It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

~e5d141.tmp suspected trojan

Posted 8/13/2011 2:56 PM
#92126
User avatar

NoughtiesJesus Member

Date Joined Nov 2016
Total Posts: 1
Have been playing Fifa 2004 on this XP for years with no problems. Now when opened, Bullguard suspends ~e5d141.tmp, suspecting it to be a trojan. We quarantine it, delete it but the pattern just repeats every time we try to open the game again. Research online has proved inconclusive; some suspect it to be a harmless temp file from macromedia that misinterprets something to do with the digital license (?) and others are convinced it is a trojan. In the details Bullguard provides, it says it's creating files and adjusting the registry, so I don't want to take any chances. Here's a HiJack this log: <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 15:50:11, on 13/08/2011 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v8.00 (8.00.6001.18702) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\SvcHost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe <br/>C:\WINDOWS\System32\SvcHost.exe <br/>C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe <br/>C:\WINDOWS\eHome\ehRecvr.exe <br/>C:\WINDOWS\eHome\ehSched.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\wanmpsvc.exe <br/>C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe <br/>C:\WINDOWS\system32\dllhost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\ehome\ehtray.exe <br/>C:\WINDOWS\SOUNDMAN.EXE <br/>C:\WINDOWS\system32\nvraidservice.exe <br/>C:\Program Files\Real\RealPlayer\RealPlay.exe <br/>C:\Program Files\Common Files\AOL\1250775711\ee\AOLSoftware.exe <br/>C:\WINDOWS\eHome\ehmsas.exe <br/>C:\Program Files\iTunes\iTunesHelper.exe <br/>C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Windows Media Player\WMPNSCFG.exe <br/>C:\Program Files\AOL 9.0\aoltray.exe <br/>C:\WINDOWS\system32\wbem\unsecapp.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Program Files\AOL Companion\companion.exe <br/>C:\Program Files\Mozilla Firefox\plugin-container.exe <br/>C:\Documents and Settings\Mr Lucas\My Documents\Downloads\hijackthis\HijackThis.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local <br/>R3 - URLSearchHook: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\prxtbRad0.dll <br/>O2 - BHO: Radio Bar 1 - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\prxtbRad0.dll <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O2 - BHO: BullGuard Safe Browsing - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll <br/>O3 - Toolbar: Radio Bar 1 Toolbar - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files\Radio_Bar_1\prxtbRad0.dll <br/>O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll <br/>O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe <br/>O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE <br/>O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe <br/>O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe <br/>O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER <br/>O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1250775711\ee\AOLSoftware.exe <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime <br/>O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNTQxMDE0NzM0LVhMKzEtVDEtVUNBTEwrMS1VQ0FMTDIrMi1GTCs4LUY4TTExQysxLVVQRysyMDExLUZMMTArMS1MSUMrOS1ERFQrMA"&"prod=90"&"ver=10.0.1392 <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe <br/>O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe <br/>O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe <br/>O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html <br/>O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll <br/>O11 - Options group: [INTERNATIONAL] International <br/>O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250607709796 <br/>O18 - Protocol: bglink - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll <br/>O20 - AppInit_DLLs: BgGamingMonitor.dll <br/>O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) <br/>O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll <br/>O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe <br/>O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe <br/>O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) <br/>O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe <br/> <br/>Hope you can help, thanks!
Posted 8/16/2011 9:36 AM
#92142
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
I don't know much about BullGuard antivirus, but if that file belongs to your game then can you put that in BG's exclusion list so the game will work? <br/>You may have to talk with BG's help support.
* You may pm me if you're still waiting for my follow-up post.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 4, 2016, 9:23 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 3 new threads and 4 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.