HELP! pc crash after boot with dll error possble virus??

edmund085 · Jun 18, 2008

But also greater minds doesn't mean you can found them on FBI. Some are brighter than FBI. I'm not Bright. But my only faith and hope is keeping me up. I would never give up my research. Thomas Edison created many test on almost all the bulbs he tested wer failed, but only one worked. That also relflects me. Many files were given but only one fiber, one thread, one command can lead me to "him". Plsssssssssssssssss. I like files that were fresh with virus. They contain some fresh commands. They are very fresh like fish. Plssssssssss. I don't care if FBI wont get them. All i want is to find him, know him, meet him, then put him in jail. plssssss I wont give advise(Promise cross my heart) All i need are those hijackthislog and those files. It's easy just copy upload send to ***email removed by loco*** plssssssssssssssssss. do i have to cry, kneel down, roll over and cry, huhuhuhuhhhuuhuhhhuhu.

cdavfrew · Jun 18, 2008

Trust me edmund. Finding the creator of vundo is going to be much harder than just "whoising" him.

Hi Muage.
Your new hijackthis log is clean. Eager to see your other scan logs.

The reason I asked you to rename HijackThis is because that certain variants of vundo have been known to hide themselves in hijackthis logs when the process is known as HijackThis. All we want is to be thorough.

If you haven't already run Combofix, please stop first, and run both vundofix and virtumundobegone before COmbofix. Post the logs here.

Best Regards

PS: Muage. You can help your parents update java and windows service pack.

MUAGE · Jun 18, 2008

I will do those scans before combo fix you caught me in time lol. that guy is tapped lol. anyway cd(for short if thats ok) when i reboot i still get the rundll error and when i looked at the hijackthis log one of the registry's you asked me to fix with hijack this is still there namely
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\itwtxkgv.dll",b should i try to remove again??

edmund085 · Jun 18, 2008

hello

Then I have to use another tools in finding him. But I have already copied your hijackthis log thanks. But can you send me a copy of you explorer.exe winlogon.exe rundll32.exe . I have to compare them from infected and non infected(clean). Plsssssssssss. also advpack.dll. send it through ***email removed by loco and I have a feeling edmundo will follow shortly***

cdavfrew · Jun 18, 2008

Hi muage.

No, I wouldn't ask you to remove it again, because it most probably will come back. Now we have to try to remove vundo first, then it won't come back.

Best Regards

cdavfrew · Jun 18, 2008

One more thing. If safe mode works, run all the scans I mentioned above in safe mode.

edmund085 · Jun 18, 2008

hello

Then you are infected. Then I have to ask for the files plssssssssss. plsssssssss. Is it hard to copy upload and send plsssssssssss.
Just send it plsssssssssssss. It's just like helping a man walk down the street. just send it to ***email removed by loco***

Well, I have to go to bed now I'm getting tired. But i will wait for your e-mail I trust you MUAGE. And I will trust you even if you fail me or won't send me or closed this. Just send me because I trust you. Plsssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss.
Does that convivnced you????? Plsssssssssssssssssssssssssssssssssssss.
Can you help me do you know how many times I beg? I beg 25 times from one thread into other. Just send at ***email removed by loco***

MUAGE · Jun 18, 2008

NO files found with vundofix !

edmund085 · Jun 18, 2008

hello

not on vundofix but explorer.exe winlogon.exe rundll32.exe and advpack.dll plssss thanks!!!!!!!!!!

my e-mail address
***email removed by loco***

LOCOENG · Jun 18, 2008

edmund085, no email addresses per forum rules.

Let me explain how a forum works. A member posts a question for help and then another member comes and helps...in the open forum for all to see and benefit from. I think you are up to something else though and would advise the OP not to send anything to you. If you aren't offering help in the open forum we won't help you give private help or who knows what else. If you need help yourself I suggest you open your own thread and not hijack others.

MUAGE · Jun 18, 2008

No files found on vundofix and no log given, all scans done in safe mode, RUNDLL error as described before still comes up after reboot done by combofix. Please advise Cdavfrew Thanks !

[06/18/2008, 15:07:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Neil Brown\Desktop\VirtumundoBeGone.exe" )
[06/18/2008, 15:07:44] - Detected System Information:
[06/18/2008, 15:07:44] - Windows Version: 5.1.2600, Service Pack 2
[06/18/2008, 15:07:44] - Current Username: Neil Brown (Admin)
[06/18/2008, 15:07:44] - Windows is in SAFE mode with Networking.
[06/18/2008, 15:07:44] - Searching for Browser Helper Objects:
[06/18/2008, 15:07:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/18/2008, 15:07:44] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/18/2008, 15:07:44] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/18/2008, 15:07:44] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/18/2008, 15:07:44] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/18/2008, 15:07:44] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/18/2008, 15:07:44] - Finished Searching Browser Helper Objects
[06/18/2008, 15:07:45] - Finishing up...
[06/18/2008, 15:07:45] - Nothing found! Exiting...

ComboFix 08-06-16.5 - Neil Brown 2008-06-18 15:15:28.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.797 [GMT 1:00]
Running from: C:\Documents and Settings\Neil Brown\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\XP Antivirus
C:\Program Files\XP Antivirus\xpa.exe.XXX
C:\WINDOWS\system32\ceNnmnmp.ini
C:\WINDOWS\system32\ceNnmnmp.ini2
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\gswnyaoe.ini
C:\WINDOWS\system32\lsnifksn.ini
C:\WINDOWS\system32\lvmdcyji.ini
C:\WINDOWS\system32\moenmniv.ini
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\qmopt.dll
C:\WINDOWS\system32\vgkxtwti.ini
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LANMANDRV
-------\Legacy_MSUPDATE
-------\Legacy_NPF
-------\Service_lanmandrv
-------\Service_msupdate
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-18 14:50 . 2008-06-18 14:50 <DIR> d-------- C:\VundoFix Backups
2008-06-17 17:32 . 2008-06-17 17:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-17 13:29 . 2008-06-17 13:57 31,744 --a------ C:\WINDOWS\system32\lanmanwrk.exe.XXX
2008-06-17 13:29 . 2008-06-17 13:57 5,888 --a------ C:\WINDOWS\system32\lanmandrv.sys.XXX
2008-06-07 16:59 . 2006-12-27 20:29 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS\Phone Browser
2008-06-07 16:59 . 2005-08-23 10:19 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS\Application Data\Symantec
2008-06-07 16:59 . 2005-09-24 18:42 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS\Application Data\Sony Corporation
2008-06-07 16:59 . 2006-12-27 20:29 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS\Application Data\PC Suite
2008-06-07 16:59 . 2008-06-07 16:59 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS
2008-06-02 23:25 . 2008-06-02 23:25 95,232 --a------ C:\WINDOWS\system32\eoaynwsg.dll.XXX
2008-06-02 22:26 . 2008-06-02 22:26 <DIR> d-------- C:\Program Files\SpywareBot
2008-06-02 22:26 . 2008-06-02 12:18 324,864 --a------ C:\WINDOWS\system32\ssqPiGXo.dll_old.XXX
2008-06-02 22:26 . 2008-06-02 14:09 324,864 --a------ C:\WINDOWS\system32\pmnmnNec.dll.XXX
2008-06-02 17:00 . 2008-06-02 17:00 95,232 --a------ C:\WINDOWS\system32\vinmneom.dll.XXX
2008-06-02 16:30 . 2006-12-27 20:29 <DIR> d-------- C:\Documents and Settings\Administrator\Phone Browser
2008-06-02 16:30 . 2008-06-02 22:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-02 14:39 . 2008-06-02 14:39 95,232 --a------ C:\WINDOWS\system32\nskfinsl.dll.XXX
2008-06-02 14:03 . 2008-06-17 13:55 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dll.XXX
2008-06-02 12:13 . 2008-06-02 12:13 28,928 --a------ C:\WINDOWS\system32\drivers\qxE41.sys.XXX
2008-05-31 22:52 . 2008-05-31 23:28 <DIR> d-------- C:\Documents and Settings\Neil Brown\Application Data\Skype
2008-05-31 21:53 . 2008-05-31 21:53 <DIR> d-------- C:\Program Files\uTorrent
2008-05-31 21:52 . 2008-05-31 23:33 <DIR> d-------- C:\Documents and Settings\Neil Brown\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-31 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-31 17:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 18:47 --------- d-----w C:\Program Files\Java
2008-05-20 15:55 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-06 16:13 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-07-16 15:17 4670704]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 12:47 118784]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-05 02:57 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-05 02:56 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-05 02:56 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 07:17 14743552 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 11:51 53248]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 05:51 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 13:43 151552]
"PDService.exe"="C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 14:15 40960]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39 167936]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-15 17:34 579584]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-28 13:23 1836544]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"54a58e5f"="C:\WINDOWS\system32\itwtxkgv.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 20:04 219136]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-09-24 18:48:06 778240]

C:\Documents and Settings\Administrator.BROWNS\Start Menu\Programs\Startup\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-09-24 18:48:06 778240]

C:\Documents and Settings\Neil Brown\Start Menu\Programs\Startup\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-09-24 18:48:06 778240]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qxE41.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40]
S0 qxE41;qxE41;C:\WINDOWS\system32\Drivers\qxE41.sys []
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05 13:06]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 18:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 18:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 18:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 18:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 18:24]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 15:22:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\ApntEx.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-06-18 15:27:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 14:26:59

Pre-Run: 8,559,689,728 bytes free
Post-Run: 7,746,469,888 bytes free

192 --- E O F --- 2008-06-17 17:21:14

MUAGE · Jun 18, 2008

No files found on vundofix and no log given, all scans done in safe mode, RUNDLL error as described before still comes up after reboot done by combofix. Please advise Cdavfrew Thanks !

[06/18/2008, 15:07:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Neil Brown\Desktop\VirtumundoBeGone.exe" )
[06/18/2008, 15:07:44] - Detected System Information:
[06/18/2008, 15:07:44] - Windows Version: 5.1.2600, Service Pack 2
[06/18/2008, 15:07:44] - Current Username: Neil Brown (Admin)
[06/18/2008, 15:07:44] - Windows is in SAFE mode with Networking.
[06/18/2008, 15:07:44] - Searching for Browser Helper Objects:
[06/18/2008, 15:07:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/18/2008, 15:07:44] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/18/2008, 15:07:44] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/18/2008, 15:07:44] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/18/2008, 15:07:44] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[06/18/2008, 15:07:44] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[06/18/2008, 15:07:44] - Finished Searching Browser Helper Objects
[06/18/2008, 15:07:45] - Finishing up...
[06/18/2008, 15:07:45] - Nothing found! Exiting...

ComboFix 08-06-16.5 - Neil Brown 2008-06-18 15:15:28.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.797 [GMT 1:00]
Running from: C:\Documents and Settings\Neil Brown\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\XP Antivirus
C:\Program Files\XP Antivirus\xpa.exe.XXX
C:\WINDOWS\system32\ceNnmnmp.ini
C:\WINDOWS\system32\ceNnmnmp.ini2
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\gswnyaoe.ini
C:\WINDOWS\system32\lsnifksn.ini
C:\WINDOWS\system32\lvmdcyji.ini
C:\WINDOWS\system32\moenmniv.ini
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\qmopt.dll
C:\WINDOWS\system32\vgkxtwti.ini
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LANMANDRV
-------\Legacy_MSUPDATE
-------\Legacy_NPF
-------\Service_lanmandrv
-------\Service_msupdate
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-18 14:50 . 2008-06-18 14:50 <DIR> d-------- C:\VundoFix Backups
2008-06-17 17:32 . 2008-06-17 17:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-17 13:29 . 2008-06-17 13:57 31,744 --a------ C:\WINDOWS\system32\lanmanwrk.exe.XXX
2008-06-17 13:29 . 2008-06-17 13:57 5,888 --a------ C:\WINDOWS\system32\lanmandrv.sys.XXX
2008-06-07 16:59 . 2006-12-27 20:29 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS\Phone Browser
2008-06-07 16:59 . 2005-08-23 10:19 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS\Application Data\Symantec
2008-06-07 16:59 . 2005-09-24 18:42 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS\Application Data\Sony Corporation
2008-06-07 16:59 . 2006-12-27 20:29 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS\Application Data\PC Suite
2008-06-07 16:59 . 2008-06-07 16:59 <DIR> d-------- C:\Documents and Settings\Administrator.BROWNS
2008-06-02 23:25 . 2008-06-02 23:25 95,232 --a------ C:\WINDOWS\system32\eoaynwsg.dll.XXX
2008-06-02 22:26 . 2008-06-02 22:26 <DIR> d-------- C:\Program Files\SpywareBot
2008-06-02 22:26 . 2008-06-02 12:18 324,864 --a------ C:\WINDOWS\system32\ssqPiGXo.dll_old.XXX
2008-06-02 22:26 . 2008-06-02 14:09 324,864 --a------ C:\WINDOWS\system32\pmnmnNec.dll.XXX
2008-06-02 17:00 . 2008-06-02 17:00 95,232 --a------ C:\WINDOWS\system32\vinmneom.dll.XXX
2008-06-02 16:30 . 2006-12-27 20:29 <DIR> d-------- C:\Documents and Settings\Administrator\Phone Browser
2008-06-02 16:30 . 2008-06-02 22:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-02 14:39 . 2008-06-02 14:39 95,232 --a------ C:\WINDOWS\system32\nskfinsl.dll.XXX
2008-06-02 14:03 . 2008-06-17 13:55 14,336 --a------ C:\WINDOWS\system32\WinCtrl32.dll.XXX
2008-06-02 12:13 . 2008-06-02 12:13 28,928 --a------ C:\WINDOWS\system32\drivers\qxE41.sys.XXX
2008-05-31 22:52 . 2008-05-31 23:28 <DIR> d-------- C:\Documents and Settings\Neil Brown\Application Data\Skype
2008-05-31 21:53 . 2008-05-31 21:53 <DIR> d-------- C:\Program Files\uTorrent
2008-05-31 21:52 . 2008-05-31 23:33 <DIR> d-------- C:\Documents and Settings\Neil Brown\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 13:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-31 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-31 17:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 18:47 --------- d-----w C:\Program Files\Java
2008-05-20 15:55 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-06 16:13 68856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-07-16 15:17 4670704]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 12:47 118784]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-08-05 02:57 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-08-05 02:56 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-08-05 02:56 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 07:17 14743552 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 11:51 53248]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 05:51 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 14:12 32768]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 13:43 151552]
"PDService.exe"="C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 14:15 40960]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 21:47 483328]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 09:39 167936]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-15 17:34 579584]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-28 13:23 1836544]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"54a58e5f"="C:\WINDOWS\system32\itwtxkgv.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 09:57 847872]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 20:04 219136]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-09-24 18:48:06 778240]

C:\Documents and Settings\Administrator.BROWNS\Start Menu\Programs\Startup\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-09-24 18:48:06 778240]

C:\Documents and Settings\Neil Brown\Start Menu\Programs\Startup\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2005-09-24 18:48:06 778240]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-20 17:42 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qxE41.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 PrivateDisk;PrivateDisk;C:\WINDOWS\system32\Drivers\PrivateDiskM.sys [2004-07-06 14:07]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40]
S0 qxE41;qxE41;C:\WINDOWS\system32\Drivers\qxE41.sys []
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05 13:06]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 18:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 18:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 18:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 18:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 18:24]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 15:22:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\ApntEx.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-06-18 15:27:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 14:26:59

Pre-Run: 8,559,689,728 bytes free
Post-Run: 7,746,469,888 bytes free

192 --- E O F --- 2008-06-17 17:21:14

MUAGE · Jun 18, 2008

sorry for double post my wirless screwed up here is the new hijackthis after all scans in safemode.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:30 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\itwtxkgv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143238707000
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Avlib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14061 bytes

edmund085 · Jun 19, 2008

hello

Sorry, I dont know about that but thanks for the brilliant idea. I have to create another thread. But will you pls dont remove my e-mail so that others can help. plsssssssss. I'm not thingking about something else. My only aim,purpose is to find the creator. thanks for the idea

LOCOENG · Jun 19, 2008

Edmond,

10. Don't post your email address to the forums! Spambots love dumb forum users who post their email addresses to public sites and grab those addresses and you will soon discover the wonders of penis enlargement kits and other really useful products posted daily to your inbox.
Click to expand...

From the forum rules which you agreed to when you created your account with afterdawn. There is a link to the rest of the rules in my sig, please read them.

edmund085 · Jun 19, 2008

hello

Never mind those spam bots I just read those spam. Ther are so funny. Funny and stupid agendas. hahahahahahhaha. Pennis enlargement kit.ahhahahahahhahaha That is so funny. That is the kind of message I want to read. It's like comics with punch line.hahahahahha pls dont remove my e-mail address I want to read those. hahahahha. And also how can some people send files or hijackthis log when I create a new thread?
Plsssss can you give it back or change it back.

LOCOENG · Jun 19, 2008

It's not your choice...no email addresses allowed.

edmund085 · Jun 19, 2008

Oh no! what should I do. hmmmmmm. aha I found a way >(***Email removed by loco for the last time***)<

hahahahhaha it works!!!!!!!!! . thanks for your IDEA LOCO

cdavfrew · Jun 19, 2008

Hi Muage.

Good to see that the Antivir Boot Cd already disabled most of the bad malware, and the rest should be pretty okay.

I need one more log first. Download Superantispyware Free, update it, and do a scan in safe mode. Quarantine all found items, and post the scan log here.

After the superantispyware scan, you can remove the entry

O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\itwtxkgv.dll",b

This is the entry which is causing your rundll error. Basically, what is happening is that this entry has set the file to load on startup, but apparently the file is not found, therefore there is an error. It isn't a serious error, so you do not have to worry.

Best Regards

MUAGE · Jun 19, 2008

doing that now cdavfrew i downloaded some updates namely service pack 3 is this ok and also what was the java update you mentioned?

Log in or Sign up

HELP! pc crash after boot with dll error possble virus??

edmund085 Guest

cdavfrew Regular member

MUAGE Member

edmund085 Guest

cdavfrew Regular member

cdavfrew Regular member

edmund085 Guest

MUAGE Member

edmund085 Guest

LOCOENG Moderator Staff Member

MUAGE Member

MUAGE Member

MUAGE Member

edmund085 Guest

LOCOENG Moderator Staff Member

edmund085 Guest

LOCOENG Moderator Staff Member

edmund085 Guest

cdavfrew Regular member

MUAGE Member

Share This Page

Log in or Sign up

HELP! pc crash after boot with dll error possble virus??

edmund085 Guest

cdavfrew Regular member

MUAGE Member

edmund085 Guest

cdavfrew Regular member

cdavfrew Regular member

edmund085 Guest

MUAGE Member

edmund085 Guest

LOCOENG Moderator Staff Member

MUAGE Member

MUAGE Member

MUAGE Member

edmund085 Guest

LOCOENG Moderator Staff Member

edmund085 Guest

LOCOENG Moderator Staff Member

edmund085 Guest

cdavfrew Regular member

MUAGE Member

Share This Page

Useful Searches