Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 days
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 days  
Forum Quick Jump
 
New Topic Post reply to : Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 days Printable version of : Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 days
[ << Previous Thread | Next Thread >> ]

SC116
New Member


Date Joined Sep 2007
Total Posts : 5
  		   Posted 9-23-2007 1:47 (GMT +1)    Quote: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 daysAlert an admin about: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 days
I noticed this first a few days ago and did not think anything of this at the time. Checked service status there did not seem to be any problems- then noticed that BG had failed to connect to the server for about 5 days before I'd noticed the problem. I guess auto update can cause you to take the updates for granted. :) Oh well here are my logs -any advice is appreciated.

Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 3:28:54 PM, on 21/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Wintab32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\svchost.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\*********\Application Data\Mozilla\Profiles\default\N07SK9ZW.SLT\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://F%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\********\Application Data\Mozilla\Profiles\default\N07SK9ZW.SLT\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127392017623
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: wipmvmcdsyvk (ipfprtnp5) - Unknown owner - C:\WINDOWS\system32\okfeibil5.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\Wintab32.exe


AVG Spyware log

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:55:39 PM 21/09/2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom.zip/*******@advertising.txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom1.zip/*****@servedby.advertising.txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc.zip/*******@atdmt.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.7:C:\Documents and Settings\*******\Application Data\Thunderbird\Profiles\s0lbtjf2.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick.zip/**********@doubleclick.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick1.zip/*******@doubleclick.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick.zip/*******@fastclick.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Gator12.zip/********@webpdp.gator.txt -> TrackingCookie.Gator : Cleaned.
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox.zip/********@hitbox.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox1.zip/********@ehg-ubisoft.hitbox.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox2.zip/********@ehg.hitbox.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex.zip/*********@mediaplex.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex1.zip/*********@mediaplex.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick.zip/**********@valueclick.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\WebTrendslive.zip/********@statse.webtrendslive.txt -> TrackingCookie.Webtrendslive : Cleaned.


::Report end


rootlog.txt

********************************* ROOTCHK-(17-09-07)-LOG, by ejvindh
Fri 21/09/2007 14:59:50.37

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 14:59:51
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A???????B???@???@?? C???????@?????????@?B???A???????A?@?????B???@?????P?????@???????????A~??????????@???????????????????B?????L?????????????????????????????B

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0


ComboFix log

ComboFix 07-09-18.4 - "********" 2007-09-21 15:06:08.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.219 [GMT 10:00]
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-21 15:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-21 12:57 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-09-21 08:33 <DIR> d-------- C:\Program Files\CCleaner
2007-09-19 20:59 <DIR> d-------- C:\Program Files\iTunes
2007-09-19 20:03 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-13 18:32 <DIR> d-------- C:\NGM
2007-09-13 17:34 20,976 --a------ C:\WINDOWS\SYSTEM\CTL3D.DLL
2007-08-23 17:15 <DIR> d-------- C:\Program Files\Buka

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-08 10:49 14152 --a------ C:\WINDOWS\SYSTEM32\client_cc.dll
2007-09-08 10:48 51024 --a------ C:\WINDOWS\system32\drivers\BdFileSpy.sys
2007-08-18 14:58 --------- d-------- C:\Program Files\MSXML 4.0
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\WUPS.DLL
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-28 12:11 --------- d-------- C:\Program Files\Common Files\Apple
2007-07-28 12:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-19 17:00 3583488 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-07-14 10:49 14152 --a------ C:\WINDOWS\SYSTEM32\lccl.dll
2007-07-13 09:31 765952 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
2007-06-28 00:35 823808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-06-28 00:35 232960 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-06-28 00:34 671232 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-06-28 00:34 6058496 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-06-28 00:34 52224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-06-28 00:34 477696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-06-28 00:34 459264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-06-28 00:34 44544 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-06-28 00:34 384512 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-06-28 00:34 383488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-06-28 00:34 27648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-06-28 00:34 267776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-06-28 00:34 230400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-06-28 00:34 193024 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-06-28 00:34 153088 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-06-28 00:34 132608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-06-28 00:34 124928 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-06-28 00:34 1152000 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-06-28 00:34 105984 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-06-28 00:34 102400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-06-27 18:27 63488 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-06-27 18:27 625152 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-06-27 18:27 13824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-06-27 17:00 161792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2007-06-26 16:08 1104896 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
2006-05-01 18:51 356352 --a------ C:\DOCUME~1\*****\cwshredder.dll
2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
2004-03-30 18:57 411 --a------ C:\Program Files\INSTALL.LOG
2001-10-30 07:11 61440 --a------ C:\WINDOWS\INF\I386\onetUSD.dll
2001-10-02 08:58 36864 --a------ C:\WINDOWS\INF\I386\Wiamicro.dll
2001-09-28 08:00 139264 --a------ C:\WINDOWS\INF\I386\Rtscan.dll
2001-09-27 08:11 167936 --a------ C:\WINDOWS\INF\I386\VICEO.DLL
2001-01-18 16:13 12400 --a------ C:\WINDOWS\INF\I386\Usbscan.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 16:48]
"RegistryMechanic"="" []
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-08-01 02:00]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\SYSTEM32\nwiz.exe]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2007-08-14 12:02]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-04-06 10:01]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 08:22]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-06-29 06:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 19:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2007-08-14 12:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-02-10 21:40]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\DOCUME~1\ADMINI~1\STARTM~1\PROGRAMS\STARTUP\
DESKTOP.INI [2003-03-12 21:24:38]

C:\DOCUME~1\DEFAUL~1\STARTM~1\PROGRAMS\STARTUP\
DESKTOP.INI [2003-03-12 21:24:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Action Manager 32.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Action Manager 32.lnk
backup=C:\WINDOWS\pss\Action Manager 32.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CleanSweep Smart Sweep-Internet Sweep.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CleanSweep Smart Sweep-Internet Sweep.lnk
backup=C:\WINDOWS\pss\CleanSweep Smart Sweep-Internet Sweep.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NISUM"=2 (0x2)
"ccPxySvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe
"CTxfiHlp"=CTXFIHLP.EXE
"CTHelper"=CTHELPER.EXE
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R1 VFILT;BullGuard Firewall Kernel Driver;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\FiltNt.sys
R2 BdFileSpy;BullGuard File Monitor Driver;\??\C:\WINDOWS\system32\drivers\BdFileSpy.sys
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe -k BullGuard
R2 BsFwall;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe -k BullGuardFw
R2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;"C:\CFusionMX7\runtime\bin\jrunsvc.exe"
R2 SCNDRVP;Plustek EPP Scanner;C:\WINDOWS\system32\drivers\SCNDRVP.sys
R2 Stltrk2k;Stltrk2k;C:\WINDOWS\system32\drivers\Stltrk2k.sys
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys
R3 Reconn;BullGuard Email Monitor;\??\C:\Program Files\BullGuard Software\BullGuard\reconn.sys
S2 BULKUSB;Digital Music Manager USB driver;C:\WINDOWS\system32\Drivers\NtJCMp3.sys
S2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;"C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1
S2 ipfprtnp5;wipmvmcdsyvk;C:\WINDOWS\system32\okfeibil5.exe
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys
S3 ADBLOCK.DLL;BullGuard Firewall Adware Plugin;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\AdBlock.dll
S3 ATITUNEP;ATI WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\atineuxx.sys
S3 ativraxx;ATI WDM Rage Theater Audio;C:\WINDOWS\system32\DRIVERS\atinraxx.sys
S3 ATIXSAudio;ATI WDM TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinesxx.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys
S3 DMSKSSRh;DMSKSSRh;\??\C:\DOCUME~1\*******\LOCALS~1\Temp\DMSKSSRh.sys
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
S3 HTMLFILT.DLL;BullGuard Firewall HTML Plugin;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\HtmlFilt.dll
S3 HTTPFILT.DLL;BullGuard Firewall HTTP Plugin;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\HttpFilt.dll
S3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\Drivers\itchfltr.sys
S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Drivers\fide.sys
S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys
S3 PCDCODEC;ATI WDM Specialized PCD Codec;C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
S3 PROTECT.DLL;BullGuard Firewall Protection Plugin;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\Protect.dll
S3 W2kbhid;KBGear Tablet (USB);C:\WINDOWS\system32\DRIVERS\W2kbhid.sys
S3 Wtcls2k;Wtcls2k;C:\WINDOWS\system32\DRIVERS\Wtcls2k.sys
S3 XUIF;X10 USB Wireless Transceiver;C:\WINDOWS\system32\Drivers\x10ufx2.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard BgMainSvc BsFileScan BsMailProxy
BullGuardFw BsFwall


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbdf3520-c215-11db-aefc-0050baae0d99}]
AutoRun\command- G:\setupSNK.exe

*Newly Created Service* - AVGASCLN

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\bb9c860a-6426-4e3a-821f-6092ee1d02a2]
C:\WINDOWS\system32\lmpl.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 09:03:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 15:20:02
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A???????B???@???@?? C???????@?????????@?B???A???????A?@?????B???@?????P?????@???????????A~??????????@???????????????????B?????L?????????????????????????????B

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-21 15:23:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-21 15:23
.
--- E O F ---

Post Edited (SC116) : 28-09-2007 11:55:14 GMT

Back to Top
 

SC116
New Member


Date Joined Sep 2007
Total Posts : 5
  		   Posted 9-25-2007 12:09 (GMT +1)    Quote: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 daysAlert an admin about: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 days
I guess I should have also stated that this function just stopped working - it seemed to have been working fine since I had signed up and installed it about 6 or 7 months ago.

I also noticed that the tab "check status" under the "account" tab of the Bullguard program reports "there being an error in trying to get your subscription status (4) - although the program reports subscription status for each of the plugins (if it matters - it isn't close to being up either).

Anyway, not sure if that helps or not.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14350
  		   Posted 9-28-2007 7:34 (GMT +1)    Quote: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 daysAlert an admin about: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 days
Sorry for delay -
 
 
 
Open notepad and copy/paste the text in the quote box below into it:
Quote:
-----------------------------------------------------
File::
C:\WINDOWS\system32\lmpl.exe
 
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\bb9c860a-6426-4e3a-821f-6092ee1d02a2]
 
 
----------------------------------------------
 
Save this as CFScript.txt
 
http://www.fromsej.saknet.dk/billeder/cfscript.gif
 
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
 
 
Post new  combofix log and tell how things are running now ?
 

Do NOT post your problem in someone elses thread.

Back to Top
 

SC116
New Member


Date Joined Sep 2007
Total Posts : 5
  		   Posted 9-28-2007 8:23 (GMT +1)    Quote: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 daysAlert an admin about: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 days
Hello Touch - no worries about the delay, I realize you get very busy here :) ..

Ok, it seems like a load has been taken off my CPU usage (judging by Taskmaster) - but still no connection to the Bullguard update servers ( I don't know if that was supposed to happen or at this point or not - I suppose not yet -but I figured I'd mention it just in case.)

ComboFix log follows:

ComboFix 07-09-18.4 - "*********" 2007-09-28 17:00:13.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.215 [GMT 10:00]
* Created a new restore point

FILE::
C:\WINDOWS\system32\lmpl.exe
.

((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-28 )))))))))))))))))))))))))))))))
.

2007-09-27 08:22 <DIR> d--h----- C:\BJPrinter
2007-09-25 11:51 <DIR> d-------- C:\MapSymbs
2007-09-25 11:49 <DIR> d-------- C:\Program Files\MapSymbs
2007-09-21 15:27 <DIR> d-------- C:\hijackthis
2007-09-21 15:03 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-21 12:57 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-09-21 08:33 <DIR> d-------- C:\Program Files\CCleaner
2007-09-19 20:59 <DIR> d-------- C:\Program Files\iTunes
2007-09-19 20:03 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-13 18:32 <DIR> d-------- C:\NGM
2007-09-13 17:34 20,976 --a------ C:\WINDOWS\SYSTEM\CTL3D.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-08 10:49 14152 --a------ C:\WINDOWS\SYSTEM32\client_cc.dll
2007-09-08 10:48 51024 --a------ C:\WINDOWS\system32\drivers\BdFileSpy.sys
2007-08-23 17:15 --------- d-------- C:\Program Files\Buka
2007-08-18 14:58 --------- d-------- C:\Program Files\MSXML 4.0
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\WUPS.DLL
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2007-07-28 12:11 --------- d-------- C:\Program Files\Common Files\Apple
2007-07-28 12:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-19 17:00 3583488 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-07-14 10:49 14152 --a------ C:\WINDOWS\SYSTEM32\lccl.dll
2007-07-13 09:31 765952 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
2006-05-01 18:51 356352 --a------ C:\DOCUME~1\******~1\cwshredder.dll
2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
2004-03-30 18:57 411 --a------ C:\Program Files\INSTALL.LOG
2001-10-30 07:11 61440 --a------ C:\WINDOWS\INF\I386\onetUSD.dll
2001-10-02 08:58 36864 --a------ C:\WINDOWS\INF\I386\Wiamicro.dll
2001-09-28 08:00 139264 --a------ C:\WINDOWS\INF\I386\Rtscan.dll
2001-09-27 08:11 167936 --a------ C:\WINDOWS\INF\I386\VICEO.DLL
2001-01-18 16:13 12400 --a------ C:\WINDOWS\INF\I386\Usbscan.sys
.

((((((((((((((((((((((((((((( snapshot_2007-09-21_152144.83 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 469,192 2007-09-25 05:14:44 C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
.
----a-w 444,512 2007-08-06 23:43:20 C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 16:48]
"RegistryMechanic"="" []
"Disc Detector"="C:\Program Files\Creative\ShareDLL\CtNotify.exe" [2001-08-01 02:00]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 15:04]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\SYSTEM32\nwiz.exe]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2007-08-14 12:02]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-04-06 10:01]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 08:22]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-06-29 06:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 19:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" [2007-08-14 12:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-02-10 21:40]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"Timezone"="C:\Program Files\Microsoft Time Zone\TimeZone.exe" [2004-10-19 12:01]

C:\DOCUME~1\ADMINI~1\STARTM~1\PROGRAMS\STARTUP\
DESKTOP.INI [2003-03-12 21:24:38]

C:\DOCUME~1\DEFAUL~1\STARTM~1\PROGRAMS\STARTUP\
DESKTOP.INI [2003-03-12 21:24:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Action Manager 32.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Action Manager 32.lnk
backup=C:\WINDOWS\pss\Action Manager 32.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CleanSweep Smart Sweep-Internet Sweep.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CleanSweep Smart Sweep-Internet Sweep.lnk
backup=C:\WINDOWS\pss\CleanSweep Smart Sweep-Internet Sweep.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NISUM"=2 (0x2)
"ccPxySvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe
"CTxfiHlp"=CTXFIHLP.EXE
"CTHelper"=CTHELPER.EXE
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R1 VFILT;BullGuard Firewall Kernel Driver;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\FiltNt.sys
R2 BdFileSpy;BullGuard File Monitor Driver;\??\C:\WINDOWS\system32\drivers\BdFileSpy.sys
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe -k BullGuard
R2 BsFwall;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe -k BullGuardFw
R2 ColdFusion MX 7 Application Server;ColdFusion MX 7 Application Server;"C:\CFusionMX7\runtime\bin\jrunsvc.exe"
R2 SCNDRVP;Plustek EPP Scanner;C:\WINDOWS\system32\drivers\SCNDRVP.sys
R2 Stltrk2k;Stltrk2k;C:\WINDOWS\system32\drivers\Stltrk2k.sys
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys
R3 Reconn;BullGuard Email Monitor;\??\C:\Program Files\BullGuard Software\BullGuard\reconn.sys
S2 BULKUSB;Digital Music Manager USB driver;C:\WINDOWS\system32\Drivers\NtJCMp3.sys
S2 ColdFusion MX 7 Search Server;ColdFusion MX 7 Search Server;"C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1
S2 ipfprtnp5;wipmvmcdsyvk;C:\WINDOWS\system32\okfeibil5.exe
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys
S3 ADBLOCK.DLL;BullGuard Firewall Adware Plugin;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\AdBlock.dll
S3 ATITUNEP;ATI WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\atineuxx.sys
S3 ativraxx;ATI WDM Rage Theater Audio;C:\WINDOWS\system32\DRIVERS\atinraxx.sys
S3 ATIXSAudio;ATI WDM TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinesxx.sys
S3 DMSKSSRh;DMSKSSRh;\??\C:\DOCUME~1\******\LOCALS~1\Temp\DMSKSSRh.sys
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
S3 HTMLFILT.DLL;BullGuard Firewall HTML Plugin;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\HtmlFilt.dll
S3 HTTPFILT.DLL;BullGuard Firewall HTTP Plugin;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\HttpFilt.dll
S3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\Drivers\itchfltr.sys
S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S3 MTK;Media Technology Kernel Driver;C:\WINDOWS\system32\Drivers\fide.sys
S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys
S3 PCDCODEC;ATI WDM Specialized PCD Codec;C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
S3 PROTECT.DLL;BullGuard Firewall Protection Plugin;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\Protect.dll
S3 W2kbhid;KBGear Tablet (USB);C:\WINDOWS\system32\DRIVERS\W2kbhid.sys
S3 Wtcls2k;Wtcls2k;C:\WINDOWS\system32\DRIVERS\Wtcls2k.sys
S3 XUIF;X10 USB Wireless Transceiver;C:\WINDOWS\system32\Drivers\x10ufx2.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard BgMainSvc BsFileScan BsMailProxy
BullGuardFw BsFwall


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbdf3520-c215-11db-aefc-0050baae0d99}]
AutoRun\command- G:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\bb9c860a-6426-4e3a-821f-6092ee1d02a2]
C:\WINDOWS\system32\lmpl.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-20 09:03:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-28 17:04:16
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = C:\Program Files\Creative\ShareDLL\CtNotify.exe?X???????????????? C?????Disc Detector?B???A???????A???????B???@???@?? C???????@?????????@?B???A???????A?@?????B???@?????P?????@???????????A~??????????@?5?????????????????B?????L?????????????????????????????B

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-28 17:08:07
C:\ComboFix2.txt ... 2007-09-21 15:23
C:\ComboFix-quarantined-files.txt ... 2007-09-28 17:08
.
--- E O F ---

Post Edited (SC116) : 28-09-2007 11:57:14 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14350
  		   Posted 9-28-2007 8:51 (GMT +1)    Quote: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 daysAlert an admin about: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 days
Logs looks clean smile
Open BG Main screen - click on -check and update, if it fail- click on settings - and tell where You have checkmarks, then advanced tab- make sure You have this update server - update.bullguard.com Otherwise, click on restore default- and tell how often it will update, and put a check in - Warn Me if etc.


Let Me know how things goes ?


Do NOT post your problem in someone elses thread.

Back to Top
 

SC116
New Member


Date Joined Sep 2007
Total Posts : 5
  		   Posted 9-28-2007 11:04 (GMT +1)    Quote: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 daysAlert an admin about: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 days
Glad to hear about the logs looking clean...

Ok - through BG main screen - clicked on update again and it failed to connect to server.

Then went to Settings - I have as checked the following:

Automatic Updates

Notification Level 2

and both fields under Product Updates are checked as well.

-Went on to advanced settings -and my server was set for update.bullguard.com (but hit restore default in case for some reason I was having a problem reading the url )

Update frequencies are set to check every 8 hours
and to warn if over 5 days old and no updates received.

I had not changed any of this since I originally signed up, although that probably is not really that helpful at this point (added it just in case it might be)..
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14350
  		   Posted 9-28-2007 11:18 (GMT +1)    Quote: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 daysAlert an admin about: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 days
Ok, try another method then -
 
 
1. Double-click on the BullGuard icon from the right lower corner of your screen.
2. Go to the Main menu > the Account tab.
3. Press the "Change user" button.
4. Log in with your username and password.
5. Press the "Check status" button.
6. Now go to the Overview tab and press the “Check&Update” button.
 

Do NOT post your problem in someone elses thread.

Back to Top
 

SC116
New Member


Date Joined Sep 2007
Total Posts : 5
  		   Posted 9-28-2007 11:42 (GMT +1)    Quote: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 daysAlert an admin about: Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 days
Oh boy- do I feel stupid- I did not have my password typed in to the field under User Name.... and I "freaked out" - since I am pretty sure in the past I had had some nasty stuff prevent me from getting Norton updates (which is one big reason why I switched...) -and thought it was the same thing happening here.

Um, embarrassed as all heck. . .

But I appreciate the time you spent on this.

Feel free to shut this one down.
Back to Top
 
New Topic Post reply to : Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 days Printable version of : Help needed - possible virus- have been prevented from receiving Bullguard updates for 10 days
 
Forum Information
Currently it is Friday, January 09, 2009 9:46 PM (GMT +1)
There are a total of 66.008 posts in 16.187 threads.
In the last 3 days there were 20 new threads and 110 reply posts. View Active Threads
Who's Online
This forum has 27804 registered members. Please welcome our newest member, revmrf.
63 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Google redirect virus help (6)09-01-2009 20:36:39 (phinfan)
Connection to server timeout (0)09-01-2009 20:35:36 (revmrf)
Hijackthis (2)09-01-2009 19:41:14 (fingers101)
Need help with removing viruses ∼tmpa and ∼tmpc!!! (4)09-01-2009 19:26:11 (Strummer89)
Virus help needed (10)09-01-2009 19:23:22 (msmat999)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard