Free Malware Removal Forum

[aussiedeb]

i need urgent help i have had 34 trojans on my computer in 6 weeks,i am running all the necessary virus and spy ware programs,cybercops have been helping me,but even they are stumped now,it started with me getting a password on my windows start up program,that i didnt put on myself, then an error message, and it was shutting my computer down,found out it was the sasser worm virus,loaded all the removal tools , for it, an ran them,but now i still keep freezing up, ie keeps closing, and my computer wont even log out of windows i have to turn off at power,its slow and hardly working,i have sent my hijackthis log file to cybercops,,and they told me what to delete,but still having a lot of trouble,they told me to get firefox,? but not sure as was told that a lot of ppl having trouble with it,wont restore, back to an earlier date,i run so many virus programs, now its not funny, and they are still getting in,i must have a hole,,or back door open to allow them in,but i cannot find it,,i really dont know what to look for, when the computer freezes up, i cannot do anything,and happening all the time, i am running avg,spybot,ad aware,spydoc, and just got a-squared,i have ran house call 2 times, all show no viruses now,i even recieved an email saying that an abnormality was found in my emails,and i needed to download a firewall,,it was a virus,said that the robot detected it,,no such thing,from hotmail,i didnt open the attatchment,luckly,i do not know what else to do,cyber cops put me on to you,,to see if you can help me, as they dont know either,i am a 49 yr old lady with cancer,,and my computer is my life line to the outside world,,,i am not a whiz at computers,,but not stupid,but not sure how to attatch my hijackthis log file for you to see,??, need advise on how to do this thank you very much for any aid you may give me,debra,,,

[aussiedeb]

Logfile of HijackThis v1.97.7
Scan saved at 8:34:57 PM, on 9/03/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Deb\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab

[/img][/list]

[Vino Rosso]

Hi aussiedeb and welcome to Malware Removal Forum

To reply to this post, scroll down to the bottom of the page and click on PostReply on the left. Please do not start a new thread but always post your reply here.

You are currently using an unpatched version of Microsoft Windows XP. It is CRITICAL that, as a minimum, you install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. Please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2).

IMPORTANT: Do NOT update to Service pack 2. Doing so before your computer is clean can cause Windows to become unstable. SP2 should only be installed on a fully disinfected system. We will update to SP2 when your computer is clean.

1) If you are having trouble locating the service pack SP1a here is a direct link to download it from:
http://download.microsoft.com/download/ ... en_x86.exe

2) If the installed language on your system is NOT English, please use this web page >here< and select your language from the dropdown box before clicking on download.

Once you have Service Pack 1a installed, please post back with a fresh HijackThis log or with any problems you are having updating.

1 - Install HijackThis
You are running an old version of HijackThis. An easy way to correct this is to do the following:

Delete the version you have in C:\Documents and Settings\Deb\My Documents\HijackThis.exe
Download a copy of HJTsetup.exe from >here< and save it to your Desktop.

• Double click HJTsetup.exe to begin installation.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the prompts from there.
• At the final dialogue box, check the box to the left of "Launch Hijackthis" and then click Finish
• When HijackThis has started, click on Do a system scan and save a log file
• When Notepad opens, click the Format menu and make sure that Wordwrap is NOT ticked. If it is then click on it to UNtick it.
• Click Edit > Select All then Edit > Copy
• Paste (Ctrl+V) the content with your next reply.

Do not try to fix anything yet! HijackThis shows lots of good files as well as bad.

Please ask any questions if you are unsure of what you need to do.

Good Luck
Vino

[chryssi2001]

Hello Debra,and to Malware Removal Forums.

Good to know you are a fighter. I wish you the best.

I will be assisting you with your malware issues.
Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.

As I am still a trainee, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

• Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
• Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
• Please bookmark or favourite this page. In case you need it as reference or etc.

------------------------------
Do Cybercops still help you with this? If not please do as follows and post a HijackThis log.
------------------------------
Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Double click on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
• Click Save to save the log file and then the log will open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

[aussiedeb]

i have done what you said and recieved the updates for sp1,,,and have done a new lof file for hijack this it is below,,
Logfile of HijackThis v1.97.7
Scan saved at 1:36:08 PM, on 12/03/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Deb\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab

i noticed in my add remove programs that i had sp2 there,,i wonder if that is what was making my puter freeze up all the time,,??, as i am having a hell of a time with programs not responding,,and computer wont even log out,i have to turn off at power,,just to reboot,all scans i have done in safe mode said no viruses or threats,,,weird,,,but alwaus says hosts,, changed,,in windows32 /system/d avg wont heal or repair this ?

[Vino Rosso]

Hi aussiedeb

Apologies for the possible confusion with both Chryssi and me posting to your request for help.

Your log shows that SP1 has still not been installed and that you have not downloaded and used the latest version of HijackThis. Can you please follow the instructions in my previous post - that is to visit >Microsoft's Update Page< and update to SP1. Then download the latest version of HijackThis and post a new log.

