We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
virus/malware problems
teleaddict
Posts: 208 Forumite
in Techie Stuff
I have been having problems with my recently acquired computer.
After being recommended I tried to install Bullguard internet security, but am having difficulty as it won't install the firewall. (Bullguards Techie people are looking at this problem for me).
So I thought whilst I'm waiting I'll do my own virus/malware check. After running malwarebytes, adaware, spybot S&D and Ccleaner (which between them found a number of malware and a trojan) I ran panda active scan which found a few more problems.
I am still currently getting pop-ups & new browser windows opening, so I think activescan might be right, but the other applications don't find anything.
Could somebody please look at my activescan & hijackthis logs and see if there is anything lurking which shouldn't be there.
Activescan log
;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-08-11 22:16:41
PROTECTIONS: 2
MALWARE: 4
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
BullGuard Antivirus X.0 Yes Yes
Lavasoft Ad-Watch Live! Anti-Virus Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00003428 adware/memorywatcher Adware No 0 Yes No hkey_classes_root\vbrad.trayicon
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\program files\dvd region+css free\dvd43.exe
03587590 Adware/Yassist Adware No 0 No No c:\documents and settings\pam\my documents\back up drive\laptop documents\my documents\applications\divxinstaller.exe[²çç\y_toolbar.exe][²èç]
03587590 Adware/Yassist Adware No 0 No No c:\documents and settings\all users.windows\documents\temp back up\laptop documents\tonys\applications\divxinstaller.exe[²çç\y_toolbar.exe][²èç]
03899061 Generic Trojan Virus/Trojan No 0 Yes No c:\system volume information\_restore{d5fe527a-0251-4f4f-a1d1-7ab3ed6aa879}\rp0\a0000282.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\documents and settings\all users.windows\documents\temp back up\laptop documents\tonys\applications\couponprinter.exe
No c:\documents and settings\pam\my documents\back up drive\laptop documents\my documents\applications\couponprinter.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
After being recommended I tried to install Bullguard internet security, but am having difficulty as it won't install the firewall. (Bullguards Techie people are looking at this problem for me).
So I thought whilst I'm waiting I'll do my own virus/malware check. After running malwarebytes, adaware, spybot S&D and Ccleaner (which between them found a number of malware and a trojan) I ran panda active scan which found a few more problems.
I am still currently getting pop-ups & new browser windows opening, so I think activescan might be right, but the other applications don't find anything.
Could somebody please look at my activescan & hijackthis logs and see if there is anything lurking which shouldn't be there.
Activescan log
;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-08-11 22:16:41
PROTECTIONS: 2
MALWARE: 4
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
BullGuard Antivirus X.0 Yes Yes
Lavasoft Ad-Watch Live! Anti-Virus Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00003428 adware/memorywatcher Adware No 0 Yes No hkey_classes_root\vbrad.trayicon
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\program files\dvd region+css free\dvd43.exe
03587590 Adware/Yassist Adware No 0 No No c:\documents and settings\pam\my documents\back up drive\laptop documents\my documents\applications\divxinstaller.exe[²çç\y_toolbar.exe][²èç]
03587590 Adware/Yassist Adware No 0 No No c:\documents and settings\all users.windows\documents\temp back up\laptop documents\tonys\applications\divxinstaller.exe[²çç\y_toolbar.exe][²èç]
03899061 Generic Trojan Virus/Trojan No 0 Yes No c:\system volume information\_restore{d5fe527a-0251-4f4f-a1d1-7ab3ed6aa879}\rp0\a0000282.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\documents and settings\all users.windows\documents\temp back up\laptop documents\tonys\applications\couponprinter.exe
No c:\documents and settings\pam\my documents\back up drive\laptop documents\my documents\applications\couponprinter.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
My £2 savings total for 2007 = £92, for 2008 = £124
My savings from money off coupons for 2007 = £67.97, for 2008 = £194.79
My £2 savings for 2009 (so far) = £130
My savings from money off coupons for 2009 = £593.08
My savings from money off coupons for 2007 = £67.97, for 2008 = £194.79
My £2 savings for 2009 (so far) = £130
My savings from money off coupons for 2009 = £593.08
0
Comments
-
Hijackthis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:02:14, on 12/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\SvcHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\SvcHost.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pam\My Documents\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BGAntiphishingBHO - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeMy £2 savings total for 2007 = £92, for 2008 = £124
My savings from money off coupons for 2007 = £67.97, for 2008 = £194.79
My £2 savings for 2009 (so far) = £130
My savings from money off coupons for 2009 = £593.08
0 -
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dllMy £2 savings total for 2007 = £92, for 2008 = £124
My savings from money off coupons for 2007 = £67.97, for 2008 = £194.79
My £2 savings for 2009 (so far) = £130
My savings from money off coupons for 2009 = £593.08
0 -
Please open malwarebytes, goto LOGS and post the WHOLE of the log:idea:0
-
Please bare with me, It won't let me post the whole log in one go. Is there a way I could link to a the txt files?My £2 savings total for 2007 = £92, for 2008 = £124
My savings from money off coupons for 2007 = £67.97, for 2008 = £194.79
My £2 savings for 2009 (so far) = £130
My savings from money off coupons for 2009 = £593.08
0 -
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7838 bytes
Any help would be greatly received
:mad:My £2 savings total for 2007 = £92, for 2008 = £124
My savings from money off coupons for 2007 = £67.97, for 2008 = £194.79
My £2 savings for 2009 (so far) = £130
My savings from money off coupons for 2009 = £593.08
0 -
Apologies folks for posting the above over a number of "replies", but the connection kept timing out and wouldn't let me post the logs, this way it did. The above logs are for firstly panda antivirus activescan and secondly is the hijackthis log (over all the replies).
aliEnRIK the Malwarebyte found/removed 2 malwares for "pricegong" is this log required? Adware also found/removed Trojan.Win32.Generic!BT and about 30 tracking cookies if this helps?My £2 savings total for 2007 = £92, for 2008 = £124
My savings from money off coupons for 2007 = £67.97, for 2008 = £194.79
My £2 savings for 2009 (so far) = £130
My savings from money off coupons for 2009 = £593.08
0 -
Yes, please post the entire log:idea:0
-
Use pastebin to post and post a link to the bin here. Google for a link.Going into last year of uni. What to do next?0
-
a quick googling suggests bglsp.dll is unsafe. is it still there after running MBAM and cleaning up?Friendly greeting!0
-
aliEnRIK I've taken cwtaylor's advice, I hope thats ok. The Malbytes log is on pastebin here http://pastebin.ca/1915769
This log was from a run after I had used Adaware to remove the other nasties I mentioned.My £2 savings total for 2007 = £92, for 2008 = £124
My savings from money off coupons for 2007 = £67.97, for 2008 = £194.79
My £2 savings for 2009 (so far) = £130
My savings from money off coupons for 2009 = £593.08
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards