 |  |  |  |  |  |  |  |
BGOBFJOL.DLL problem
 |
Hi everyone!
I'm new and this is my first thread.
I did do multiple search on this "bgobfjol.dll" problem and I have not found any.
I am very reluctant to attempt any of the resolutions I have found in the forum for other dll problems. I am just not sure if my problem is similar to other dll problem or not. I'd rather play it safe than sorry.
This is when I power on my laptop. I received the following message:
RUNDLL error loading
C:\WINDOWS\System32\bgobfjol.dll
Specified module could not be found
Anyone has experienced with the "bgobfjol" situation?
Please advise and thank you for your time to help.
Debbie
I'm new and this is my first thread.
I did do multiple search on this "bgobfjol.dll" problem and I have not found any.
I am very reluctant to attempt any of the resolutions I have found in the forum for other dll problems. I am just not sure if my problem is similar to other dll problem or not. I'd rather play it safe than sorry.
This is when I power on my laptop. I received the following message:
RUNDLL error loading
C:\WINDOWS\System32\bgobfjol.dll
Specified module could not be found
Anyone has experienced with the "bgobfjol" situation?
Please advise and thank you for your time to help.
Debbie
•
•
Join Date: Nov 2008
Posts: 814
Reputation: 
Solved Threads: 42
Practically a Posting Shark
Hello and welcome to daniweb
Pls do the following:
1. - Download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes...=dl&tag=button) to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Make sure that you restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
2. - Download hijackthis and post the log.
In your reply, post the logs (in this order):
1. - Malware Bytes Log
2. - Hijackthis Log
Thanks,
Cohen
Pls do the following:
1. - Download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes...=dl&tag=button) to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Make sure that you restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
2. - Download hijackthis and post the log.
In your reply, post the logs (in this order):
1. - Malware Bytes Log
2. - Hijackthis Log
Thanks,
Cohen
Last edited by cohen; Dec 12th, 2008 at 6:06 pm.
Cohen,
I followed your instructions. Well, at least the beginning of your instructions.
I downloaded the Malwarebytes (based on your link). Received 1048 errors. Malware began to fix and then next thing I knew, it stated that I got the first 20 free fix but I must buy the product before it fixes my errors.
Needless to say, I deleted the malware because I now question it's integrity. So it is probably a good thing that I never downloaded the "hijackthis" as you recommended.
If I was told that it is a paid product, I would have had the opportunity to choose whether to purchase or not ahead of time. Is there a reason why I wasn't told?
I followed your instructions. Well, at least the beginning of your instructions.
I downloaded the Malwarebytes (based on your link). Received 1048 errors. Malware began to fix and then next thing I knew, it stated that I got the first 20 free fix but I must buy the product before it fixes my errors.
Needless to say, I deleted the malware because I now question it's integrity. So it is probably a good thing that I never downloaded the "hijackthis" as you recommended.
If I was told that it is a paid product, I would have had the opportunity to choose whether to purchase or not ahead of time. Is there a reason why I wasn't told?
Can anyone help me rectify my bgobfjol.dll problem?
I appreciate any efforts to help me out.
Thanx.
Debbie
I appreciate any efforts to help me out.
Thanx.
Debbie
•
•
Join Date: Nov 2008
Posts: 814
Reputation:
Solved Threads: 42
Practically a Posting Shark
1. - No you don't need to buy the program, and i wouldn't have thought that you need to buy it... I have got my PC clean numerous times with MBA-M and it has never asked me to buy it.....
2. - Hijackthis is a problem that tells us your problems and can help us in what actions we need to take to get your PC clean.
3. - Can you pls post the MBA-M log and download hijackthis and post the log.
Pls follow my instructions.
Once we have those logs, then we can continue and help you in what actions we need to take to clean the virus out of your PC.
Thankyou,
Cohen
2. - Hijackthis is a problem that tells us your problems and can help us in what actions we need to take to get your PC clean.
3. - Can you pls post the MBA-M log and download hijackthis and post the log.
Pls follow my instructions.
Once we have those logs, then we can continue and help you in what actions we need to take to clean the virus out of your PC.
Thankyou,
Cohen
My apology for not getting back sooner. My sick family kept me pretty busy!
As soon as I tried to download both Malware and HiJack This, I kept receiving the following messages:
Malwarebyte's Anti-Malware
Run-time error: '50003':
Unexpected error
HiJack This
Run-time error: '5003':
Unexpected error
I have done multiple restarts, uninstallations/re-installations, etc. So far, I'm still getting the same Run-time error: '5003'.
In case you're wondering----I have received no reports, no scannings, etc. Absolutely nothing happened. Just immediately received the Run-time error: '5003'. Malware & HiJack This appeared to have been downloaded since I received the shortcut icons on my desktop.
I did, however, downloaded the SpyDoctor. The following messages I received:
6 threats & 246 infections in your computer
Low threat --- Application.TrackingCookies (153 threats)
Low threat --- Adware.Advertising (80 threats)
Elevated threat --- Trojan.Virtumonde (2 threats)
Medium threat --- Trojan.agent (5 threats)
Medium threat --- Adware.agent.BN (5 threats)
Low threat --- Trojan.Generu (1 threat)
I attempted to have them fixed, removed, etc but I kept receiving the message of "Registration". In other words, it wanted me to purchase the product. I didn't purchase because I've no idea of the SpyDoctor's reputation.
BTW---I've searched those so-called Adware, Trojan, etc. on my computer. My search came up nada. Therefore, makes me suspicious of the SpyDoctor's integrity (or lack of).
Every night, I do a normal shut down. Each morning (including this morning) I turn it on, I am still getting the message of:
RUNDLL
Error loading C:\WINDOWS\system32\bgobfjol.dll
OK
This is where I am at and I don't know what else to do.
Please advise.
As soon as I tried to download both Malware and HiJack This, I kept receiving the following messages:
Malwarebyte's Anti-Malware
Run-time error: '50003':
Unexpected error
HiJack This
Run-time error: '5003':
Unexpected error
I have done multiple restarts, uninstallations/re-installations, etc. So far, I'm still getting the same Run-time error: '5003'.
In case you're wondering----I have received no reports, no scannings, etc. Absolutely nothing happened. Just immediately received the Run-time error: '5003'. Malware & HiJack This appeared to have been downloaded since I received the shortcut icons on my desktop.
I did, however, downloaded the SpyDoctor. The following messages I received:
6 threats & 246 infections in your computer
Low threat --- Application.TrackingCookies (153 threats)
Low threat --- Adware.Advertising (80 threats)
Elevated threat --- Trojan.Virtumonde (2 threats)
Medium threat --- Trojan.agent (5 threats)
Medium threat --- Adware.agent.BN (5 threats)
Low threat --- Trojan.Generu (1 threat)
I attempted to have them fixed, removed, etc but I kept receiving the message of "Registration". In other words, it wanted me to purchase the product. I didn't purchase because I've no idea of the SpyDoctor's reputation.
BTW---I've searched those so-called Adware, Trojan, etc. on my computer. My search came up nada. Therefore, makes me suspicious of the SpyDoctor's integrity (or lack of).
Every night, I do a normal shut down. Each morning (including this morning) I turn it on, I am still getting the message of:
RUNDLL
Error loading C:\WINDOWS\system32\bgobfjol.dll
OK
This is where I am at and I don't know what else to do.
Please advise.
•
•
Join Date: Nov 2008
Posts: 814
Reputation:
Solved Threads: 42
Practically a Posting Shark
alright,
Pls do the following:
Please download ComboFix by sUBs from HERE or HERE
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Then, see if you can get HJT and MBA-M to run without the error.
Thanks,
Cohen
Pls do the following:
Please download ComboFix by sUBs from HERE or HERE
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Then, see if you can get HJT and MBA-M to run without the error.
Thanks,
Cohen
Thanx for the reply, Cohen.
Here are the outcomes---
Downloaded the ComboFix as per your link. I followed all instructions (yours and ComboFix's).
Received first error:
Query - Recovery Console
ComboFix has detected that this machine does not have the 'WINDOWS RECOVERY CONSOLE'
It would be in your BEST INTEREST to have it installed. Would you like to do so now?
*NOTE* - This requires an active internet connection.
I enabled the internet connection and it installed the recovery.
Then the message came up:
Please click "YES" in the End User License Agreement (EULA) dialog that follows.....OK
I clicked "yes".
ComboFix finished, rebooted and produced the report. See attachment provided.
I tried to run both Malware and HiJackThis. Both received the same error:
Malwarebyte's Anti-Malware
Run-time error: '50003':
Unexpected error
HiJack This
Run-time error: '5003':
Unexpected error
Where do I go from here?
Thanx for your help!
Debbie
Here are the outcomes---
Downloaded the ComboFix as per your link. I followed all instructions (yours and ComboFix's).
Received first error:
Query - Recovery Console
ComboFix has detected that this machine does not have the 'WINDOWS RECOVERY CONSOLE'
It would be in your BEST INTEREST to have it installed. Would you like to do so now?
*NOTE* - This requires an active internet connection.
I enabled the internet connection and it installed the recovery.
Then the message came up:
Please click "YES" in the End User License Agreement (EULA) dialog that follows.....OK
I clicked "yes".
ComboFix finished, rebooted and produced the report. See attachment provided.
I tried to run both Malware and HiJackThis. Both received the same error:
Malwarebyte's Anti-Malware
Run-time error: '50003':
Unexpected error
HiJack This
Run-time error: '5003':
Unexpected error
Where do I go from here?
Thanx for your help!
Debbie
Last edited by Debbie F; Dec 16th, 2008 at 7:07 pm.
•
•
Join Date: Nov 2008
Posts: 814
Reputation:
Solved Threads: 42
Practically a Posting Shark
OK,
1. - When we ask for logs, can you pls post them in a reply.
2. - I'm stumped on where to go from here, i have no idea.... i'll refer this thread off to Judy and Crunchie, and they might be able to help you.
Thanks,
Cohen
1. - When we ask for logs, can you pls post them in a reply.
2. - I'm stumped on where to go from here, i have no idea.... i'll refer this thread off to Judy and Crunchie, and they might be able to help you.
Thanks,
Cohen
•
•
•
•
Originally Posted by cohen 
OK,
1. - When we ask for logs, can you pls post them in a reply.
2. - I'm stumped on where to go from here, i have no idea.... i'll refer this thread off to Judy and Crunchie, and they might be able to help you.
Thanks,
Cohen
ComboFix 08-12-16.03 - Debbie 2008-12-16 16:41:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2414 [GMT -6:00]
Running from: c:\downloads from websites\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\iSAccccf.ini
c:\windows\system32\iSAccccf.ini2
c:\windows\system32\lojfbogb.ini
c:\windows\system32\sovvxeia.ini
.
((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
.
2008-12-16 12:16 . 2008-12-16 12:16 <DIR> d-------- c:\program files\Hijack This
2008-12-16 11:40 . 2008-12-16 11:41 <DIR> d-------- c:\program files\Malware Spyware Doctor
2008-12-16 11:40 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-16 11:40 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-16 11:40 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-16 11:40 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-16 11:18 . 2008-12-16 11:18 <DIR> d-------- c:\program files\Intel
2008-12-16 11:18 . 2008-05-01 16:35 53,248 --a------ c:\windows\system32\CSVer.dll
2008-12-16 11:17 . 2008-12-16 11:17 <DIR> d-------- C:\Intel
2008-12-16 10:55 . 2008-12-16 10:55 <DIR> d-------- c:\program files\Uniblue
2008-12-16 10:55 . 2008-12-16 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-12-16 10:54 . 2008-12-16 10:55 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2008-12-16 10:49 . 2008-12-16 10:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 10:49 . 2008-12-16 10:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-16 10:49 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-16 10:49 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-15 19:10 . 2008-12-15 19:10 <DIR> d-------- c:\program files\GPLGS
2008-12-15 19:09 . 2008-12-15 19:09 <DIR> d-------- c:\program files\Acro Software
2008-12-15 19:09 . 2007-07-12 22:33 87,552 --a------ c:\windows\system32\cpwmon2k.dll
2008-12-14 18:46 . 2008-12-14 18:46 <DIR> d-------- c:\program files\Avant Home
2008-12-12 18:38 . 2008-12-16 16:31 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-12 12:07 . 2008-12-12 12:07 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-28 14:06 . 2008-11-28 14:06 99,501 --a------ c:\windows\system32\Brother Port
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 22:39 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2008-12-16 00:48 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-12 18:12 --------- d-----w c:\program files\NOS
2008-12-12 18:12 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-12-12 18:03 --------- d-----w c:\program files\Common Files\Adobe
2008-12-03 22:56 --------- d-----w c:\program files\Google
2008-11-28 04:31 --------- d-----w c:\program files\FastDraft Version 4
2008-11-15 22:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-15 22:27 --------- d-----w c:\program files\Creative
2008-11-15 22:26 --------- d-----w c:\program files\Creative Live! Cam
2008-11-15 22:25 --------- d-----w c:\program files\Dell
2008-11-15 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-15 21:45 --------- d-----r c:\program files\Skype
2008-11-15 21:44 --------- d-----w c:\program files\Common Files\Skype
2008-11-13 23:42 --------- d-----w c:\documents and settings\All Users\Application Data\NeatReceipts Professional
2008-11-13 23:37 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2008-11-13 23:13 --------- d-----w c:\program files\Common Files\The Neat Company
2008-11-13 23:13 --------- d-----w c:\program files\Common Files\NeatReceipts
2008-11-13 23:13 --------- d-----w c:\program files\Common Files\Intuit
2008-11-13 23:13 --------- d-----w c:\program files\Common Files\impacct
2008-11-13 23:12 --------- d-----w c:\documents and settings\All Users\Application Data\The Neat Company
2008-11-13 23:03 --------- d-----w c:\program files\Microsoft SQL Server
2008-11-13 22:59 --------- d-----w c:\program files\NeatReceipts
2008-11-13 22:54 --------- d-----w c:\program files\NeatWorks
2008-11-07 19:26 --------- d-----w c:\documents and settings\All Users\Application Data\HotSync
2008-11-07 19:23 --------- d-----w c:\program files\palmOne
2008-11-07 19:21 53,248 ----a-w c:\windows\PalmDevC.dll
2008-11-03 23:07 --------- d-----w c:\program files\Freeze.com
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 01:23 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2008-07-25 22:38 60,744 ----a-w c:\documents and settings\Debbie\g2mdlhlpx.exe
2008-05-02 17:55 0 ----a-w c:\program files\error.dat
2008-01-26 00:55 60,968 ----a-w c:\documents and settings\Debbie\GoToAssistDownloadHelper.exe
2007-12-15 21:50 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2005-05-26 19:35 1,422 ----a-w c:\program files\ReadMe.txt
2008-09-13 20:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091320080914\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WorldTime2006"="c:\program files\Calendar\AnyTime Organizer Deluxe\WorldTime.exe" [2006-09-23 1646592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-10 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-10-29 25795368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-10 1838592]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"atr.exe"="c:\progra~1\Calendar\ANYTIM~1\atr.exe" [2006-07-19 462848]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\AVANTH~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nwiz"="nwiz.exe" [2007-06-06 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-06-06 c:\windows\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2007-06-06 c:\windows\system32\nvmctray.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-09 c:\windows\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-25 18:55 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winny31.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-14 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-14 20560]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976]
R2 NeatWorksDatabaseController;NeatWorks Database Controller;"c:\program files\NeatReceipts\NeatWorks\exec\NeatWorksDatabaseController.exe" [2008-09-20 334968]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-12-10 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-10 7424]
S0 Winny31;Winny31;c:\windows\system32\Drivers\Winny31.sys []
S2 gupdate1c9092a80cf60f6;Google Update Service (gupdate1c9092a80cf60f6);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-08-28 133104]
S3 MSSQL$NR2007;SQL Server (NR2007);"c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sNR2007 [2007-02-10 29178224]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Malware Spyware Doctor\pctsAuxs.exe [2008-12-16 356920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c39a0d9a-43c8-11dd-8bdb-001d09abc4f7}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e349eaff-43c5-11dd-8bda-001d09abc4f7}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e349eb01-43c5-11dd-8bda-001d09abc4f7}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Neat ADF Scanner 2008]
reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
.
Contents of the 'Scheduled Tasks' folder
2008-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-28 15:47]
2008-12-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -
BHO-{B68FD3AC-D05D-40EA-B431-422F52BC7CBC} - (no file)
HKCU-Run-DW6 - c:\progra~1\THEWEA~1\Desktop\DesktopWeather.exe
HKLM-Run-ECenter - c:\dell\E-Center\EULALauncher.exe
HKLM-Run-3c6e4b40 - c:\windows\system32\bgobfjol.dll
HKLM-Run-iTunesHelper - e:\program files\Apple\iTunes\iTunesHelper.exe
HKLM-Run-trioService - c:\progra~1\Freeze.com\Halloween\\trioService.exe
HKLM-Run-BCROReminder - c:\program files\ByteCrusher\RegistryOptimax\BCRO.exe
Notify-khfFXrSJ - khfFXrSJ.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071210
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071210
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Debbie\Application Data\Mozilla\Firefox\Profiles\kp2fgsv2.default\
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\nphssb.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npRLCT4Player.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 16:45:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\Debbie\LOCALS~1\Temp\etilqs_yLIaDPoi41A9w0kvBGu4 4096 bytes
c:\docume~1\Debbie\LOCALS~1\Temp\etilqs_yLIaDPoi41A9w0kvBGu4-journal 1544 bytes
scan completed successfully
hidden files: 2
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(608)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Avant Home\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Avant Home\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Avant Home\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Avant Home\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Digital Line Detect\DLG.exe
c:\program files\SimpleTech\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
c:\program files\Calendar\AnyTime Organizer Deluxe\Atw.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-12-16 16:51:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-16 22:51:37
Pre-Run: 123,537,764,352 bytes free
Post-Run: 123,795,558,400 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
255 --- E O F --- 2008-12-10 23:09:45
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: go.google.com spyware attack!
- Next Thread: Virtumonde and Cool web search...I think
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday