Download of Bullguard

Posted 9/12/2008 3:45 PM
#65915
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
[color=black>[2] [/2]




  1. [color=black>2.]You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

    3. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd

    Select option #2 - Clean by typing 2 and press Enter.
    Wait for the tool to complete and disk cleanup to finish.
    You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.[/color]

[color=black>I]






Open notepad and copy/paste the text in the quotebox below into it:




Quote:



[table style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none; BORDER-COLLAPSE: collapse; mso-border-alt: solid windowtext .75pt; mso-padding-alt: 0cm 3.5pt 0cm 3.5pt" cellSpacing=0 cellPadding=0 border=1]
[tr ][td style="BORDER-RIGHT: windowtext 0.75pt solid; PADDING-RIGHT: 3.5pt; BORDER-TOP: windowtext 0.75pt solid; PADDING-LEFT: 3.5pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: windowtext 0.75pt solid; WIDTH: 488.9pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 0.75pt solid; BACKGROUND-COLOR: transparent" vAlign=top width=652]Killall::

[/color]

Snapshot::





File::
C:\WINDOWS\system32\bogxyg
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\8.tmp


C:\WINDOWS\system32\paso.el
C:\WINDOWS\system32\io.e18
C:\WINDOWS\system32\onmac.frv


C:\WINDOWS\system32\ffcty.sp
C:\WINDOWS\system32\mnax.help
C:\WINDOWS\system32\can.sdr
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\10.tmp


C:\WINDOWS\System32\cnvfa.dll
C:\WINDOWS\System32\cnvfa.dll
C:\WINDOWS\OGKKENFK.exe

Folder::
C:\WINDOWS\system32\bogxyg

Driver::

osotrqsu
[/td][/tr][/table]

Save this as:
CFScript



https://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe


Then post fresh combofix log.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 9/12/2008 7:26 PM
#65920
User avatar

islandprincess Valued member

Date Joined Nov 2016
Total Posts: 24
Ok all done as asked! Few things though:
Didn't prompt about wininet.dll...Does that matter.

Catchme.cfxe failed to initialize properly Error 0x000142 and click on ok to terminate didn't get a chance to do that as system rebooted at that moment.

There's a blue screen behind icons on start-up page whereas before I had fish was this deleted or is this a problem.

Just on the off-chance that Bullguard works this time, I bought it on disk from a shop originally but [url=suport@bullguard]suport@bullguard[/url] told me to download it from internet, should I install it with the disk or download it again?

Do I have to uninstall Malware before Bullguard will install as you asked me before did I have any other antivirus programs running?

Please answer these questions as I don't know myself!!!! :confused:

Here's the log you were looking for:

ComboFix 08-09-11.02 - mclovin 2008-09-12 19:59:31.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.3 [GMT 1:00]
Running from: C:\Documents and Settings\mclovin\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\10.tmp
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\bogxyg
C:\WINDOWS\system32\bogxyg\
C:\WINDOWS\system32\can.sdr
C:\WINDOWS\system32\ffcty.sp
C:\WINDOWS\system32\io.e18
C:\WINDOWS\system32\mnax.help
C:\WINDOWS\system32\onmac.frv
C:\WINDOWS\system32\paso.el

.
((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 )))))))))))))))))))))))))))))))
.

2008-09-12 19:41 . 2008-09-12 19:47 870 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-11 17:50 . 2008-09-11 19:05 <DIR> d-------- C:\Documents and Settings\princess
2008-09-10 18:36 . 2008-09-10 18:36 0 -ra------ C:\WINDOWS\system32\TFTP204
2008-09-10 17:07 . 2008-09-10 17:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 17:07 . 2008-09-10 17:07 <DIR> d-------- C:\Documents and Settings\mclovin\Application Data\Malwarebytes
2008-09-10 17:07 . 2008-09-10 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 17:07 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 17:07 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-10 15:36 . 2008-09-10 15:36 29 --a------ C:\WINDOWS\system32\gpawtrqs.tmp
2008-09-05 19:40 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-05 19:40 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-03 14:28 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-09-03 14:26 . 2008-09-03 14:26 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-08-29 18:36 . 2008-08-29 18:36 <DIR> d-------- C:\Program Files\OxigenInstall
2008-08-28 21:15 . 2008-08-28 21:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-28 21:06 . 2008-08-28 21:17 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-28 15:16 . 2008-08-28 20:07 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-08-27 18:15 . 2008-09-01 13:22 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-27 18:15 . 2008-08-27 18:15 <DIR> d-------- C:\Documents and Settings\mclovin\Application Data\PC Tools
2008-08-27 18:15 . 2008-08-27 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-27 18:12 . 2008-08-27 18:12 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-08-22 15:03 . 2008-08-22 15:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 15:03 . 2008-09-01 13:22 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 21:13 . 2008-09-01 13:22 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-08-21 21:13 . 2008-07-28 11:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 19:49 65,536 ----a-w C:\WINDOWS\DUMP3921.tmp
2008-09-10 19:26 65,536 ----a-w C:\WINDOWS\DUMP2f8b.tmp
2008-09-10 14:35 560,128 ----a-w C:\WINDOWS\system32\user32.DLL
2008-08-28 20:26 --------- d-----w C:\Program Files\FoneSync
2008-08-28 20:19 --------- d-----w C:\Program Files\Google
2008-08-27 17:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-27 16:57 --------- d-----w C:\Program Files\Logitech
2008-08-20 19:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-20 19:54 --------- d-----w C:\Program Files\Create Your Own Greeting Cards
2008-07-27 11:50 --------- d-----w C:\Program Files\Zylom Games
2008-07-27 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.
[color=red] C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below) [/color]
560,128 2008-09-10 14:35:42 C:\WINDOWS\system32\user32.DLL
560,128 2008-09-10 14:35:42 C:\WINDOWS\system32\dllcache\user32.dll


------- Sigcheck -------

2008-09-10 15:35 560128 2434e5831fe33320dae19e27bac0f52e C:\WINDOWS\system32\user32.DLL
2008-09-10 15:35 560128 2434e5831fe33320dae19e27bac0f52e C:\WINDOWS\system32\dllcache\user32.dll

2002-08-29 13:00 1013760 66be0215c2896ac95e48860538828719 C:\WINDOWS\explorer.exe
2002-08-29 13:00 1013760 ac80adc21d0feec9fb7791588cbaf983 C:\WINDOWS\system32\dllcache\explorer.exe

2002-08-29 13:00 23040 ee17ba6788dff46c984990d8c08d7eef C:\WINDOWS\system32\ctfmon.exe
2002-08-29 13:00 23040 51fe568b2c23b91318bf615a9e3cb77e C:\WINDOWS\system32\dllcache\ctfmon.exe

2002-08-29 13:00 60928 1c6531faf2918ede69bbb727a9a1b3e8 C:\WINDOWS\system32\spoolsv.exe
2002-08-29 13:00 60928 66e616da006cf9995449de9e14187dba C:\WINDOWS\system32\dllcache\spoolsv.exe

2002-08-29 13:00 31744 d9538f49d2028e46048f26b7a5796801 C:\WINDOWS\system32\userinit.exe
2002-08-29 13:00 31744 44f4ec197882e4f7901cad61203965bf C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCE44551-054F-4031-A77E-DD2357896A2B}]
2002-08-29 13:00 93184 --a------ C:\WINDOWS\System32\adsn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 1523741]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2002-06-20 737334]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-06-30 41027]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-05-29 532480]
"Java (VM) v6.9.3"="C:\WINDOWS\System32\jdk-1_5_0_19-windows-i393-pp\jav.bat" [2008-03-05 87]
"Cpl32ver"="C:\WINDOWS\System32\Cpl32ver.exe" [2008-09-12 16896]
"PromoReg"="C:\WINDOWS\system32\alt.exe.exe" [2008-09-12 318464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 23040]
"Java (VM) v6.9.3"="C:\WINDOWS\System32\jdk-1_5_0_19-windows-i393-pp\jav.bat" [2008-03-05 87]
"neos"="C:\WINDOWS\neos.exe" [2008-09-12 91648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrv61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"wmssvc.exe"= wmssvc.exe:SYSTEM

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 160792]
S2 osotrqsu;osotrqsu;C:\WINDOWS\system32\drivers\osotrqsu.sys [ ]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-09-12 20:06:58
Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:
Z!!!enFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\nvrsol32.dll 245760 bytes executable
C:\WINDOWS\system32\paso.el 96768 bytes executable
C:\WINDOWS\system32\svcp.csv 0 bytes
C:\WINDOWS\system32\C.tmp 172030 bytes

scan completed successfully
hidden files: 4

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\12.tmp
.
**************************************************************************
.
Completion time: 2008-09-12 20:10:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-12 19:10:49
ComboFix2.txt 2008-09-12 11:07:27
ComboFix3.txt 2008-09-10 17:02:32
ComboFix4.txt 2008-09-10 14:05:04
ComboFix5.txt 2008-09-12 18:58:05

Pre-Run: 63,994,621,952 bytes free
Post-Run: 63,968,444,416 bytes free

154







Posted 9/15/2008 8:55 AM
#65984
User avatar

islandprincess Valued member

Date Joined Nov 2016
Total Posts: 24
Hi I'm still waiting to see if I can now install Bullguard either from CD or download?
Posted 9/15/2008 3:06 PM
#65988
User avatar

islandprincess Valued member

Date Joined Nov 2016
Total Posts: 24
I'm still waiting. Could someone look at my Combofix log and tell me if its ok to re-install Bullguard.
Posted 9/16/2008 9:03 AM
#66012
User avatar

islandprincess Valued member

Date Joined Nov 2016
Total Posts: 24
Today I have MS asking me if I want to install a PC Cleaner onto my PC. Could you look at my Combofix log and tell me if its ok to install Bullguard and how I can go about achieving this fully without any problems like I have been having
Am getting really fed up now and would like to get this done so I don't have to annoy you anymore asking about this. :mad:
Posted 9/16/2008 3:40 PM
#66021
User avatar

islandprincess Valued member

Date Joined Nov 2016
Total Posts: 24
:shakehead: I'm getting really fed up now!!! Tried to download Bullguard again and it still hasn't happened keeps coming up that installer integrity

has failed. What do I do now?????????? :cry:
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, November 28, 2022, 12:05 PM (GMT +1)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
147 Guest(s), 0 Registered Member(s) are currently online.