Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lots of fake anti virus download popups and cant acess c and d drive a

Started by bchang100 , Jul 26 2008 04:43 AM

  • This topic is locked This topic is locked

#1
bchang100
Posted 26 July 2008 - 04:43 AM

bchang100

    New Member

  • Member
  • Pip
  • 5 posts
THis is my hijack log so this is my story , i was installing a program and as soon as i finshed a hundred popups cameout and all this stuff asking me to download antivirus and then i installed all these antivirus programs(real ones) and they cleaaed some up but still same things happen i used spybot search and destroy and trend micro and trojan hunter itd greatly appreciated if ud help me ive reformatted my computer 5 times already and had to reinstall all my programs over and over again and my windows genuine key is no longer in use used it too much , so many problems thanks heaps

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31: VIRUS ALERT!, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ODP\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\7.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\BRANDO~2.BRA\LOCALS~1\Temp\Rar$EX55.172\MacSearch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\TrojanHunter 5.0\TrojanHunter.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: fdkowvbp - {CC62551A-9113-48E1-936F-27ABC255A8B4} - C:\WINDOWS\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Sys1E5.exe] C:\Windows\Sys1E5.exe
O4 - HKLM\..\Run: [Sys1E6.exe] C:\Windows\Sys1E6.exe
O4 - HKLM\..\Run: [Sys1E7.exe] C:\Windows\Sys1E7.exe
O4 - HKLM\..\Run: [Sys1E8.exe] C:\Windows\Sys1E8.exe
O4 - HKLM\..\Run: [Sys1E9.exe] C:\Windows\Sys1E9.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\BRANDO~2.BRA\LOCALS~1\Temp\scksexde.exe/r
O4 - HKLM\..\Run: [14b8735f] rundll32.exe "C:\WINDOWS\system32\dbvtbiqu.dll",b
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA7409] command /c del "C:\Program Files\VAV\vav.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3840] cmd /c del "C:\Program Files\VAV\vav.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5025] command /c del "C:\WINDOWS\fdkowvbp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5512] cmd /c del "C:\WINDOWS\fdkowvbp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4501] command /c del "C:\WINDOWS\system32\efcDSkki.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4009] cmd /c del "C:\WINDOWS\system32\efcDSkki.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5853] command /c del "C:\WINDOWS\wnslvxtf.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3190] cmd /c del "C:\WINDOWS\wnslvxtf.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7142] command /c del "C:\WINDOWS\eqvwamkl.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8460] cmd /c del "C:\WINDOWS\eqvwamkl.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sys1E5.exe] C:\Windows\Sys1E5.exe
O4 - HKCU\..\Run: [Sys1E6.exe] C:\Windows\Sys1E6.exe
O4 - HKCU\..\Run: [Sys1E7.exe] C:\Windows\Sys1E7.exe
O4 - HKCU\..\Run: [Sys1E8.exe] C:\Windows\Sys1E8.exe
O4 - HKCU\..\Run: [Sys1E9.exe] C:\Windows\Sys1E9.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\ODP\ObjectDock\ObjectDock.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O21 - SSODL: wnslvxtf - {37D89D46-112F-49DD-B266-EAB651703DC5} - C:\WINDOWS\wnslvxtf.dll (file missing)
O21 - SSODL: eqvwamkl - {68F25448-A49D-448F-AD2B-40B11204241C} - C:\WINDOWS\eqvwamkl.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8529 bytes
  • 0

Advertisements

#2
kahdah
Posted 26 July 2008 - 05:22 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello bchang100

Welcome to G2Go. :)
=====================
If Windows is not valid or activated then we will not help you here.

Please run the MGA Diagnostic Tool and post back the report it shall produce:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

  • 0

#3
bchang100
Posted 26 July 2008 - 05:38 AM

bchang100

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Not Activated
Validation Code: 1
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-6WCQ9-9BRTB-RJY98
Windows Product Key Hash: Jftetl/9MTZ1Loqzb8qYAZG2y6A=
Windows Product ID: 55277-OEM-2140293-51455
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.2.0.hom
CSVLK Server: N/A
CSVLK PID: N/A
ID: {B5B5E077-0F27-4973-8F53-8A85A8BEE3F7}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1_025D1FF3-179-2_025D1FF3-199-3
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Plus 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1_025D1FF3-179-2_025D1FF3-199-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Safari\Safari.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{B5B5E077-0F27-4973-8F53-8A85A8BEE3F7}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RJY98</PKey><PID>55277-OEM-2140293-51455</PID><PIDType>3</PIDType><SID>S-1-5-21-1844237615-1757981266-839522115</SID><SYSTEM><Manufacturer>D845HV</Manufacturer><Model>HV84510A</Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>HV84510A.86A.0029.P07.0111161743</Version><SMBIOSVersion major="2" minor="3"/><Date>20011116000000.000000+000</Date><SLPBIOS>TODAYTECH,TODAYTECH</SLPBIOS></BIOS><HWID>091537070184C052</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>83770C147C39586</Val><Hash>HujjXRyTgOYjf4RCWfGtC0B0HlY=</Hash><Pid>89409-707-1230233-65773</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
  • 0

#4
kahdah
Posted 26 July 2008 - 05:45 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
PLease try to activate your Windows Install.
If it fails it will give you an option to do it by phone.
If it is a valid product key then I am sure if you explian to Microsoft about the issues you are having that they will activate it for you.
You can contact them Via the phone number that is given when the activation fails.

Post back here when it gets activated with a new MGA Diagnostic report and we will get you cleaned up.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP