Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Blocking Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet Blocking Malware

Unread postby luckyguy457321 » July 30th, 2011, 6:23 am

Internet Blocking Malware
I have tried scanning with Malwarebytes' scanner. The first time it did pick up and clean some viruses, but I'm still getting it's symptoms.
The virus crashes internet explorer, and google chrome cannot navigate to any website. So I'm using a flash drive to transfer the logs and files to the infected computer. I have autorun turned off, and my not infected laptop should be safe... I hope.
Pasting the logs

DDS.txt file
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by BenBen at 18:15:44 on 2011-07-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.3326.1895 [GMT 8:00]
.
AV: ZoneAlarm Security Suite Antivirus *Enabled/Outdated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Documents and Settings\Ben Ben\Application Data\Dropbox\bin\Dropbox.exe
F:\ZLu.exe
C:\WINDOWS\system32\dumprep.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [CAP3ON] c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: e:\docume~1\benben~1\startm~1\programs\startup\dropbox.lnk - e:\documents and settings\ben ben\application data\dropbox\bin\Dropbox.exe
dPolicies-explorer: NoSetFolders = 1 (0x1)
dPolicies-explorer: NoFavoritesMenu = 1 (0x1)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: imslsp.dll
LSP: c:\windows\system32\zonelabs\vetredir.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 1040526406
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{636CF6E5-F379-48A8-90C2-B4F155C14351} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-5-31 21605]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-5-31 15668]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-5-31 114856]
R1 VETMONNT;VET File and Macro Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-5-31 896472]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-5-31 270672]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-10-17 41272]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]
S4 CAISafe;CA ISafe;c:\windows\system32\zonelabs\isafe.exe [2009-5-31 184320]
S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-4 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
S4 TeamViewer4;TeamViewer 4;"e:\documents and settings\ben ben\temp\teamviewer\version4\teamviewer_service.exe" -service --> e:\documents and settings\ben ben\temp\teamviewer\version4\TeamViewer_Service.exe [?]
.
=============== File Associations ===============
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-07-19 02:27:48 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-07-19 02:22:59 -------- d-----w- c:\windows\system32\bits
2011-07-19 02:21:33 -------- d-----w- c:\windows\ServicePackFiles
2011-07-19 02:21:24 294912 ------w- c:\program files\windows media player\dlimport.exe
2011-07-19 02:21:20 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-07-19 02:19:21 19569 ----a-w- c:\windows\002760_.tmp
2011-07-19 02:19:16 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-07-19 02:17:46 -------- d-----w- c:\windows\EHome
2011-07-19 01:55:57 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2011-07-19 01:55:57 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2011-07-19 01:55:57 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2011-07-19 01:55:57 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-07-19 01:55:56 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-07-19 01:29:37 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-18 15:27:42 208896 ----a-w- c:\windows\MBR.exe
2011-07-18 15:26:37 388608 ----a-w- c:\windows\system32\CF16267.exe
2011-07-18 15:21:22 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-07-17 17:17:51 54016 ----a-w- c:\windows\system32\drivers\lposkj.sys
2011-07-17 13:02:32 -------- d-----w- c:\program files\Object
2011-07-17 12:58:37 17280 ----a-w- c:\windows\system32\roboot.exe
2011-07-15 00:16:34 -------- d-----w- C:\Riot Games
.
==================== Find3M ====================
.
2011-07-06 11:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 11:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2011-05-03 20:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-03 18:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 18:17:00.53 ===============

attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/31/2009 1:15:45 PM
System Uptime: 7/30/2011 4:24:02 PM (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA770-DS3
Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket M2 | 2210/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 22.401 GiB free.
D: is FIXED (NTFS) - 84 GiB total, 65.037 GiB free.
E: is FIXED (NTFS) - 90 GiB total, 48.7 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: nVidia WDM Video Capture (universal)
Device ID: DISPLAY\NVCAP\5&3B8591C7&0&CA000002&01&00
Manufacturer: nVidia
Name: nVidia WDM Video Capture (universal)
PNP Device ID: DISPLAY\NVCAP\5&3B8591C7&0&CA000002&01&00
Service: nvcap
.
==== System Restore Points ===================
.
RP157: 7/16/2011 12:59:33 PM - System Checkpoint
RP158: 7/17/2011 11:36:41 PM - System Checkpoint
RP159: 7/18/2011 11:01:17 AM - Installed Java(TM) 6 Update 26
RP160: 7/19/2011 10:19:25 AM - Installed Windows XP Service Pack 3.
RP161: 7/19/2011 10:24:55 AM - Installed Windows XP KB967715.
.
==== Installed Programs ======================
.
3dsmax ancillary install
7-Zip 9.20
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.2
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Age of Mythology
Apple Software Update
Autodesk 3ds Max 9 32-bit
Autodesk DWF Viewer 7
Backburner
Canon LASER SHOT LBP-1120
Chaotic
DMIView B7.0108.01
Dropbox
Dual-Core Optimizer
ESET Online Scanner v3
Face_Wizard B07.0509.01
Facetheme
FBX Plugin 2006.08 for Max 9.0
Fiesta
FileZilla Client 3.3.2.1
Fraps
Free Download Manager 3.0
Game Maker 8.0
GCFScape 1.7.5
Google Chrome
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Office (KB950278)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
i-Cool
Iron Man
Java Auto Updater
Java DB 10.6.2.1
Java(TM) 6 Update 26
Java(TM) SE Development Kit 6 Update 24
Junk Mail filter update
League of Legends
Malwarebytes' Anti-Malware version 1.51.1.1800
MapleStory
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.3
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
MSVCRT
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
muveeNow 2.1
Notepad++
NVIDIA Drivers
NVIDIA nTune
NVIDIA PhysX
NVIDIA WDM Drivers
OpenAL
Paint.NET v3.5.4
Pando Media Booster
PDF Settings
QuickTime
Realtek High Definition Audio Driver
Segoe UI
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Steam
TeamViewer 4
TortoiseSVN 1.6.10.19898 (32 bit)
Tweak Manager 2.1
Unity Web Player
Unlocker 1.8.7
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows XP (KB967715)
VLC media player 1.1.11
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format Runtime
Windows XP Service Pack 3
WinRAR archiver
XpertVision 6.1
Xvid Video Codec
ZoneAlarm Security Suite
.
==== Event Viewer Messages From Past Week ========
.
7/28/2011 5:53:04 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
.
==== End Of File ===========================

Thank-you for your help!

Edit:
  • Made Sections Easier to spot
  • Removed the 'code' tags around the logs
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia
Advertisement
Register to Remove

Re: Internet Blocking Malware

Unread postby deltalima » August 1st, 2011, 1:44 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Internet Blocking Malware

Unread postby deltalima » August 1st, 2011, 1:51 pm

Hi luckyguy457321,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Internet Blocking Malware

Unread postby luckyguy457321 » August 2nd, 2011, 9:25 am

Thanks for helping me.
I am following your steps right now.
I'll post when I am done with information as required.

Regards
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Internet Blocking Malware

Unread postby deltalima » August 2nd, 2011, 9:27 am

OK, please post when ready.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Internet Blocking Malware

Unread postby luckyguy457321 » August 2nd, 2011, 9:40 am

Done!
Okay, I have completed the steps :)

CKFiles.txt:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar.kfm
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar.nif
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_ac_down_atk.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_attack.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_critical.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_damage.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_die.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_normal_atk.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_normal_wide.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_run.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_stand.kf
c:\program files\outspark\fiesta\reschar\b_crackerhumar\b_crackerhumar_root_walk.kf
c:\program files\outspark\fiesta\reschar\kingcrab\emperorcarb_crackbip01_skill5.kf
c:\program files\outspark\fiesta\reschar\kingcrab\emperorcrab_crackbip01_skill1.kf
c:\program files\outspark\fiesta\reschar\kingcrab\emperorcrab_crackbip01_skill2.kf
c:\program files\outspark\fiesta\reschar\kingcrab\emperorcrab_crackbip01_skill3.kf
c:\program files\outspark\fiesta\reschar\kingcrab\emperorcrab_crackbip01_skill3_cast.kf
c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_attack.kf
c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_critical.kf
c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_damage.kf
c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_die.kf
c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_run.kf
c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_stand.kf
c:\program files\outspark\fiesta\reschar\kingcrab\kingcrab_crackbip01_walk.kf
c:\program files\outspark\fiesta\reseffect\b_crackerhumar_ac_down_atk.nif
c:\program files\outspark\fiesta\reseffect\b_crackerhumar_attack.nif
c:\program files\outspark\fiesta\reseffect\b_crackerhumar_attack_op.nif
c:\program files\outspark\fiesta\reseffect\b_crackerhumar_die.nif
c:\program files\outspark\fiesta\reseffect\b_crackerhumar_normal_atk.nif
c:\program files\outspark\fiesta\reseffect\b_crackerhumar_normal_wide.nif
c:\program files\outspark\fiesta\reseffect\b_crackerlooter_curse_wide.nif
c:\program files\outspark\fiesta\reseffect\firecracker01.nif
c:\program files\outspark\fiesta\reseffect\firecracker02.nif
c:\program files\outspark\fiesta\reseffect\hfirecracker00.nif
c:\program files\outspark\fiesta\reseffect\sta_crackeracdownloof.nif
c:\program files\outspark\fiesta\reseffect\sta_crackerdiseaseloof.nif
c:\program files\outspark\fiesta\resmap\field\b_cracker\b_cracker.conf
c:\program files\outspark\fiesta\resmap\field\b_cracker\b_cracker.nif
c:\program files\outspark\fiesta\resmap\field\b_cracker\b_cracker.shbd
c:\program files\outspark\fiesta\resmap\field\b_cracker\b_cracker.shmd
c:\program files\outspark\fiesta\resmap\field\b_cracker\darkcave_water.nif
c:\program files\outspark\fiesta\resmenu\minimap\b_cracker.dds
c:\program files\outspark\fiesta\ressystem\action\b_crackerhumar.dat
c:\program files\tc digital\chaotic\game\cardart\b_whepcrack.xnb
scanner sequence 3.ZZ.11.XFNAHU
----- EOF -----


Copy Button of the second program:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-YFQQC-7M3YM-7TGVW
Windows Product Key Hash: vzezwX1t+XLxr4tiV494K6by4I0=
Windows Product ID: 76477-OEM-2142964-82979
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {C1B41973-8E5B-4547-9ABB-A364C3946B59}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: E:\Documents and Settings\Ben Ben\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C1B41973-8E5B-4547-9ABB-A364C3946B59}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-7TGVW</PKey><PID>76477-OEM-2142964-82979</PID><PIDType>3</PIDType><SID>S-1-5-21-1715567821-573735546-839522115</SID><SYSTEM><Manufacturer>GBT___</Manufacturer><Model>GBTUACPI</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F3</Version><SMBIOSVersion major="2" minor="3"/><Date>20071224000000.000000+000</Date></BIOS><HWID>B8743AF701842072</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>W. Australia Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17959</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="10" Result="114"/><App Id="16" Version="10" Result="114"/><App Id="17" Version="10" Result="114"/><App Id="18" Version="10" Result="114"/><App Id="1A" Version="10" Result="114"/><App Id="1B" Version="10" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 141B0:SYNNEX TECHNOLOGY INTERNATIONAL CORP|141B0:SYNNEX TECHNOLOGY INTERNATIONAL CORP|141B0:SYNNEX TECHNOLOGY INTERNATIONAL CORP
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
luckyguy457321
Regular Member
 
Posts: 56
Joined: September 2nd, 2009, 10:16 am
Location: Perth,Western Australia

Re: Internet Blocking Malware

Unread postby deltalima » August 2nd, 2011, 9:47 am

You are using cracked software.

The topic is now closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 91 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware