TechSpot

Spying

By ttecht
Sep 3, 2011
  1. i have to share some files with people from my office (transfer files from office pc to home pc by usb).i dont have any antivirus software installed on my pc.it occured to me someone from my office may have attached a virus to office files and monitoring my pc activities.I dont have any reason to believe so but just in case i will buy a new pc (since to my knowledge even formatting and antiviruses cant find some viruses) and use my old pc for office work.I have some questions

    1should i change my modem too in case someone is already tracking me and can continue tracking me using my modem even if i change my pc

    2should i change my internet membership in case someone can continue tracking me using my membership data

    3if someone is tracking me is there any other way they can continue tracking me after i changed my pc

    i am using cable internet

    thanks
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You are asking some impossible questions based on no information!

    First< I strongly suggest that your computer has been compromised and you can 'safely' assume it is a danger to your personal information.

    1. A cable modem connection is always connected.
    2. You have no antivirus on the system.
    3. You are using a flash drive to transfer files

    Next.

    1. Why don't you have an antivirus on the system?
    2. Worms, Trojans, et al can be transmitted via USB
    3. Before you pass another day, please do searches on the internet and get some idea of what is needed for a secure system.

    I can't answer the "should I" and the "could I" but it appears you have no basic knowledge of computer security, based on your questions. Whether malware can be removed from a system depends on what type of malware it is. Can you be "tracked" if you change the system? >>>>>>

    How would you be tracked if you have a different computer?>>>>>>

    If the system has been compromised and your passwords stolen and you financial information breached and you don't change the passwords and reset the finances, yes< not matter which PC you use, you are not safe.
     
  3. ttecht

    ttecht TS Rookie Topic Starter

    i didnt enter any important passwords.My main concern is the possibility of someone monitoring my browsing activities keystrokes etc.i did some research as you said and i will install an antivirus and firewall.but i want to make sure my pc is %100 virus free.

    i take it that buying a new pc , modem and changing my isp save me from existent viruses.but instead of buying a new pc will buying a new hard disk makes my pc %100 virus free?I remember reading about bios viruses.which parts of pc can get infected?someone told me if i format both c and d i will be %100 virus free is that true?if i change my pc(of hard disk) , modem , ip and install antivirus ,firewall will someone previously monitoring me still be able to do so?
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I answered you last paragraph previously:
    You are asking 'what if' or 'could they' theoretical questions that cannot be answered now. I have no information about your system and what's on it. It is reasonable to assume that without any security, it has probably been compromised.
    ========================================
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      Clean the temporary internet files often:
      [o] Temporary File Cleaner
      [o] ATF Cleaner by Atribune
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.
    =======================================

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ==================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  5. ttecht

    ttecht TS Rookie Topic Starter

    Here are the logs.I formatted c recently.As additional info I cannot change system clock and when i try to start in safe mode the screen goes blue and immediately restarts but works fine in normal mode .Thanks
     
  6. ttecht

    ttecht TS Rookie Topic Starter

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7695

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11.09.2011 23:38:42
    mbam-log-2011-09-11 (23-38-35).txt

    Scan type: Quick scan
    Objects scanned: 179620
    Time elapsed: 4 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-11 23:53:32
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\0000006a FUJITSU_MHY2080BH rev.0000000B
    Running: bsp2qwgn.exe; Driver: C:\DOCUME~1\fklrszd\LOCALS~1\Temp\kfrdafog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF4204D5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF4204BC5]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \FileSystem\Ntfs \Ntfs HFXP2.SYS (Hide Folders XP driver (for Win32)/FSPro Labs)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by fklrszd at 23:56:30 on 2011-09-11
    Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.383.179 [GMT 3:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: AVG Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.tr/
    mWinlogon: SfcDisable=-99 (0xffffff9d)
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [DriverMax]
    uRun: [DriverMax_RESTART]
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [VMSnap5] c:\windows\VMSnap5.EXE
    mRun: [Domino] c:\windows\Domino.EXE
    mRun: [BigDog305] c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Desktop Lock] c:\progra~1\deskto~1\TLDL.EXE /Boot
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    TCP: Interfaces\{19783D77-7045-44FA-A140-5E6448EC3662} : DhcpNameServer = 62.248.80.162 62.248.80.161
    Notify: DfLogon - LogonDll.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2011-2-25 160792]
    R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [2011-9-1 17264]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-11 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-11 320856]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-11 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-11 44768]
    R2 DFServ;DFServ;c:\program files\faronics\deep freeze\install c-0\DFServ.exe [2011-2-25 1075200]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-11 366640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-11 22712]
    R3 ZSMC0305;Shiny SH2166 webcam;c:\windows\system32\drivers\usbVM305.sys [2011-8-24 391737]
    S3 WMI_MFC_TPSHOKER_80;WMI_MFC_TPSHOKER_80;\??\c:\windows\system32\drivers\mmlkg.sys --> c:\windows\system32\drivers\mmlkg.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-09-11 20:10:26 -------- d-----w- c:\program files\Desktop Lock
    2011-09-11 20:10:26 -------- d-----w- c:\documents and settings\fklrszd\application data\TopLang
    2011-09-11 20:10:26 -------- d-----w- c:\documents and settings\all users\application data\TopLang
    2011-09-11 19:50:08 -------- d-----w- c:\documents and settings\all users\application data\Montpellier-Informatique
    2011-09-11 17:27:42 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-11 17:27:06 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-11 17:26:55 -------- d-----w- c:\program files\AVAST Software
    2011-09-11 17:26:55 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2011-09-11 17:02:33 -------- d-----w- c:\documents and settings\fklrszd\application data\Malwarebytes
    2011-09-11 17:02:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-11 17:02:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-09-11 17:02:24 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-11 17:02:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-08-31 23:16:16 17264 ----a-w- c:\windows\system32\drivers\hfxp2.sys
    2011-08-31 23:16:15 -------- d-----w- c:\program files\Hide Folders XP 2
    2011-08-26 12:02:22 -------- d-----w- c:\documents and settings\fklrszd\local settings\application data\NPE
    2011-08-26 11:26:39 -------- d-----w- c:\documents and settings\fklrszd\application data\Symantec
    2011-08-26 11:07:36 -------- d-----w- c:\documents and settings\all users\application data\Norton
    2011-08-26 09:35:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-25 17:31:30 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
    2011-08-25 00:46:08 16336548 ------w- C:\Persi0.sys
    2011-08-25 00:46:04 65536 ----a-w- c:\windows\system32\LogonDll.dll
    2011-08-24 23:38:03 -------- d-----w- c:\program files\Faronics
    2011-08-24 18:12:30 -------- d-----w- c:\program files\webcamXP
    2011-08-24 17:18:44 -------- d-----w- c:\program files\webcamXP2