Thanks
Vino

[aussiedeb]

hi vino,
i have tried to update the sp1, from microsoft,,but it wont load?,it said i have an invalid key,i do not know what that is,i downloaded hijackthis again,my log file is below,,,no cybercops did help me, untill they were stuck for a solution as well to my problem,,they were the ones who put me on to you,,for help,my IE is messing up bad,i keep getting an error message not responding,,,should i download firefox? i wasnt sure as was told that its not very good?and ppl were having a lot of problems with it,my computer is freezing up all the time,,and now i get the error message that i do not have a sound card to play media,,,i do have one installed,,and i check,it says working properly,,but it wont recognise it at all,what is going on with this computer??i did have4 a legal copy of xp professional on here,,but now it says i have an illegal copy,the computer guy who came to fix my computer took it away with the cd,and didnt bring my copy back<i have tried to contact him, with no response,thats why i dont trust any1 who wants to take my tower away again,to fix,he took it apart,and then couldnt get it back together again,and charged me for a new tower,,he put all the things from old tower into a new one,motherboard,harddrive,etc,ram,and since then had nothing but trouble,i hate being ripped off,,but as i cannot get out,had no choice but to let him take away,my log is below,thank you deb,,,Logfile of HijackThis v1.99.1
Scan saved at 6:44:46 AM, on 13/03/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\MSWDNS32.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MS Domain Name System] MSWDNS32.exe
O4 - HKLM\..\RunServices: [MS Domain Name System] MSWDNS32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mszsrn32 - C:\WINDOWS\system32\mszsrn32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: icrss manager 32bit (icrss) - Unknown owner - C:\WINDOWS\system\icrss.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

[Vino Rosso]

Hi aussiedeb

This should hopefully tell us what's happening:

Please download MGADiag.exe from >here< to your desktop.
Double-click MGADiag.exe and click Continue in the bottom right of the window to run the tool.
Click the Copy button to copy the info to your clipboard.
Paste Ctrl+V the information in your next reply.

[aussiedeb]

Diagnostic Report (1.7.0012.0):
-----------------------------------------
WGA Data-->
Validation Status: Blocked VLK
Detailed Status: N/A
Windows Product Key: *****-*****-YXRKT-8TG6W-2B7Q8
Windows Product Key Hash: RVvFciZMdQfJLyDpZteolhaqicQ=
Windows Product ID: 55274-640-0000356-23589
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.0.0.pro
ID: {7AB769B3-2640-4AFA-A5D9-458D00D655F3}
Is Admin: Yes
AutoDial: No
Registry: 0x0
WGA Version: Registered, 1.5.723.1
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic:
Resolution Status: N/A

Notifications Data-->
Cached Result: N/A
File Exists: No
Version: N/A
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
OGA Version: Failed to retrieve file version. - 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-3178-80070002

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7AB769B3-2640-4AFA-A5D9-458D00D655F3}</UGUID><Version>1.7.0012.0</Version><OS>5.1.2600.2.00010100.0.0.pro</OS><PKey>*****-*****-*****-*****-2B7Q8</PKey><PID>55274-640-0000356-23589</PID><PIDType>1</PIDType><SID>S-1-5-21-1960408961-706699826-854245398</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Brio</Model></SYSTEM><BIOS><Manufacturer>Award Software, Inc.</Manufacturer><Version>IJ.26.03(QIJ.03.02)</Version><SMBIOSVersion major="2" minor="3"/><Date>20000327******.******+***</Date></BIOS><HWID>8077357F01846056</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>E. Australia Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57344</Pid><PidType>14</PidType></Product></Products></Office></Software></GenuineResults>

I HOPE THIS HELP,I DOWNLOADED WHAT YOU SAID AN RAN THE TOOLS,,,THANK YOU DEB,

[Vino Rosso]

Hi Aussiedeb

I'm afraid that the diagnostic report shows that this is not a legitimate copy of windows XP.

A "Blocked VLK" is a Volume License Key that is valid but was licensed solely to a corporation or larger enterprise/business.
Blocked VLKs are Product Keys that Microsoft has received consent from the original owner to block its usage.
A VL Product Key is non-transferrable to individuals.

In order to resolve your non-genuine licensing issue, please visit:
http://www.microsoft.com/genuine and click on "Validate Windows".
When validation fails, you'll see a button to click on which will provide information on how to acquire a WGA Kit.

Many people have unlicensed copies of Windows and don't even realise it.
Unfortunately, unlicensed copies of Windows are unable to install the Critical Updates / Service Packs
which are vital for the safe and 'relatively' secure running of the Operating System.
Our Helpers would be wasting their time fixing an unpatched machine as reinfection is usually immediate.

Your options are:

1. Obtain and install a valid copy of Windows XP
2. Install a different OS, such as Linux
3. Do not connect this computer to the internet
4. Reformat and re-install each time your system becomes unusable due to malware infestations

Good luck
Vino

[Vino Rosso]

Hi Aussiedeb

If you have any questions, do not hesitate to post back.

If you have no questions, please post back to let us know that we can archive this thread.

Thanks
Vino

[aussiedeb]

hi vino,,,thank you for all of your help,,i need to buy another copy of windows xp,,be4 i can fix anything on my computer,,,i didnt know i had an illegal copy running,,,this i found out was due to the computer repair guy,,he took my original cd,,and kept it,i am going to report him to microsoft,i dont know if anything will come of it,,untill then i have to battle on removing these trojans,that still invade my computer,,i am up to 46 now,it is going to take me ages to save up enough money to buy another cd,,,as most of my money is going in treatments and medication,for cancer,,just found out it has got into my bones now,,so i have to put priorities in order,its upsets me to think that this guy stole from me,,but i cannot prove it,,cant get the sp1 service pack due to this or the updates i desperatly need,to keep the computer running properly,,its freesing up all the time,,and running so bad, thank you any way fro all your help i appreciated it very much,,,if you know how i can get this guy,? for stealing my cd,,let me know,,,as im not sure who to report it to?,love deb,xoxo

[Vino Rosso]

Hi aussiedeb

If you think you've been a victim then you could try contacting Microsoft (details here: http://www.microsoft.com/worldwide/phon ... =Australia) but it's likely they will advise you to contact the police. Why not give Microsoft a try?

Good luck with your illness.

Best wishes
Vino

[NonSuch]

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.