TechSpot

[Closed]Help in removal of Trojan.agent

By damasry
Oct 4, 2011
  1. hello, i have windows 7 and my windows and my browsers have been very slow for one week now and spyware doctor says it contains trojan.agent but every time i delete the infected files i keep getting it again after rebooting.

    I followed your instructions and here you are the logs i got in order:

    Malware Bytes Log:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7866

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    10/4/2011 6:25:58 PM
    mbam-log-2011-10-04 (18-25-58).txt

    Scan type: Quick scan
    Objects scanned: 243554
    Time elapsed: 43 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    =======================================================

    GMER log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-10-04 18:38:15
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD3200AAJS-00B4A0 rev.01.03A01
    Running: gmer.exe; Driver: C:\Users\damasry\AppData\Local\Temp\kftiifow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
    AttachedDevice \Driver\tdx \Device\Ip pctgntdi.sys
    AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
    AttachedDevice \Driver\tdx \Device\Udp pctgntdi.sys
    AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys

    ---- EOF - GMER 1.0.15 ----

    =============================================================

    DDS Log:

    DDS.txt:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by damasry at 18:58:01 on 2011-10-04
    Microsoft Windows 7 Ultimate 6.1.7600.0.1256.20.1033.18.2046.1354 [GMT 2:00]
    .
    AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = about:blank
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    TB: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [cdloader] "c:\users\damasry\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [tcactive] d:\program files\the cleaner\tcap.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [PrintDisp] c:\windows\system32\PrintDisp.exe
    mRun: [TaskTray]
    mRun: [BDAgent] "d:\program files\bitdefender\bitdefender 2012\bdagent.exe"
    mRun: [SpywareTerminatorShield] c:\program files\spyware terminator\SpywareTerminatorShield.exe
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
    StartupFolder: c:\users\damasry\appdata\roaming\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\system32\WFS.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vistaf~1.lnk - c:\program files\common files\imagemaker\Vstdaemon.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{14676F0B-C82F-4051-B8B2-7E0A9D3D236A} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9523A78C-802D-475A-9C8D-50917A66A19E} : DhcpNameServer = 192.168.1.1
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\damasry\appdata\roaming\mozilla\firefox\profiles\xhchvlfs.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.infoaxe.com/enhancedsearch_add.jsp?cx=partner-pub-6808396145675874:xl345tirlb7&cof=FORID:10&ie=ISO-8859-1&tracking=100,ff,4.0.1,-1,-1,-1&q=
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\users\damasry\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
    FF - component: c:\users\damasry\appdata\roaming\mozilla\firefox\profiles\xhchvlfs.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\damasry\appdata\roaming\mozilla\firefox\profiles\xhchvlfs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-25 326688]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-9-25 338880]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-9-25 656320]
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-9-25 54328]
    R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-9-25 79512]
    R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-7-15 240184]
    S0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2011-9-21 596600]
    S1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2011-9-21 90704]
    S1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
    S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-9-25 252712]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-9-25 184536]
    S1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-9-25 32768]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
    S2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-2-12 85768]
    S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
    S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
    S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-9-25 162200]
    S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2011-5-1 77824]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-9-25 371472]
    S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-9-25 1117144]
    S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2011-9-8 736672]
    S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\spyware terminator\st_rsser.exe [2011-9-25 573104]
    S2 UPDATESRV;BitDefender Desktop Update Service;d:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2011-7-22 50128]
    S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2011-9-21 454960]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-9-21 62544]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-12-22 14216]
    S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-12-22 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-24 136176]
    S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-9-25 89472]
    S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-9-25 56536]
    S3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-9-25 56536]
    S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-9-25 125888]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-9-25 70664]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
    S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-9-25 35264]
    S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]
    S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-9-21 307544]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-13 1343400]
    S3 Winacusb;Winacusb;c:\windows\system32\drivers\winacusb.sys [2006-7-27 829952]
    .
    =============== File Associations ===============
    .
    .scr=AutoCADScriptFile
    .
    =============== Created Last 30 ================
    .
    2011-10-04 16:57:48 607260 ------r- c:\users\damasry\dds.scr
    2011-10-04 07:42:34 -------- d-----w- c:\users\damasry\appdata\local\{4FEE63AF-BD2B-4E20-8E9F-3FD4BB303537}
    2011-10-04 07:42:22 -------- d-----w- c:\users\damasry\appdata\local\{4576E36A-BBA1-488D-B66E-9D91D1BA0C80}
    2011-10-03 10:35:27 -------- d-----w- c:\users\damasry\appdata\local\{1A36F54C-7E97-4F92-A208-B0D39019E28A}
    2011-10-03 10:35:14 -------- d-----w- c:\users\damasry\appdata\local\{7B6E89C9-EFF8-415D-A8AC-182D3371094D}
    2011-10-03 10:10:16 -------- d-----w- c:\users\damasry\appdata\local\{1F0B8D8A-6115-4AAB-8B39-8D8C60299B77}
    2011-10-03 10:10:01 -------- d-----w- c:\users\damasry\appdata\local\{B00C4182-32B9-4A74-B721-053EB74549A4}
    2011-10-02 19:52:03 -------- d-----w- c:\users\damasry\appdata\local\{6C8FA81D-41D5-48D4-9FFA-32EA47ED3CCA}
    2011-10-02 19:51:52 -------- d-----w- c:\users\damasry\appdata\local\{27236C95-3202-4397-98BC-AB97F39E4EE0}
    2011-10-02 07:51:24 -------- d-----w- c:\users\damasry\appdata\local\{17FD2F7B-28B1-4D22-8EC5-3A819D669DAC}
    2011-10-02 07:51:11 -------- d-----w- c:\users\damasry\appdata\local\{D0948FD4-4F4F-4093-8F50-35143516AA6A}
    2011-10-01 19:50:45 -------- d-----w- c:\users\damasry\appdata\local\{CFF957CF-3AA2-488D-92E6-28C3C8492329}
    2011-10-01 19:50:34 -------- d-----w- c:\users\damasry\appdata\local\{77DF7F55-AF83-41BB-A171-E6DA80845FE4}
    2011-10-01 19:50:23 -------- d-----w- c:\users\damasry\appdata\local\{DDE1746B-722E-4CDF-BBA1-4273D9DAE689}
    2011-10-01 19:50:11 -------- d-----w- c:\users\damasry\appdata\local\{62A45E3C-AC05-487B-B958-41CB1E67C6FD}
    2011-10-01 07:49:43 -------- d-----w- c:\users\damasry\appdata\local\{D2432527-CEF8-4FF2-9F97-97A2681BE2FB}
    2011-10-01 07:49:24 -------- d-----w- c:\users\damasry\appdata\local\{B6691D51-079E-47C3-8AA1-7896F3B4A6FD}
    2011-10-01 07:49:09 -------- d-----w- c:\users\damasry\appdata\local\{AF98533E-E748-4181-9B7E-5310F8EA00F1}
    2011-09-30 18:55:13 -------- d-----w- c:\users\damasry\appdata\local\{22EF7C0E-F3F1-4EEF-8D81-942F88D5F10C}
    2011-09-30 18:55:00 -------- d-----w- c:\users\damasry\appdata\local\{7BCA7B18-4A5A-488D-8E85-784EEF4F4639}
    2011-09-30 06:54:25 -------- d-----w- c:\users\damasry\appdata\local\{E0070D71-A41F-4CC7-B575-91CAF7B196E4}
    2011-09-30 06:54:13 -------- d-----w- c:\users\damasry\appdata\local\{76250ABB-F8D5-47BC-B8C0-3B29FF253415}
    2011-09-29 06:34:54 -------- d-----w- c:\users\damasry\appdata\local\{9B20D35F-573D-43C7-8449-09F1A197D647}
    2011-09-29 06:34:33 -------- d-----w- c:\users\damasry\appdata\local\{31E1CA9C-DF3B-401A-9018-92191CD58AD8}
    2011-09-28 11:49:05 -------- d-----w- c:\users\damasry\appdata\local\{41A2637E-DB13-4362-BE91-E9581BC01122}
    2011-09-28 11:48:55 -------- d-----w- c:\users\damasry\appdata\local\{B8A2C91D-1328-465F-BD4F-4A0331A73E7A}
    2011-09-28 11:48:43 -------- d-----w- c:\users\damasry\appdata\local\{6F8F3DFC-C863-47C5-8DF4-F552CD30467C}
    2011-09-28 11:48:32 -------- d-----w- c:\users\damasry\appdata\local\{D2E9935E-D186-4EC2-8A32-3AD53C48E28C}
    2011-09-27 23:47:59 -------- d-----w- c:\users\damasry\appdata\local\{F182A376-80B8-479C-8CC5-3320C161E5B3}
    2011-09-27 23:47:44 -------- d-----w- c:\users\damasry\appdata\local\{842A6D21-011C-4400-B034-6392002AD6AA}
    2011-09-27 18:23:11 -------- d-----w- c:\users\damasry\appdata\local\{BAC988D8-DA11-4BBF-9EB1-9DDC2802150D}
    2011-09-27 18:22:59 -------- d-----w- c:\users\damasry\appdata\local\{65466C91-E544-4A6E-B0F9-A83F0D1DAA5D}
    2011-09-27 06:22:32 -------- d-----w- c:\users\damasry\appdata\local\{0F0E9EEB-61BF-4354-B49A-0F8CEF1803B8}
    2011-09-27 06:22:19 -------- d-----w- c:\users\damasry\appdata\local\{85911310-6EA6-4107-BA91-7B8F5F87E3C3}
    2011-09-26 13:41:15 -------- d-----w- c:\users\damasry\appdata\local\{06EF011F-E343-4C90-82F8-D8EE04783841}
    2011-09-26 13:41:03 -------- d-----w- c:\users\damasry\appdata\local\{E123EB80-C40C-47C6-BC8B-755978A4B973}
    2011-09-25 22:27:16 -------- d-----w- c:\users\damasry\appdata\local\{881BDCEA-0C13-47DB-A36A-950D97AA1D7E}
    2011-09-25 22:27:03 -------- d-----w- c:\users\damasry\appdata\local\{D1E929E5-C7FA-45D3-8832-F9C33FF824E0}
    2011-09-25 10:36:21 110080 ----a-r- c:\users\damasry\appdata\roaming\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconF7A21AF7.exe
    2011-09-25 10:36:21 110080 ----a-r- c:\users\damasry\appdata\roaming\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconD7F16134.exe
    2011-09-25 10:36:21 110080 ----a-r- c:\users\damasry\appdata\roaming\microsoft\installer\{d3f93a5a-7a5d-4867-b2a1-6f46500d006c}\IconCF33A0CE.exe
    2011-09-25 10:36:20 -------- d-----w- C:\sh4ldr
    2011-09-25 10:36:20 -------- d-----w- c:\program files\Enigma Software Group
    2011-09-25 10:36:08 -------- d-----w- c:\windows\D3F93A5A7A5D4867B2A16F46500D006C.TMP
    2011-09-25 10:36:07 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2011-09-25 10:26:36 -------- d-----w- c:\users\damasry\appdata\local\{A3698F38-1651-476A-89BB-CBB28C0F993D}
    2011-09-25 10:26:25 -------- d-----w- c:\users\damasry\appdata\local\{6FEB7622-94EF-457B-83CF-737B879188F7}
    2011-09-25 10:08:50 -------- d-s---w- C:\ComboFix
    2011-09-25 09:35:40 388096 ----a-r- c:\users\damasry\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-09-25 09:35:40 -------- d-----w- c:\program files\Trend Micro
    2011-09-25 07:39:24 -------- d-----w- c:\programdata\moosoft
    2011-09-25 07:04:30 -------- d-----w- c:\users\damasry\appdata\roaming\thecleaner
    2011-09-24 22:51:49 -------- d-----w- c:\users\damasry\appdata\roaming\PCToolsFirewallPlus
    2011-09-24 22:51:48 -------- d-----w- c:\users\damasry\appdata\roaming\Spam Monitor
    2011-09-24 22:51:47 79512 --s---w- c:\windows\system32\drivers\TfSysMon.sys
    2011-09-24 22:51:47 35264 --s---w- c:\windows\system32\drivers\TfNetMon.sys
    2011-09-24 22:51:45 54328 --s---w- c:\windows\system32\drivers\TfFsMon.sys
    2011-09-24 22:46:55 125888 ----a-w- c:\windows\system32\drivers\pctplfw.sys
    2011-09-24 22:46:40 56536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
    2011-09-24 22:46:38 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
    2011-09-24 22:46:38 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
    2011-09-24 22:40:22 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
    2011-09-24 22:40:21 -------- d-----w- c:\users\damasry\appdata\roaming\Spyware Terminator
    2011-09-24 22:40:21 -------- d-----w- c:\programdata\Spyware Terminator
    2011-09-24 22:32:53 -------- d-----w- c:\program files\Spyware Terminator
    2011-09-24 22:27:05 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
    2011-09-24 22:27:05 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
    2011-09-24 22:27:04 252712 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2011-09-24 22:27:04 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2011-09-24 22:26:57 326688 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2011-09-24 22:26:57 162200 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2011-09-24 22:26:55 184536 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2011-09-24 22:26:52 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2011-09-24 22:26:37 -------- d-----w- c:\program files\common files\PC Tools
    2011-09-24 22:25:57 -------- d-----w- c:\users\damasry\appdata\local\{BBFCFE05-BDC9-40B8-90E6-C22459670715}
    2011-09-24 22:25:38 -------- d-----w- c:\users\damasry\appdata\local\{75E46D0D-A3AC-4B88-B937-A10B8C8FE3E3}
    2011-09-24 21:25:02 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-24 21:25:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-09-24 19:16:43 767952 ----a-w- c:\windows\BDTSupport.dll0900.old
    2011-09-24 19:16:43 2189264 ----a-w- c:\windows\PCTBDCore.dll0900.old
    2011-09-24 19:16:43 149456 ----a-w- c:\windows\SGDetectionTool.dll0900.old
    2011-09-24 19:05:47 -------- d-----w- c:\program files\PC Tools Security
    2011-09-24 19:01:11 -------- d-----w- c:\programdata\PC Tools
    2011-09-24 08:09:33 -------- d-----w- c:\users\damasry\appdata\local\{F9F60620-7B56-47CE-B9A6-27DE0352B6FB}
    2011-09-24 08:09:18 -------- d-----w- c:\users\damasry\appdata\local\{12BBF734-E148-4077-8C91-A1F85F75DA49}
    2011-09-24 08:09:05 -------- d-----w- c:\users\damasry\appdata\local\{F2381D3B-A68C-49CD-814F-B0E810390BAE}
    2011-09-24 08:08:49 -------- d-----w- c:\users\damasry\appdata\local\{9AE78F04-4616-4FDA-A27D-78DBDDAA9B54}
    2011-09-23 07:42:17 -------- d-----w- c:\users\damasry\appdata\local\{D88924A2-0D71-4175-81B3-5AAD4BFA557E}
    2011-09-23 07:42:01 -------- d-----w- c:\users\damasry\appdata\local\{A9055CC9-1988-4FC1-BCE0-88CA0E22F1EF}
    2011-09-23 07:41:45 -------- d-----w- c:\users\damasry\appdata\local\{7CC49B8B-103F-4678-B487-B1C5133DD96E}
    2011-09-22 15:45:10 -------- d-----w- c:\users\damasry\appdata\local\{73993E49-9090-4F0C-A5A7-B5D5F98C6558}
    2011-09-22 15:44:58 -------- d-----w- c:\users\damasry\appdata\local\{41EDE5A6-F0F6-433E-920C-99043BB9486C}
    2011-09-22 15:25:21 -------- d-----w- c:\users\damasry\appdata\local\{01FB76BF-BE22-4EE4-84A1-2C7BE2E876B4}
    2011-09-22 15:25:05 -------- d-----w- c:\users\damasry\appdata\local\{1D00B5BE-C394-4D99-8CE7-CD221372298D}
    2011-09-22 11:17:17 -------- d-----w- c:\users\damasry\appdata\local\{76E5C462-EEF8-4CE2-9F0A-BC31B477E73D}
    2011-09-21 22:20:44 -------- d-----w- c:\users\damasry\appdata\local\{11F4959D-B122-4537-B12E-03CF68E1971E}
    2011-09-21 22:20:31 -------- d-----w- c:\users\damasry\appdata\local\{BD0CC30F-D8FD-4582-91B3-8215866ADCD0}
    2011-09-21 21:57:27 62544 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
    2011-09-21 21:56:35 454960 ----a-w- c:\windows\system32\drivers\avckf.sys
    2011-09-21 21:55:56 596600 ----a-w- c:\windows\system32\drivers\avc3.sys
    2011-09-21 19:57:38 -------- d-----w- c:\users\damasry\appdata\local\Method123 Ltd
    2011-09-21 19:57:34 -------- d-----w- c:\users\damasry\appdata\local\IsolatedStorage
    2011-09-21 19:57:32 -------- d-----w- c:\users\damasry\appdata\local\ApplicationHistory
    2011-09-21 19:51:20 -------- d-----w- c:\windows\system32\URTTEMP
    2011-09-21 10:20:02 -------- d-----w- c:\users\damasry\appdata\local\{B1E818AC-C1F7-49AE-8CB7-1FB28B1CC063}
    2011-09-21 10:19:49 -------- d-----w- c:\users\damasry\appdata\local\{18DF3E0C-197F-458A-B7EB-9A24ECCA9355}
    2011-09-20 18:59:40 -------- d-----w- c:\users\damasry\appdata\local\{76531812-AA4B-4E1E-B912-A548768D76D4}
    2011-09-20 18:59:28 -------- d-----w- c:\users\damasry\appdata\local\{B130706B-D821-40E1-87AF-F88B4BE0A784}
    2011-09-20 06:59:00 -------- d-----w- c:\users\damasry\appdata\local\{562EC33E-3786-47FA-8A47-577D27CB35BE}
    2011-09-20 06:58:47 -------- d-----w- c:\users\damasry\appdata\local\{E912E281-B91A-44C6-8459-762D907F2459}
    2011-09-19 18:42:34 -------- d-----w- c:\users\damasry\appdata\local\{FC9B46AE-712C-403F-83B2-0389D9EA2065}
    2011-09-19 18:42:23 -------- d-----w- c:\users\damasry\appdata\local\{87F03C0F-1EA2-4456-ADDF-B591946D9DB9}
    2011-09-19 18:42:11 -------- d-----w- c:\users\damasry\appdata\local\{03DD20DE-B8BD-41B9-AB69-9ADC88059E28}
    2011-09-19 18:42:00 -------- d-----w- c:\users\damasry\appdata\local\{01C2FEF3-A2EE-4E36-8F20-2EBCA7644355}
    2011-09-19 06:41:33 -------- d-----w- c:\users\damasry\appdata\local\{78B46A37-922A-4BE0-A157-1391D64C12F0}
    2011-09-19 06:41:22 -------- d-----w- c:\users\damasry\appdata\local\{26493D5C-3570-49E7-B437-7BF41EF97245}
    2011-09-19 06:41:10 -------- d-----w- c:\users\damasry\appdata\local\{F245322B-4A8E-4F94-8C84-9BF2290E6777}
    2011-09-19 06:40:59 -------- d-----w- c:\users\damasry\appdata\local\{D06287D9-7CFB-4FAE-98CC-DC60353D2233}
    2011-09-18 18:40:33 -------- d-----w- c:\users\damasry\appdata\local\{F9C8758B-F358-4637-A9F0-050E15FD5613}
    2011-09-18 18:40:21 -------- d-----w- c:\users\damasry\appdata\local\{6793911C-826A-4FFB-862C-E1871776AEB3}
    2011-09-18 06:39:49 -------- d-----w- c:\users\damasry\appdata\local\{96F803E2-C16C-4189-953A-0CB469D48953}
    2011-09-18 06:39:34 -------- d-----w- c:\users\damasry\appdata\local\{B87B5D02-D58B-486C-AAD3-5931A4B348D5}
    2011-09-18 06:39:19 -------- d-----w- c:\users\damasry\appdata\local\{F8EF63C6-FD1A-4617-876C-CC60515BB705}
    2011-09-17 14:21:58 -------- d-----w- c:\users\damasry\appdata\local\{0EC038A4-0B2B-4EED-8861-CCC85ECCC0F8}
    2011-09-17 14:21:38 -------- d-----w- c:\users\damasry\appdata\local\{8D73FFD6-3C40-4A6D-B04C-FFAD698E2F63}
    2011-09-17 02:16:49 -------- d-----w- c:\users\damasry\appdata\local\{4DA03321-7B16-4D46-A7CE-C0903DB8C447}
    2011-09-17 02:16:38 -------- d-----w- c:\users\damasry\appdata\local\{31C302F7-FB5A-4D37-8565-D63F11D14890}
    2011-09-17 02:16:15 -------- d-----w- c:\users\damasry\appdata\local\{ABDC377A-0ECF-44BE-9BB0-C80A585456AD}
    2011-09-16 14:16:01 -------- d-----w- c:\users\damasry\appdata\local\{ED784AB3-9FAF-4840-B367-3DFD9869C948}
    2011-09-16 14:15:46 -------- d-----w- c:\users\damasry\appdata\local\{9F58757E-0F71-46D2-B377-3C48F18107D9}
    2011-09-16 11:00:38 -------- d-----w- c:\users\damasry\appdata\local\{CBFF662A-7CA3-4CC3-A7DD-ABDE336CAC28}
    2011-09-16 10:58:51 -------- d-----w- c:\users\damasry\appdata\local\{BBA54549-66EC-4C38-9CBA-522D4AC48497}
    2011-09-16 09:03:25 -------- d-----w- c:\users\damasry\appdata\local\{3EB228B2-6ECF-4E2F-9D82-B36F30313982}
    2011-09-15 19:53:50 -------- d-----w- c:\users\damasry\appdata\local\{E45C9480-BFD8-4869-85DD-0EF837E20B75}
    2011-09-15 19:53:39 -------- d-----w- c:\users\damasry\appdata\local\{5AE1EC66-F5A8-4E4A-B34E-0378C480BFDA}
    2011-09-15 07:53:13 -------- d-----w- c:\users\damasry\appdata\local\{1D3E3445-AF20-42D2-AC75-ED391D487A12}
    2011-09-15 07:53:01 -------- d-----w- c:\users\damasry\appdata\local\{18135BF0-1CCC-4121-9B36-73805F205753}
    2011-09-15 07:51:50 -------- d-----w- c:\users\damasry\appdata\local\{667BB04D-16B2-4D5C-B9A4-A6D019512659}
    2011-09-15 07:51:37 -------- d-----w- c:\users\damasry\appdata\local\{AEAE4935-60B5-4BC9-B330-7A72D79592CA}
    2011-09-14 19:51:10 -------- d-----w- c:\users\damasry\appdata\local\{E41F8CDC-52E1-41B7-89E4-FD7CBEAD2CC7}
    2011-09-14 19:50:58 -------- d-----w- c:\users\damasry\appdata\local\{80556366-E20C-4EA4-8445-67886C359163}
    2011-09-14 07:50:31 -------- d-----w- c:\users\damasry\appdata\local\{9E0D12D9-B90C-4F13-A385-486760D5337C}
    2011-09-14 07:50:20 -------- d-----w- c:\users\damasry\appdata\local\{8AD84375-DD02-4966-84BF-B4506A9B931C}
    2011-09-14 07:50:08 -------- d-----w- c:\users\damasry\appdata\local\{55EC3CCA-C094-4178-A179-096CEECCBB3C}
    2011-09-14 07:49:56 -------- d-----w- c:\users\damasry\appdata\local\{A3D0A680-CB28-4DFE-B4A4-8D115464560D}
    2011-09-13 19:49:29 -------- d-----w- c:\users\damasry\appdata\local\{481E9B34-838F-45A8-9BAC-A367CE8C9C2C}
    2011-09-13 19:49:17 -------- d-----w- c:\users\damasry\appdata\local\{F7E7BE9D-646D-49F2-B0E8-BD8B88276529}
    2011-09-13 07:48:50 -------- d-----w- c:\users\damasry\appdata\local\{28586FA0-8B7F-4290-91A1-8AEE1F95C07B}
    2011-09-13 07:48:37 -------- d-----w- c:\users\damasry\appdata\local\{7EBA8246-732B-4936-8C3E-CD4EB906401C}
    2011-09-12 19:48:11 -------- d-----w- c:\users\damasry\appdata\local\{B48EFA8D-4E85-486E-8A61-E8B83C62721D}
    2011-09-12 19:47:59 -------- d-----w- c:\users\damasry\appdata\local\{8DE118F1-031C-46D8-941A-4DAEBDB6BB89}
    2011-09-12 07:47:33 -------- d-----w- c:\users\damasry\appdata\local\{D8554E64-E0D7-442C-BE0C-56623BC6A210}
    2011-09-12 07:47:22 -------- d-----w- c:\users\damasry\appdata\local\{BD6AA239-9986-4B5A-8734-3DB6B7FDBF9D}
    2011-09-12 07:47:09 -------- d-----w- c:\users\damasry\appdata\local\{BB026501-ACA1-4954-90CA-193375449198}
    2011-09-12 07:46:58 -------- d-----w- c:\users\damasry\appdata\local\{83AF7716-5B7E-4CED-83B0-3DC6FCC34853}
    2011-09-11 19:46:31 -------- d-----w- c:\users\damasry\appdata\local\{A7261DF0-C5C6-49D2-B1E7-C147FFEA2F79}
    2011-09-11 19:46:18 -------- d-----w- c:\users\damasry\appdata\local\{50A26B33-FE14-48F4-BF0C-6663B72DDF91}
    2011-09-11 07:44:47 -------- d-----w- c:\users\damasry\appdata\local\{08CD8F08-C356-4B21-AF48-A7F81DC96B54}
    2011-09-11 07:44:35 -------- d-----w- c:\users\damasry\appdata\local\{A9AA7E37-EBBB-4FFE-B041-C6089D7C1E62}
    2011-09-10 19:44:10 -------- d-----w- c:\users\damasry\appdata\local\{8D75FBDB-621C-4E3C-A767-4F8F46C86FCC}
    2011-09-10 19:43:58 -------- d-----w- c:\users\damasry\appdata\local\{59CE097C-287F-4610-A8F8-122BA691A655}
    2011-09-10 19:43:47 -------- d-----w- c:\users\damasry\appdata\local\{1D0513B2-B4F1-4357-9EC5-62143523194E}
    2011-09-10 07:43:19 -------- d-----w- c:\users\damasry\appdata\local\{0BE3D832-38B9-4C48-A6C4-A59257C41910}
    2011-09-10 07:43:06 -------- d-----w- c:\users\damasry\appdata\local\{A96EF8AA-C9E2-4530-92A4-A670D1252616}
    2011-09-09 13:52:46 -------- d-----w- c:\users\damasry\appdata\local\{FC1A8392-9C24-44E8-9A1F-DA93895ED812}
    2011-09-09 13:52:35 -------- d-----w- c:\users\damasry\appdata\local\{F9A5B964-814C-4A1F-B129-F251AF32C383}
    2011-09-09 13:52:22 -------- d-----w- c:\users\damasry\appdata\local\{E333D15B-1454-440B-83D5-87A2CD1691FF}
    2011-09-09 13:52:11 -------- d-----w- c:\users\damasry\appdata\local\{C1A3793E-7F42-4377-A367-02D85A11389F}
    2011-09-09 01:51:43 -------- d-----w- c:\users\damasry\appdata\local\{90B708B4-B6DD-4ECA-B832-D17C86C5685F}
    2011-09-09 01:51:31 -------- d-----w- c:\users\damasry\appdata\local\{80F19241-356B-4B40-8490-97E983195BE4}
    2011-09-08 18:29:45 -------- d-----w- c:\users\damasry\appdata\local\{EF64DD9F-400F-46B8-B9C5-3C4FC24900EB}
    2011-09-08 18:29:34 -------- d-----w- c:\users\damasry\appdata\local\{5DB86779-183B-47E9-9799-224182FD0155}
    2011-09-08 06:29:06 -------- d-----w- c:\users\damasry\appdata\local\{53499E8F-D2C1-46B0-B1AE-5621ADBC0081}
    2011-09-08 06:28:51 -------- d-----w- c:\users\damasry\appdata\local\{2ABB1DCF-427D-47B8-BA2F-0F5D00217C20}
    2011-09-08 06:28:39 -------- d-----w- c:\users\damasry\appdata\local\{1C82E595-C318-4E37-B235-3C46637ADE4F}
    2011-09-08 06:28:23 -------- d-----w- c:\users\damasry\appdata\local\{69F9F9CF-8186-463E-9DEF-96EDCA9091B0}
    2011-09-07 14:00:50 -------- d-----w- c:\users\damasry\appdata\local\{D0170C19-1236-459D-B341-E536E282E35D}
    2011-09-07 14:00:38 -------- d-----w- c:\users\damasry\appdata\local\{8641A72E-C18A-4B08-8DA2-479389EEC4E4}
    2011-09-07 02:00:10 -------- d-----w- c:\users\damasry\appdata\local\{DBF02422-3BE2-439E-A9CF-BE178F4DE866}
    2011-09-07 01:59:58 -------- d-----w- c:\users\damasry\appdata\local\{7DC4642B-47EF-4671-9F0F-ED0BC6B3A292}
    2011-09-06 07:27:27 -------- d-----w- c:\users\damasry\appdata\local\{1B8F8917-AC6B-4356-B527-4D2CE93A3074}
    2011-09-06 07:27:15 -------- d-----w- c:\users\damasry\appdata\local\{A036D208-D7F9-4F38-BCC1-9802118CD72A}
    2011-09-06 07:27:04 -------- d-----w- c:\users\damasry\appdata\local\{4F21D148-45E9-4FE2-8043-26E81608B31E}
    2011-09-06 07:26:51 -------- d-----w- c:\users\damasry\appdata\local\{4006FE6F-24FA-43AD-87CE-A0D06E94EB36}
    2011-09-05 19:26:23 -------- d-----w- c:\users\damasry\appdata\local\{A0BD32A8-16EA-4887-A147-7EDDE5EC5032}
    2011-09-05 19:26:10 -------- d-----w- c:\users\damasry\appdata\local\{640C6A7F-5AFC-424B-A079-0D6240EFE009}
    2011-09-05 16:53:45 186281 ----a-w- c:\programdata\1315241385.bdinstall.bin
    2011-09-05 16:52:13 -------- d-----w- c:\users\damasry\appdata\roaming\Bitdefender
    2011-09-05 16:52:09 -------- d-----w- c:\programdata\Bitdefender
    2011-09-05 16:49:50 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
    2011-09-05 16:49:50 311248 ----a-w- c:\windows\system32\drivers\trufos.sys
    2011-09-05 16:45:45 15526 ----a-w- c:\programdata\1315241143.bdinstall.bin
    2011-09-05 16:45:15 15526 ----a-w- c:\programdata\1315241112.bdinstall.bin
    2011-09-05 16:44:52 158934 ----a-w- c:\programdata\1315239351.bdinstall.bin
    2011-09-05 16:13:33 15526 ----a-w- c:\programdata\1315239210.bdinstall.bin
    2011-09-05 16:13:12 129508 ----a-w- c:\programdata\1315238898.bdinstall.bin
    2011-09-05 07:25:43 -------- d-----w- c:\users\damasry\appdata\local\{302F9895-3372-4EF5-BB44-8E5E91F9CDFB}
    2011-09-05 07:25:32 -------- d-----w- c:\users\damasry\appdata\local\{B02E4036-E8F7-4F00-AD20-B44933501FD2}
    2011-09-05 07:25:20 -------- d-----w- c:\users\damasry\appdata\local\{B434F1B1-804B-476A-881C-E449D4734CAB}
    2011-09-05 07:25:09 -------- d-----w- c:\users\damasry\appdata\local\{8F8755CB-AFC7-413D-973E-719EC5476F75}
    2011-09-04 19:24:43 -------- d-----w- c:\users\damasry\appdata\local\{62640CBE-70F7-4AAF-8C55-C2427C085F18}
    2011-09-04 19:24:31 -------- d-----w- c:\users\damasry\appdata\local\{B90AE945-969B-4E96-91A0-3064FCD7A8B1}
    .
    ==================== Find3M ====================
    .
    2011-08-02 01:57:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
    2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
    2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-15 14:11:46 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
    2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    .
    ============= FINISH: 18:59:25.27 ===============



    Attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/22/2010 12:17:54 PM
    System Uptime: 10/4/2011 6:54:01 PM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | G31-S3L
    Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | Socket 775 | 2666/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 39 GiB total, 2.697 GiB free.
    D: is FIXED (NTFS) - 36 GiB total, 2.857 GiB free.
    E: is FIXED (NTFS) - 45 GiB total, 0.115 GiB free.
    F: is FIXED (NTFS) - 45 GiB total, 2.417 GiB free.
    G: is FIXED (NTFS) - 45 GiB total, 0.096 GiB free.
    H: is FIXED (NTFS) - 45 GiB total, 5.325 GiB free.
    I: is CDROM (CDFS)
    M: is FIXED (NTFS) - 45 GiB total, 1.254 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ACDSee Photo Manager 12
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Apple Application Support
    Apple Software Update
    AutoCAD 2007 - English
    Bitdefender Antivirus Plus 2012
    BitTorrent
    BitTorrentBar Toolbar
    BS.Player FREE
    Canon MP Navigator 3.1
    Canon MP140 series
    Catلlogo Eletrônico de Peças Chevrolet
    D3DX10
    DHTML Editing Component
    DivX Setup
    Driver Genius Professional Edition
    EASEUS Partition Master 6.5.2 Home Edition
    EasyCall 2008
    Easylink FaxLauncher Pro
    EatCam Webcam Recorder Pro 5.0
    ESET Online Scanner v3
    Feedback Tool
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    HiJackThis
    Hotspot Shield 1.57
    ImageShack Uploader 2.2.0
    Infix 4.08
    Internet Download Manager
    iWatermark 3.1.6 beta 1 (Feburary 2nd 2009)
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    magicJack
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Essentials
    Nitro PDF Professional
    PC Tools Internet Security
    PhotoImpact X3
    Picasa 3
    PowerISO
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Recuva
    SAMSUNG Mobile Modem Driver Set
    Samsung Mobile phone USB driver Drive Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio 3
    Skype™ 5.3
    SpyHunter
    Spyware Terminator 2012
    The Cleaner 2012
    U.S. Robotics 56K Faxmodem USB
    Ulead Photo Express 6
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2586924)
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.1.5
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinDriver Ghost Enterprise 2.06
    WinRAR archiver
    WorldUnlock Codes Calculator
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/29/2011 8:32:02 AM, Error: EventLog [6008] - The previous system shutdown at 12:40:25 AM on ‎9/‎29/‎2011 was unexpected.
    9/27/2011 8:21:44 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdselfpr sptd
    10/4/2011 9:34:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    10/4/2011 6:54:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    10/4/2011 6:54:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    10/4/2011 6:54:36 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/4/2011 6:54:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/4/2011 6:54:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/4/2011 6:54:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/4/2011 6:54:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/4/2011 6:54:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/4/2011 6:54:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/4/2011 6:54:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avc3 bdfwfpf bdselfpr BDVEDISK CSC DfsC discache NetBIOS NetBT nsiproxy pctgntdi PCTSD Psched rdbss SCDEmu spldr sptd sp_rsdrv2 StarOpen tdx Wanarpv6 WfpLwf ws2ifsl
    10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
    10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/4/2011 6:54:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/4/2011 6:52:29 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    10/4/2011 6:51:57 PM, Error: Service Control Manager [7016] - The BitDefender Virus Shield service has reported an invalid current state 14.
    10/4/2011 6:50:05 PM, Error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
    10/4/2011 12:23:49 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    .
    ==== End Of File ===========================


    ===============================================================



    please help!!!!!
     
  2. damasry

    damasry TS Rookie Topic Starter

    this is the log file i got from Malware bytes when it discovered the infected files from the begaining:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7792

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 9.0.8112.16421

    9/25/2011 8:43:02 AM
    mbam-log-2011-09-25 (08-43-02).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|M:\|)
    Objects scanned: 620404
    Time elapsed: 1 hour(s), 0 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 11

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    \AutoStart (Trojan.Agent) -> Value: AutoStart -> Quarantined and

    deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    e:\all programs\poweriso_4_4-bramjnet-dr.ahmed\Keygen\Keygen.exe

    (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
    e:\all programs\RECOVER\recover4all professional\R4all.exe

    (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    e:\all programs\recover4all pro 2.26\R4all.exe (RiskWare.Tool.CK)

    -> Quarantined and deleted successfully.
    h:\windows 7 ultimate (32 bit)\other windows 7 activation tools

    \remove windows activation technologies 2.2.6.exe

    (HackTool.Wpakill) -> Quarantined and deleted successfully.
    h:\windows 7 ultimate (32 bit)\other windows 7 activation tools

    \se7en activator v3.exe (RiskWare.Tool.CK) -> Quarantined and

    deleted successfully.
    h:\windows 7 ultimate (32 bit)\other windows 7 activation tools

    \windows 7 loader 1.7.9\windows 7 loader 1.7.9.0.exe

    (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    h:\windows 7 ultimate (32 bit)\other windows 7 activation tools

    \windows loader 1.9.3 (reccomended)\windows loader 1.9.3.exe

    (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
    h:\windows 7 ultimate (32 bit)\unique tools\remove windows

    genuine advantage notifications.exe (PUP.RemoveWGA) -> Not

    selected for removal.
    h:\windows 7 ultimate (32 bit)\windows 7 ultimate (32

    bit)\windows 7 activation (reccomended)\windows 7 activation.exe

    (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
    m:\Eper\new folder\eper50r\fiat_eper_tabletka.exe

    (Trojan.MultiDropper) -> Quarantined and deleted successfully.
    c:\programdata\common.data (Malware.Trace) -> Quarantined and

    deleted successfully.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot!

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Please keep in mind that whenever you use Notepad for a log, you must click on Format first> Uncheck Word Wrap. You second Mbam has WordWrap checked. It males it very hard to read the log. Note: you do not meed to post that same log again.
    =====================================
    I'd like you to run the following scans

    1. Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
    ====================================
    2. Please run the MGA Diagnostics tool
    • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
    • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
    • You must choose to Run this tool when prompted.
    • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
    • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
    • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
    • Please return to this thread and Paste the results here for review.
    ------------------------------------------
    This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

    1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
    2. Does it read "OEM Software" or "OEM Product" in black lettering?
    3. Or, does it have the computer manufacturer's name in black lettering?
    4. DO NOT post the Product Key.

    NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
    ====================================
    3. Download Security Check by screen317 from one of these links:
    Link1
    Link 2
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ===================================
     
  4. damasry

    damasry TS Rookie Topic Starter

    Thanks Bobbye for your reply.

    Please find the logs i got as per your instructions:

    CKScanner Log:

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\users\damasry\downloads\nitro.pdf.professional6.ocr.crack.zip
    c:\users\damasry\downloads\nitro.pdf.serial.keygen.zip
    scanner sequence 3.AA.11.MSAPTB
    ----- EOF -----

    =======================================================

    MGA Diagnostics tool Log:

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->

    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-*****-*****-*****
    Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
    Windows Product ID: 00426-OEM-8992662-00006
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.1.7600.2.00010100.0.0.001
    ID: {95B8CBFA-BDCD-4593-92C2-36D7ACACC995}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000000
    Build lab: 7600.win7_gdr.110622-1503
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 103 Blocked VLK
    Microsoft Office Enterprise 2007 - 103 Blocked VLK
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{95B8CBFA-BDCD-4593-92C2-36D7ACACC995}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-1374027771-2314446394-2333244112</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>G31-S3L</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F3</Version><SMBIOSVersion major="2" minor="4"/><Date>20071127000000.000000+000</Date></BIOS><HWID>99B83607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Egypt Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>GBT </OEMID><OEMTableID>GBTUACPI</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65517</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.1.7600.16385

    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
    Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00178-926-600006-02-1033-7600.0000-3562010
    Installation ID: 020004966696663700369116614582822423173293629341333396
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: HYRR2
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 10/5/2011 1:04:28 PM

    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: 0x00000000
    HealthStatus: 0x0000000000000000
    Event Time Stamp: 8:13:2011 12:02
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:


    HWID Data-->
    HWID Hash Current: LgAAAAEAAgABAAEAAAABAAAAAgABAAEAJJRIH4pKBuiqdsKt7Khk80qiWsPMMQ==

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20001
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC GBT GBTUACPI
    FACP GBT GBTUACPI
    HPET GBT GBTUACPI
    MCFG GBT GBTUACPI
    SLIC GBT GBTUACPI



    ==============================================================

    Security Check Log:

    Results of screen317's Security Check version 0.99.20
    Windows 7 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Disabled!
    ESET Online Scanner v3
    Bitdefender Antivirus Plus 2012
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    The Cleaner 2012
    Java(TM) 6 Update 26
    Out of date Java installed!
    Adobe Flash Player 10.3.181.26
    Mozilla Firefox (7.0.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ThreatFire TFService.exe
    Bitdefender Bitdefender 2012 vsserv.exe
    Bitdefender Bitdefender 2012 bdagent.exe
    Bitdefender Bitdefender 2012 updatesrv.exe
    ``````````End of Log````````````


    =====================================================

    Thanks for your quick reply.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You have pirated programs.
    c:\users\damasry\downloads\nitro.pdf.professional6.ocr.crack.zip
    c:\users\damasry\downloads\nitro.pdf.serial.keygen.zip
    --------
    Office is not genuine.
    OGA Data-->
    Office Status: 103 Blocked VLK
    Microsoft Office Enterprise 2007 - 103 Blocked VLK
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
    The report is telling us that you have a Non-Genuine installation of a Volume Licensing-only edition of Office XP Professional. Your installation was done with a now-blocked Volume Licensing Key (VLK).

    Volume Licensing editions of Office such as your installation of Office XP Professional are not to be sold to individual consumers, and are only to be sold to larger businesses, educational institutions, and governmental agencies who have a Volume License Agreement with Microsoft. These Volume Licenses should not be sold to consumers because they are not permanent licenses;
    ===============================
    It appears that you have also pirated the Windows Activation key.

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      
      :Files  
      e:\all programs\poweriso_4_4-bramjnet-dr.ahmed\Keygen\Keygen.exe
      e:\all programs\RECOVER\recover4all professional\R4all.exe 
      e:\all programs\recover4all pro 2.26\R4all.exe
      h:\windows 7 ultimate (32 bit)\other windows 7 activation tools\remove windows activation technologies 2.2.6.exe
      h:\windows 7 ultimate (32 bit)\other windows 7 activation tools\se7en activator v3.exe 
      h:\windows 7 ultimate (32 bit)\other windows 7 activation tools\windows 7 loader 1.7.9\windows 7 loader 1.7.9.0.exe 
      h:\windows 7 ultimate (32 bit)\other windows 7 activation tools\windows loader 1.9.3 (reccomended)\windows loader 1.9.3.exe
      h:\windows 7 ultimate (32 bit)\unique tools\remove windows genuine advantage notifications.exe 
      h:\windows 7 ultimate (32 bit)\windows 7 ultimate (32bit)\windows 7 activation (reccomended)\windows 7 activation.exe 
      m:\Eper\new folder\eper50r\fiat_eper_tabletka.exe
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log).
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ===============================
    In order to continue support, all pirated software will have to be removed.

    This thread is closed.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...