Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HELP! All sorts of problems popping up after infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HELP! All sorts of problems popping up after infection

Unread postby dakotag » January 20th, 2010, 5:26 pm

My HiJackThis log is pasted below. To summarize issues:

(1) have "redirect" issues with Google. It takes me 4 clicks of a link to get the right website.
(2) have random popups of some "survey" website that claims to be msn.com.
(3) Now having issues with DCOM errors and rebooting (stopped them with shutdown -1 command)
(4) Now having Windows Installer issues so I can't install any of the suggested spyware / malware removal programs.
(5) did run a couple before the installer issue, including Spybot and Malwarebytes. They found several trojans and cleaned them but the problems still exist. Now they find no problems when I run them.

I'm running Vista (32 bit) and have Zonealrm installed. HELP!!!

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:47 PM, on 1/20/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
F:\Vista\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Logitec\SetPoint\SetPoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\PresentationSettings.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wuauclt.exe
F:\Vista\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Windows\system32\wlrmdr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EverProfitsAddOns - {1b08a88c-3083-4512-93dc-ce1321deb555} - F:\Vista\Ever Profits Toolbar\adxloader.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: GlobalSpec Engineering Toolbar - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - C:\PROGRA~1\gspec\gspec.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\Vista\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Vista\Adobe Professional 8.0\Acrobat\AcroIEFavClient.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\ICS Toolbar\toolbar\icstoolbar.dll (file missing)
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Ever Profits Toolbar - {4fe8e2eb-f905-45a9-8de9-9ad2f228ccc9} - F:\Vista\Ever Profits Toolbar\adxloader.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Vista\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [QuickBooksDB17] F:\Vista\Quickbooks\QBDBMgrN.exe -n QB_CHRIS-NOTEBOOK_17 -qs -gd ALL -gk all -gp 4096 -gu all -ch 64M -c 32M -x tcpip(BroadcastListener=NO;port=10172) -ti 0 -ec simple -ct- -qi -qw -tl 120 -oe C:\Users\Chris\AppData\Local\Intuit\QUICKB~2\Log\DBStartup.log -y
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2341667710-1839444769-1059944710-1008\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - S-1-5-21-2341667710-1839444769-1059944710-1008 Startup: Yahoo! Widgets.lnk = F:\Vista\Widgets\YahooWidgets.exe (User '?')
O4 - Startup: Yahoo! Widgets.lnk = F:\Vista\Widgets\YahooWidgets.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Logitec\SetPoint\SetPoint.exe
O8 - Extra context menu item: -> Ever Profits - Explore Keyword... - file://F:\Vista\Ever Profits Toolbar\EverProfitsAddOns.IEModule.54267293.js
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\Vista\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Vista\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Vista\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Vista\Spybot\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_setti ... Config.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 3368296837
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - F:\Vista\Superantispyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service BITSSDRSVC (BITSSDRSVC) - Unknown owner - C:\Windows\system32\acppageo.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8e63b26cad0c0) (gupdate1c8e63b26cad0c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - F:\Vista\Spybot\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9868 bytes
dakotag
Active Member
 
Posts: 5
Joined: January 20th, 2010, 5:04 pm
Advertisement
Register to Remove

Re: HELP! All sorts of problems popping up after infection

Unread postby Jack&Jill » January 23rd, 2010, 11:07 pm

Hello dakotag,

Welcome to Malware Removal. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
  • Please observe and follow these Forum Rules and HOW TO GET HELP AT THIS FORUM (YOU MUST READ THIS).
  • It will take some time for me to go through your logs, so please be patient with me.
  • Backing up important data is a good idea as malware removal is a hazardous undertaking. Please do so if you haven't already.
  • Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
  • Reply and keep only to this thread. If you have the same topic elsewhere, please inform me or the other forum so that either can be closed.
  • If you have any doubts or problems during the fix, please stop and ask.
  • If you need to be away for a while during the fix, please let me know.
  • Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
  • Do not use or run any tools without supervision as they may cause more harm if improperly used.
  • Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
  • Please read the instructions carefully and follow them closely, in the order they are presented to you.
  • All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
  • If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly :) . We may begin.

You have another topic here:
http://www.bleepingcomputer.com/forums/topic288450.html

If you wish to continue here, please have the other closed.

I am now working on your log and will be back the soonest. At the mean time, please complete the following steps.

For Windows Vista, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.

Please post an Uninstall list
  • Open HijackThis.
  • Go to Open the Misc Tools section by clicking on the box.
  • Under the Systems tools, look for Open Uninstall Manager and click on it.
  • Click Save list... and save the text file in a convenient location.
  • Copy and paste the Uninstall list contents in your reply.

Validate Windows
  • Please download MGADiag.exe from Microsoft and save it to a convenient location. Click here.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file and post it in your next reply.

Check for additional security risks
  • Please download CKScanner© by askey127 and save to your desktop. Click here.
  • Double click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
  • Post the contents of ckfiles.txt in your reply, it is located on your desktop.

Please post back:
1. uninstall list
2. MGADiag result
3. CKScanner log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: HELP! All sorts of problems popping up after infection

Unread postby dakotag » January 24th, 2010, 11:03 pm

Thanks for your help. Here are the reports requested: (1) HJT, (2) ckfiles report, (3) and MGA reports.

HJT Uninstall report

32 Bit HP CIO Components Installer
AAA Logo 2009 Business Edition 3.0
Acrobat.com
Acrobat.com
Adobe Acrobat 8.1.4 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Viewer CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Reader 9
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
AoA DVD Copy
AoA DVD Ripper
AoA DVD to iPod Converter
AoADVDCreator
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avanquest update
BizPlanBuilder 8.0
Bonjour
Broadcom Gigabit Integrated Controller
Broadcom Management Programs
CDDRV_Installer
Check Designer
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Dell ResourceCD
Dell Touchpad
Digital Line Detect
Digsby
DivX Author 1.5
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
erLT
Ever Profits Toolbar 1.9.5026 (Beta)
FileZilla Client 3.2.7.1
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Update
ICSToolbar
Intel PROSet Wireless
iolo technologies' System Mechanic 7
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 6
KhalInstallWrapper
Logitech SetPoint
Logitech Updater
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Expression Design 2
Microsoft Expression Design 2
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Edition 2003
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime
MobileMe Control Panel
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MySQL Connector/ODBC 3.51
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OZ776 SCR CardBus Windows Driver
OZ776 SCR Driver V1.1.4.202
OZ776 SCR Driver V1.1.4.202
QuickBooks Premier: Professional Services Edition 2007
QuickBooks Product Listing Service
Quicken 2008
QuickTime
Safari
Search Engine Builder Standard
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Sendouts Pro Outlook AddIn
SigmaTel Audio
SmartDraw 7
Sonance Navigator Program Manager
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
TouchChip USB Driver 2.10
TouchChip USB Driver 2.6
Ultimate Extras sounds from Microsoft® Tinker™
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
VC 9.0 Runtime
VC 9.0 Runtime
ViewSonic Monitor Drivers
ViewSonic Windows Vista Signed Files
Windows Installer Clean Up
Windows Live Photo Gallery
Windows Sound Schemes
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Widgets
ZoneAlarm Security Suite
ZoneAlarm Toolbar



CK Scanner

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----



MGA Diagnostics report

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-DCCMR-R4Q9M-BVMG4
Windows Product Key Hash: 0LCO5Y+wZTGYik3XYhqrtpnbwmQ=
Windows Product ID: 89580-006-3642832-71328
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.0.6001.2.00010100.1.0.001
ID: {2FB8FBA7-19AE-4289-A72F-329E3A8F7BC7}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Ultimate
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.090805-0102
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Small Business Edition 2003 - 100 Genuine
Microsoft Office Visio Professional 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2FB8FBA7-19AE-4289-A72F-329E3A8F7BC7}</UGUID><Version>1.9.0011.0</Version><OS>6.0.6001.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-BVMG4</PKey><PID>89580-006-3642832-71328</PID><PIDType>5</PIDType><SID>S-1-5-21-2341667710-1839444769-1059944710</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Latitude D820 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A09</Version><SMBIOSVersion major="2" minor="4"/><Date>20080604000000.000000+000</Date></BIOS><HWID>A4333507010000FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M07 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91CA0409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Small Business Edition 2003</Name><Ver>11</Ver><Val>666E31C60BB15F3</Val><Hash>Jb45m8B4E+jXfcGe053N80qOL/Y=</Hash><Pid>70160-761-6876512-56604</Pid><PidType>1</PidType></Product><Product GUID="{91120000-0051-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Visio Professional 2007</Name><Ver>12</Ver><Val>A3C44FCF2C15ECE</Val><Hash>I7TPBhek+dADHL9nNWs/Jw6YQK0=</Hash><Pid>84890-871-1380277-63950</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="53" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, Ultimate edition
Description: Windows Operating System - Vista, RETAIL channel
Activation ID: 30fab9cc-8614-4339-989f-7ce61fb7a5c4
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89580-00142-006-364283-01-1033-6000.0000-1642008
Installation ID: 006320411642733655144134024643542136038055879864435381
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: BVMG4
License Status: Licensed

HWID Data-->
HWID Hash Current: MgAAAAEAAgABAAEAAQABAAAAAwABAAEA6GEopI0X/vfqTtI5Ykby9BpaMhQMC6xWKoU=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL M07
FACP DELL M07
HPET DELL M07
MCFG DELL M07
ASF! DELL M07
TCPA DELL M07
SLIC DELL M07
SSDT PmRef CpuPm
dakotag
Active Member
 
Posts: 5
Joined: January 20th, 2010, 5:04 pm

Re: HELP! All sorts of problems popping up after infection

Unread postby Jack&Jill » January 25th, 2010, 5:33 am

Hello dakotag :),

Is this a business / work computer? There seems to be many business / corporate version of programs.
Last edited by Jack&Jill on January 25th, 2010, 10:03 pm, edited 1 time in total.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: HELP! All sorts of problems popping up after infection

Unread postby dakotag » January 25th, 2010, 10:02 am

It's both. I have my own home based business and it's my personal laptop.
dakotag
Active Member
 
Posts: 5
Joined: January 20th, 2010, 5:04 pm

Re: HELP! All sorts of problems popping up after infection

Unread postby Jack&Jill » January 25th, 2010, 10:01 pm

Hello dakotag :),

Although the intention of this forum is to help people with their malware problems, it is somewhat limited to personal and home computers. We are also not here to replace any company's IT department. As such, I am unable to proceed further with the fixes on your computer due to our policy in dealings with corporate or business computers. It is not that we do not want to help, but there are many legal implications that we are not ready nor willing to face. We do not wish to be held liable for any sensitive materials in the computer that may have been compromised prior to or during the malware removal process.

Please inform your IT department immediately when any computer is infected. There could be more than one machine at stake, possibly even the server. You may directly go the local computer shops if it is a personal business.

Thank you for your understanding. Let me know if you have any further questions.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: HELP! All sorts of problems popping up after infection

Unread postby dakotag » January 26th, 2010, 9:31 am

There is no IT dept. Just me. I bought the laptop from my old employer when I left there a couple years ago. I've used it for personal use and am now trying to start an affiliate marketing business from home. I put Vista Ultimate on it after purchasing it

let me know if this is okay and you can help.
dakotag
Active Member
 
Posts: 5
Joined: January 20th, 2010, 5:04 pm

Re: HELP! All sorts of problems popping up after infection

Unread postby Jack&Jill » January 26th, 2010, 12:54 pm

Hello dakotag :),

If you are using the computer for your business, it is more advisable to get help from the local computer shop.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: HELP! All sorts of problems popping up after infection

Unread postby NonSuch » January 29th, 2010, 1:29 am

As this issue involves either a company owned machine or a machine that is used for business purposes, it falls outside the scope of this forum. Therefore, this topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware