1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hijackthis log.

Discussion in 'Windows - Virus and spyware problems' started by Buendia, May 28, 2007.

  1. Buendia

    Buendia Member

    Joined:
    Apr 24, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    11
    Here's my hijackthis log, reason for this is because I believe i have some spyware,etc and also Im receiving an error: runtime error 216 7C918FEA, thanks.


    Logfile of HijackThis v1.99.1
    Scan saved at 7:56:14 PM, on 28/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\Program Files\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Image Helper - {64D712D1-84D9-281C-CE7D-32439D631863} - C:\WINDOWS\system\bpmtcs32.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7BC415A3-A90F-4DF7-B5E9-631CF35475DF} - c:\windows\system32\bplbbpl.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [ccApp] -
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SMC2802W 54Mbps WLAN Monitor.lnk = C:\Program Files\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{34C1D2B2-EF1B-41BB-A995-87FE3B6C28BB}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE58F6EC-634E-4DFF-BF15-0A4DAD1B70B4}: NameServer = 38.9.212.2,38.9.213.2
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: zgbtodni - C:\WINDOWS\SYSTEM32\bplbbpl.dll
     
  2. Buendia

    Buendia Member

    Joined:
    Apr 24, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    11
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


    ...missed pasting this section.
     
  3. bluecoal

    bluecoal Guest

    Hi Buendia,

    I don't know about the runtime error. I do see one issue in your log, let's try this and see if it helps for fixing that:

    Download ComboFix from either of these links:

    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Double click Combofix.exe & follow the prompts.

    When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick Combofix's window whilst it's running. That may cause it to stall.

    After you have finished, post the combofix log and a new hijackthis log.

    Thanks.
    bc
     
  4. Buendia

    Buendia Member

    Joined:
    Apr 24, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    11
    "Beaudrys" - 2007-05-29 10:46:56 Service Pack 2
    ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Beaudrys\Desktop\"


    (((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\bplbbpl.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    "C:\WINDOWS\system32\vbzip11.dll"
    "C:\WINDOWS\system32\drivers\efotjina.sys"
    "C:\WINDOWS\system32\bplbbpl.dll" . . . . failed to delete
    "C:\WINDOWS\system32\bplbbpl.dll.bak" . . . . failed to delete


    ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_GPROJKEJ
    -------\LEGACY_GWCXAHEI
    -------\gprojkej
    -------\gwcxahei


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 ))))))))))))))))))))))))))))))))))


    2007-05-29 10:46 1,087,736 --a------ C:\ComboFix.exe
    2007-05-28 19:55 241,664 --a------ C:\hijackthis_self.exe
    2007-05-28 19:55 <DIR> d-------- C:\HJT
    2007-05-28 19:43 <DIR> d-------- C:\Program Files\ToniArts
    2007-05-28 19:42 2,951,802 --a------ C:\EClea2_0.exe
    2007-05-24 21:50 <DIR> d-------- C:\DOCUME~1\Beaudrys\APPLIC~1\Google
    2007-05-24 21:49 <DIR> d-------- C:\Program Files\Google
    2007-05-24 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-05-15 18:00 <DIR> d-------- C:\GuildBankAccount


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-29 02:02:23 -------- d-----w C:\DOCUME~1\Beaudrys\APPLIC~1\FrostWire
    2007-05-29 02:02:22 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-05-29 01:43:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-29 01:28:41 -------- d-----w C:\Program Files\Symantec AntiVirus
    2007-05-28 22:57:21 -------- d-----w C:\Program Files\PokerStars
    2007-05-08 22:34:51 -------- d-----w C:\Program Files\Full Tilt Poker
    2007-04-21 17:09:48 -------- d-----w C:\DOCUME~1\Beaudrys\APPLIC~1\colbuendia
    2007-04-19 18:20:56 43,008 ----a-w C:\WINDOWS\system32\czjmkmwy.dll
    2007-04-19 18:20:55 130,048 ----a-w C:\WINDOWS\system32\oiopzkyz.dll
    2007-04-18 17:33:10 -------- d--h--w C:\DOCUME~1\Beaudrys\APPLIC~1\Gtek
    2007-04-18 17:17:43 -------- d-----w C:\Program Files\DellSupport
    2007-04-12 21:29:40 79,360 ------w C:\WINDOWS\system32\bplbbpl.dll
    2007-04-11 21:45:02 -------- d-----w C:\Program Files\Scientific Viewer
    2007-04-08 02:33:59 7,718,504 ----a-w C:\Program Files\winzip110.exe
    2007-04-03 19:40:05 100,864 ----a-w C:\WINDOWS\system32\ghaozupc.dll
    2007-04-01 19:44:19 -------- d-----w C:\Program Files\iTunes
    2007-04-01 19:44:11 -------- d-----w C:\Program Files\iPod
    2007-04-01 19:36:42 -------- d-----w C:\Program Files\QuickTime
    2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
    2005-11-20 16:45:59 848 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
    {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 01:05]
    {64D712D1-84D9-281C-CE7D-32439D631863}=C:\WINDOWS\system\bpmtcs32.dll []
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52]
    "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01]
    "Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 09:30]
    "ccApp"="-" []
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 16:18]
    "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 09:58]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL


    Contents of the 'Scheduled Tasks' folder
    2007-05-27 18:34:10 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2006-04-06 01:38:05 C:\WINDOWS\tasks\XoftSpy.job

    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-29 10:49:18
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-29 10:50:00 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-05-29 10:50

    --- E O F ---
     
  5. Buendia

    Buendia Member

    Joined:
    Apr 24, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 11:17:46 AM, on 29/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Image Helper - {64D712D1-84D9-281C-CE7D-32439D631863} - C:\WINDOWS\system\bpmtcs32.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [ccApp] -
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SMC2802W 54Mbps WLAN Monitor.lnk = C:\Program Files\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{34C1D2B2-EF1B-41BB-A995-87FE3B6C28BB}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE58F6EC-634E-4DFF-BF15-0A4DAD1B70B4}: NameServer = 38.9.212.2,38.9.213.2
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

     
  6. bluecoal

    bluecoal Guest

    Hi,

    There are some problem files to remove. I did some more looking before you posted back and I am concerned that it may take a program I don't feel qualified to advise you on to remove them. I have something else to try first though, I will edit this post in a little bit with some instructions for a program called killbox.

    These 4 files are of concern:
    2007-04-19 18:20:56 43,008 ----a-w C:\WINDOWS\system32\czjmkmwy.dll
    2007-04-19 18:20:55 130,048 ----a-w C:\WINDOWS\system32\oiopzkyz.dll
    2007-04-12 21:29:40 79,360 ------w C:\WINDOWS\system32\bplbbpl.dll
    2007-04-03 19:40:05 100,864 ----a-w C:\WINDOWS\system32\ghaozupc.d


    bc


    EDIT----

    (The earliest file date is April 3. If you happen to have a valid restore point before April 3, you could try that and see if that would fix the problem and then we can go in and delete the files.)

    Assuming no restore point:

    First, set your computer to show hidden files. If you scroll down this link, you will find the instructions for windows xp:

    http://www.bleepingcomputer.com/tutorials/tutorial62.html

    After your computer is cleaned up, you can reverse these steps.

    There is a nice tutorial on how to get and use a program called killbox, here:
    http://forum.malwareremoval.com/viewtopic.php?t=320

    You are wanting to delete these 4 files.

    C:\WINDOWS\system32\czjmkmwy.dll
    C:\WINDOWS\system32\oiopzkyz.dll
    C:\WINDOWS\system32\bplbbpl.dll
    C:\WINDOWS\system32\ghaozupc.dll

    Try to delete them using the Killbox delete on reboot option.

    Then run combofix again and look for those file names in the “find3m report” section of the log. If they are gone, post the combofix log and we’ll go on to an online scan to give your system a little different check.

    If they are still there, try the replace on reboot option of killbox. Then run combofix again and post its new log.

    Thanks.
    bc

    ENDEDIT-----

     
    Last edited by a moderator: May 29, 2007
  7. Buendia

    Buendia Member

    Joined:
    Apr 24, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    11
    "Beaudrys" - 2007-05-29 13:28:14 Service Pack 2
    ComboFix 07-05.27.V - Running from: "C:\"


    ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 ))))))))))))))))))))))))))))))))))


    2007-05-29 13:23 <DIR> d-------- C:\!KillBox
    2007-05-29 10:50 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-05-29 10:46 1,087,736 --a------ C:\ComboFix.exe
    2007-05-28 19:55 241,664 --a------ C:\hijackthis_self.exe
    2007-05-28 19:55 <DIR> d-------- C:\HJT
    2007-05-28 19:43 <DIR> d-------- C:\Program Files\ToniArts
    2007-05-28 19:42 2,951,802 --a------ C:\EClea2_0.exe
    2007-05-24 21:50 <DIR> d-------- C:\DOCUME~1\Beaudrys\APPLIC~1\Google
    2007-05-24 21:49 <DIR> d-------- C:\Program Files\Google
    2007-05-24 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-05-15 18:00 <DIR> d-------- C:\GuildBankAccount


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-05-29 02:02:23 -------- d-----w C:\DOCUME~1\Beaudrys\APPLIC~1\FrostWire
    2007-05-29 02:02:22 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-05-29 01:43:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-05-29 01:28:41 -------- d-----w C:\Program Files\Symantec AntiVirus
    2007-05-28 22:57:21 -------- d-----w C:\Program Files\PokerStars
    2007-05-08 22:34:51 -------- d-----w C:\Program Files\Full Tilt Poker
    2007-04-21 17:09:48 -------- d-----w C:\DOCUME~1\Beaudrys\APPLIC~1\colbuendia
    2007-04-18 17:33:10 -------- d--h--w C:\DOCUME~1\Beaudrys\APPLIC~1\Gtek
    2007-04-18 17:17:43 -------- d-----w C:\Program Files\DellSupport
    2007-04-11 21:45:02 -------- d-----w C:\Program Files\Scientific Viewer
    2007-04-08 02:33:59 7,718,504 ----a-w C:\Program Files\winzip110.exe
    2007-04-01 19:44:19 -------- d-----w C:\Program Files\iTunes
    2007-04-01 19:44:11 -------- d-----w C:\Program Files\iPod
    2007-04-01 19:36:42 -------- d-----w C:\Program Files\QuickTime
    2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
    2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
    2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
    2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
    2005-11-20 16:45:59 848 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
    {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
    {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 01:05]
    {64D712D1-84D9-281C-CE7D-32439D631863}=C:\WINDOWS\system\bpmtcs32.dll []
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52]
    "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 01:01]
    "Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 09:30]
    "ccApp"="-" []
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 16:18]
    "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 09:58]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL


    Contents of the 'Scheduled Tasks' folder
    2007-05-27 18:34:10 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2006-04-06 01:38:05 C:\WINDOWS\tasks\XoftSpy.job

    ********************************************************************

    catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-05-29 13:29:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2007-05-29 13:29:33
    C:\ComboFix-quarantined-files.txt ... 2007-05-29 13:29
    C:\ComboFix2.txt ... 2007-05-29 10:50

    --- E O F --

    Well I don't see them there so I guess that's good.
     
  8. bluecoal

    bluecoal Guest

    Yes, it is.

    You can have HijackThis fix this line:

    O2 - BHO: Image Helper - {64D712D1-84D9-281C-CE7D-32439D631863} - C:\WINDOWS\system\bpmtcs32.dll (file missing)


    The upper left corner of this screen gets you to an online scan.
    http://www.ewido.net/en/onlinescan/

    Please run that as an additional check on your system and then post the log from that and a fresh hijackthis log.

    Thanks.
    bc
     
  9. Buendia

    Buendia Member

    Joined:
    Apr 24, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    11
    __________________________________________________
    ewido anti-spyware online scanner
    http://www.ewido.net
    __________________________________________________


    Name: Trojan.Delf.zj
    Path: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP10\A0000268.exe
    Risk: High




    Logfile of HijackThis v1.99.1
    Scan saved at 3:30:21 PM, on 29/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
    C:\Program Files\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
    O4 - HKLM\..\Run: [ccApp] -
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SMC2802W 54Mbps WLAN Monitor.lnk = C:\Program Files\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{34C1D2B2-EF1B-41BB-A995-87FE3B6C28BB}: NameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE58F6EC-634E-4DFF-BF15-0A4DAD1B70B4}: NameServer = 38.9.212.2,38.9.213.2
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



     
  10. Buendia

    Buendia Member

    Joined:
    Apr 24, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    11
    On the ewido site after I did the scan and it says remove infections should I select it, to remove that trojan?

     
  11. bluecoal

    bluecoal Guest

    Yes,

    Let ewido remove it if it will. It is in your system restore files.

    After that is done, the problems that I know how to help you find are fixed. There are a few hijackthis lines with missing files that should be fixed and your java should be updated. I will get you instructions for those things tomorrow (I am not going to be able to be back anymore today).

    If the runtime error is still there, I don't have anymore ideas on how to fix it, perhaps someone else will have a suggestion.
     
  12. Buendia

    Buendia Member

    Joined:
    Apr 24, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    11
    Ok, I'll await for your instructions tomorrow. Also Ewido removed that trojan. Thanks for all the help today.
     
  13. bluecoal

    bluecoal Guest

    You can have hijackthis fix these lines. I believe the items referenced are all legitimate, but they say file missing so I don't think they are accomplishing a useful purpose at this time. The o4 relates to symantec-must refer to an uninstalled program.:

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O4 - HKLM\..\Run: [ccApp] -
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: GoogleDesktopManager - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)



    Here is a link about updating Java:
    http://forums.spybot.info/showpost.php?p=12880&postcount=2
    and removing old versions. ( J2SE and JRE items in add/remove programs. )

    You should see this one to remove: jre1.5.0_06
     
  14. Buendia

    Buendia Member

    Joined:
    Apr 24, 2006
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    11
    Thanks for all your help, one last thing. I was lokking to get a new antivirus, do you have any recommendations?
     
  15. bluecoal

    bluecoal Guest

    Second sticky at the top, scroll down, you will see several free (for home use) listed.

    I have AVG at home, Trend Micro (a purchase one) at work.
     

Share This Page