We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
virus - now computer won't connect to the internet help please
Options
Comments
-
I think running LSPfix and HostsXpert will go a long way to repairing the damage...
http://www.bleepingcomputer.com/files/lspfix.php
http://majorgeeks.com/HostsXpert_d4626.html
Should sort out the LSP issues/hosts file.
Once done both, re-run HJT and post the new log.
I would also be inclined to remove Bullguard and replace with Avira or Avast and do a full scan with whichever one.......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
chardonnay wrote: »hi, having trouble with the hijackthis log (using windows 7) it says
system denied write access to hosts file and tells me to edit it myself
If it never worked properly ~
whilst pressing the SHIFT key, RIGHT CLICK the mouse and select RUN AS (admin):idea:0 -
thanks alienrik - i managed to work out how to run as admin and posted the log above.
gunjack lspfix found no problems and i'm not sure what to do with hostsxpert (what do i press?)
should i post another hijackthis yet?:love: married to the man of my dreams! 9-08-09
0 -
Download HostsXpert
http://www.softpedia.com/progDownload/Hoster-Download-27041.html
and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program:idea:0 -
ok did that but is says error cannot create file c:\windows\system32\drivers\etc\hosts:love: married to the man of my dreams! 9-08-090
-
Same again, run as admin:idea:0
-
hi same thing happens after i click to run as admin?:love: married to the man of my dreams! 9-08-090
-
Try it in SAFE MODE (F8 at bootup):idea:0
-
Open notepad and copy/paste the text in RED below
File::
c:\users\CLAIRE\AppData\Local\Fzuturaca.dat
c:\users\CLAIRE\AppData\Local\Hvagunuhogajimo.bin
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
ComboFix 10-07-21.02 - CLAIRE 22/07/2010 15:58:18.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3326.2305 [GMT 1:00]
Running from: c:\users\CLAIRE\Desktop\ComboFix.exe
Command switches used :: c:\users\CLAIRE\Desktop\CFScript.txt
FILE ::
"c:\users\CLAIRE\AppData\Local\Fzuturaca.dat"
"c:\users\CLAIRE\AppData\Local\Hvagunuhogajimo.bin"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\CLAIRE\AppData\Local\Fzuturaca.dat
c:\users\CLAIRE\AppData\Local\Hvagunuhogajimo.bin
.
((((((((((((((((((((((((( Files Created from 2010-06-22 to 2010-07-22 )))))))))))))))))))))))))))))))
.
2010-07-22 15:01 . 2010-07-22 15:01
d
w- c:\users\Public\AppData\Local\temp
2010-07-22 15:01 . 2010-07-22 15:01
d
w- c:\users\Default\AppData\Local\temp
2010-07-22 15:01 . 2010-07-22 15:01
d
w- c:\users\CLAIRE\AppData\Local\temp
2010-07-22 15:01 . 2010-07-22 15:01
d
w- c:\users\admin\AppData\Local\temp
2010-07-22 14:56 . 2010-07-22 14:57
d
w- C:\32788R22FWJFW
2010-07-21 22:39 . 2010-07-21 22:39
d
w- c:\users\CLAIRE\AppData\Roaming\Motive
2010-07-21 22:38 . 2010-07-21 22:45
d
w- c:\programdata\Motive
2010-07-21 22:38 . 2010-07-21 22:39
d
w- c:\program files\Common Files\Motive
2010-07-21 22:38 . 2010-07-21 22:38
d
w- c:\program files\BT Broadband Desktop Help
2010-07-21 22:14 . 2010-07-21 22:14 388096 ----a-r- c:\users\CLAIRE\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-21 22:14 . 2010-07-21 22:14
d
w- c:\program files\Trend Micro
2010-07-21 22:10 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-21 22:10 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-21 16:54 . 2010-07-21 16:54
d
w- c:\users\CLAIRE\AppData\Roaming\Malwarebytes
2010-07-21 16:53 . 2010-07-21 22:10
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 16:53 . 2010-07-21 16:53
d
w- c:\programdata\Malwarebytes
2010-07-21 12:07 . 2010-07-22 07:00
d
w- c:\program files\Common Files\Mcafee
2010-07-21 12:07 . 2010-07-21 12:07
d
w- c:\program files\McAfee.com
2010-07-21 12:07 . 2010-07-22 07:00
d
w- c:\program files\McAfee
2010-07-21 11:46 . 2010-07-21 15:11
d
w- c:\programdata\McAfee
2010-07-21 10:07 . 2010-07-21 10:07
d
w- c:\program files\BullGuard Ltd
2010-07-21 10:01 . 2010-07-21 10:01 77824 ----a-w- c:\programdata\BullGuard 9.0 Upgrade\Antivirus\bdupd.dll
2010-07-21 10:01 . 2010-07-21 10:01 142848 ----a-w- c:\programdata\BullGuard 9.0 Upgrade\Antivirus\libfn.dll
2010-07-21 10:01 . 2010-07-21 10:01 107800 ----a-w- c:\programdata\BullGuard 9.0 Upgrade\Antivirus\bdcore.dll
2010-07-21 10:00 . 2010-07-21 10:01 26450536 ----a-w- c:\programdata\BullGuard 9.0 Upgrade\Download\BullGuard_9.0-x86-UPGR8-W2-IS-EN.exe
2010-07-21 10:00 . 2010-07-19 21:17 189696 ----a-w- c:\programdata\BullGuard 9.0 Upgrade\Bin\uninst2.exe
2010-07-19 22:59 . 2010-07-19 22:59
d
w- c:\users\admin\AppData\Local\Google
2010-07-19 22:57 . 2010-07-19 22:57 85208 ----a-w- c:\users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-19 22:57 . 2010-07-19 22:58
d
w- c:\users\admin\AppData\Roaming\BullGuard
2010-07-19 22:57 . 2010-07-19 22:57
d
w- c:\users\admin\AppData\Roaming\ATI
2010-07-19 22:57 . 2010-07-19 22:57
d
w- c:\users\admin\AppData\Local\Power2Go
2010-07-19 22:57 . 2010-07-19 22:57
d
w- c:\users\admin\AppData\Local\ATI
2010-07-19 22:57 . 2010-07-19 22:57
d
w- c:\users\admin\AppData\Local\VirtualStore
2010-07-19 22:33 . 2010-07-20 17:38
d
w- c:\users\CLAIRE\AppData\Local\Diagnostics
2010-07-19 21:29 . 2010-07-22 07:00
d
w- c:\programdata\BullGuard 9.0 Upgrade
2010-07-19 21:29 . 2010-07-19 21:16 221184 ----a-w- c:\programdata\BullGuard 9.0 Upgrade\Bin\BGUpgradeRes.dll
2010-07-19 21:29 . 2010-07-19 21:16 935248 ----a-w- c:\programdata\BullGuard 9.0 Upgrade\Bin\BGUpgrade.exe
2010-07-19 21:15 . 2010-05-20 23:14 38784 ----a-w- c:\users\CLAIRE\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-19 21:01 . 2010-07-19 21:57
d
w- c:\users\CLAIRE\AppData\Local\virjjgbie
2010-07-19 21:01 . 2010-07-22 07:00
d-sh--w- c:\users\CLAIRE\AppData\Roaming\lowsec
2010-07-15 22:33 . 2010-07-15 22:33 12124624 ----a-w- c:\users\CLAIRE\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airinstaller2x0\airinstaller2x0.exe
2010-07-02 17:31 . 2010-07-02 17:31
d
w- c:\users\CLAIRE\AppData\Local\Gamenauts
2010-06-26 02:18 . 2010-06-26 02:18
d
w- c:\users\CLAIRE\AppData\Roaming\Flood Light Games
2010-06-26 02:18 . 2010-06-26 02:18
d
w- c:\programdata\Flood Light Games
2010-06-26 02:17 . 2010-07-20 17:43
d
w- c:\program files\Games
2010-06-25 23:24 . 2010-06-25 23:24
d
w- c:\windows\Profiles
2010-06-25 23:24 . 2010-06-25 23:24
d
w- c:\users\CLAIRE\AppData\Roaming\InterTrust
2010-06-25 23:24 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-06-24 02:01 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 02:01 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 02:01 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 02:01 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 02:01 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 14:27 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 14:27 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 14:27 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 13:50 . 2010-06-13 19:08
d
w- c:\users\CLAIRE\AppData\Roaming\BitComet
2010-07-22 07:00 . 2010-02-17 16:01
d
w- c:\programdata\BullGuard
2010-07-19 22:31 . 2010-03-25 18:31
d
w- c:\users\CLAIRE\AppData\Roaming\BullGuard
2010-07-19 21:54 . 2010-02-16 15:12
d
w- c:\program files\Microsoft
2010-06-27 18:09 . 2010-02-16 14:01
d--h--w- c:\program files\InstallShield Installation Information
2010-06-25 23:24 . 2010-02-16 14:56
d
w- c:\program files\Common Files\Adobe
2010-06-25 22:10 . 2010-02-16 15:43
d
w- c:\program files\Microsoft.NET
2010-06-25 00:44 . 2009-07-14 04:52
d
w- c:\program files\Microsoft Games
2010-06-14 22:12 . 2010-06-14 22:12
d
w- c:\users\CLAIRE\AppData\Roaming\CyberLink
2010-06-13 19:09 . 2010-06-13 19:08
d
w- c:\program files\Google
2010-06-13 19:08 . 2010-06-13 19:08
d
w- c:\program files\BitComet
2010-06-11 22:27 . 2010-02-16 15:42
d
w- c:\programdata\Microsoft Help
2010-06-11 01:01 . 2010-04-30 07:00 1008 ----a-w- c:\users\CLAIRE\AppData\Roaming\wklnhst.dat
2010-06-08 09:08 . 2010-06-08 09:08 150848 ----a-w- c:\windows\system32\BGLsp.dll
2010-06-04 21:20 . 2010-02-16 15:14
d
w- c:\program files\Microsoft Silverlight
2010-05-27 07:24 . 2010-06-11 17:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 17:12 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 06:30 . 2010-05-24 06:30 1056 --sha-w- c:\programdata\KGyGaAvL.sys
2010-05-24 06:30 . 2010-05-24 06:30 1056 --sha-w- c:\programdata\KGyGaAvL.sys
2010-05-24 06:30 . 2010-05-24 06:30
d
w- c:\users\CLAIRE\AppData\Roaming\Corel
2010-05-21 13:14 . 2010-02-16 10:43 221568
w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-11 17:12 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-20 23:14 . 2010-07-19 22:56 38784 ----a-w- c:\users\admin\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-20 23:14 . 2010-05-21 00:07 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\https://www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-01 14:49 . 2010-06-11 17:12 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 09:41 . 2010-04-28 09:41 55888 ----a-w- c:\windows\system32\drivers\BdSpy.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2010-07-22_02.26.46"]SnapShot@2010-07-22_02.26.46[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-29 10:23 . 2010-07-22 13:44 33806 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-07-22 13:44 41120 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-25 18:25 . 2010-07-22 13:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-25 18:25 . 2010-07-22 02:06 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-25 18:25 . 2010-07-22 13:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-25 18:25 . 2010-07-22 02:06 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-07-22 13:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-07-22 02:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-25 19:09 . 2010-07-22 13:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-25 19:09 . 2010-07-22 02:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-25 19:09 . 2010-07-22 13:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-25 19:09 . 2010-07-22 02:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-25 19:09 . 2010-07-22 13:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-25 19:09 . 2010-07-22 02:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-25 18:36 . 2010-07-22 02:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-25 18:36 . 2010-07-22 13:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-26 15:07 . 2010-07-22 02:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-26 15:07 . 2010-07-22 14:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-26 15:07 . 2010-07-22 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-03-26 15:07 . 2010-07-22 02:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-03-26 15:07 . 2010-07-22 02:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-03-26 15:07 . 2010-07-22 14:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-03-25 18:36 . 2010-07-22 02:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-25 18:36 . 2010-07-22 14:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-25 18:36 . 2010-07-22 02:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-25 18:36 . 2010-07-22 13:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-22 13:43 . 2010-07-22 13:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-07-22 02:06 . 2010-07-22 02:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-07-22 02:06 . 2010-07-22 02:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-22 13:43 . 2010-07-22 13:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2010-07-22 02:11 628024 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-07-22 13:47 628024 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-07-22 02:11 110208 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-07-22 13:47 110208 c:\windows\System32\perfc009.dat
- 2009-07-14 02:03 . 2010-07-21 23:05 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2010-07-22 13:56 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2010-05-28 3085104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-08 98304]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
c:\users\CLAIRE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-5-21 95232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\BdInstHk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 135664]
R3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2010-06-08 301376]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-17 1343400]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2010-04-28 55888]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-08 172032]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 20992]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2010-06-08 348480]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-08 5191168]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-08 125440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320]
--- Other Services/Drivers In Memory ---
*Deregistered* - ofkorr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard_Main REG_MULTI_SZ BsMain
BullGuard REG_MULTI_SZ BsFileScan BsMailProxy
.
Contents of the 'Scheduled Tasks' folder
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 19:09]
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-13 19:09]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.aldi.com
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\BGLsp.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ofkorr]
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-07-22 16:02:25
ComboFix-quarantined-files.txt 2010-07-22 15:02
ComboFix2.txt 2010-07-22 02:27
Pre-Run: 940,200,476,672 bytes free
Post-Run: 940,182,421,504 bytes free
- - End Of File - - 74B845F727FA77FC25F37CDAD543FE38:love: married to the man of my dreams! 9-08-090
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards