0

Hi everyone!

I'm new and this is my first thread.

I did do multiple search on this "bgobfjol.dll" problem and I have not found any.

I am very reluctant to attempt any of the resolutions I have found in the forum for other dll problems. I am just not sure if my problem is similar to other dll problem or not. I'd rather play it safe than sorry.

This is when I power on my laptop. I received the following message:

RUNDLL error loading
C:\WINDOWS\System32\bgobfjol.dll
Specified module could not be found

Anyone has experienced with the "bgobfjol" situation?

Please advise and thank you for your time to help.

Debbie

3
Contributors
15
Replies
16
Views
8 Years
Discussion Span
Last Post by Debbie F
0

Hello and welcome to daniweb

Pls do the following:

1. - Download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

2. - Download hijackthis and post the log.

In your reply, post the logs (in this order):
1. - Malware Bytes Log
2. - Hijackthis Log

Thanks,

Cohen

0

Cohen,

I followed your instructions. Well, at least the beginning of your instructions.

I downloaded the Malwarebytes (based on your link). Received 1048 errors. Malware began to fix and then next thing I knew, it stated that I got the first 20 free fix but I must buy the product before it fixes my errors.

Needless to say, I deleted the malware because I now question it's integrity. So it is probably a good thing that I never downloaded the "hijackthis" as you recommended.

If I was told that it is a paid product, I would have had the opportunity to choose whether to purchase or not ahead of time. Is there a reason why I wasn't told?

0

Can anyone help me rectify my bgobfjol.dll problem?

I appreciate any efforts to help me out.

Thanx.
Debbie

0

1. - No you don't need to buy the program, and i wouldn't have thought that you need to buy it... I have got my PC clean numerous times with MBA-M and it has never asked me to buy it.....

2. - Hijackthis is a problem that tells us your problems and can help us in what actions we need to take to get your PC clean.

3. - Can you pls post the MBA-M log and download hijackthis and post the log.

Pls follow my instructions.

Once we have those logs, then we can continue and help you in what actions we need to take to clean the virus out of your PC.

Thankyou,

Cohen

0

My apology for not getting back sooner. My sick family kept me pretty busy!

As soon as I tried to download both Malware and HiJack This, I kept receiving the following messages:

Malwarebyte's Anti-Malware
Run-time error: '50003':
Unexpected error

HiJack This
Run-time error: '5003':
Unexpected error

I have done multiple restarts, uninstallations/re-installations, etc. So far, I'm still getting the same Run-time error: '5003'.

In case you're wondering----I have received no reports, no scannings, etc. Absolutely nothing happened. Just immediately received the Run-time error: '5003'. Malware & HiJack This appeared to have been downloaded since I received the shortcut icons on my desktop.

I did, however, downloaded the SpyDoctor. The following messages I received:

6 threats & 246 infections in your computer

Low threat --- Application.TrackingCookies (153 threats)
Low threat --- Adware.Advertising (80 threats)
Elevated threat --- Trojan.Virtumonde (2 threats)
Medium threat --- Trojan.agent (5 threats)
Medium threat --- Adware.agent.BN (5 threats)
Low threat --- Trojan.Generu (1 threat)

I attempted to have them fixed, removed, etc but I kept receiving the message of "Registration". In other words, it wanted me to purchase the product. I didn't purchase because I've no idea of the SpyDoctor's reputation.

BTW---I've searched those so-called Adware, Trojan, etc. on my computer. My search came up nada. Therefore, makes me suspicious of the SpyDoctor's integrity (or lack of).

Every night, I do a normal shut down. Each morning (including this morning) I turn it on, I am still getting the message of:

RUNDLL
Error loading C:\WINDOWS\system32\bgobfjol.dll
OK

This is where I am at and I don't know what else to do.

Please advise.

0

alright,

Pls do the following:

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Then, see if you can get HJT and MBA-M to run without the error.

Thanks,

Cohen

0

Thanx for the reply, Cohen.

Here are the outcomes---

Downloaded the ComboFix as per your link. I followed all instructions (yours and ComboFix's).

Received first error:
Query - Recovery Console
ComboFix has detected that this machine does not have the 'WINDOWS RECOVERY CONSOLE'
It would be in your BEST INTEREST to have it installed. Would you like to do so now?
*NOTE* - This requires an active internet connection.

I enabled the internet connection and it installed the recovery.

Then the message came up:
Please click "YES" in the End User License Agreement (EULA) dialog that follows.....OK

I clicked "yes".

ComboFix finished, rebooted and produced the report. See attachment provided.

I tried to run both Malware and HiJackThis. Both received the same error:

Malwarebyte's Anti-Malware
Run-time error: '50003':
Unexpected error

HiJack This
Run-time error: '5003':
Unexpected error

Where do I go from here?

Thanx for your help!
Debbie

Attachments
ComboFix 08-12-16.03 - Debbie 2008-12-16 16:41:28.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3070.2414 [GMT -6:00]
Running from: c:\downloads from websites\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\iSAccccf.ini
c:\windows\system32\iSAccccf.ini2
c:\windows\system32\lojfbogb.ini
c:\windows\system32\sovvxeia.ini

.
(((((((((((((((((((((((((   Files Created from 2008-11-16 to 2008-12-16  )))))))))))))))))))))))))))))))
.

2008-12-16 12:16 . 2008-12-16 12:16	<DIR>	d--------	c:\program files\Hijack This
2008-12-16 11:40 . 2008-12-16 11:41	<DIR>	d--------	c:\program files\Malware Spyware Doctor
2008-12-16 11:40 . 2008-08-25 12:36	81,288	--a------	c:\windows\system32\drivers\iksyssec.sys
2008-12-16 11:40 . 2008-08-25 12:36	66,952	--a------	c:\windows\system32\drivers\iksysflt.sys
2008-12-16 11:40 . 2008-08-25 12:36	40,840	--a------	c:\windows\system32\drivers\ikfilesec.sys
2008-12-16 11:40 . 2008-06-02 16:19	29,576	--a------	c:\windows\system32\drivers\kcom.sys
2008-12-16 11:18 . 2008-12-16 11:18	<DIR>	d--------	c:\program files\Intel
2008-12-16 11:18 . 2008-05-01 16:35	53,248	--a------	c:\windows\system32\CSVer.dll
2008-12-16 11:17 . 2008-12-16 11:17	<DIR>	d--------	C:\Intel
2008-12-16 10:55 . 2008-12-16 10:55	<DIR>	d--------	c:\program files\Uniblue
2008-12-16 10:55 . 2008-12-16 10:58	<DIR>	d--------	c:\documents and settings\All Users\Application Data\DriverScanner
2008-12-16 10:54 . 2008-12-16 10:55	<DIR>	d--h-c---	c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2008-12-16 10:49 . 2008-12-16 10:49	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2008-12-16 10:49 . 2008-12-16 10:49	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-16 10:49 . 2008-12-03 19:52	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-16 10:49 . 2008-12-03 19:52	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2008-12-15 19:10 . 2008-12-15 19:10	<DIR>	d--------	c:\program files\GPLGS
2008-12-15 19:09 . 2008-12-15 19:09	<DIR>	d--------	c:\program files\Acro Software
2008-12-15 19:09 . 2007-07-12 22:33	87,552	--a------	c:\windows\system32\cpwmon2k.dll
2008-12-14 18:46 . 2008-12-14 18:46	<DIR>	d--------	c:\program files\Avant Home
2008-12-12 18:38 . 2008-12-16 16:31	<DIR>	d-a------	c:\documents and settings\All Users\Application Data\TEMP
2008-12-12 12:07 . 2008-12-12 12:07	<DIR>	d--------	c:\program files\Common Files\Adobe AIR
2008-11-28 14:06 . 2008-11-28 14:06	99,501	--a------	c:\windows\system32\Brother Port

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 22:39	---------	d-----w	c:\program files\Mozilla Firefox 3 Beta 5
2008-12-16 00:48	---------	d-----w	c:\documents and settings\All Users\Application Data\Google Updater
2008-12-12 18:12	---------	d-----w	c:\program files\NOS
2008-12-12 18:12	---------	d-----w	c:\documents and settings\All Users\Application Data\NOS
2008-12-12 18:03	---------	d-----w	c:\program files\Common Files\Adobe
2008-12-03 22:56	---------	d-----w	c:\program files\Google
2008-11-28 04:31	---------	d-----w	c:\program files\FastDraft Version 4
2008-11-15 22:27	---------	d--h--w	c:\program files\InstallShield Installation Information
2008-11-15 22:27	---------	d-----w	c:\program files\Creative
2008-11-15 22:26	---------	d-----w	c:\program files\Creative Live! Cam
2008-11-15 22:25	---------	d-----w	c:\program files\Dell
2008-11-15 21:45	---------	d-----w	c:\documents and settings\All Users\Application Data\Skype
2008-11-15 21:45	---------	d-----r	c:\program files\Skype
2008-11-15 21:44	---------	d-----w	c:\program files\Common Files\Skype
2008-11-13 23:42	---------	d-----w	c:\documents and settings\All Users\Application Data\NeatReceipts Professional
2008-11-13 23:37	---------	d-----w	c:\documents and settings\All Users\Application Data\ScanSoft
2008-11-13 23:13	---------	d-----w	c:\program files\Common Files\The Neat Company
2008-11-13 23:13	---------	d-----w	c:\program files\Common Files\NeatReceipts
2008-11-13 23:13	---------	d-----w	c:\program files\Common Files\Intuit
2008-11-13 23:13	---------	d-----w	c:\program files\Common Files\impacct
2008-11-13 23:12	---------	d-----w	c:\documents and settings\All Users\Application Data\The Neat Company
2008-11-13 23:03	---------	d-----w	c:\program files\Microsoft SQL Server
2008-11-13 22:59	---------	d-----w	c:\program files\NeatReceipts
2008-11-13 22:54	---------	d-----w	c:\program files\NeatWorks
2008-11-07 19:26	---------	d-----w	c:\documents and settings\All Users\Application Data\HotSync
2008-11-07 19:23	---------	d-----w	c:\program files\palmOne
2008-11-07 19:21	53,248	----a-w	c:\windows\PalmDevC.dll
2008-11-03 23:07	---------	d-----w	c:\program files\Freeze.com
2008-10-24 11:21	455,296	----a-w	c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 01:23	---------	d-----w	c:\documents and settings\All Users\Application Data\BitDefender
2008-07-25 22:38	60,744	----a-w	c:\documents and settings\Debbie\g2mdlhlpx.exe
2008-05-02 17:55	0	----a-w	c:\program files\error.dat
2008-01-26 00:55	60,968	----a-w	c:\documents and settings\Debbie\GoToAssistDownloadHelper.exe
2007-12-15 21:50	32	----a-w	c:\documents and settings\All Users\Application Data\ezsid.dat
2005-05-26 19:35	1,422	----a-w	c:\program files\ReadMe.txt
2008-09-13 20:51	32,768	--sha-w	c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091320080914\index.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WorldTime2006"="c:\program files\Calendar\AnyTime Organizer Deluxe\WorldTime.exe" [2006-09-23 1646592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-10 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-10-29 25795368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-10 1838592]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"atr.exe"="c:\progra~1\Calendar\ANYTIM~1\atr.exe" [2006-07-19 462848]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\AVANTH~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nwiz"="nwiz.exe" [2007-06-06 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-06-06 c:\windows\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2007-06-06 c:\windows\system32\nvmctray.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-09 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-25 18:55 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winny31.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-14 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-14 20560]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976]
R2 NeatWorksDatabaseController;NeatWorks Database Controller;"c:\pr
0

OK,

1. - When we ask for logs, can you pls post them in a reply.
2. - I'm stumped on where to go from here, i have no idea.... i'll refer this thread off to Judy and Crunchie, and they might be able to help you.

Thanks,

Cohen

0

OK,

1. - When we ask for logs, can you pls post them in a reply.
2. - I'm stumped on where to go from here, i have no idea.... i'll refer this thread off to Judy and Crunchie, and they might be able to help you.

Thanks,

Cohen

Oh, my apology! Here is the report below:

ComboFix 08-12-16.03 - Debbie 2008-12-16 16:41:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2414 [GMT -6:00]
Running from: c:\downloads from websites\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\iSAccccf.ini
c:\windows\system32\iSAccccf.ini2
c:\windows\system32\lojfbogb.ini
c:\windows\system32\sovvxeia.ini

.
((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
.

2008-12-16 12:16 . 2008-12-16 12:16 <DIR> d-------- c:\program files\Hijack This
2008-12-16 11:40 . 2008-12-16 11:41 <DIR> d-------- c:\program files\Malware Spyware Doctor
2008-12-16 11:40 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-16 11:40 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-16 11:40 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-16 11:40 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-16 11:18 . 2008-12-16 11:18 <DIR> d-------- c:\program files\Intel
2008-12-16 11:18 . 2008-05-01 16:35 53,248 --a------ c:\windows\system32\CSVer.dll
2008-12-16 11:17 . 2008-12-16 11:17 <DIR> d-------- C:\Intel
2008-12-16 10:55 . 2008-12-16 10:55 <DIR> d-------- c:\program files\Uniblue
2008-12-16 10:55 . 2008-12-16 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2008-12-16 10:54 . 2008-12-16 10:55 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
2008-12-16 10:49 . 2008-12-16 10:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 10:49 . 2008-12-16 10:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-16 10:49 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-16 10:49 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-15 19:10 . 2008-12-15 19:10 <DIR> d-------- c:\program files\GPLGS
2008-12-15 19:09 . 2008-12-15 19:09 <DIR> d-------- c:\program files\Acro Software
2008-12-15 19:09 . 2007-07-12 22:33 87,552 --a------ c:\windows\system32\cpwmon2k.dll
2008-12-14 18:46 . 2008-12-14 18:46 <DIR> d-------- c:\program files\Avant Home
2008-12-12 18:38 . 2008-12-16 16:31 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-12 12:07 . 2008-12-12 12:07 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-28 14:06 . 2008-11-28 14:06 99,501 --a------ c:\windows\system32\Brother Port

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 22:39 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2008-12-16 00:48 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-12 18:12 --------- d-----w c:\program files\NOS
2008-12-12 18:12 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-12-12 18:03 --------- d-----w c:\program files\Common Files\Adobe
2008-12-03 22:56 --------- d-----w c:\program files\Google
2008-11-28 04:31 --------- d-----w c:\program files\FastDraft Version 4
2008-11-15 22:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-15 22:27 --------- d-----w c:\program files\Creative
2008-11-15 22:26 --------- d-----w c:\program files\Creative Live! Cam
2008-11-15 22:25 --------- d-----w c:\program files\Dell
2008-11-15 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-15 21:45 --------- d-----r c:\program files\Skype
2008-11-15 21:44 --------- d-----w c:\program files\Common Files\Skype
2008-11-13 23:42 --------- d-----w c:\documents and settings\All Users\Application Data\NeatReceipts Professional
2008-11-13 23:37 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2008-11-13 23:13 --------- d-----w c:\program files\Common Files\The Neat Company
2008-11-13 23:13 --------- d-----w c:\program files\Common Files\NeatReceipts
2008-11-13 23:13 --------- d-----w c:\program files\Common Files\Intuit
2008-11-13 23:13 --------- d-----w c:\program files\Common Files\impacct
2008-11-13 23:12 --------- d-----w c:\documents and settings\All Users\Application Data\The Neat Company
2008-11-13 23:03 --------- d-----w c:\program files\Microsoft SQL Server
2008-11-13 22:59 --------- d-----w c:\program files\NeatReceipts
2008-11-13 22:54 --------- d-----w c:\program files\NeatWorks
2008-11-07 19:26 --------- d-----w c:\documents and settings\All Users\Application Data\HotSync
2008-11-07 19:23 --------- d-----w c:\program files\palmOne
2008-11-07 19:21 53,248 ----a-w c:\windows\PalmDevC.dll
2008-11-03 23:07 --------- d-----w c:\program files\Freeze.com
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 01:23 --------- d-----w c:\documents and settings\All Users\Application Data\BitDefender
2008-07-25 22:38 60,744 ----a-w c:\documents and settings\Debbie\g2mdlhlpx.exe
2008-05-02 17:55 0 ----a-w c:\program files\error.dat
2008-01-26 00:55 60,968 ----a-w c:\documents and settings\Debbie\GoToAssistDownloadHelper.exe
2007-12-15 21:50 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2005-05-26 19:35 1,422 ----a-w c:\program files\ReadMe.txt
2008-09-13 20:51 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091320080914\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WorldTime2006"="c:\program files\Calendar\AnyTime Organizer Deluxe\WorldTime.exe" [2006-09-23 1646592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-10 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-10-29 25795368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-10 1838592]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"atr.exe"="c:\progra~1\Calendar\ANYTIM~1\atr.exe" [2006-07-19 462848]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-15 368640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\AVANTH~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"nwiz"="nwiz.exe" [2007-06-06 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-06-06 c:\windows\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2007-06-06 c:\windows\system32\nvmctray.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-09 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-01-25 18:55 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winny31.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-14 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-14 20560]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976]
R2 NeatWorksDatabaseController;NeatWorks Database Controller;"c:\program files\NeatReceipts\NeatWorks\exec\NeatWorksDatabaseController.exe" [2008-09-20 334968]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2007-12-10 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-10 7424]
S0 Winny31;Winny31;c:\windows\system32\Drivers\Winny31.sys []
S2 gupdate1c9092a80cf60f6;Google Update Service (gupdate1c9092a80cf60f6);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-08-28 133104]
S3 MSSQL$NR2007;SQL Server (NR2007);"c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sNR2007 [2007-02-10 29178224]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Malware Spyware Doctor\pctsAuxs.exe [2008-12-16 356920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c39a0d9a-43c8-11dd-8bdb-001d09abc4f7}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e349eaff-43c5-11dd-8bda-001d09abc4f7}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e349eb01-43c5-11dd-8bda-001d09abc4f7}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Neat ADF Scanner 2008]
reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-28 15:47]

2008-12-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{B68FD3AC-D05D-40EA-B431-422F52BC7CBC} - (no file)
HKCU-Run-DW6 - c:\progra~1\THEWEA~1\Desktop\DesktopWeather.exe
HKLM-Run-ECenter - c:\dell\E-Center\EULALauncher.exe
HKLM-Run-3c6e4b40 - c:\windows\system32\bgobfjol.dll
HKLM-Run-iTunesHelper - e:\program files\Apple\iTunes\iTunesHelper.exe
HKLM-Run-trioService - c:\progra~1\Freeze.com\Halloween\\trioService.exe
HKLM-Run-BCROReminder - c:\program files\ByteCrusher\RegistryOptimax\BCRO.exe
Notify-khfFXrSJ - khfFXrSJ.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071210
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6071210
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Debbie\Application Data\Mozilla\Firefox\Profiles\kp2fgsv2.default\
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\nphssb.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 5\plugins\npRLCT4Player.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 16:45:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Debbie\LOCALS~1\Temp\etilqs_yLIaDPoi41A9w0kvBGu4 4096 bytes
c:\docume~1\Debbie\LOCALS~1\Temp\etilqs_yLIaDPoi41A9w0kvBGu4-journal 1544 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Avant Home\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Avant Home\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Avant Home\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Avant Home\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Digital Line Detect\DLG.exe
c:\program files\SimpleTech\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
c:\program files\Calendar\AnyTime Organizer Deluxe\Atw.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-12-16 16:51:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-16 22:51:37

Pre-Run: 123,537,764,352 bytes free
Post-Run: 123,795,558,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

255 --- E O F --- 2008-12-10 23:09:45

0

Hi Debbie,
Haven't a clue why MBA-M gave a message you would have to pay, unless you mistakenly downloaded the pay for version, it will remove anything and everything it finds for free. Paid version gives scheduled automatic updating and scanning and a background protection.
Uninstall the version you have completely.
Now the Spyware Doctor is a trial version and does require payment if you keep it I believe, I could be wrong.
Malwarebytes' Anti-Malware

Download, save to desktop, install, update, and then run a Full System scan with it. When the scan is complete be sure everything found is checked and click Remove Selected. Save the log.
Reboot and then run HiJackThis and save the log.
Post back here with both logs.
Judy

0

Hi Judy,

Thanx for helping me out.

I completely eliminated Malware (i.e. unstall, deleted from program file and hardware, deleted shortcut, etc).

I restarted my laptop.

Then I used your Malwarebytes' link. I downloaded it.

Before it had a chance to finish downloading, I received this error:

Malwarebyte's Anti-Malware
Run-time error: '50003':
Unexpected error

After it finished downloading, I clicked onto the Malwarebytes and all I'm getting is this same error over and over and over and over again.

Malwarebyte's Anti-Malware
Run-time error: '50003':
Unexpected error

I'm sorry, Malwarebytes is unable to do anything, thanx to this idiotic error message. It is the exact same problem I had earlier, no matter what resolution I attempt to rectify.

Surely, there's some other software besides Malwarebytes.......

0

Well it seems, whenever we go to run something you get this error.....

i'll do some research.

Cohen

0

Alright, i have a few questions....

1. - What version of windows are you running???
2. - What service pack are you running???
3. - Are you running a completely legal, unmodified version of windows???

I found this.....

Cohen

0

Alright, i have a few questions....

1. - What version of windows are you running???

Dell Inspiron 1520
Microsoft Windows XP Home Edition

2. - What service pack are you running???

The only thing I've found on my laptop --- Service Pack 3 (created/modified on Sept 13, 2008)

3. - Are you running a completely legal, unmodified version of windows??? What does that mean? It's the laptop purchased from Dell with customized softwares.

I found this.....

Cohen

I read the link you found. It sounds partially familiar.

Read my upcoming next post, I have more information.....

0

I downloaded the Microsoft Windows Malicious Software Removal - Kb890830-v2.exe

The result showed no malicious software was detected.

Then.....

I downloaded the free version of the SuperAnti-Spyware.

I ran the "Quick Scan".

Here is the results from the SuperAnti-Spyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/17/2008 at 03:43 PM

Application Version : 4.23.1006

Core Rules Database Version : 3677
Trace Rules Database Version: 1656

Scan type : Quick Scan
Total Scan Time : 00:13:54

Memory items scanned : 550
Memory threats detected : 0
Registry items scanned : 488
Registry threats detected : 3
File items scanned : 16235
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Debbie\Cookies\debbie@web4.realtracker[1].txt
C:\Documents and Settings\Debbie\Cookies\debbie@data.coremetrics[1].txt

Rogue.Component/Trace
HKLM\Software\Microsoft\3C6E59CE
HKLM\Software\Microsoft\3C6E59CE#3c6e59ce
HKLM\Software\Microsoft\3C6E59CE#Version

I restarted the laptop.

When my laptop began to re-load, I noticed something was missing on my desktop: RUNDLL error loading
C:\WINDOWS\System32\bgobfjol.dll
Specified module could not be found

YAY!!!!!!

After my laptop finished loading, I decided to run both Malware and HiJackThis. First, I uninstalled and deleted them both. Restarted my laptop. Downloaded both Malware and HiJackThis.

Unfortunately, I am still receiving
Malwarebyte's Anti-Malware
Run-time error: '50003':
Unexpected error

HiJack This
Run-time error: '5003':
Unexpected error


I uninstalled and deleted both Malware and HiJack from my laptop and rebooted.

I ran the "Full Scan" of the SuperAnti-Virus. Here is the result:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/17/2008 at 05:09 PM

Application Version : 4.23.1006

Core Rules Database Version : 3677
Trace Rules Database Version: 1656

Scan type : Complete Scan
Total Scan Time : 00:33:34

Memory items scanned : 515
Memory threats detected : 0
Registry items scanned : 7231
Registry threats detected : 0
File items scanned : 32450
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Debbie\Cookies\debbie@web4.realtracker[1].txt
C:\Documents and Settings\Debbie\Cookies\debbie@data.coremetrics[1].txt

All detected files SuperAnti-Spy supposedly have deleted and removed.

That is now where I'm at. Do I need to do anything more?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.