Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects and can not run some anti-malware software


  • This topic is locked This topic is locked
4 replies to this topic

#1 everette

everette

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 24 October 2010 - 02:35 PM

My sons computer has some problems.
1. When doing a search on Google when he clicks the resulting links he gets redirected to sites other than the ones that Google has listed.

2. When I tried to run malwarebytes (MBAM) it will not open even in safe mode.

3. Something keeps changing his internet options to use proxy servers (this happens each time he restarts the computer).

4. When we go to some sites it will not load the sites (bleepingcomputer is one of the sites that it will not load.


DDS (Ver_10-10-21.02) - NTFSx86
Run by Bryson at 13:59:42.07 on Sun 10/24/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1022.253 [GMT -4:00]

AV: Smart Engine *On-access scanning enabled* (Updated) {7C4431F3-AC25-4A36-B156-0793A756766F}
FW: Smart Engine *enabled* {8EC973DD-2E07-4FFC-BA85-7FB6E34CA06F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sticky Password\stpass.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Users\Bryson\AppData\Local\Temp\Qwh.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\libusbd-nt.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
F:\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:25458
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [StickyPassword] c:\program files\sticky password\stpass.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Comrade.exe] c:\program files\gamespy\comrade\Comrade.exe
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [KOO9RV9K4Z] c:\users\bryson\appdata\local\temp\Qwh.exe
uRun: [NtWqIVLZEWZU] c:\users\bryson\appdata\local\temp\Qwo.exe
uRun: [Smart Engine] "c:\programdata\4f1c52\SM4f1_302.exe" /s /d
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\bryson\appdata\roaming\microsoft\windows\start menu\programs\startup\programs\RTCW_GOTY_MapPack.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\programs\adober~1.lnk - c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a81200000003}\SC_Reader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\programs\apples~1.lnk - c:\windows\installer\{6956856f-b6b3-4be0-ba0b-8f495be32033}\AppleSoftwareUpdateIco.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\programs\eadown~1.lnk - c:\program files\electronic arts\eadm\Core.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\programs\intela~1.lnk - c:\program files\intel audio studio\IntelAudioStudio.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\programs\safari.lnk - c:\windows\installer\{d90afde3-3e67-407a-aca8-f0baad012f08}\SafariIco.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\programs\window~1.lnk - c:\program files\messenger\msmsgs.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\programs\window~2.lnk - c:\program files\movie maker\moviemk.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\programs\access~1\calcul~1.lnk - c:\windows\system32\calc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\programs\access~1\paint.lnk - c:\windows\system32\mspaint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\programs\access~1\remote~1.lnk - c:\windows\system32\mstsc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\programs\access~1\wordpad.lnk - c:\program files\windows nt\accessories\wordpad.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\programs\access~1\access~1\access~1.lnk - c:\windows\system32\accwiz.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 0 = msseces.exe
uPolicies-disallowrun: 1 = MSASCui.exe
uPolicies-disallowrun: 2 = ekrn.exe
uPolicies-disallowrun: 3 = egui.exe
uPolicies-disallowrun: 4 = avgnt.exe
uPolicies-disallowrun: 5 = avcenter.exe
uPolicies-disallowrun: 6 = avscan.exe
uPolicies-disallowrun: 7 = avgfrw.exe
uPolicies-disallowrun: 8 = avgui.exe
uPolicies-disallowrun: 9 = avgtray.exe
uPolicies-disallowrun: 10 = avgscanx.exe
uPolicies-disallowrun: 11 = avgcfgex.exe
uPolicies-disallowrun: 12 = avgemc.exe
uPolicies-disallowrun: 13 = avgchsvx.exe
uPolicies-disallowrun: 14 = avgcmgr.exe
uPolicies-disallowrun: 15 = avgwdsvc.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.162.247,93.188.160.57
TCP: {91E41C29-7AB0-4A0D-8A03-0FF12F7631F9} = 93.188.162.247,93.188.160.57
TCP: {BA700497-6F41-47FF-9587-BB92C7416EB3} = 93.188.162.247,93.188.160.57
TCP: {FB11149D-2843-486C-A21A-58B4D3DB2F78} = 93.188.162.247,93.188.160.57
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe

Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\users\bryson\appdata\roaming\mozilla\firefox\profiles\39sk9d3u.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\sticky password\spautofill\components\SPAutofill.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-8-24 312912]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-24 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-24 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-24 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-24 40384]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe -k bthaudiosvc [2009-7-13 20992]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2010-8-6 23680]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-24 40384]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\drivers\BthAudioHF.sys [2009-12-21 43008]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-5-7 33792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-29 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-23 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1343400]

=============== Created Last 30 ================

2073-10-27 14:55:34 2404352 ----a-w- c:\program files\microsoft games\halo custom edition\haloce.exe
2073-10-27 14:55:34 1835008 ----a-w- c:\program files\microsoft games\halo custom edition\haloceded.exe
2073-10-27 14:55:34 1118208 ----a-w- c:\program files\microsoft games\halo custom edition\Strings.dll
2072-07-31 21:44:42 375808 ----a-w- c:\program files\microsoft games\halo\binkw32.dll
2010-10-24 02:00:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-24 02:00:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-24 01:37:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-23 08:08:08 -------- d-sh--w- c:\users\bryson\appdata\roaming\Smart Engine
2010-10-23 08:06:24 -------- d-sh--w- c:\progra~2\SMHHNGE
2010-10-23 08:05:50 -------- d-sh--w- c:\progra~2\4f1c52
2010-10-23 07:56:55 274432 ----a-w- c:\windows\Qqysea.exe
2010-10-23 07:46:50 -------- d-----w- c:\program files\F-22 Lightning 3
2010-10-22 18:18:45 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-22 03:11:20 -------- d-----w- c:\program files\Lead Pursuit
2010-10-21 20:00:44 520704 ----a-w- c:\windows\F22Fighter Specs&Video.scr
2010-10-21 20:00:44 -------- d-----w- c:\program files\F22Fighter Specs&Video
2010-10-21 18:54:20 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-10-14 08:41:14 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-10-14 08:41:14 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-10-14 08:41:13 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-10-13 06:02:48 -------- d-----w- c:\program files\Eagle Dynamics
2010-10-13 00:31:59 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-04 22:29:58 -------- d-----w- C:\fd2d0037baab0b219a209884cb92
2010-10-02 20:13:51 -------- d-----w- C:\Pokemon
2010-10-01 07:01:43 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-30 11:11:08 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-30 11:11:02 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

==================== Find3M ====================

2010-10-22 20:18:59 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-21 18:54:20 13824 ----a-w- c:\windows\system32\slwga.dll
2010-10-19 03:42:19 139152 ----a-w- c:\users\bryson\appdata\roaming\PnkBstrK.sys
2010-10-19 03:41:43 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-10-19 00:58:39 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-02 22:19:41 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-10-02 22:19:41 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-10-02 22:19:41 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-09-18 05:50:52 0 ----a-w- c:\windows\system32\RENF277.tmp
2010-09-18 05:50:52 0 ----a-w- c:\windows\system32\RENF276.tmp
2010-09-18 05:50:52 0 ----a-w- c:\windows\system32\RENF275.tmp
2010-09-18 03:40:44 0 ----a-w- c:\windows\system32\REN496D.tmp
2010-09-18 03:40:44 0 ----a-w- c:\windows\system32\REN496C.tmp
2010-09-18 03:40:44 0 ----a-w- c:\windows\system32\REN496B.tmp
2010-09-18 03:37:18 0 ----a-w- c:\windows\system32\REN228B.tmp
2010-09-18 03:37:18 0 ----a-w- c:\windows\system32\REN228A.tmp
2010-09-18 03:37:18 0 ----a-w- c:\windows\system32\REN2289.tmp
2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-25 15:14:40 796672 ----a-w- c:\windows\GPInstall.exe
2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:35:23 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-08-16 08:28:05 11092 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll

============= FINISH: 14:01:50.44 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 24 October 2010 - 03:08 PM

Please run the MGA Diagnostic Tool and post back the report it shall produce:

  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

Edited by heir, 24 October 2010 - 03:52 PM.
More diagnos needed.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#3 everette

everette
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 24 October 2010 - 04:11 PM

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 50
Cached Online Validation Code: 0xc004c4ab
Windows Product Key: *****-*****-V9488-FGM44-2C9T3
Windows Product Key Hash: rmk1OjF0iZq7gQoRmEcpnJHr0oc=
Windows Product ID: 00426-OEM-8992662-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {9A13E396-682B-4536-A565-DA269C9C127C}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7600.win7_gdr.100618-1621
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\sppcomapi.dll[Hr = 0x80070005]
File Mismatch: C:\Windows\system32\systemcpl.dll[6.1.7600.16385], Hr = 0x800b0100
File Mismatch: C:\Windows\system32\en-US\user32.dll.mui[6.1.7600.16385], Hr = 0x800b0100

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{9A13E396-682B-4536-A565-DA269C9C127C}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2C9T3</PKey><PID>00426-OEM-8992662-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-2058581692-4233588754-162476212</SID><SYSTEM><Manufacturer>INTEL_</Manufacturer><Model>DG965RY_</Model></SYSTEM><BIOS><Manufacturer>Intel Corp.</Manufacturer><Version>MQ96510J.86A.0816.2006.0716.2308</Version><SMBIOSVersion major="2" minor="4"/><Date>20060716000000.000000+000</Date></BIOS><HWID>ECB93607018400EA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-WKS</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Input Error: Can not find script file "C:\Windows\system32\slmgr.vbs".

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0xC004C4AB
HealthStatus: 0x0000000000000000
Event Time Stamp: 5:26:2010 18:41
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Not Registered - 0x80070005
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: OgAAAAEABgABAAEAAAACAAAAAwABAAEAnJ+0KXDmviTUwSTa7Ngu98aYGFb682WT8C+R8NRPyg8qhQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC INTEL DG965RY
FACP INTEL DG965RY
MCFG INTEL DG965RY
WDDT INTEL DG965RY
ASF! INTEL DG965RY
SSDT INTEL CpuPm
SSDT INTEL CpuPm
SSDT INTEL CpuPm
SSDT INTEL CpuPm
SSDT INTEL CpuPm
SLIC HPQOEM SLIC-WKS

#4 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 25 October 2010 - 03:28 AM

Where/How have you obtained the operating system on that computer?
That OS hasn't been activated after 30 days.
It has run over 30 days though.

Can you please activate it and run MGADiag again and post the log.

Please also run this

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Edited by heir, 25 October 2010 - 03:28 AM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#5 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 31 October 2010 - 03:15 AM

This topic is closed due to inactivity.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users