    1:14 PM: Warning: Failed to read file "c:\program files\adobe\adobe version cue cs2\config\configuration\org.eclipse.core.runtime\.manager\.tmp42583.instance". The process cannot access the file because another process has locked a portion of the file
    1:13 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP28\A0034382.exe (ID = 268995)
    1:13 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024327.exe (ID = 195132)
    1:13 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP23\A0021896.exe (ID = 195128)
    1:13 PM: Warning: Failed to open file "c:\program files\norton systemworks\norton antivirus\savrt\0331nav~.tmp". The operation completed successfully
    1:13 PM: Warning: Failed to open file "c:\program files\norton systemworks\norton antivirus\savrt\0258nav~.tmp". The operation completed successfully
    1:13 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP28\A0034378.exe (ID = 268995)
    1:13 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP22\A0019760.exe (ID = 294184)
    1:12 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP23\A0021892.dll (ID = 268799)
    1:12 PM: C:\WINDOWS\system32\__delete_on_reboot__mshta.dll (ID = 325507)
    1:12 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP23\A0021893.exe (ID = 293)
    1:12 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024342.exe (ID = 293)
    1:12 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024326.exe (ID = 195130)
    1:11 PM: C:\WINDOWS\system32\nt68rrtc12.sys (ID = 220230)
    1:11 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP28\A0034380.dll (ID = 268933)
    1:11 PM: C:\WINDOWS\system32\ondsregs.exe (ID = 293)
    1:11 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP23\A0021895.exe (ID = 195131)
    1:11 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP28\A0034381.exe (ID = 268934)
    1:11 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP28\A0034379.exe (ID = 268932)
    1:11 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024332.exe (ID = 208917)
    1:11 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024336.exe (ID = 208348)
    1:11 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP23\A0021897.dll (ID = 323978)
    1:11 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\recycler\nprotect\eraser.sys". "c:\recycler\nprotect\eraser.sys": File not found
    1:10 PM: HKU\S-1-5-21-1911906971-122223389-3690775609-1005\Software\Microsoft\Windows\CurrentVersion\Run || Dkzglbmw (ID = 0)
    1:10 PM: C:\WINDOWS\system32\?ystem\n?tepad.exe (ID = 450)
    1:10 PM: C:\Program Files\dslifestyle\dslifestyle.exe (ID = 185108)
    1:10 PM: C:\RECYCLER\NPROTECT\00040905.dll (ID = 323979)
    1:08 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024335.EXE (ID = 208351)
    1:08 PM: C:\RECYCLER\NPROTECT\00041657.EXE (ID = 450)
    1:08 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024338.exe (ID = 185113)
    1:07 PM: C:\WINDOWS\system32\tsuninst.exe (ID = 193501)
    1:07 PM: C:\WINDOWS\wh.exe (ID = 185167)
    1:07 PM: C:\Program Files\dslifestyle\Setup.exe (ID = 185110)
    1:07 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024331.dll (ID = 208918)
    1:07 PM: C:\Program Files\dslifestyle\ps.exe (ID = 185109)
    1:07 PM: C:\Program Files\DropSpam\UninstallTB.exe (ID = 185116)
    1:06 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP23\A0021782.dll (ID = 323979)
    1:06 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024325.dll (ID = 195129)
    1:05 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024334.dll (ID = 208352)
    1:05 PM: Found Adware: webhancer
    1:05 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024346.exe (ID = 320371)
    1:02 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024328.exe (ID = 319948)
    1:02 PM: C:\Program Files\Common Files\kwki\kwkid\vocabulary (ID = 78283)
    1:02 PM: C:\Program Files\Common Files\kwki\kwkid\class-barrel (ID = 78229)
    1:02 PM: C:\System Volume Information\_restore{45892d38-a0bf-43f9-8c9f-96715222a8fe}\RP24\A0024344.exe (ID = 268798)
    1:02 PM: Found Adware: clkoptimizer
    1:01 PM: C:\Program Files\dslifestyle (21 subtraces) (ID = 2147501137)
    1:01 PM: C:\Program Files\DropSpam (3 subtraces) (ID = 2147501136)
    1:00 PM: Starting File Sweep
    1:00 PM: Warning: Failed to access drive A:
    1:00 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][2].txt (ID = 3762)
    1:00 PM: Found Spy Cookie: zedo cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 3466)
    1:00 PM: Found Spy Cookie: stopzilla cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][2].txt (ID = 2337)
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][2].txt (ID = 2335)
    1:00 PM: Found Spy Cookie: burstbeacon cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 3589)
    1:00 PM: Found Spy Cookie: tribalfusion cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 3581)
    1:00 PM: Found Spy Cookie: trafficmp cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][2].txt (ID = 6444)
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 3254)
    1:00 PM: Found Spy Cookie: reliablestats cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][2].txt (ID = 3447)
    1:00 PM: Found Spy Cookie: statcounter cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][2].txt (ID = 3217)
    1:00 PM: Found Spy Cookie: questionmarket cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][2].txt (ID = 3213)
    1:00 PM: Found Spy Cookie: qksrv cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][2].txt (ID = 3111)
    1:00 PM: Found Spy Cookie: partypoker cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 1958)
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 3041)
    1:00 PM: Found Spy Cookie: mygeek cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 1958)
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 6442)
    1:00 PM: Found Spy Cookie: mediaplex cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 2089)
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 1958)
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 2336)
    1:00 PM: Found Spy Cookie: burstnet cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][2].txt (ID = 2253)
    1:00 PM: Found Spy Cookie: atlas dmt cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 2650)
    1:00 PM: Found Spy Cookie: falkag cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][2].txt (ID = 2229)
    1:00 PM: Found Spy Cookie: apmebf cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][2].txt (ID = 6445)
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 6445)
    1:00 PM: Found Spy Cookie: tacoda cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][2].txt (ID = 2175)
    1:00 PM: Found Spy Cookie: advertising cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 2062)
    1:00 PM: Found Spy Cookie: addynamix cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 2088)
    1:00 PM: Found Spy Cookie: adrevolver cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 2084)
    1:00 PM: Found Spy Cookie: adprofile cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][2].txt (ID = 3751)
    1:00 PM: Found Spy Cookie: yieldmanager cookie
    1:00 PM: c:\documents and settings\karen\cookies\[email protected][1].txt (ID = 1957)
    1:00 PM: Found Spy Cookie: 2o7.net cookie
    1:00 PM: Starting Cookie Sweep
    1:00 PM: Registry Sweep Complete, Elapsed Time:00:00:32
    1:00 PM: HKU\S-1-5-21-1911906971-122223389-3690775609-1005\software\pesttrap\ (ID = 1127557)
    1:00 PM: Found Adware: pesttrap
    1:00 PM: HKU\S-1-5-21-1911906971-122223389-3690775609-1005\software\dropspamtoolbar\ (ID = 956998)
    1:00 PM: HKU\S-1-5-21-1911906971-122223389-3690775609-1005\software\dropspam\ (ID = 956996)
    1:00 PM: HKU\S-1-5-21-1911906971-122223389-3690775609-1005\software\microsoft\search assistant\ || defaultsearchurl (ID = 841067)
    1:00 PM: Found Adware: ieplugin
    1:00 PM: HKLM\software\microsoft\windows\currentversion\run\ || browserupdatesched (ID = 1075246)
    1:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\lifestyle . dropspam\ (ID = 957192)
    1:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet explorer toolbar - dropspam\ (ID = 957189)
    1:00 PM: HKLM\software\microsoft\internet explorer\extensions\{b6e649fa-5461-40d7-ab4d-54fc3c8db767}\ (ID = 957164)
    1:00 PM: HKLM\software\classes\typelib\{cc1074c2-0ca2-408e-81f9-ca8ad68d31a9}\ (ID = 957141)
    1:00 PM: HKLM\software\classes\clsid\{5d50d513-e136-4f9f-b610-c7805e5f2491}\ (ID = 957096)
    1:00 PM: HKLM\software\classes\ewwie.popcounter.1\ (ID = 957021)
    1:00 PM: HKLM\software\classes\ewwie.popcounter\ (ID = 957015)
    1:00 PM: HKLM\software\classes\ewwie.band.1\ (ID = 957011)
    1:00 PM: HKLM\software\classes\ewwie.band\ (ID = 957005)
    1:00 PM: HKCR\typelib\{cc1074c2-0ca2-408e-81f9-ca8ad68d31a9}\ (ID = 956973)
    1:00 PM: HKCR\clsid\{5d50d513-e136-4f9f-b610-c7805e5f2491}\ (ID = 956928)
    1:00 PM: HKCR\ewwie.popcounter.1\ (ID = 956853)
    1:00 PM: HKCR\ewwie.popcounter\ (ID = 956847)
    1:00 PM: HKCR\ewwie.band.1\ (ID = 956843)
    1:00 PM: HKCR\ewwie.band\ (ID = 956837)
    1:00 PM: Found Adware: dropspam toolbar
    1:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\zeno search assistant\ (ID = 147935)
    1:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\enhanced ads by zeno\ (ID = 147934)
    1:00 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\enhanced ads by zeno\ (ID = 147931)
    1:00 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\zeno search assistant\ (ID = 147930)
    1:00 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (ID = 143607)
    1:00 PM: Found Adware: targetsaver
    1:00 PM: Starting Registry Sweep
    1:00 PM: Memory Sweep Complete, Elapsed Time: 00:03:07
    1:00 PM: HKU\S-1-5-21-1911906971-122223389-3690775609-1005\Software\Microsoft\Windows\CurrentVersion\Run || Dkzglbmw (ID = 0)
    1:00 PM: Detected running threat: C:\WINDOWS\system32\?ystem\n?tepad.exe (ID = 450)
    12:59 PM: Detected running threat: C:\WINDOWS\system32\ondsregs.exe (ID = 293)
    12:57 PM: Detected running threat: C:\WINDOWS\system32\qwinopez.exe (ID = 412)
    12:57 PM: Detected running threat: C:\WINDOWS\system32\mshta.dll (ID = 451)
    12:57 PM: Found Adware: purityscan
    12:57 PM: Starting Memory Sweep
    12:57 PM: C:\WINDOWS\system32\qwinopez.exe (ID = 1209951)
    12:57 PM: HKLM\software\microsoft\windows\currentversion\run\ || browserupdatesched (ID = 1209951)
    12:57 PM: Found Adware: zenosearchassistant
    12:57 PM: Sweep initiated using definitions version 729
    12:57 PM: Spy Sweeper 5.0.5.1286 started
    12:57 PM: | Start of Session, Sunday, July 30, 2006 |
    ********
     
  6. lizziebee

    lizziebee Thread Starter

    Joined:
    Apr 14, 2006
    Messages:
    15
    Hijack this log

    Hijack this log

    Logfile of HijackThis v1.99.1
    Scan saved at 1:29:48 PM, on 7/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\PROGRA~1\PPPATC~1\wowexec.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    R3 - URLSearchHook: (no name) - {812E832A-48CD-131E-EAA0-1784899419C4} - C:\WINDOWS\system32\ibe.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Karen\Application Data\Mozilla\Profiles\default\x9q4t632.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2C2CC666-0985-540B-FCE5-03D58C07BFCC} - C:\WINDOWS\system32\kufkm.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {812E832A-48CD-131E-EAA0-1784899419C4} - C:\WINDOWS\system32\ibe.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [{BE-E1-1D-D7-ZN}] "C:\windows\system32\ondsregs.exe" GID002
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [kwki] C:\PROGRA~1\COMMON~1\kwki\kwkim.exe
    O4 - HKCU\..\Run: [Iinl] "C:\PROGRA~1\PPPATC~1\wowexec.exe" -vt yazb
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Dkzglbmw] C:\WINDOWS\system32\YSTEM~1\NTEPAD~1.EXE
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138933050125
    O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
    O20 - AppInit_DLLs: mshta.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  7. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    R3 - URLSearchHook: (no name) - {812E832A-48CD-131E-EAA0-1784899419C4} - C:\WINDOWS\system32\ibe.dll

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O2 - BHO: (no name) - {2C2CC666-0985-540B-FCE5-03D58C07BFCC} - C:\WINDOWS\system32\kufkm.dll (file missing)

    O2 - BHO: (no name) - {812E832A-48CD-131E-EAA0-1784899419C4} - C:\WINDOWS\system32\ibe.dll

    O4 - HKLM\..\Run: [{BE-E1-1D-D7-ZN}] "C:\windows\system32\ondsregs.exe" GID002

    O4 - HKCU\..\Run: [kwki] C:\PROGRA~1\COMMON~1\kwki\kwkim.exe

    O4 - HKCU\..\Run: [Iinl] "C:\PROGRA~1\PPPATC~1\wowexec.exe" -vt yazb

    O4 - HKCU\..\Run: [Dkzglbmw] C:\WINDOWS\system32\YSTEM~1\NTEPAD~1.EXE

    O20 - AppInit_DLLs: mshta.dll


    Close Hijack This.

    Please download the Killbox by Option^Explicit.

    Note: In the event you already have Killbox, this is a new version that I need you to download.
    • Save it to your desktop.
    • Please double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


      C:\WINDOWS\system32\ibe.dll
      C:\windows\system32\ondsregs.exe
      C:\PROGRA~1\COMMON~1\kwki\
      C:\PROGRA~1\PPPATC~1\
      C:\WINDOWS\system32\YSTEM~1\
      C:\windows\system32\mshta.dll


    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

    Post a new Hijack This log.
     
  8. lizziebee

    lizziebee Thread Starter

    Joined:
    Apr 14, 2006
    Messages:
    15
    Logfile of HijackThis v1.99.1
    Scan saved at 2:23:42 PM, on 7/30/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\program files\support.com\client\bin\tgcmd.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Karen\Application Data\Mozilla\Profiles\default\x9q4t632.slt\prefs.js)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138933050125
    O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Good job. How are things now?
     
  10. lizziebee

    lizziebee Thread Starter

    Joined:
    Apr 14, 2006
    Messages:
    15
    The pop-ups have thankfully stopped coming, and since we did the very first item it has been starting up without issues!
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You're welcome :)

    Now turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer.

    Turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

    You can mark your thread "Solved" from the Thread Tools drop down menu.
     
  12. lizziebee

    lizziebee Thread Starter

    Joined:
    Apr 14, 2006
    Messages:
    15
    Thank you!!!! You guys are brilliant.
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    My pleasure :)
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487806

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice