Jump to content

juicyfatslug

Members
  • Content Count

    182
  • Joined

  • Last visited

About juicyfatslug

  • Rank
    Member
  • Birthday 09/13/1968

Contact Methods

  • Website URL
    http://

Previous Fields

  • System Specifications:
    AMD Athlon 64X2 Processor 4200+, nVIDIA nForce 4 PCI-Express Mainboard, 1Gb DDR Ram 400Mhz (2X512Mb), 256 Mb DDR ATI Radeon X800GTO PCI-Express Graphics Card, 19" Viewsonic VX924 TFT, Windows XP Media Edition.
  • TechExpress Link:
    http://www.pcpitstop.com/techexpress.asp?id=E3XWHWMQBHVSKZ3V
  • Teams:
    Nothing Selected
  1. Hi, Thanks for help the problem is on my daughters laptop the system details are as below, I have also attached screenshot of error message received on start up. If this post needs moving to the Adware Section could someone sort this please Thanks for Help. System OS Name - Windows Vista Home Premium Version - 6.0.6002 Service Pack 2 Build 6002 System Manufacturer - Acer System Model - Aspire 5715Z System Type - X86 Based PC Processor - Intel® Premium® Dual CPU T2310, 1.46Ghz BIOS - Acer V1.17, 14/09/2007 SMBIOS Version - 2.4 http://imageshack.us/photo/my-images/195/errormessageonstartup.jpg/
  2. Ok Thanks Yes I have started comp in safe mode and have tried to login with my profile as administrator, it says that the profile cannot be loaded and logs me in with the default profile, I cano only then change the password or reset it which I do, but this doesn't allow me login to the admin profile still ! I have downloaded and ran the eset uninstaller removal program and as far as I can see this is now deleted ! When I login to the computer normally I get an error on startup saying C:\Users\The Carter's\AppData\Local\sdvprfe.dll The specified module could not be found !!!!, not sure if this is important ! Thanks for help
  3. Hi Have downloaded and ran scan but it found no malware !
  4. Hi Yes I have downloaded Malware bytes and am running scan now !
  5. When I logged on in safe mode I could access admin account but it wouldn't let me do anything except change the password or reset it, which I did but still no joy, its like it wont let me take control of the laptop !
  6. Hi All, Thanks for replies will post back when get chance to look at it again, am away for a week starting sunday so will post back after this cheers guys for help
  7. Hi All, I have a big problem, I have eset security installed on computer and have tried updating it, I need admin rights to allow this however my profile seems to have been corrupted, I had the sest tech guy help me but unless I can get admin priveleges on an account on computer the update wont happen and I now have no anti virus on my daughters laptop !! I dont have a repair cd or dvd so am pretty much shafted, have tried changing accounts in safe mode but still no good, can anyone help !!!!! Cheers Nick C
  8. Hi, My Laptop has become infected by the Trojan.Swizzor.8.Gen Virus, I have Bullguard installed and it flagged it up, I plugged in my Pen Drive and now it says device not found, can anyone assist with getting rid of this ? Thanks, Nick C
  9. Thanks, Many thanks Juliet, you have done a great job, I really appreciate it, all the best and thanks for your time and trouble XXXX
  10. Hi Juliet, Here are the Logs Requested below, I have not seen the warning recently !!!, was wondering if there are any Anti Virus Software you could recommend, is Kaspersky any good ?,I have Bullguard at Moment ? -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, February 16, 2010 Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, February 16, 2010 07:54:31 Records in database: 3515227 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 113486 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 02:01:36 No threats found. Scanned area is clean. Selected area has been scanned. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:58:58, on 04/02/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe C:\Program Files\CyberLink\PlayMovie\PMVService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe C:\Users\Alex\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Alex\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Alex.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9088 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe" O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\CyberLink\PlayMovie\PMVService.exe" O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.miniclip.com/games/pengapop/en/" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe -- End of file - 6992 bytes
  11. Hi Juliet, Here is the ComboFix Log as requested: ComboFix 10-02-12.01 - Alex 15/02/2010 20:25:42.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1014.308 [GMT 0:00] Running from: c:\users\Alex\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2052188211-1566551640-1976373288-500 c:\$recycle.bin\S-1-5-21-3504989894-3142493240-2132822678-1002 . ((((((((((((((((((((((((( Files Created from 2010-01-15 to 2010-02-15 ))))))))))))))))))))))))))))))) . 2010-02-15 20:34 . 2010-02-15 20:35 -------- d-----w- c:\users\Alex\AppData\Local\temp 2010-02-15 20:34 . 2010-02-15 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-11 03:12 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll 2010-02-11 03:12 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll 2010-02-11 03:12 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2010-02-11 03:12 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll 2010-02-11 03:12 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll 2010-02-11 03:12 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2010-02-11 03:12 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll 2010-02-11 03:12 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll 2010-02-11 03:12 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll 2010-02-10 16:37 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-02-10 16:37 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-02-10 16:37 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-10 16:37 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-10 16:35 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-02-10 16:35 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2010-02-10 16:35 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-02-10 16:35 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-05 16:19 . 2010-02-12 17:34 69 ----a-w- c:\users\Alex\jagex_runescape_preferences2.dat 2010-02-05 16:17 . 2010-02-12 17:34 41 ----a-w- c:\users\Alex\jagex_runescape_preferences.dat 2010-02-05 16:17 . 2010-02-05 16:17 -------- d-----w- C:\.jagex_cache_32 2010-02-04 18:58 . 2010-02-04 18:59 -------- d-----w- C:\rsit 2010-02-04 18:52 . 2010-02-04 18:52 -------- d-----w- c:\program files\Trend Micro 2010-02-04 17:12 . 2010-02-04 17:12 -------- d-----w- c:\program files\TrendMicro 2010-02-04 16:48 . 2010-02-04 16:48 -------- d-----w- c:\programdata\Office Genuine Advantage 2010-02-04 04:24 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-02-04 04:24 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-01-22 17:57 . 2010-01-22 18:09 -------- d-----w- c:\users\Alex\AppData\Local\nos 2010-01-22 17:56 . 2010-01-22 21:33 -------- d-----w- c:\programdata\NOS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-15 20:13 . 2009-01-19 19:17 -------- d-----w- c:\programdata\BullGuard 2010-02-15 14:52 . 2009-04-06 12:09 87376 ----a-w- c:\windows\system32\BGLsp.dll 2010-02-15 14:52 . 2008-09-19 13:48 14160 ----a-w- c:\windows\system32\client_cc.dll 2010-02-15 14:52 . 2009-01-19 19:17 318488 ----a-r- c:\windows\system32\drivers\AfwCore.sys 2010-02-15 14:52 . 2008-11-10 13:51 29208 ----a-r- c:\windows\system32\drivers\Afw.sys 2010-02-11 03:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-02-06 21:40 . 2008-06-10 16:21 -------- d-----w- c:\program files\Google 2010-02-04 18:41 . 2008-06-10 16:02 -------- d-----w- c:\program files\Packard Bell 2010-02-04 17:29 . 2009-12-15 19:59 -------- d-----w- c:\program files\softendo.com 2010-02-03 22:44 . 2009-01-19 19:17 -------- d-----w- c:\users\Alex\AppData\Roaming\BullGuard 2010-02-03 22:44 . 2008-06-10 16:17 -------- d-----w- c:\program files\Common Files\Adobe 2010-02-03 22:44 . 2009-01-25 12:35 -------- d-----w- c:\program files\Windows Live 2010-01-24 13:11 . 2009-01-20 10:06 2722 ----a-w- c:\users\Alex\AppData\Roaming\wklnhst.dat 2010-01-14 11:12 . 2009-10-03 10:46 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-10 00:53 . 2009-08-27 15:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-10 00:52 . 2009-09-16 20:41 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-10 00:35 . 2010-01-10 00:35 -------- d-----w- c:\program files\CCleaner 2010-01-10 00:25 . 2010-01-10 00:25 -------- d-----w- c:\programdata\RoboForm 2010-01-07 16:07 . 2009-08-27 15:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 16:07 . 2009-08-27 15:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-02 06:38 . 2010-02-04 04:23 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-02-04 04:23 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 06:32 . 2010-02-04 04:23 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 04:57 . 2010-02-04 04:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-11 16:21 . 2009-10-24 22:07 1 ----a-w- c:\users\Alex\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-11-18 19:14 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2007-11-28 19:31 . 2008-06-10 16:14 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-11-28 19:31 . 2008-06-10 16:14 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-11-28 19:31 . 2008-06-10 16:14 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2007-11-28 19:31 . 2008-06-10 16:14 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2007-11-28 19:31 . 2008-06-10 16:14 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2008-06-11 00:47 . 2008-06-11 00:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2010-02-15 304464] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208] "Skytel"="Skytel.exe" [2007-08-03 1826816] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656] "PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360] "CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608] "PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2010-02-15 304464] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(:4f,95,2c,9b,8a,e8,c9,01 R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\Afw.sys [10/11/2008 13:51 29208] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\CyberLink\PlayMovie\000.fcl [10/06/2008 16:41 41456] R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\System32\drivers\BdFileSpy.sys [19/01/2009 19:16 55504] R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [21/01/2008 02:33 21504] R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [21/01/2008 02:33 21504] R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [21/01/2008 02:33 21504] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 02:33 21504] R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\System32\drivers\AfwCore.sys [19/01/2009 19:17 318488] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/02/2010 21:36 135664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Contents of the 'Scheduled Tasks' folder 2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:35] 2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 21:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ LSP: c:\windows\system32\bglsp.dll FF - ProfilePath - FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.accept.default", "application/x-shockwave-flash,text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-15 20:35 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl" . Completion time: 2010-02-15 20:38:27 ComboFix-quarantined-files.txt 2010-02-15 20:38 Pre-Run: 42,574,782,464 bytes free Post-Run: 42,556,538,880 bytes free - - End Of File - - 3859BFC81999665C516BA9DA2D567E34
  12. Hi Juliet, Its not from the onboard Anti-Virus Software it seems to come up when Internet Explorer is open ! Thanks, NC
  13. Hi Juliet, Thats good to hear, I haven't seen anything untoward since but it just seems really slow when connected to internet and when closing down my wife has said that you get a warning about viruses on cmputer but I havent seen this as yet !
×
×
  • Create New...