Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows Validation Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows Validation Help

Unread postby jm47 » December 12th, 2011, 1:19 am

Gentlemen: surfing internet when computer froze up.Rebooted with a transparent oblong box appearing in the bottom right corner of the screen claiming my version of XP was not genuine. There is a small icon in the system tray with a link to a paysite. Desktop backround is now in black. Can you help? Thanks

DS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Home at 0:47:04 on 2011-12-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2212 [GMT -5:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
H:\WINDOWS\system32\spoolsv.exe
svchost.exe
H:\WINDOWS\System32\svchost.exe -k Akamai
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\WINDOWS\system32\WgaTray.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Symantec AntiVirus\DefWatch.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Active PC Optimizer\ActivePCOptimizerService.exe
H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
H:\WINDOWS\system32\svchost.exe -k imgsvc
H:\Program Files\Symantec AntiVirus\Rtvscan.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
H:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\System32\svchost.exe -k HTTPFilter
H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
H:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\PROGRA~1\SYMANT~1\VPTray.exe
H:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
H:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
H:\Program Files\Pure Networks\Network Magic\nmapp.exe
H:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
H:\Program Files\Microsoft IntelliType Pro\itype.exe
H:\Program Files\Microsoft IntelliPoint\ipoint.exe
H:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
H:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
H:\Program Files\IE New Window Maximizer\iemaximizer.exe
H:\Program Files\Brother\ControlCenter3\brccMCtl.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Documents and Settings\Home\Local Settings\Application Data\Akamai\netsession_win.exe
H:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
H:\Documents and Settings\Home\Local Settings\Application Data\Akamai\netsession_win.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\62ZFMPR8\HijackThis[1].exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3003489
uURLSearchHooks: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - h:\program files\productivity_3\prxtbPro2.dll
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - h:\program files\coupons.com\prxtbCoup.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - h:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - h:\program files\productivity_3\prxtbPro2.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - h:\program files\coupons.com\prxtbCoup.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - h:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - h:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - h:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - h:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - h:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - h:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - h:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: Productivity 3 Toolbar: {1fca4df8-9acd-4dfb-89cc-ddd0082fc588} - h:\program files\productivity_3\prxtbPro2.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - h:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - h:\program files\coupons.com\prxtbCoup.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "h:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [IE New Window Maximizer] h:\program files\ie new window maximizer\iemaximizer.exe
uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "h:\program files\messenger\msmsgs.exe" /background
uRun: [Akamai NetSession Interface] h:\documents and settings\home\local settings\application data\akamai\netsession_win.exe
uRunOnce: [FlashPlayerUpdate] h:\windows\system32\macromed\flash\FlashUtil11c_ActiveX.exe -update activex
mRun: [HDAudDeck] h:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [8169Diag] h:\program files\realtek\diagnostics utility\8169Diag.exe /hw
mRun: [ccApp] "h:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] h:\progra~1\symant~1\VPTray.exe
mRun: [PPort11reminder] "h:\program files\scansoft\paperport\ereg\ereg.exe" -r "h:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] h:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [nmctxth] "h:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "h:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [itype] "h:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "h:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Google Quick Search Box] "h:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Adobe ARM] "h:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "h:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ControlCenter3] h:\program files\brother\controlcenter3\brctrcen.exe /autorun
StartupFolder: h:\docume~1\home\startm~1\programs\startup\kuma_t~1.lnk - h:\program files\kuma games\kgsystray\Kuma_tray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: stormofaces.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/gl ... ad1_10.CAB
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/D ... tion&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 8597381100
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
TCP: Interfaces\{3AF08BE9-C351-4E03-949F-9283426DB1F2} : DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - h:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: NavLogon - h:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - h:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;h:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;h:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 Akamai;Akamai NetSession Interface;h:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 ccEvtMgr;Symantec Event Manager;h:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;h:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 LANPkt;Realtek LANPkt Protocol Driver;h:\windows\system32\drivers\LANPkt.sys [2009-4-1 8960]
R2 RegMumService;ActivePCOptimizer Service;h:\program files\active pc optimizer\ActivePCOptimizerService.exe [2010-9-18 1553344]
R2 Symantec AntiVirus;Symantec AntiVirus;h:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 Diag69xp;Diag69xp;h:\windows\system32\drivers\diag69xp.sys [2009-4-1 11264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;h:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-18 106104]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;h:\windows\system32\drivers\HCW85BDA.sys [2009-4-1 1129344]
R3 MBAMProtector;MBAMProtector;h:\windows\system32\drivers\mbam.sys [2011-5-13 22216]
R3 NAVENG;NAVENG;h:\progra~1\common~1\symant~1\virusd~1\20111209.003\naveng.sys [2011-12-9 86136]
R3 NAVEX15;NAVEX15;h:\progra~1\common~1\symant~1\virusd~1\20111209.003\navex15.sys [2011-12-9 1576312]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;h:\windows\system32\drivers\viahduaa.sys [2009-4-1 874240]
S2 gupdate;Google Update Service (gupdate);h:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S2 MBAMService;MBAMService;h:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-14 366152]
S3 GamesAppService;GamesAppService;h:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);h:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 HauppaugeTVServer;HauppaugeTVServer;h:\progra~1\wintv\HCWTVS~1.EXE [2009-4-5 823296]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\h:\windows\system32\drivers\mbamswissarmy.sys --> h:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;h:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;h:\windows\system32\drivers\RTLVLAN.SYS [2009-4-1 16640]
S3 SavRoam;SAVRoam;h:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
.
=============== Created Last 30 ================
.
2011-12-10 20:43:34 -------- d-----w- H:\9abc9448b92ca30ef6e1bc
2011-12-10 20:41:42 -------- d-----w- h:\windows\system32\wbem\repository\FS
2011-12-10 20:41:42 -------- d-----w- h:\windows\system32\wbem\Repository
2011-11-19 13:05:08 -------- d-----w- h:\documents and settings\home\local settings\application data\Coupons.com
2011-11-19 13:05:06 -------- d-----w- h:\program files\Coupons.com
2011-11-19 13:04:59 398760 ----a-r- h:\windows\system32\cpnprt2.cid
2011-11-19 13:04:56 -------- d-----w- h:\program files\Coupons
.
==================== Find3M ====================
.
2011-10-06 02:29:53 414368 ----a-w- h:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 0:47:19.96 ===============
jm47
Active Member
 
Posts: 3
Joined: December 11th, 2011, 1:53 am
Advertisement
Register to Remove

Re: Windows Validation Help

Unread postby deltalima » December 13th, 2011, 5:15 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Windows Validation Help

Unread postby deltalima » December 13th, 2011, 5:26 pm

Hi jm47,

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Windows Validation Help

Unread postby jm47 » December 15th, 2011, 12:41 am

Thanks MRU. I think the problem is solved. They somehow got my product key info and erased it. I used Winkeyfinder and Combofix and my computer seems to be ok. I will highly recommend your site. I hope I didn't put you through too much trouble.Thanks again
jm47
Active Member
 
Posts: 3
Joined: December 11th, 2011, 1:53 am

Re: Windows Validation Help

Unread postby deltalima » December 15th, 2011, 6:59 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 301 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware