We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
virus - now computer won't connect to the internet help please
Options
Comments
-
full scan found six more infections but can't post log as computer won't connect to internet even after rebooting. it says computer appears to be correctly configured but the device or resource is not responding.:love: married to the man of my dreams! 9-08-09
0 -
reboot it in safe mode with networking (keep tapping F8 on restart for the safe mode options).
Download Combofix:-
http://www.bleepingcomputer.com/download/anti-virus/combofix
save on desktop, then double-click to run. follow the instructions as you go through and post the log back on here........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
alwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4336
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
21/07/2010 23:50:03
mbam-log-2010-07-21 (23-50-03).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 225916
Time elapsed: 26 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\drivers\ofkorr.sys (Trojan.Bubnix) -> Quarantined and deleted successfully.:love: married to the man of my dreams! 9-08-090 -
Good to see the definitions are up to date. Now the hijack this log please!
P.S. To others: a quick scan takes 14 mins and a full scan 26 mins? Can that be right? Although I understand it could be a netbook or a low sized laptop...0 -
hi, having trouble with the hijackthis log (using windows 7) it says
system denied write access to hosts file and tells me to edit it myself:love: married to the man of my dreams! 9-08-090 -
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4335
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
21/07/2010 20:31:23
mbam-log-2010-07-21 (20-31-23).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 227955
Time elapsed: 1 hour(s), 53 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dwebizevaxiku (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\CLAIRE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6QWM0Y1C\kksaupwr[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\CLAIRE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4QDPN0J\jwrlgbvd[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\ofkorr.sys (Trojan.Bubnix) -> Quarantined and deleted successfully.:love: married to the man of my dreams! 9-08-090 -
the last log posted was the full scan but then the computer crashed again so i did another full scan when i got it working again.:love: married to the man of my dreams! 9-08-090
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:12:07, on 22/07/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
c:\program files\bbc iplayer desktop\bbc iplayer desktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\PROGRA~1\MIDCA9~1\wkcalrem.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll/206 (file missing)
O9 - Extra button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O20 - AppInit_DLLs: C:\Windows\System32\BdInstHk.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\PEV.cfxxe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
--
End of file - 10514 bytes:love: married to the man of my dreams! 9-08-090 -
TICK and FIX in the hijackthis log:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.4.13.dll/206 (file missing)
O9 - Extra button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 (file missing) (HKCU)
So post 17 log is the first log and post 14 is the second log?
I'm not convinced that the second 'full scan' was really a full scan... Did you end it? I would update definitions (UPDATE tab, check for updates) and rerun a full scan.
However, if alienRIK says run combofix instead or something else, follow his advise.
Also your problems are likely to be caused by using BitComet...
Again question to others: Why is there so many: O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll enteries?0 -
ComboFix 10-07-21.01 - CLAIRE 22/07/2010 3:23.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3326.2454 [GMT 1:00]
Running from: c:\users\CLAIRE\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\CLAIRE\AppData\Local\{EA8BE805-01FF-4EF2-9D49-C3E9ACAB5728}
c:\users\CLAIRE\AppData\Local\{EA8BE805-01FF-4EF2-9D49-C3E9ACAB5728}\chrome.manifest
c:\users\CLAIRE\AppData\Local\{EA8BE805-01FF-4EF2-9D49-C3E9ACAB5728}\chrome\content\_cfg.js
c:\users\CLAIRE\AppData\Local\{EA8BE805-01FF-4EF2-9D49-C3E9ACAB5728}\chrome\content\overlay.xul
c:\users\CLAIRE\AppData\Local\{EA8BE805-01FF-4EF2-9D49-C3E9ACAB5728}\install.rdf
c:\users\CLAIRE\AppData\Roaming\E6EA04E491CC7D0B7D5FDB28D553121B
c:\users\CLAIRE\AppData\Roaming\E6EA04E491CC7D0B7D5FDB28D553121B\enemies-names.txt
c:\users\CLAIRE\AppData\Roaming\E6EA04E491CC7D0B7D5FDB28D553121B\local.ini
.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.
2010-07-22 02:26 . 2010-07-22 02:26
d
w- c:\users\CLAIRE\AppData\Local\temp
2010-07-22 02:26 . 2010-07-22 02:26
d
w- c:\users\Default\AppData\Local\temp
2010-07-22 02:26 . 2010-07-22 02:26
d
w- c:\users\admin\AppData\Local\temp
2010-07-22 02:22 . 2010-07-22 02:22
d
w- C:\32788R22FWJFW
2010-07-21 22:39 . 2010-07-21 22:39
d
w- c:\users\CLAIRE\AppData\Roaming\Motive
2010-07-21 22:38 . 2010-07-21 22:45
d
w- c:\programdata\Motive
2010-07-21 22:38 . 2010-07-21 22:39
d
w- c:\program files\Common Files\Motive
2010-07-21 22:38 . 2010-07-21 22:38
d
w- c:\program files\BT Broadband Desktop Help
2010-07-21 22:14 . 2010-07-21 22:14 388096 ----a-r- c:\users\CLAIRE\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-21 22:14 . 2010-07-21 22:14
d
w- c:\program files\Trend Micro
2010-07-21 22:10 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 22:10 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 16:54 . 2010-07-21 16:54
d
w- c:\users\CLAIRE\AppData\Roaming\Malwarebytes
2010-07-21 16:53 . 2010-07-21 22:10
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 16:53 . 2010-07-21 16:53
d
w- c:\programdata\Malwarebytes
2010-07-21 12:07 . 2010-07-22 07:00
d
w- c:\program files\Common Files\Mcafee
2010-07-21 12:07 . 2010-07-21 12:07
d
w- c:\program files\McAfee.com
2010-07-21 12:07 . 2010-07-22 07:00
d
w- c:\program files\McAfee
2010-07-21 11:46 . 2010-07-21 15:11
d
w- c:\programdata\McAfee
2010-07-21 10:07 . 2010-07-21 10:07
d
w- c:\program files\BullGuard Ltd
2010-07-21 10:01 . 2010-07-21 10:01 77824 ----a-w- c:\programdata\BullGuard 9.0 Upgrade\Antivirus\bdupd.dll
2010-07-21 10:01 . 2010-07-21 10:01 142848 ----a-w- c:\programdata\BullGuard 9.0 Upgrade\Antivirus\libfn.dll
2010-07-21 10:01 . 2010-07-21 10:01 107800 ----a-w- c:\programdata\BullGuard 9.0 Upgrade\Antivirus\bdcore.dll
2010-07-21 10:00 . 2010-07-21 10:01 26450536 ----a-w- c:\programdata\BullGuard 9.0 Upgrade\Download\BullGuard_9.0-x86-UPGR8-W2-IS-EN.exe
2010-07-21 10:00 . 2010-07-19 21:17 189696 ----a-w- c:\programdata\BullGuard 9.0 Upgrade\Bin\uninst2.exe
2010-07-19 22:59 . 2010-07-19 22:59
d
w- c:\users\admin\AppData\Local\Google
2010-07-19 22:57 . 2010-07-19 22:57 85208 ----a-w- c:\users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-19 22:57 . 2010-07-19 22:58
d
w- c:\users\admin\AppData\Roaming\BullGuard
2010-07-19 22:57 . 2010-07-19 22:57
d
w- c:\users\admin\AppData\Roaming\ATI
2010-07-19 22:57 . 2010-07-19 22:57
d
w- c:\users\admin\AppData\Local\Power2Go
2010-07-19 22:57 . 2010-07-19 22:57
d
w- c:\users\admin\AppData\Local\ATI
2010-07-19 22:57 . 2010-07-19 22:57
d
w- c:\users\admin\AppData\Local\VirtualStore
2010-07-19 22:33 . 2010-07-20 17:38
d
w- c:\users\CLAIRE\AppData\Local\Diagnostics
2010-07-19 21:29 . 2010-07-22 07:00
d
w- c:\programdata\BullGuard 9.0 Upgrade
2010-07-19 21:29 . 2010-07-19 21:16 221184 ----a-w- c:\programdata\BullGuard 9.0 Upgrade\Bin\BGUpgradeRes.dll
2010-07-19 21:29 . 2010-07-19 21:16 935248 ----a-w- c:\programdata\BullGuard 9.0 Upgrade\Bin\BGUpgrade.exe
2010-07-19 21:15 . 2010-05-20 23:14 38784 ----a-w- c:\users\CLAIRE\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-19 21:03 . 2010-07-21 16:37 120 ----a-w- c:\users\CLAIRE\AppData\Local\Fzuturaca.dat
2010-07-19 21:03 . 2010-07-21 09:58 0 ----a-w- c:\users\CLAIRE\AppData\Local\Hvagunuhogajimo.bin
2010-07-19 21:01 . 2010-07-19 21:57
d
w- c:\users\CLAIRE\AppData\Local\virjjgbie
2010-07-19 21:01 . 2010-07-22 07:00
d-sh--w- c:\users\CLAIRE\AppData\Roaming\lowsec
2010-07-15 22:33 . 2010-07-15 22:33 12124624 ----a-w- c:\users\CLAIRE\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airinstaller2x0\airinstaller2x0.exe
2010-07-02 17:31 . 2010-07-02 17:31
d
w- c:\users\CLAIRE\AppData\Local\Gamenauts
2010-06-26 02:18 . 2010-06-26 02:18
d
w- c:\users\CLAIRE\AppData\Roaming\Flood Light Games
2010-06-26 02:18 . 2010-06-26 02:18
d
w- c:\programdata\Flood Light Games
2010-06-26 02:17 . 2010-07-20 17:43
d
w- c:\program files\Games
2010-06-25 23:24 . 2010-06-25 23:24
d
w- c:\windows\Profiles
2010-06-25 23:24 . 2010-06-25 23:24
d
w- c:\users\CLAIRE\AppData\Roaming\InterTrust
2010-06-25 23:24 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-06-24 02:01 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 02:01 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 02:01 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 02:01 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 02:01 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 14:27 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 14:27 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 14:27 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 07:00 . 2010-02-17 16:01
d
w- c:\programdata\BullGuard
2010-07-22 02:22 . 2010-06-13 19:08
d
w- c:\users\CLAIRE\AppData\Roaming\BitComet
2010-07-19 22:31 . 2010-03-25 18:31
d
w- c:\users\CLAIRE\AppData\Roaming\BullGuard
2010-07-19 21:54 . 2010-02-16 15:12
d
w- c:\program files\Microsoft
2010-06-27 18:09 . 2010-02-16 14:01
d--h--w- c:\program files\InstallShield Installation Information
2010-06-25 23:24 . 2010-02-16 14:56
d
w- c:\program files\Common Files\Adobe
2010-06-25 22:10 . 2010-02-16 15:43
d
w- c:\program files\Microsoft.NET
2010-06-25 00:44 . 2009-07-14 04:52
d
w- c:\program files\Microsoft Games
2010-06-14 22:12 . 2010-06-14 22:12
d
w- c:\users\CLAIRE\AppData\Roaming\CyberLink
2010-06-13 19:09 . 2010-06-13 19:08
d
w- c:\program files\Google
2010-06-13 19:08 . 2010-06-13 19:08
d
w- c:\program files\BitComet
2010-06-11 22:27 . 2010-02-16 15:42
d
w- c:\programdata\Microsoft Help
2010-06-11 01:01 . 2010-04-30 07:00 1008 ----a-w- c:\users\CLAIRE\AppData\Roaming\wklnhst.dat
2010-06-08 09:08 . 2010-06-08 09:08 150848 ----a-w- c:\windows\system32\BGLsp.dll
2010-06-04 21:20 . 2010-02-16 15:14
d
w- c:\program files\Microsoft Silverlight
2010-05-27 07:24 . 2010-06-11 17:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 17:12 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 06:30 . 2010-05-24 06:30 1056 --sha-w- c:\programdata\KGyGaAvL.sys
2010-05-24 06:30 . 2010-05-24 06:30 1056 --sha-w- c:\programdata\KGyGaAvL.sys
2010-05-24 06:30 . 2010-05-24 06:30
d
w- c:\users\CLAIRE\AppData\Roaming\Corel
2010-05-21 13:14 . 2010-02-16 10:43 221568
w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-11 17:12 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-20 23:14 . 2010-07-19 22:56 38784 ----a-w- c:\users\admin\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-20 23:14 . 2010-05-21 00:07 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-01 14:49 . 2010-06-11 17:12 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 09:41 . 2010-04-28 09:41 55888 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2010-04-23 07:13 . 2010-05-25 21:13 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2010-05-28 3085104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-08 98304]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
c:\users\CLAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-5-21 95232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\BdInstHk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 135664]
R3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2010-06-08 301376]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-17 1343400]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2010-04-28 55888]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-08 172032]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2010-06-08 348480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-08 5191168]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-08 125440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320]
--- Other Services/Drivers In Memory ---
*Deregistered* - ofkorr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Main REG_MULTI_SZ BsMain
BullGuard REG_MULTI_SZ BsFileScan BsMailProxy
.
Contents of the 'Scheduled Tasks' folder
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 19:09]
2010-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 19:09]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.aldi.com
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\BGLsp.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ofkorr]
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-07-22 03:27:42
ComboFix-quarantined-files.txt 2010-07-22 02:27
Pre-Run: 940,301,852,672 bytes free
Post-Run: 940,188,311,552 bytes free
- - End Of File - - C1928A40429E37515691BF8275349693:love: married to the man of my dreams! 9-08-090
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards