HELP! pc crash after boot with dll error possble virus?? [page 2/3]

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Wednesday 5.3.2025 / 22:28

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help! pc crash after boot with dll error possble virus??

Browse by topic

Forums

Start a new thread

HELP! pc crash after boot with dll error possble virus??

Jump to:

Posted

Message

Page:	< Previous	1	2	3	Next >

cdavfrew

Senior Member

18. June 2008 @ 09:47

Link to this message

One more thing. If safe mode works, run all the scans I mentioned above in safe mode.

[ + quote]

edmund085

Suspended permanently

18. June 2008 @ 09:49

Link to this message

hello

Then you are infected. Then I have to ask for the files plssssssssss. plsssssssss. Is it hard to copy upload and send plsssssssssss.
Just send it plsssssssssssss. It's just like helping a man walk down the street. just send it to ***email removed by loco***

Well, I have to go to bed now I'm getting tired. But i will wait for your e-mail I trust you MUAGE. And I will trust you even if you fail me or won't send me or closed this. Just send me because I trust you. Plsssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss.
Does that convivnced you????? Plsssssssssssssssssssssssssssssssssssss.
Can you help me do you know how many times I beg? I beg 25 times from one thread into other. Just send at ***email removed by loco***

[ + quote]

This message has been edited since posting. Last time this message was edited on 18. June 2008 @ 10:25

MUAGE

Junior Member

18. June 2008 @ 09:54

Link to this message

NO files found with vundofix !

[ + quote]

edmund085

Suspended permanently

18. June 2008 @ 09:55

Link to this message

hello

not on vundofix but explorer.exe winlogon.exe rundll32.exe and advpack.dll plssss thanks!!!!!!!!!!

my e-mail address
***email removed by loco***

[ + quote]

This message has been edited since posting. Last time this message was edited on 18. June 2008 @ 10:25

LOCOENG

Moderator

1 product review

18. June 2008 @ 10:29

Link to this message

edmund085, no email addresses per forum rules.

Let me explain how a forum works. A member posts a question for help and then another member comes and helps...in the open forum for all to see and benefit from. I think you are up to something else though and would advise the OP not to send anything to you. If you aren't offering help in the open forum we won't help you give private help or who knows what else. If you need help yourself I suggest you open your own thread and not hijack others.

[ + quote]

This message has been edited since posting. Last time this message was edited on 18. June 2008 @ 10:42

MUAGE

Junior Member

18. June 2008 @ 10:38

Link to this message

No files found on vundofix and no log given, all scans done in safe mode, RUNDLL error as described before still comes up after reboot done by combofix. Please advise Cdavfrew Thanks !

[06/18/2008, 15:07:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Neil Brown\Desktop\VirtumundoBeGone.exe" )
[06/18/2008, 15:07:44] - Detected System Information:
[06/18/2008, 15:07:44] - Windows Version: 5.1.2600, Service Pack 2
[06/18/2008, 15:07:44] - Current Username: Neil Brown (Admin)
[06/18/2008, 15:07:44] - Windows is in SAFE mode with Networking.
[06/18/2008, 15:07:44] - Searching for Browser Helper Objects:
[06/18/2008, 15:07:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/18/2008, 15:07:44] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/18/2008, 15:07:44] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/18/2008, 15:07:44] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/18/2008, 15:07:44] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/18/2008, 15:07:44] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/18/2008, 15:07:44] - Finished Searching Browser Helper Objects
[06/18/2008, 15:07:45] - Finishing up...
[06/18/2008, 15:07:45] - Nothing found! Exiting...

ComboFix 08-06-16.5 - Neil Brown 2008-06-18 15:15:28.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.797 [GMT 1:00]
Running from: C:\Documents and Settings\Neil Brown\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\XP Antivirus
C:\Program Files\XP Antivirus\xpa.exe.XXX
C:\WINDOWS\system32\ceNnmnmp.ini
C:\WINDOWS\system32\ceNnmnmp.ini2
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\gswnyaoe.ini
C:\WINDOWS\system32\lsnifksn.ini
C:\WINDOWS\system32\lvmdcyji.ini
C:\WINDOWS\system32\moenmniv.ini
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\qmopt.dll
C:\WINDOWS\system32\vgkxtwti.ini
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LANMANDRV
-------\Legacy_MSUPDATE
-------\Legacy_NPF
-------\Service_lanmandrv
-------\Service_msupdate
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-18 14:50 . 2008-06-18 14:50 <DIR> d-------- C:\VundoFix Backups
2008-06-17 17:32 . 2008-06-17 17:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-17 13:29 . 2008-06-17 13:57 31,744 --a------ C:\WINDOWS\system32\lanmanwrk.exe.XXX
2008-06-17 13:29 . 2008-06-17 13:57 5,888 --a------ C:\WINDOWS\system32\lanmandrv.sys.XXX
2008-06-07 16:59 . 2006-12-27 20:29 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS\Phone Browser
2008-06-07 16:59 . 2005-08-23 10:19 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS\Application Data\Symantec
2008-06-07 16:59 . 2005-09-24 18:42 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS\Application Data\Sony Corporation
2008-06-07 16:59 . 2006-12-27 20:29 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS\Application Data\PC Suite
2008-06-07 16:59 . 2008-06-07 16:59 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS
2008-06-02 23:25 . 2008-06-02 23:25 95,232 --a------ C:\WINDOWS\system32\eoaynwsg.dll.XXX
2008-06-02 22:26 . 2008-06-02 22:26 <DIR> d-------- C:\Program Files\SpywareBot
2008-06-02 22:26 . 2008-06-02 12:18 324,864 --a------ C:\WINDOWS\system32\ssqPiGXo.dll_old.XXX
2008-06-02 22:26 . 2008-06-02 14:09 324,864 --a------ C:\WINDOWS\system32\pmnmnNec.dll.XXX
2008-06-02 17:00 . 2008-06-02 17:00 95,232 --a------ C:\WINDOWS\system32\vinmneom.dll.XXX
2008-06-02 16:30 . 2006-12-27 20:29 <DIR> d-------- C:\Documents and Settings\Administrator\Phone Browser
2008-06-02 16:30 . 2008-06-02 22:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-02 14:39 . 2008-06-02 14:39 95,232 --a------ C:\WINDOWS\system32\nskfinsl.dll.XXX
2008-06-02 14:03 . 2008-06-17 13:55 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dll.XXX
2008-06-02 12:13 . 2008-06-02 12:13 28,928 --a------ C:\WINDOWS\system32\drivers\qxE41.sys.XXX
2008-05-31 22:52 . 2008-05-31 23:28 <DIR> d-------- C:\Documents and Settings\Neil Brown\Application Data\Skype
2008-05-31 21:53 . 2008-05-31 21:53 <DIR> d-------- C:\Program Files\uTorrent
2008-05-31 21:52 . 2008-05-31 23:33 <DIR> d-------- C:\Documents and Settings\Neil Brown\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-31 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-31 17:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 18:47 --------- d-----w C:\Program Files\Java
2008-05-20 15:55 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-06 16:13 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-07-16 15:17 4670704]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 12:47 118784]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-05 02:57 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-05 02:56 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-05 02:56 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 07:17 14743552 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 11:51 53248]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 05:51 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 13:43 151552]
"PDService.exe"="C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 14:15 40960]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39 167936]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-15 17:34 579584]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-28 13:23 1836544]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"54a58e5f"="C:\WINDOWS\system32\itwtxkgv.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 20:04 219136]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-09-24 18:48:06 778240]

C:\Documents and Settings\Administrator.BROWNS\Start Menu\Programs\Startup\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-09-24 18:48:06 778240]

C:\Documents and Settings\Neil Brown\Start Menu\Programs\Startup\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-09-24 18:48:06 778240]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qxE41.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40]
S0 qxE41;qxE41;C:\WINDOWS\system32\Drivers\qxE41.sys []
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05 13:06]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 18:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 18:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 18:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 18:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 18:24]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 15:22:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\ApntEx.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-06-18 15:27:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 14:26:59

Pre-Run: 8,559,689,728 bytes free
Post-Run: 7,746,469,888 bytes free

192 --- E O F --- 2008-06-17 17:21:14

[ + quote]

MUAGE

Junior Member

18. June 2008 @ 10:44

Link to this message

[ + quote]

MUAGE

Junior Member

18. June 2008 @ 10:50

Link to this message

sorry for double post my wirless screwed up here is the new hijackthis after all scans in safemode. :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:30 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defa...earch.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\itwtxkgv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1143238707000
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Avlib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14061 bytes

[ + quote]

edmund085

Suspended permanently

19. June 2008 @ 07:28

Link to this message

hello

Sorry, I dont know about that but thanks for the brilliant idea. I have to create another thread. But will you pls dont remove my e-mail so that others can help. plsssssssss. I'm not thingking about something else. My only aim,purpose is to find the creator. thanks for the idea

[ + quote]

LOCOENG

Moderator

1 product review

19. June 2008 @ 07:46

Link to this message

Edmond,

Quote:
10. Don't post your email address to the forums! Spambots love dumb forum users who post their email addresses to public sites and grab those addresses and you will soon discover the wonders of penis enlargement kits and other really useful products posted daily to your inbox.

From the forum rules which you agreed to when you created your account with afterdawn. There is a link to the rest of the rules in my sig, please read them.

[ + quote]

edmund085

Suspended permanently

19. June 2008 @ 07:51

Link to this message

hello

Never mind those spam bots I just read those spam. Ther are so funny. Funny and stupid agendas. hahahahahahhaha. Pennis enlargement kit.ahhahahahahhahaha That is so funny. That is the kind of message I want to read. It's like comics with punch line.hahahahahha pls dont remove my e-mail address I want to read those. hahahahha. And also how can some people send files or hijackthis log when I create a new thread?
Plsssss can you give it back or change it back.

[ + quote]

LOCOENG

Moderator

1 product review

19. June 2008 @ 08:00

Link to this message

It's not your choice...no email addresses allowed.

[ + quote]

edmund085

Suspended permanently

19. June 2008 @ 08:02

Link to this message

Oh no! what should I do. hmmmmmm. aha I found a way >(***Email removed by loco for the last time***)<

hahahahhaha it works!!!!!!!!! . thanks for your IDEA LOCO

[ + quote]

This message has been edited since posting. Last time this message was edited on 19. June 2008 @ 09:36

cdavfrew

Senior Member

19. June 2008 @ 08:44

Link to this message

Hi Muage.

Good to see that the Antivir Boot Cd already disabled most of the bad malware, and the rest should be pretty okay.

I need one more log first. Download Superantispyware Free, update it, and do a scan in safe mode. Quarantine all found items, and post the scan log here.

After the superantispyware scan, you can remove the entry

O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\itwtxkgv.dll",b

This is the entry which is causing your rundll error. Basically, what is happening is that this entry has set the file to load on startup, but apparently the file is not found, therefore there is an error. It isn't a serious error, so you do not have to worry.

Best Regards :D

[ + quote]

This message has been edited since posting. Last time this message was edited on 19. June 2008 @ 08:51

MUAGE

Junior Member

19. June 2008 @ 09:25

Link to this message

doing that now cdavfrew i downloaded some updates namely service pack 3 is this ok and also what was the java update you mentioned?

[ + quote]

LOCOENG

Moderator

1 product review

19. June 2008 @ 09:38

Link to this message

No email means no email...period.

Sorry MUAGE for the direction your thread has been taken...please carry on.

[ + quote]

MUAGE

Junior Member

19. June 2008 @ 09:42

Link to this message

no worries thanks for the help i thought i was going to have to tell him where to go. you guys rock!

[ + quote]

cdavfrew

Senior Member

19. June 2008 @ 09:46

Link to this message

Thanks Locoeng.

Hey Muage.

Yes, service pack 3 can be installed, but not until we've finished our cleanup. And the java update I mentioned was java 1.6.0.6.

Best Regards :D

[ + quote]

MUAGE

Junior Member

19. June 2008 @ 11:14

Link to this message

hey Cdavfrew I did the superantispyware scan in safe mode and it took a while but at the end it asked to reboot, so i said ok. when the computer rebooted the RUNDLL error did not come up (rebooted normal mode ok?) now when i did another hijackthis scan that regisrty is still there strange does this sound ok?

[ + quote]

cdavfrew

Senior Member

19. June 2008 @ 12:20

Link to this message

Hey Muage. Post the Superantispyware scan log here, unless it did not detect anything.

Also, fix the registy entry in hijackthis. We'll have to see whether or not it is strange.

Best Regards :D

[ + quote]

MUAGE

Junior Member

19. June 2008 @ 12:34

Link to this message

oh it found stuff alright!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/19/2008 at 04:01 PM

Application Version : 4.15.1000

Core Rules Database Version : 3485
Trace Rules Database Version: 1476

Scan type : Complete Scan
Total Scan Time : 01:14:26

Memory items scanned : 161
Memory threats detected : 0
Registry items scanned : 6510
Registry threats detected : 3
File items scanned : 25969
File threats detected : 126

Adware.Tracking Cookie
C:\Documents and Settings\Neil Brown\Cookies\neil_brown@serving-sys[2].txt
C:\Documents and Settings\Neil Brown\Cookies\neil_brown@adinterax[2].txt
C:\Documents and Settings\Neil Brown\Cookies\neil_brown@bs.serving-sys[2].txt
.www.clash-media.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.www.clash-media.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.www.clash-media.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.www.clash-media.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.112.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.122.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.adultadworld.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.adulttraffsale.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.amazonms.122.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.aoluk.122.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.banners.adultfriendfinder.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.banners.adultfriendfinder.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.clickcompare.co.uk [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.clickcompare.co.uk [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.cracker.com.au [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.cracker.com.au [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.cz11.clickzs.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.cz11.clickzs.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.dealtime.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.e-2dj6wckoaic5wcp.stats.esomniture.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.e-2dj6wcl4shd5adp.stats.esomniture.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.e-2dj6whlikpdzodp.stats.esomniture.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.e-2dj6wjloogcpebp.stats.esomniture.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.hotelopia.112.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.indextools.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.kinxxx.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.kinxxx.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.opodo.122.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.pornbase.org [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.pornbase.org [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.pornhub.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.pornhub.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.porno-shack.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.porno-shack.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.qksrv.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.qksrv.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.sexintheuk.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.sexintheuk.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.sexintheuk.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.sexintheuk.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.sexintheuk.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.sexintheuk.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.sexintheuk.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.superstats.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.teenslikeitbig.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.teenslikeitbig.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.teens-photos.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.teens-photos.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.teletext.112.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.tjx.112.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.tracking.summitmedia.co.uk [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.trinitymirror.112.2o7.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.ufindus.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.ufindus.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.videoegg.adbureau.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.view.atdmt.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
.weborama.fr [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
ads.kinxxx.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
adserver.rawkus.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
adserving.autotrader.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
adverts.propertynews.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
adverts.propertynews.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
adverts2.propertynews.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
audit.median.hu [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
cracker.com.au [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
ffxcam.cracker.com.au [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
pornpro.org [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
uk.sitestat.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
uk.sitestat.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
uk.sitestat.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
uk.sitestat.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
uk.sitestat.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
uk.sitestat.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
www.clickcompare.co.uk [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
www.clickcompare.co.uk [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
www.etracker.de [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Neil Brown\Application Data\Mozilla\Firefox\Profiles\jc8j9bli.default\cookies.txt ]

Unclassified.SpywareBot (Not A Threat)
HKU\S-1-5-21-2856535632-2678433624-3151318732-1006\Software\SpywareBot
C:\Program Files\SpywareBot\DataBaseNew.ref
C:\Program Files\SpywareBot\Log\log_2006_07_24_21_13_56.log
C:\Program Files\SpywareBot\Log\log_2006_07_25_10_22_28.log
C:\Program Files\SpywareBot\Log\log_2006_07_25_10_48_09.log
C:\Program Files\SpywareBot\Log\log_2006_07_25_10_50_35.log
C:\Program Files\SpywareBot\Log
C:\Program Files\SpywareBot\Settings\CustomScan.stg
C:\Program Files\SpywareBot\Settings\IgnoreList.stg
C:\Program Files\SpywareBot\Settings\ScanInfo.stg
C:\Program Files\SpywareBot\Settings\ScanResults.stg
C:\Program Files\SpywareBot\Settings\SelectedFolders.stg
C:\Program Files\SpywareBot\Settings\Settings.stg
C:\Program Files\SpywareBot\Settings
C:\Program Files\SpywareBot\SpywareBot.exe
C:\Program Files\SpywareBot

Adware.Zango Toolbar/Hb
HKCR\CLSID\{8109FD3D-D891-4F80-8339-50A4913ACE6F}
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoOI\dynamic
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoOI\static
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoOI
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoOL\dynamic
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoOL\static
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoOL
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\890068.sdf
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\ASPL1.dat
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\hstat\34f1.dat
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\hstat
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\99795
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\ustat\34f1.dat
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\ustat
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\btntrans1.dat
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\buttondir.txt
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\components.cdf
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\default.cdf
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_categorize.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_comparison.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_favorites.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Games.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hide.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemster.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Mails.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_MobileSW-US.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_new.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_premium.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_reun.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_ringtones.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_weather.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-t1-bg.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\icons2.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\keywords.idx
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\keywords1.dat
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\layout.cdf
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\linkpathlegal.txt
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\progress.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\sales_buttons.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\s_icons_buttons.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\t2_bg.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\theweb.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\top7.cdf
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\tsd_bg.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\zango.res
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\default.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\icons2.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\layout.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\progress.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2reg.txt
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2reg.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\top7.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\zango.xip
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0\ZangoToolbar
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\v3.0
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar\zbar.log
C:\Documents and Settings\Neil Brown\Application Data\ZangoToolbar

Adware.Vundo Variant/Rel
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#54a58e5f [ rundll32.exe "C:\WINDOWS\system32\itwtxkgv.dll",b ]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F5EF55A-E29B-4901-A606-25FE10A89912}\RP254\A0089551.DLL.XXX
C:\WINDOWS\SYSTEM32\EOAYNWSG.DLL.XXX

Rogue.WinAntiVirusPro/SecurityCenter-Fake
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7F5EF55A-E29B-4901-A606-25FE10A89912}\RP254\A0105561.CPL.XXX

[ + quote]

cdavfrew

Senior Member

20. June 2008 @ 03:16

Link to this message

Hey Muage.

Great! Looks like you're clean! Superantispyware removed all the malware (including more rogue antiviruses) installed by XP Antivirus, and once you've quarantined all these entries in safe mode, and then do another scan (also in safe mode) after a reboot, you'll be officially clean. Also, do a search in Windows for all files with the extension .xxx, and move them to an isolated folder, while taking note of the locations. We do this just in case of an windows error caused by the lack of one of these files.

As for the explaination to why the rundll error is gone despite the existing registry entry, it is because Superantispyware disabled the entry, so all you have to do is remove it in HijackThis.

There are two paths that you can take now. You can either choose to do either one, or do both as well.

One is to clean out all traces of the malware. Traces are settings, files, and registry entries left by malware, and are generally harmless. To do this, download both A-squared Free and Advanced Windowscare. Update both programs. Scan with A-squared, and post a scan log here without removing anything. Scan with Advanced Windowscare (with all items checked), and fix all.

Two is to clean out your parent's computer and to make it as good as new. First, you can update both windows service pack and java. Please note that you can uninstall earlier versions of java once the newest version has been installed. This will free up disk space. Secondly, download CCleaner and ATF Cleaner. Clean out the junk files on your computer with these two tools. Last, defragment the computer either with Windows Defragmenter (which might be pretty slow) or you can use a third party software defragmenter. Free examples of this include Iobit Smart Defrag, Auslogics Disk Defrag, and Defraggler.

The last thing you have to do, no matter which path you choose, is to secure your parent's computer against such infections.

For a good antivirus program, AVG 7 (which is the current one on your parent's computer) is definitely not on my top list. If your parents are willing to pay, Antivir Premium, Nod32, or Kaspersky all make good choices. However, a good free alternative is Antivir Free, which has superb detection compared to any other product. See Av-comparatives.org.

For spyware protection, I believe that you have already been introduced to Superantispyware. Even though the free version does not have real-time protection, it makes a great on-demand scanner. Spybot works great as well, both for immunization and on-demand scanning.

To secure your browser, SpywareBlaster, Advanced Windowscare, and Spybot all have great immunization abilities. However, you can also make your hosts file even better with HP Hosts file and MVPS. Also, Spybot's SDHelper does pretty well.

Firewalls are important too, and Comodo, Zonealarm, and Online Armor all make great free choices. For a less resource hogging program, Filseclab Firewall combined with Windows Firewall is a great setup as well.

Hope you found my advice useful, and congratulations on getting the computer clean. To learn more about such things, you can always join online programs such as Malware Removal and GeeksToGo, both of which have great malware training programs.

Best Regards :D

[ + quote]

This message has been edited since posting. Last time this message was edited on 20. June 2008 @ 03:30

edmund123

Suspended permanently

20. June 2008 @ 07:06

Link to this message

Dear Loco,

You aint. gonna get rid of me that easily. But since you have banned me. then begone I go. I'm 3 steps ahead when my edmund085 account is banned.
But It doesent mean I will subscribe to this account, Im unscribing it. Just liitle help cannot even offer. But I will have to say goodbye and wait until my other account is unbanned. But thanks, I knew my limitations. BUT YOU CAN"T GET RID OF ME HAT EASILY!. hehehehehe

Best Regards
Edmund085

[ + quote]

creaky

Moderator

20. June 2008 @ 07:35

Link to this message

Believe me we can indeed get rid of you that easily. Keep this up and your original account and any/all subsequent accounts will be deactivated. I'd give it up now if i were you as we can keep this up far longer than you can..

[ + quote]

Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***

edmund456

Suspended permanently

20. June 2008 @ 07:56

Link to this message

Dear Creaky,

Hmmmm. Not good enough. More Practice. But Even Thou you banned this account(Im sure you gonna banned it.) So I will have to create a new account but Differnt I will change First Name, Last name. So that you Wont know me anymore. I'll just hide. And be someone else. So it means you can't get rid of me that easily. Hahahaha. After this I would not subscribe to this thread becuase you will think that is me. So go and find my new account. Hasta la vista people. hahahhah Not good enough creaky. hehehehhehe. And also why don't you start banning this account. I reccomend it also to delete it or whatever evil thing you can think of!!!!!!!!!!!!! Hahahahahhahahahahhahahahahahhahahahahahhahahahhaha!
YOU WILL NEVER CATCH ME!!!!!!!!!!
YOU CAN NEVER GET RID OF ME!!!!!!!!!!!!!
I AM EVERYWHERE!!!!!!!!!!!!
OR SOMEBODY!!!!!!!!!!!!!!!!

Best Regards,
Edmund085

[ + quote]

This message has been edited since posting. Last time this message was edited on 20. June 2008 @ 07:59

Page:	< Previous	1	2	3	Next >

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help! pc crash after boot with dll error possble virus??


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.