Jump to content

HELLLLLLLLLLP

mushele

By mushele
in Resolved Malware Removal Logs

 Share

Recommended Posts

mushele

mushele

Posted
Posted

Hi Just got over tdss and some other crap, still cannot run MWB protection error 2 and 1073. I have reinstalled it, ran the clean up module, updated it and it still crashes... I still have a little hair left though... Merry Christmas Ha!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:18:15 AM, on 12/27/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spyware Doctor\pctsGui.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - Global Startup: FileBox eXtender.lnk = C:\Program Files\FileBX\FileBX.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\qi\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1241805070062

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1256229695140

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll

O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 9263 bytes

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

Hi mushele, :)

Hope you and your family have a safe and happy new year.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites
mushele

mushele

Posted
  • Author
Posted

Here is my combo fix log I am really greatful for your help. I have been scanning with macafee, malwarebytes (paid for) and spyware doctor (paid for)and highjack this for three days and looking at all the keys and processes, and deleting them one by one according to what my web research says they are. It just doesn't feel clean yet and I don't trust it. I have a site to build soon, can i infect my host if I unknowingly upload an infected file? Again Thank You! And Happy New Year!

ComboFix 09-12-31.07 - qi 12/31/2009 21:20:00.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1549 [GMT -8:00]

Running from: c:\documents and settings\qi\My Documents\Downloads\Combo-Fix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! ( Also, I have Windows XP but windows website says its not valid? WTH is that>>>?

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\qi\Application Data\inst.exe

c:\windows\EventSystem.log

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\H8SRTwextetjecb.log

c:\windows\system32\srcr.dat

F:\Uninstall.exe

F:\WinRAR.exe

----- BITS: Possible infected sites -----

hxxp://photobucket.com

hxxp://www.flickr.com

.

((((((((((((((((((((((((( Files Created from 2009-12-01 to 2010-01-01 )))))))))))))))))))))))))))))))

.

2009-12-31 23:17 . 2009-12-31 23:17 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2009-12-31 22:29 . 2007-07-09 18:13 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys

2009-12-31 22:19 . 2009-12-31 22:19 -------- d-----w- c:\windows\ie8updates

2009-12-31 22:15 . 2009-12-31 22:17 -------- dc-h--w- c:\windows\ie8

2009-12-31 22:10 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-12-30 23:26 . 2009-12-30 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-30 23:26 . 2009-12-30 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-30 23:26 . 2009-12-30 22:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-30 21:29 . 2009-12-30 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant

2009-12-30 21:21 . 2009-12-30 21:21 -------- d-----w- c:\windows\hpoj6500e709

2009-12-30 21:18 . 2008-10-06 19:11 741376 ----a-r- c:\windows\system32\hpwwiax5.dll

2009-12-30 21:18 . 2008-10-06 19:11 966656 ----a-r- c:\windows\system32\hpwtiop4.dll

2009-12-30 21:13 . 2009-12-30 21:13 -------- d-----w- c:\program files\Hewlett-Packard

2009-12-30 21:05 . 2009-12-30 21:38 186252 ----a-w- c:\windows\hpwins23.dat

2009-12-30 21:05 . 2008-10-25 09:30 1847 ------w- c:\windows\hpwmdl23.dat

2009-12-30 21:05 . 2008-08-12 18:58 314880 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp082.dll

2009-12-30 21:05 . 2008-08-12 18:58 118272 ----a-w- c:\windows\system32\hpf3l082.dll

2009-12-30 07:03 . 2009-12-30 07:03 83248 ---ha-w- c:\windows\system32\mlfcache.dat

2009-12-30 06:59 . 2009-12-30 07:01 -------- d-----w- c:\documents and settings\qi\Application Data\Apple Computer

2009-12-30 06:59 . 2009-05-18 22:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-12-30 06:59 . 2008-04-17 21:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2009-12-30 06:58 . 2009-12-30 06:58 -------- d-----w- c:\program files\iPod

2009-12-30 06:58 . 2009-12-30 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-12-30 06:57 . 2009-12-30 06:57 -------- d-----w- c:\program files\Bonjour

2009-12-30 06:56 . 2009-12-30 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-12-30 06:56 . 2009-12-30 06:56 -------- d-----w- c:\documents and settings\qi\Local Settings\Application Data\Apple

2009-12-30 06:56 . 2009-12-30 06:56 -------- d-----w- c:\program files\Apple Software Update

2009-12-30 06:56 . 2009-08-29 03:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-12-30 06:56 . 2009-08-29 03:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-12-30 06:55 . 2009-12-30 06:58 -------- d-----w- c:\program files\Common Files\Apple

2009-12-30 06:55 . 2009-12-30 06:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-12-30 06:54 . 2009-12-30 07:54 -------- d-----w- c:\documents and settings\qi\Local Settings\Application Data\Apple Computer

2009-12-26 18:53 . 2009-10-30 19:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-12-26 18:53 . 2009-11-09 19:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-12-26 18:53 . 2009-10-07 00:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-12-26 18:53 . 2009-09-03 17:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-12-26 18:53 . 2010-01-01 05:14 -------- d-----w- c:\program files\Spyware Doctor

2009-12-26 18:53 . 2009-12-26 19:00 -------- d-----w- c:\program files\Common Files\PC Tools

2009-12-26 18:53 . 2009-12-26 18:53 -------- d-----w- c:\documents and settings\qi\Application Data\PC Tools

2009-12-26 18:53 . 2009-12-26 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-12-26 18:46 . 2009-12-26 18:46 -------- d-----w- c:\program files\Trend Micro

2009-12-26 18:28 . 2009-12-26 18:28 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-12-26 09:58 . 2009-12-26 10:01 -------- d-----w- c:\program files\fixit

2009-12-26 07:18 . 2009-12-30 23:26 -------- d-----w- c:\documents and settings\qi\Application Data\Malwarebytes

2009-12-26 07:10 . 2009-12-30 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-23 18:47 . 2009-12-23 18:47 -------- d-----w- c:\documents and settings\qi\Local Settings\Application Data\Macromedia

2009-12-18 11:01 . 2009-12-18 11:01 -------- d-----w- c:\program files\MSXML 6.0

2009-12-15 21:11 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-12-15 21:11 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-12-15 21:11 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-12-15 21:11 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-12-15 21:11 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-12-15 21:11 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-12-13 05:33 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2009-12-11 20:01 . 2009-12-11 20:01 -------- d-----w- c:\documents and settings\qi\Application Data\Axialis

2009-12-11 20:01 . 2009-12-11 20:01 -------- d-----w- c:\program files\Axialis

2009-12-11 20:01 . 2009-12-26 05:29 -------- d-----w- c:\documents and settings\qi\Local Settings\Application Data\Axialis

2009-12-09 20:56 . 2009-12-09 20:56 -------- d-----w- c:\windows\system32\wbem\Repository

2009-12-08 03:28 . 2009-12-08 03:28 -------- d-----w- C:\drivers

2009-12-08 03:18 . 2009-12-09 20:54 -------- d-----w- c:\windows\JM

2009-12-08 02:35 . 2009-12-08 02:35 -------- d-----w- C:\dell

2009-12-08 02:33 . 2009-12-08 02:33 -------- d-----w- c:\program files\Intel

2009-12-08 02:33 . 2009-12-08 02:33 -------- d-----w- C:\Intel

2009-12-07 22:22 . 2009-12-08 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure

2009-12-07 22:22 . 2009-12-07 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2009-12-07 22:00 . 2009-12-09 20:55 -------- d-----w- c:\program files\PeerGuardian2

2009-12-07 21:21 . 2009-12-09 20:55 -------- d-----w- c:\windows\system32\Inetsrv6

2009-12-06 01:16 . 2008-06-09 11:12 12858 ----a-w- c:\windows\hpwscr14.dat

2009-12-06 01:16 . 2009-12-06 01:16 -------- d-----w- c:\windows\braveheart

2009-12-05 01:07 . 2009-12-05 01:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA

2009-12-05 00:24 . 2009-12-05 00:30 -------- d-----w- c:\program files\SystemRequirementsLab

2009-12-05 00:24 . 2009-12-05 00:24 -------- d-----w- c:\documents and settings\qi\Application Data\SystemRequirementsLab

2009-12-05 00:24 . 2009-12-05 00:24 290816 ----a-w- c:\documents and settings\qi\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll

2009-12-05 00:24 . 2009-12-05 00:24 290816 ----a-w- c:\documents and settings\qi\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll

2009-12-05 00:24 . 2009-12-05 00:24 290816 ----a-w- c:\documents and settings\qi\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll

2009-12-05 00:24 . 2009-12-05 00:24 290816 ----a-w- c:\documents and settings\qi\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll

2009-12-03 20:35 . 2009-12-03 20:35 -------- d-----w- c:\documents and settings\qi\Local Settings\Application Data\Identities

2009-12-03 11:18 . 2009-12-03 11:18 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-01-01 05:15 . 2009-08-14 07:17 -------- d-----w- c:\documents and settings\qi\Application Data\uTorrent

2010-01-01 05:15 . 2009-11-11 06:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-01-01 05:07 . 2009-09-02 02:55 -------- d-----w- c:\documents and settings\qi\Application Data\Vso

2009-12-31 22:40 . 2009-08-14 16:04 4687 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys

2009-12-31 21:55 . 2009-08-14 12:44 -------- d-----w- c:\documents and settings\qi\Application Data\HPAppData

2009-12-30 21:36 . 2009-08-14 00:03 -------- d-----w- c:\program files\HP

2009-12-30 21:30 . 2009-08-14 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2009-12-27 19:52 . 2009-10-22 16:38 -------- d-----w- c:\program files\FileBX

2009-12-25 18:22 . 2009-12-25 19:03 170792 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat

2009-12-25 08:17 . 2009-08-17 23:22 -------- d-----w- c:\documents and settings\qi\Application Data\LimeWire

2009-12-21 16:38 . 2009-08-14 07:17 -------- d-----w- c:\program files\uTorrent

2009-12-20 19:28 . 2009-08-13 18:52 116760 ----a-w- c:\documents and settings\qi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-19 14:18 . 2009-08-15 00:45 -------- d-----w- c:\program files\Google

2009-12-18 11:05 . 2009-12-18 11:05 -------- d-----w- c:\program files\MSBuild

2009-12-18 11:05 . 2009-12-18 11:05 -------- d-----w- c:\program files\Reference Assemblies

2009-12-16 21:06 . 2009-11-10 22:59 -------- d-----w- c:\program files\Docudesk

2009-12-10 19:30 . 2009-08-17 23:19 -------- d-----w- c:\program files\LimeWire

2009-12-10 01:52 . 2009-08-26 02:08 -------- d-----w- c:\program files\Alien Skin

2009-12-09 22:56 . 2009-08-13 21:42 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-12-09 20:54 . 2009-08-14 00:08 -------- d-----w- c:\program files\WordBiz

2009-12-08 04:10 . 2009-08-14 06:00 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-12-02 22:48 . 2009-08-13 23:59 -------- d-----w- c:\program files\Common Files\Adobe

2009-11-30 01:02 . 2009-11-30 01:02 -------- d-----w- c:\windows\Fonts\Holiday Set\christmas

2009-11-30 01:02 . 2009-11-30 01:01 -------- d-----w- c:\windows\Fonts\Holiday Set

2009-11-30 01:01 . 2009-11-30 01:01 -------- d-----w- c:\windows\Fonts\Holiday Set\whitechristmas

2009-11-29 20:08 . 2009-08-13 18:57 -------- d-----w- c:\program files\McAfee

2009-11-24 07:17 . 2009-11-24 07:17 -------- d-----w- c:\documents and settings\qi\Application Data\Amazon

2009-11-24 07:17 . 2009-11-24 07:17 -------- d-----w- c:\program files\Amazon

2009-11-14 07:05 . 2009-11-14 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse

2009-11-13 01:07 . 2009-11-13 01:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-11-12 05:41 . 2009-11-12 05:40 -------- d-----w- c:\documents and settings\qi\Application Data\TitanicMystery

2009-11-11 06:06 . 2009-11-11 06:06 -------- d-----w- c:\documents and settings\qi\Application Data\SpinTop

2009-11-06 08:11 . 2009-08-15 15:30 787760 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll

2009-11-06 08:11 . 2009-08-15 15:30 763184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll

2009-11-06 08:11 . 2009-08-15 15:30 570672 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll

2009-11-06 08:11 . 2009-08-15 15:30 496944 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll

2009-11-06 08:11 . 2009-08-15 15:30 423216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe

2009-11-06 08:11 . 2009-08-15 15:30 296240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll

2009-11-06 08:11 . 2009-08-15 15:30 263472 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll

2009-11-06 08:11 . 2009-08-15 15:30 1152304 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll

2009-11-06 08:11 . 2009-08-15 15:30 205576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe

2009-11-06 08:11 . 2009-08-15 15:30 1085704 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe

2009-11-06 08:11 . 2009-08-15 15:30 398640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll

2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-21 06:00 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 06:00 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 14:58 . 2004-08-04 12:00 263552 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:53 . 2004-08-04 12:00 266752 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:54 . 2004-08-04 12:00 69632 ----a-w- c:\windows\system32\raschap.dll

2009-10-12 13:54 . 2004-08-04 12:00 112128 ----a-w- c:\windows\system32\rastls.dll

2009-10-07 05:27 . 2009-10-07 05:27 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2009-08-13 03:01 . 2009-08-13 20:09 6656 --sha-w- c:\program files\Thumbs.db

2006-05-20 21:47 . 2009-08-13 20:09 2262376 ----a-w- c:\program files\tmasv30-au.exe

2006-05-20 21:47 . 2009-08-13 20:09 2262376 ----a-w- c:\program files\tmasv30-us.exe

2006-05-20 21:45 . 2009-08-13 20:09 532480 ----a-w- c:\program files\cwshredder.exe

2004-09-10 20:40 . 2009-08-13 20:09 75264 ----a-w- c:\program files\DECCHECK.exe

2004-09-10 20:40 . 2009-08-13 20:09 5970 ----a-w- c:\program files\eula.txt

2002-03-18 02:50 . 2009-08-13 20:09 1464244 ----a-w- c:\program files\Verbal.exe

2002-03-16 22:32 . 2009-08-13 20:08 33280 ----a-w- c:\program files\AWPS Users Guide Ver 2.doc

2001-11-01 22:07 . 2009-08-13 20:09 64398 ----a-w- c:\program files\Verbal.hlp

2001-10-31 22:10 . 2009-08-13 20:09 1170 ----a-w- c:\program files\verbal.cnt

2001-10-13 07:48 . 2009-08-13 20:09 140 ----a-w- c:\program files\Params.txt

2001-07-26 21:36 . 2009-08-13 20:09 766 ----a-w- c:\program files\WordProblemSolver.ico

2001-04-02 03:37 . 2009-08-13 20:09 1282 ----a-w- c:\program files\Probdata.txt

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-20 289584]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-23 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 136600]

"QuickTime Task"="F:\QTTask.exe" [2009-11-11 417792]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"iTunesHelper"="F:\iTunesHelper.exe" [2009-11-13 141600]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-30 429392]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"f:\\iTunes.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamservice.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/26/2009 10:53 AM 207792]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/30/2009 3:26 PM 235344]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/30/2009 3:26 PM 19160]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/18/2009 6:57 PM 721904]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/4/2009 9:10 AM 135664]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/26/2009 10:53 AM 359624]

S3 zgchsdiag;ZTE CDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgchsnmea.sys [2/24/2009 1:06 AM 105216]

S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?]

S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/13/2009 11:00 AM 203280]

S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/14/2009 8:37 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

2009-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 17:10]

2010-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-04 17:10]

2009-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-573735546-725345543-1003Core.job

- c:\documents and settings\qi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-13 18:13]

2010-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-573735546-725345543-1003UA.job

- c:\documents and settings\qi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-13 18:13]

2009-12-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-13 19:22]

2009-12-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-13 19:22]

2009-12-23 c:\windows\Tasks\NSSstub.job

- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-11-23 06:44]

2010-01-01 c:\windows\Tasks\WebReg .job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-10-17 03:22]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Office Excel - e:\micros~1\OFFICE11\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\qi\Start Menu\Programs\IMVU\Run IMVU.lnk

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll

FF - ProfilePath - c:\documents and settings\qi\Application Data\Mozilla\Firefox\Profiles\mtj3dx4z.default\

FF - component: c:\documents and settings\qi\Application Data\Mozilla\Firefox\Profiles\mtj3dx4z.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll

FF - plugin: c:\documents and settings\qi\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: f:\mozilla plugins\npitunes.dll

FF - plugin: f:\plugins\npqtplugin.dll

FF - plugin: f:\plugins\npqtplugin.dll

FF - plugin: f:\plugins\npqtplugin2.dll

FF - plugin: f:\plugins\npqtplugin2.dll

FF - plugin: f:\plugins\npqtplugin3.dll

FF - plugin: f:\plugins\npqtplugin3.dll

FF - plugin: f:\plugins\npqtplugin4.dll

FF - plugin: f:\plugins\npqtplugin4.dll

FF - plugin: f:\plugins\npqtplugin5.dll

FF - plugin: f:\plugins\npqtplugin5.dll

FF - plugin: f:\plugins\npqtplugin6.dll

FF - plugin: f:\plugins\npqtplugin6.dll

FF - plugin: f:\plugins\npqtplugin7.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll

HKCU-Run-Aim6 - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-31 21:26

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2009-12-31 21:28:58

ComboFix-quarantined-files.txt 2010-01-01 05:28

Pre-Run: 38,324,973,568 bytes free

Post-Run: 39,418,617,856 bytes free

- - End Of File - - F246ADBF7B9D32588F1EA7442D5895B5

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

You're welcome. Happy New Year to you as well. :)

Please run the MGA Diagnostic Tool and post the report it produces:

  1. Download MGADiag to your desktop.
  2. Double-click on MGADiag.exe to launch the program.
  3. Click Continue.
  4. Ensure that the Windows tab is selected. (It should be by default.)
  5. Click the Copy button to copy the MGA Diagnostic Report to the Windows clipboard.
  6. Paste the MGA Diagnostic Report into your next reply.

Link to post
Share on other sites
mushele

mushele

Posted
  • Author
Posted

Diagnostic Report (1.9.0011.0):

-----------------------------------------

WGA Data-->

Validation Status: Invalid Product Key

Validation Code: 8

Cached Validation Code: N/A

Windows Product Key: *****-*****-BT7D4-P7RY7-27K76

Windows Product Key Hash: lfUxYru1nac+9gdOkxNElyDObfM=

Windows Product ID: 76487-643-3689342-23676

Windows Product ID Type: 1

Windows License Type: Volume

Windows OS version: 5.1.2600.2.00010100.2.0.pro

ID: {C071D1F3-BC62-425D-BA72-564BF16FEB1F}(3)

Is Admin: Yes

TestCab: 0x0

WGA Version: Registered, 1.9.40.0

Signed By: Microsoft

Product Name: N/A

Architecture: N/A

Build lab: N/A

TTS Error: N/A

Validation Diagnostic: 025D1FF3-230-1

Resolution Status: N/A

WgaER Data-->

ThreatID(s): N/A

Version: N/A

WGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

File Exists: No

Version: N/A, hr = 0x80070002

WgaTray.exe Signed By: N/A, hr = 0x80070002

WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->

Office Status: 100 Genuine

Microsoft Office Professional Edition 2003 - 100 Genuine

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)

Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{C071D1F3-BC62-425D-BA72-564BF16FEB1F}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-27K76</PKey><PID>76487-643-3689342-23676</PID><PIDType>1</PIDType><SID>S-1-5-21-527237240-573735546-725345543</SID><SYSTEM><Manufacturer>GBT___</Manufacturer><Model>AWRDACPI</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F2</Version><SMBIOSVersion major="2" minor="3"/><Date>20060711000000.000000+000</Date></BIOS><HWID>E55F32AF01846E7B</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{20110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>C666EE124A5500</Val><Hash>3m/MlOk/njNwuVysaz2HyZ75Jj0=</Hash><Pid>82503-640-0010382-57825</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->

N/A

HWID Data-->

N/A

OEM Activation 1.0 Data-->

BIOS string matches: yes

Marker string from BIOS: 14320:SYNNEX TECHNOLOGY INTERNATIONAL CORP|14320:SYNNEX TECHNOLOGY INTERNATIONAL CORP|14320:SYNNEX TECHNOLOGY INTERNATIONAL CORP

Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->

N/A

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

The use of Keygens and Cracks inevitably leads to infection. Further, it is contrary to this sites Terms of Use. If you persist in their use you will no-longer receive help from this site in the future.

C:\WINDOWS\system32\antiwpa.dll is not a legitimate system file. It's only purpose is to bypass Windows Validation, or allow a pirated version of Windows to appear legitimate. While this may have been installed without your knowledge, even by an unscrupulous dealer, it indicates an illegal version of Windows. Due to legal and ethical reasons we are unable to help people With pirated software.

Microsoft has a program for people who unknowingly receive counterfeit software:

Q:

What are the details of the genuine Windows offer?

A:

To help customers who unknowingly purchased a counterfeit version of Windows XP, Microsoft has created two genuine Windows offers for those who qualify:

* Complimentary offer: Microsoft will make a complimentary copy of Windows XP available to customers who have been sold counterfeit Windows. Customers will be required to submit a proof of purchase, the counterfeit CD, and a counterfeit report with details of their purchase. Only high-quality counterfeit Windows will qualify for the complimentary offer.

* Electronic License Key Offer: Microsoft will offer an alternative for customers who find out via the WGA validation process that they are not running genuine Windows, but do not qualify for, or choose not to take advantage of, the complimentary offer. These customers will be able to license a Windows Genuine Advantage Kit for Windows XP directly from Microsoft for a special on-line purchase price. The Windows Genuine Advantage Kit for Windows XP will include a new 25-character Product Key and a Windows Product Key Update tool that will allow customers to convert their counterfeit copy to genuine Windows XP electronically.

Link to post
Share on other sites
mushele

mushele

Posted
  • Author
Posted

Ok, I will have to dig for receipts for my xp program, I have the disk but the case disappeared a few years ago, meanwhile is my machine clean? I did remove that .dll in a previous scan, so that is what caused windows to invalidate? What is a keggen? Does it do harm and is it blocked by spyware dr (since I still cant get MWbtes to Protect) ????

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.