Can you help me please?

  1. 07-09-2004  #1
    tangutica
    tangutica is offline Newbie

    Up to date log

    I have problems including a pesky blue toolbar which has appeared at the bottom of my browser window. I have followed the instructions re running Adaware and Spybot before downloading HijackThis and scanning my PC. Here is my log (it means nothing whatsoever to me I am afraid!)

    Logfile of HijackThis v1.98.2
    Scan saved at 10:31:33, on 08/09/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\STOPzilla!\szntsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\STOPzilla!\Stopzilla.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\pat\My Documents\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ic24.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.azdrrrzuruacgf.com/bLXnHE...o8OmDJViF.html
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: shdoclba - {6D8E3913-13DC-9B05-67C3-10FD1851E8C7} - C:\WINDOWS\System32\shdoclba.dll
    O2 - BHO: (no name) - {87DE6CE3-BAB2-C5C5-93BA-38A832625F70} - C:\PROGRA~1\DARTSH~1\tool blah.exe
    O2 - BHO: (no name) - {DC1D9945-276C-C19D-C583-234EF6B7C7BC} - C:\PROGRA~1\DARTSH~1\About Funk.exe (file missing)
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\system32\SZIEBHO.dll
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mathbody] C:\PROGRA~1\LISTBA~1\sendlogburn.exe
    O4 - HKLM\..\Run: [Title Dvd About Move] C:\Documents and Settings\All Users\Application Data\Log show title dvd\trans bait.exe
    O4 - HKLM\..\Run: [shim4popdrive] C:\Documents and Settings\All Users\Application Data\Plan Curb Shim 4\licensejunk.exe
    O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKCU\..\Run: [HollyDayCluster] C:\Program Files\Holly Day\skinkers.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
    O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
    O4 - Global Startup: Microsoft Office.lnk.disabled
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O14 - IERESET.INF: START_PAGE_URL=http://www.ic24.net
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/24be5b5ac5b80a9...p/RdxIE601.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093423688417
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.g...tl_0_0_0_1.ocx
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.72.55.223/activex/AxisCamControl.ocx
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
    Last edited by tangutica; 08-09-2004 at 09:56 AM. Reason: More up to date log as requested

  3. 07-09-2004  #2
    Bear
    Bear is offline D-A-L Elite Member
    Someone will be along to analyze your log soon, I'm still learning so I'll let the experts help you. In the mean time the version of HJT you are using is old, please click HERE and get the newest version 1.98.2. Also you need to put HJT in a permanent folder instead of in your temp internet files so backups can be maintained. HTH
  4. 08-09-2004  #3
    tangutica
    tangutica is offline Newbie
    I have deleted the old log in the post and replaced it with a new one from the newer version of HJT as you recommended.

    Another problem I have is that AVG is finding a trojan horse Backdoor Afcore BT which it cannot remove as it says it cannot delete:

    C:\WINDOWS\System32\shdoclba.dll

    I notice that this file appears in the log above?
  5. 08-09-2004  #4
    tangutica
    tangutica is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    I DID manage to get rid of that (mind you - I got rid of it once before and it came back?) by going to the searchtheweb website and doing it from there.
+ Reply to Thread
« About:blank trojan... Please help | Better safe then sorry? »