Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Download of Bullguard
   
BullGuard Antivirus Forum > Virus > Alerts & New Threats > Download of Bullguard  
Forum Quick Jump
 
New Topic Post reply to : Download of Bullguard Printable version of : Download of Bullguard
31 posts in this thread.
Viewing Page :  1  2 
[ << Previous Thread | Next Thread >> ]

islandprincess
New Member


Date Joined Sep 2008
Total Posts : 21
  		   Posted 9-9-2008 1:21 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
When I downloaded Bullguard 8 from internet site this came up after installation:
Main page not loaded, Monitoring page and Live update not loaded. I have tried and tried to download Bullguard and this was the furthest I have gotten with it but I don't know if it is working fully for me. When I do a complete scan using Adaware it says that I have 3 critical infections. How do I clean these off my computer. Using Windows xpshakehead
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 9-9-2008 2:21 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
Hello smile
 
 
Have you another antivirus program running ?

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

islandprincess
New Member


Date Joined Sep 2008
Total Posts : 21
  		   Posted 9-9-2008 2:27 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
no I don't.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 9-9-2008 2:31 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
Ok. However, I´ll suggest we´ll see what´s running on the computer -


Please download Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
 
And save to the desktop.

Close all other browser windows.
 
 
 
 Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

islandprincess
New Member


Date Joined Sep 2008
Total Posts : 21
  		   Posted 9-9-2008 3:24 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
Touch said...
Hello smile
 
 
Have you another antivirus program running ?
No I don't have another antivirus program running i am after getting e-mails from support for the past 4 weeks trying to resolve this problem but nothing is working for me.
Please help!confused
Back to Top
 

islandprincess
New Member


Date Joined Sep 2008
Total Posts : 21
  		   Posted 9-9-2008 4:28 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
When i tried to upload the log in notepad form i was told that i can't upload in plain text. What do i do now or how do i do it.
Back to Top
 

islandprincess
New Member


Date Joined Sep 2008
Total Posts : 21
  		   Posted 9-9-2008 5:46 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
I have sent the file to support@bullguard as i haven't heard anything from you since earlier on. I am getting fed up of this.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 9-9-2008 6:54 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
It sound like you were trying to attach the log = "upload in plain text"
 
 
Copy and paste the log

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

islandprincess
New Member


Date Joined Sep 2008
Total Posts : 21
  		   Posted 9-9-2008 7:43 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
I can't because i don't know how to do that.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 9-10-2008 2:24 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
Ok.
 
Look here:
http://members.aol.com/jaynecg/private/copy.html

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

islandprincess
New Member


Date Joined Sep 2008
Total Posts : 21
  		   Posted 9-10-2008 9:52 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
Touch said...
Ok.
 
Look here:
Thanks for your help! Here's the Combofix log hope its what you need.
ComboFix 08-09-05.12 - mclovin 2008-09-09 15:57:21.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.1.1252.1.1033.18.3 [GMT 1:00]
Running from: C:\Documents and Settings\mclovin\Desktop\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-08-09 to 2008-09-09  )))))))))))))))))))))))))))))))
.

2008-09-08 20:12 . 2008-09-08 20:12	<DIR>	d--------	C:\Program Files\BullGuard Ltd
2008-09-05 19:40 . 2008-07-18 22:07	270,880	--a------	C:\WINDOWS\system32\mucltui.dll
2008-09-05 19:40 . 2008-07-18 22:07	29,728	--a------	C:\WINDOWS\system32\mucltui.dll.mui
2008-09-04 18:10 . 2008-09-04 18:10	111,703	--a------	C:\WINDOWS\system32\msmshsr.exe
2008-09-03 14:28 . 2008-07-18 22:09	25,800	--a------	C:\WINDOWS\system32\wuapi.dll.mui
2008-09-03 14:26 . 2008-09-03 14:26	<DIR>	d--------	C:\Program Files\Microsoft Windows OneCare Live
2008-08-29 18:36 . 2008-08-29 18:36	<DIR>	d--------	C:\Program Files\OxigenInstall
2008-08-28 21:15 . 2008-08-28 21:15	0	--a------	C:\WINDOWS\nsreg.dat
2008-08-28 21:06 . 2008-08-28 21:17	<DIR>	d--------	C:\Program Files\Common Files\Symantec Shared
2008-08-28 15:16 . 2008-08-28 20:07	<DIR>	d--------	C:\Program Files\Windows Live Safety Center
2008-08-27 18:15 . 2008-09-01 13:22	<DIR>	d--------	C:\Program Files\Spyware Doctor
2008-08-27 18:15 . 2008-08-27 18:15	<DIR>	d--------	C:\Documents and Settings\mclovin\Application Data\PC Tools
2008-08-27 18:15 . 2008-08-27 18:15	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-27 18:12 . 2008-08-27 18:12	<DIR>	d--------	C:\Program Files\Common Files\Logitech
2008-08-22 15:03 . 2008-08-22 15:03	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 15:03 . 2008-09-01 13:22	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 21:13 . 2008-09-01 13:22	<DIR>	d--------	C:\Program Files\Common Files\PC Tools
2008-08-21 21:13 . 2008-07-28 11:29	160,792	--a------	C:\WINDOWS\system32\drivers\pctfw2.sys
2008-08-21 20:55 . 2008-09-08 19:49	<DIR>	d--------	C:\Program Files\NoAdware5.0
2008-08-20 21:36 . 2008-08-20 21:36	111,244	--a------	C:\WINDOWS\system32\savdldfdzss.exe
2008-08-20 21:02 . 2008-08-21 17:10	113,664	--a------	C:\WINDOWS\faceback1001186.exe
2008-08-11 18:54 . 2008-08-20 21:36	<DIR>	d--------	C:\WINDOWS\system32\jdk-1_5_0_19-windows-i393-pp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 13:21	65,536	----a-w	C:\WINDOWS\DUMP42d5.tmp
2008-09-05 17:44	65,536	----a-w	C:\WINDOWS\DUMP3940.tmp
2008-09-01 12:54	65,536	----a-w	C:\WINDOWS\DUMP3875.tmp
2008-08-28 20:26	---------	d-----w	C:\Program Files\FoneSync
2008-08-28 20:19	---------	d-----w	C:\Program Files\Google
2008-08-27 17:12	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-27 16:57	---------	d-----w	C:\Program Files\Logitech
2008-08-26 17:47	65,536	----a-w	C:\WINDOWS\DUMP4bed.tmp
2008-08-25 18:52	65,536	----a-w	C:\WINDOWS\DUMP4083.tmp
2008-08-22 10:00	65,536	----a-w	C:\WINDOWS\DUMP3c3e.tmp
2008-08-21 13:34	65,536	----a-w	C:\WINDOWS\DUMP3884.tmp
2008-08-20 19:59	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-08-20 19:59	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-20 19:54	---------	d-----w	C:\Program Files\Create Your Own Greeting Cards
2008-08-18 18:51	65,536	----a-w	C:\WINDOWS\DUMP3410.tmp
2008-08-15 10:51	65,536	----a-w	C:\WINDOWS\DUMP37e8.tmp
2008-08-13 17:43	65,536	----a-w	C:\WINDOWS\DUMP3529.tmp
2008-08-12 17:33	65,536	----a-w	C:\WINDOWS\DUMP37b9.tmp
2008-08-12 14:06	65,536	----a-w	C:\WINDOWS\DUMP3e22.tmp
2008-08-11 18:10	65,536	----a-w	C:\WINDOWS\DUMP5d33.tmp
2008-08-09 14:25	65,536	----a-w	C:\WINDOWS\DUMP58ce.tmp
2008-08-07 18:53	65,536	----a-w	C:\WINDOWS\DUMP50b0.tmp
2008-08-05 10:08	19,784	----a-w	C:\WINDOWS\system32\BgOutlookHook.dll
2008-08-05 10:04	14,152	----a-w	C:\WINDOWS\system32\lccl.dll
2008-08-05 10:04	14,152	----a-w	C:\WINDOWS\system32\client_cc.dll
2008-07-27 11:50	---------	d-----w	C:\Program Files\Zylom Games
2008-07-27 11:45	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Zylom
2008-07-26 13:11	65,536	----a-w	C:\WINDOWS\DUMP2c7e.tmp
2008-07-25 16:36	65,536	----a-w	C:\WINDOWS\DUMP3eae.tmp
2008-07-24 14:15	65,536	----a-w	C:\WINDOWS\DUMP5ab2.tmp
2008-07-18 21:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll
2008-07-18 21:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07	210,976	----a-w	C:\WINDOWS\system32\muweb.dll
2008-07-12 16:37	65,536	----a-w	C:\WINDOWS\DUMP3d95.tmp
2008-07-12 15:59	65,536	----a-w	C:\WINDOWS\DUMP38a4.tmp
2008-07-12 15:09	65,536	----a-w	C:\WINDOWS\DUMP3b43.tmp
2008-07-07 18:04	65,536	----a-w	C:\WINDOWS\DUMP3ebe.tmp
2008-07-05 10:20	65,536	----a-w	C:\WINDOWS\DUMP3e60.tmp
2008-07-04 16:29	65,536	----a-w	C:\WINDOWS\DUMP4769.tmp
2008-07-04 16:27	65,536	----a-w	C:\WINDOWS\DUMP443c.tmp
2008-07-03 19:07	65,536	----a-w	C:\WINDOWS\DUMP417d.tmp
2008-07-02 17:27	65,536	----a-w	C:\WINDOWS\DUMP3c3d.tmp
2008-07-02 16:15	65,536	----a-w	C:\WINDOWS\DUMP3da5.tmp
2008-07-02 15:01	65,536	----a-w	C:\WINDOWS\DUMP3b15.tmp
2008-07-02 11:38	65,536	----a-w	C:\WINDOWS\DUMP38c3.tmp
2008-07-02 10:53	65,536	----a-w	C:\WINDOWS\DUMP376b.tmp
2008-07-02 10:34	65,536	----a-w	C:\WINDOWS\DUMP413f.tmp
2008-07-01 17:39	65,536	----a-w	C:\WINDOWS\DUMP416e.tmp
2008-06-30 20:26	65,536	----a-w	C:\WINDOWS\DUMP38b3.tmp
2008-06-30 19:23	65,536	----a-w	C:\WINDOWS\DUMP2e63.tmp
2008-06-30 17:47	65,536	----a-w	C:\WINDOWS\DUMP2b46.tmp
2008-06-28 21:15	198,144	--sh--r	C:\WINDOWS\wmssvc.exe
2008-06-28 20:12	558,142	----a-w	C:\WINDOWS\java\Packages\GJVB73H7.ZIP
2008-06-28 20:12	155,995	----a-w	C:\WINDOWS\java\Packages\IEWHZXVJ.ZIP
.

------- Sigcheck -------

2002-08-29 13:00  1013760  66be0215c2896ac95e48860538828719	C:\WINDOWS\explorer.exe
2002-08-29 13:00  1013760  ac80adc21d0feec9fb7791588cbaf983	C:\WINDOWS\system32\dllcache\explorer.exe

2002-08-29 13:00  23040  ee17ba6788dff46c984990d8c08d7eef	C:\WINDOWS\system32\ctfmon.exe
2002-08-29 13:00  23040  51fe568b2c23b91318bf615a9e3cb77e	C:\WINDOWS\system32\dllcache\ctfmon.exe

2002-08-29 13:00  60928  1c6531faf2918ede69bbb727a9a1b3e8	C:\WINDOWS\system32\spoolsv.exe
2002-08-29 13:00  60928  66e616da006cf9995449de9e14187dba	C:\WINDOWS\system32\dllcache\spoolsv.exe

2002-08-29 13:00  31744  d9538f49d2028e46048f26b7a5796801	C:\WINDOWS\system32\userinit.exe
2002-08-29 13:00  31744  44f4ec197882e4f7901cad61203965bf	C:\WINDOWS\system32\dllcache\userinit.exe
.
(((((((((((((((((((((((((((((   snapshot@2008-09-09_15.47.07.32   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-09 12:03:25	16,384	----a-w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-09 14:54:51	16,384	----a-w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-09-09 12:03:25	32,768	----a-w	C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-09 14:54:51	32,768	----a-w	C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-09 12:03:25	32,768	----a-w	C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-09 14:54:51	32,768	----a-w	C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-09 14:31:24	237,568	----a-w	C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-09-09 14:56:58	237,568	----a-w	C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2008-06-28 20:22:20	39,992	----a-w	C:\WINDOWS\system32\perfc009.dat
+ 2008-09-09 14:56:00	39,992	----a-w	C:\WINDOWS\system32\perfc009.dat
- 2008-06-28 20:22:20	311,604	----a-w	C:\WINDOWS\system32\perfh009.dat
+ 2008-09-09 14:56:00	311,604	----a-w	C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 1523741]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-28 39408]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-08-05 304456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2002-06-20 737334]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-06-30 41027]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-05-29 532480]
"Java (VM) v6.9.3"="C:\WINDOWS\System32\jdk-1_5_0_19-windows-i393-pp\jav.bat" [2008-03-05 87]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-08-05 304456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 23040]
"Java (VM) v6.9.3"="C:\WINDOWS\System32\jdk-1_5_0_19-windows-i393-pp\jav.bat" [2008-03-05 87]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmssvc.exe"= wmssvc.exe:SYSTEM

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 160792]
R2 NET Service;NET Service;C:\WINDOWS\wmssvc.exe [2008-06-28 198144]
S2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
S2 BsFire;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
S3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Ltd\BullGuard\Reconn.sys [ ]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\mclovin\Application Data\Mozilla\Firefox\Profiles\n3m5pc12.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 16:00:06
Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:
Z!!!enFile

scanning hidden processes ... 

C:\WINDOWS\wmssvc.exe [1444] 0xFFBB5AB8

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Java (VM) v6.9.3 = C:\WINDOWS\System32\jdk-1_5_0_19-windows-i393-pp\jav.bat??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-09 16:09:29
ComboFix-quarantined-files.txt  2008-09-09 15:09:24
ComboFix2.txt  2008-09-09 14:48:07

Pre-Run: 65,790,873,600 bytes free
Post-Run: 65,553,145,856 bytes free

183
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 9-10-2008 11:46 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
You have some infections there can be the cause to your Bullguard problem. But you have also some Symantes folders  -
do you have any other product from Symantec installed ? Otherwise, are they probably leftovers from previous programs.

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

islandprincess
New Member


Date Joined Sep 2008
Total Posts : 21
  		   Posted 9-10-2008 12:13 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
I think they might be leftovers from previous programs. Not sure! Don't remember installing 
anything like that unless Bullguard Support told me to when I was e-mailing them about this problem.
What do I do about infections and this other program?


Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 9-10-2008 12:50 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
Ok. We´ll remove them ;-)


Open notepad and copy/paste the text in the quotebox below into it:


Quote:
 
Killall::
 
Snapshot::
 
 
File::

C:\WINDOWS\system32\msmshsr.exe
C:\WINDOWS\system32\savdldfdzss.exe
C:\WINDOWS\faceback1001186.exe
C:\WINDOWS\DUMP42d5.tmp
C:\WINDOWS\DUMP3940.tmp
C:\WINDOWS\DUMP3875.tmp
C:\WINDOWS\DUMP4bed.tmp
C:\WINDOWS\DUMP4083.tmp
C:\WINDOWS\DUMP3c3e.tmp
C:\WINDOWS\DUMP3884.tmp
C:\WINDOWS\DUMP3410.tmp
C:\WINDOWS\DUMP37e8.tmp
C:\WINDOWS\DUMP3529.tmp
C:\WINDOWS\DUMP37b9.tmp
C:\WINDOWS\DUMP3e22.tmp
C:\WINDOWS\DUMP5d33.tmp
C:\WINDOWS\DUMP58ce.tmp
C:\WINDOWS\DUMP50b0.tmp
C:\WINDOWS\DUMP2c7e.tmp
C:\WINDOWS\DUMP3eae.tmp
C:\WINDOWS\DUMP5ab2.tmp
C:\WINDOWS\DUMP3d95.tmp
C:\WINDOWS\DUMP38a4.tmp
C:\WINDOWS\DUMP3b43.tmp
C:\WINDOWS\DUMP3ebe.tmp
C:\WINDOWS\DUMP3e60.tmp
C:\WINDOWS\DUMP4769.tmp
C:\WINDOWS\DUMP443c.tmp
C:\WINDOWS\DUMP417d.tmp
C:\WINDOWS\DUMP3c3d.tmp
C:\WINDOWS\DUMP3da5.tmp
C:\WINDOWS\DUMP3b15.tmp
C:\WINDOWS\DUMP38c3.tmp
C:\WINDOWS\DUMP376b.tmp
C:\WINDOWS\DUMP413f.tmp
C:\WINDOWS\DUMP416e.tmp
C:\WINDOWS\DUMP38b3.tmp
C:\WINDOWS\DUMP2e63.tmp
C:\WINDOWS\DUMP2b46.tmp
C:\WINDOWS\wmssvc.exe
C:\WINDOWS\java\Packages\GJVB73H7.ZIP
C:\WINDOWS\java\Packages\IEWHZXVJ.ZIP
Folder::
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\NoAdware5.0
C:\Documents and Settings\All Users\Application Data\Symantec
 
Driver::
NET Service
 
FireFox::
 


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmssvc.exe"=-
 
 
 
Save this as:
CFScript
 
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe

Then post fresh combofix  log.


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

islandprincess
New Member


Date Joined Sep 2008
Total Posts : 21
  		   Posted 9-10-2008 2:28 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
Touch said...
Ok. We´ll remove them ;-)


Open notepad and copy/paste the text in the quotebox below into it:


Quote:
 
Killall::
 
Snapshot::
 
 
File::

C:\WINDOWS\system32\msmshsr.exe
C:\WINDOWS\system32\savdldfdzss.exe
C:\WINDOWS\faceback1001186.exe
C:\WINDOWS\DUMP42d5.tmp
C:\WINDOWS\DUMP3940.tmp
C:\WINDOWS\DUMP3875.tmp
C:\WINDOWS\DUMP4bed.tmp
C:\WINDOWS\DUMP4083.tmp
C:\WINDOWS\DUMP3c3e.tmp
C:\WINDOWS\DUMP3884.tmp
C:\WINDOWS\DUMP3410.tmp
C:\WINDOWS\DUMP37e8.tmp
C:\WINDOWS\DUMP3529.tmp
C:\WINDOWS\DUMP37b9.tmp
C:\WINDOWS\DUMP3e22.tmp
C:\WINDOWS\DUMP5d33.tmp
C:\WINDOWS\DUMP58ce.tmp
C:\WINDOWS\DUMP50b0.tmp
C:\WINDOWS\DUMP2c7e.tmp
C:\WINDOWS\DUMP3eae.tmp
C:\WINDOWS\DUMP5ab2.tmp
C:\WINDOWS\DUMP3d95.tmp
C:\WINDOWS\DUMP38a4.tmp
C:\WINDOWS\DUMP3b43.tmp
C:\WINDOWS\DUMP3ebe.tmp
C:\WINDOWS\DUMP3e60.tmp
C:\WINDOWS\DUMP4769.tmp
C:\WINDOWS\DUMP443c.tmp
C:\WINDOWS\DUMP417d.tmp
C:\WINDOWS\DUMP3c3d.tmp
C:\WINDOWS\DUMP3da5.tmp
C:\WINDOWS\DUMP3b15.tmp
C:\WINDOWS\DUMP38c3.tmp
C:\WINDOWS\DUMP376b.tmp
C:\WINDOWS\DUMP413f.tmp
C:\WINDOWS\DUMP416e.tmp
C:\WINDOWS\DUMP38b3.tmp
C:\WINDOWS\DUMP2e63.tmp
C:\WINDOWS\DUMP2b46.tmp
C:\WINDOWS\wmssvc.exe
C:\WINDOWS\java\Packages\GJVB73H7.ZIP
C:\WINDOWS\java\Packages\IEWHZXVJ.ZIP
Folder::
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\NoAdware5.0
C:\Documents and Settings\All Users\Application Data\Symantec
 
Driver::
NET Service
 
FireFox::
 


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmssvc.exe"=-
 
 
 
Save this as:
CFScript
 
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe

Then post fresh combofix  log.


OK do I open a new notepad or is it the 1 I have saved for combofix. Can't go any further till I know this.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 9-10-2008 2:34 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
Open new notepad file

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

islandprincess
New Member


Date Joined Sep 2008
Total Posts : 21
  		   Posted 9-10-2008 3:20 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
Here's new log:
C:\WINDOWS\DUMP376b.tmp
C:\WINDOWS\DUMP37b9.tmp
C:\WINDOWS\DUMP37e8.tmp
C:\WINDOWS\DUMP3875.tmp
C:\WINDOWS\DUMP3884.tmp
C:\WINDOWS\DUMP38a4.tmp
C:\WINDOWS\DUMP38b3.tmp
C:\WINDOWS\DUMP38c3.tmp
C:\WINDOWS\DUMP3940.tmp
C:\WINDOWS\DUMP3b15.tmp
C:\WINDOWS\DUMP3b43.tmp
C:\WINDOWS\DUMP3c3d.tmp
C:\WINDOWS\DUMP3c3e.tmp
C:\WINDOWS\DUMP3d95.tmp
C:\WINDOWS\DUMP3da5.tmp
C:\WINDOWS\DUMP3e22.tmp
C:\WINDOWS\DUMP3e60.tmp
C:\WINDOWS\DUMP3eae.tmp
C:\WINDOWS\DUMP3ebe.tmp
C:\WINDOWS\DUMP4083.tmp
C:\WINDOWS\DUMP413f.tmp
C:\WINDOWS\DUMP416e.tmp
C:\WINDOWS\DUMP417d.tmp
C:\WINDOWS\DUMP42d5.tmp
C:\WINDOWS\DUMP443c.tmp
C:\WINDOWS\DUMP4769.tmp
C:\WINDOWS\DUMP4bed.tmp
C:\WINDOWS\DUMP50b0.tmp
C:\WINDOWS\DUMP58ce.tmp
C:\WINDOWS\DUMP5ab2.tmp
C:\WINDOWS\DUMP5d33.tmp
C:\WINDOWS\faceback1001186.exe
C:\WINDOWS\java\Packages\GJVB73H7.ZIP
C:\WINDOWS\java\Packages\IEWHZXVJ.ZIP
C:\WINDOWS\system32\msmshsr.exe
C:\WINDOWS\system32\savdldfdzss.exe
C:\WINDOWS\wmssvc.exe
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NET_SERVICE
-------\Service_NET Service

(((((((((((((((((((((((((   Files Created from 2008-08-10 to 2008-09-10  )))))))))))))))))))))))))))))))
.
2008-09-10 10:25 . 2008-09-10 10:25 111,709 --a------ C:\WINDOWS\system32\mshsyuiers.exe
2008-09-08 20:12 . 2008-09-08 20:12 <DIR> d-------- C:\Program Files\BullGuard Ltd
2008-09-05 19:40 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-05 19:40 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-03 14:28 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-03 14:26 . 2008-09-03 14:26 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-08-29 18:36 . 2008-08-29 18:36 <DIR> d-------- C:\Program Files\OxigenInstall
2008-08-28 21:15 . 2008-08-28 21:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-28 21:06 . 2008-08-28 21:17 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-28 15:16 . 2008-08-28 20:07 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-27 18:15 . 2008-09-01 13:22 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-27 18:15 . 2008-08-27 18:15 <DIR> d-------- C:\Documents and Settings\mclovin\Application Data\PC Tools
2008-08-27 18:15 . 2008-08-27 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-27 18:12 . 2008-08-27 18:12 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-08-22 15:03 . 2008-08-22 15:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 15:03 . 2008-09-01 13:22 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 21:13 . 2008-09-01 13:22 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-08-21 21:13 . 2008-07-28 11:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-08-11 18:54 . 2008-08-20 21:36 <DIR> d-------- C:\WINDOWS\system32\jdk-1_5_0_19-windows-i393-pp
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 20:26 --------- d-----w C:\Program Files\FoneSync
2008-08-28 20:19 --------- d-----w C:\Program Files\Google
2008-08-27 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-27 16:57 --------- d-----w C:\Program Files\Logitech
2008-08-20 19:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-20 19:54 --------- d-----w C:\Program Files\Create Your Own Greeting Cards
2008-08-05 10:08 19,784 ----a-w C:\WINDOWS\system32\BgOutlookHook.dll
2008-08-05 10:04 14,152 ----a-w C:\WINDOWS\system32\lccl.dll
2008-08-05 10:04 14,152 ----a-w C:\WINDOWS\system32\client_cc.dll
2008-07-27 11:50 --------- d-----w C:\Program Files\Zylom Games
2008-07-27 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.
------- Sigcheck -------
2002-08-29 13:00  1013760  66be0215c2896ac95e48860538828719 C:\WINDOWS\explorer.exe
2002-08-29 13:00  1013760  ac80adc21d0feec9fb7791588cbaf983 C:\WINDOWS\system32\dllcache\explorer.exe
2002-08-29 13:00  23040  ee17ba6788dff46c984990d8c08d7eef C:\WINDOWS\system32\ctfmon.exe
2002-08-29 13:00  23040  51fe568b2c23b91318bf615a9e3cb77e C:\WINDOWS\system32\dllcache\ctfmon.exe
2002-08-29 13:00  60928  1c6531faf2918ede69bbb727a9a1b3e8 C:\WINDOWS\system32\spoolsv.exe
2002-08-29 13:00  60928  66e616da006cf9995449de9e14187dba C:\WINDOWS\system32\dllcache\spoolsv.exe
2002-08-29 13:00  31744  d9538f49d2028e46048f26b7a5796801 C:\WINDOWS\system32\userinit.exe
2002-08-29 13:00  31744  44f4ec197882e4f7901cad61203965bf C:\WINDOWS\system32\dllcache\userinit.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 1523741]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-28 39408]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-08-05 304456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2002-06-20 737334]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-06-30 41027]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-05-29 532480]
"Java (VM) v6.9.3"="C:\WINDOWS\System32\jdk-1_5_0_19-windows-i393-pp\jav.bat" [2008-03-05 87]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-08-05 304456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 23040]
"Java (VM) v6.9.3"="C:\WINDOWS\System32\jdk-1_5_0_19-windows-i393-pp\jav.bat" [2008-03-05 87]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmssvc.exe"= wmssvc.exe:SYSTEM
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 160792]
S2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
S2 BsFire;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe [2002-08-29 12800]
S3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Ltd\BullGuard\Reconn.sys [ ]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-10 14:57:26
Windows 5.1.2600 Service Pack 1 NTFS
detected NTDLL code modification:
Z!!!enFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-10 15:05:02 - machine was rebooted
ComboFix-quarantined-files.txt  2008-09-10 14:04:56
ComboFix2.txt  2008-09-09 14:48:07
Pre-Run: 65,974,632,448 bytes free
Post-Run: 65,708,564,480 bytes free
171
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 9-10-2008 4:40 (GMT +1)    Quote: Download of BullguardAlert an admin about: Download of Bullguard
Looks like We have improvement.
 
Please download Malwarebytes' Anti-Malware:
http://www.spywarefri.dk/downloads1/mbam-setup.exe
 
Or here:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch


Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.