hijack this logfile

[licid33]

this message is now at least 10 characters long

 

[howard_hopkinso]

Hello and welcome to Techspot.

This message is going to be way over 10 characters long

Go HERE and have your computer scanned.

Then, go and read both these threads by RBS. Follow all the instructions exactly.

How to remove Trojans and its ilk! and How to remove Begin2search / coolwebsearch and other nasties.

Only after doing the above, post a fresh HJT log.

Regards Howard :wave: :wave:

 

[licid33]

HIJACKTHIS log

this message is now more than 10 characters

 

[howard_hopkinso]

Go back to this thread HERE and this time follow the instuctions.

Only post a fresh HJT log when you`ve completed the above.

Regards Howard

 

[licid33]

hijackthis log

k i followed all of the instructions this time and removed a lot of files - heres what i got after a fresh hijackthis

i still have winfixer 2006 on here - could you tell me how to remove that? thanks

 

[howard_hopkinso]

Boot into safe mode.

Turn off system restore.

In Windows Explorer, turn on "Show all files and folders, including hidden and system".

Click start/run and type regsvr32 /u C:\WINDOWS\system32\oppon.dll and press the enter key.

Run HJT with no other programmes open, and have HJT fix the following by placing a tick in the little box next to(if there).

O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\oppon.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)

O15 - Trusted IP range: 67.19.185.246

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O20 - Winlogon Notify: oppon - C:\WINDOWS\system32\oppon.dll

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)

Now click on the fix checked button.

Close HJT.

Locate, and delete the following bold file(if there).

C:\WINDOWS\system32\oppon.dll

Click start/run and type services.msc into the run box, and press the enter key.

When the window appears, maximise it.

Locate the above 023 services. Double click on them, and select stop if they are running. Set the startup type to disabled.

Click apply ok.

Reboot into normal mode, and turn system restore back on.

Regards Howard

 

[licid33]

Howard,
i am unable to delete oppon.dll - says it is connected to current processes - but the only 3 processes that are running are taskmgr.exe explorer.exe winlogon.exe ( cant terminate) and csrss.exe ( cant terminate)

 

[howard_hopkinso]

Please post a fresh HJT log thanks.

Regards Howard