    2011-08-24 17:16:22 -------- d-----w- c:\documents and settings\fklrszd\local settings\application data\webcamXP 5
    2011-08-24 17:11:08 -------- d-----w- c:\windows\system32\appmgmt
    2011-08-24 16:56:06 -------- d-----w- c:\documents and settings\all users\application data\webcamXP 5
    2011-08-24 16:50:56 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
    2011-08-24 16:50:49 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
    2011-08-24 16:50:46 16384 ----a-w- c:\windows\system32\ipsink.ax
    2011-08-24 16:50:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
    2011-08-24 16:50:44 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
    2011-08-24 16:50:43 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
    2011-08-24 16:50:40 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
    2011-08-24 16:50:38 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
    2011-08-24 16:50:10 114688 ----a-r- c:\windows\VM305Cap.exe
    2011-08-24 16:49:21 176128 ----a-r- c:\windows\amcap.exe
    2011-08-24 16:49:20 81920 ----a-r- c:\windows\system32\VM305STI.dll
    2011-08-24 16:49:20 391737 ----a-r- c:\windows\system32\drivers\usbVM305.sys
    2011-08-24 16:49:20 208982 ----a-r- c:\windows\system32\VM305Prp.Ax
    2011-08-24 16:49:13 54272 ----a-w- c:\windows\system32\vfwwdm32.dll
    2011-08-24 16:49:13 28672 ----a-w- c:\windows\system32\vidcap.ax
    2011-08-24 16:49:12 91136 ----a-w- c:\windows\system32\kswdmcap.ax
    2011-08-24 16:49:12 61952 ----a-w- c:\windows\system32\kstvtune.ax
    2011-08-24 16:49:12 43008 ----a-w- c:\windows\system32\ksxbar.ax
    2011-08-24 14:21:48 -------- d-----w- c:\documents and settings\fklrszd\application data\AVG10
    2011-08-24 14:17:47 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-08-24 14:17:47 -------- d-----w- c:\documents and settings\all users\application data\AVG10
    2011-08-24 14:17:22 -------- d-----w- c:\program files\AVG
    2011-08-24 13:54:23 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2011-08-24 13:54:09 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-08-24 12:33:33 -------- d-----w- c:\windows\ie8updates
    2011-08-24 12:28:47 361600 ------w- c:\windows\system32\dllcache\tcpip.sys
    2011-08-24 12:28:47 245760 ------w- c:\windows\system32\dllcache\mswsock.dll
    2011-08-24 12:28:47 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
    2011-08-24 12:28:07 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2011-08-24 12:28:07 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2011-08-24 12:27:19 457856 ------w- c:\windows\system32\dllcache\mrxsmb.sys
    2011-08-24 12:27:05 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2011-08-24 12:26:35 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2011-08-24 12:23:39 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2011-08-24 12:23:11 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2011-08-24 12:22:34 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
    2011-08-24 12:22:34 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
    2011-08-24 12:21:26 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys
    2011-08-24 12:21:17 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2011-08-24 12:21:06 1447424 ------w- c:\windows\system32\dllcache\msxml6.dll
    2011-08-24 12:21:06 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
    2011-08-24 12:17:59 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2011-08-24 12:17:27 692736 ------w- c:\windows\system32\dllcache\inetcomm.dll
    2011-08-24 12:17:12 726528 ------w- c:\windows\system32\dllcache\jscript.dll
    2011-08-24 12:17:12 420864 ------w- c:\windows\system32\dllcache\vbscript.dll
    2011-08-24 12:16:38 758784 ------w- c:\windows\system32\dllcache\vgx.dll
    2011-08-24 12:16:11 713728 ------w- c:\windows\system32\dllcache\ntdll.dll
    2011-08-24 12:16:11 2029056 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
    2011-08-24 12:16:10 2194688 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
    2011-08-24 12:16:10 2150912 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2011-08-24 12:13:04 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
    2011-08-24 12:12:47 45568 ------w- c:\windows\system32\dllcache\wab.exe
    2011-08-24 12:12:41 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
    2011-08-24 12:12:41 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    .
    ==================== Find3M ====================
    .
    2011-08-24 14:46:07 86016 ----a-w- c:\windows\SOUNDMAN.EXE
    2011-08-24 14:44:29 2808832 ----a-w- c:\windows\ALCWZRD.EXE
    2011-08-24 14:28:04 45056 ----a-w- c:\windows\system32\shmgrate.exe
    2011-08-24 14:28:01 16261632 ----a-w- c:\windows\RTHDCPL.EXE
    2011-08-24 14:27:56 69632 ----a-w- c:\windows\ALCMTR.EXE
    2011-07-15 13:29:35 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-24 14:10:47 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2011-06-23 18:29:00 919552 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:28:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:28:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:21:10 385024 ----a-w- c:\windows\system32\html.iec
    2011-06-20 17:44:47 293376 ----a-w- c:\windows\system32\winsrv.dll
    .
    ============= FINISH: 23:57:12,67 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24.08.2011 06:50:11
    System Uptime: 11.09.2011 23:43:08 (0 hours ago)
    .
    Motherboard: MSI | | MS-1326X
    Processor: Mobile AMD Sempron(tm) Processor 3600+ | CPU 1 | 2009/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 36 GiB total, 32,241 GiB free.
    D: is FIXED (NTFS) - 38 GiB total, 15,354 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Agere Systems HDA Modem v6081
    avast! Free Antivirus
    AVG 2011
    Desktop Lock 7.3
    Driver Genius Professional Edition
    DriverMax 5
    HFSLIP Total Slipstream (v1.7.9_beta_d, build 81223)
    Hide Folders XP 2.9.8 for Windows XP/Vista
    Hotfix for Windows XP (KB954550-v5)
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft .NET Framework 1.1 SP1
    Microsoft .NET Framework 1.1 SP1 Türkçe Dil Paketi
    Microsoft .NET Framework 2.0 SP2
    Microsoft .NET Framework 2.0 SP2 Türkçe Dil Paketi
    Microsoft .NET Framework 3.0 SP2
    Microsoft .NET Framework 3.0 SP2 Türkçe Dil Paketi
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1 Türkçe Dil Paketi
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    NVIDIA Drivers
    Realtek High Definition Audio Driver
    webcamXP 2008
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2510531)
    Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2544521)
    Windows Internet Explorer 8 için Güvenlik Güncelleştirmesi (KB2559049)
    Windows Media Player (KB2378111) için Güvenlik Güncelleştirmesi
    Windows Media Player (KB954155) için Güvenlik Güncelleştirmesi
    Windows Media Player (KB975558) için Güvenlik Güncelleştirmesi
    Windows Media Player (KB978695) için Güvenlik Güncelleştirmesi
    Windows XP için Düzeltme (KB2570791)
    Windows XP için Güncelleştirme (KB2541763)
    Windows XP için Güncelleştirme (KB955759)
    Windows XP için Güncelleştirme (KB971029)
    Windows XP için Güncelleştirme (KB971737)
    Windows XP için Güncelleştirme (KB973687)
    Windows XP için Güvenlik Güncelleştirmesi (KB2079403)
    Windows XP için Güvenlik Güncelleştirmesi (KB2115168)
    Windows XP için Güvenlik Güncelleştirmesi (KB2229593)
    Windows XP için Güvenlik Güncelleştirmesi (KB2296011)
    Windows XP için Güvenlik Güncelleştirmesi (KB2347290)
    Windows XP için Güvenlik Güncelleştirmesi (KB2360937)
    Windows XP için Güvenlik Güncelleştirmesi (KB2387149)
    Windows XP için Güvenlik Güncelleştirmesi (KB2393802)
    Windows XP için Güvenlik Güncelleştirmesi (KB2412687)
    Windows XP için Güvenlik Güncelleştirmesi (KB2419632)
    Windows XP için Güvenlik Güncelleştirmesi (KB2423089)
    Windows XP için Güvenlik Güncelleştirmesi (KB2440591)
    Windows XP için Güvenlik Güncelleştirmesi (KB2443105)
    Windows XP için Güvenlik Güncelleştirmesi (KB2476490)
    Windows XP için Güvenlik Güncelleştirmesi (KB2478960)
    Windows XP için Güvenlik Güncelleştirmesi (KB2478971)
    Windows XP için Güvenlik Güncelleştirmesi (KB2479943)
    Windows XP için Güvenlik Güncelleştirmesi (KB2483185)
    Windows XP için Güvenlik Güncelleştirmesi (KB2485663)
    Windows XP için Güvenlik Güncelleştirmesi (KB2503665)
    Windows XP için Güvenlik Güncelleştirmesi (KB2506212)
    Windows XP için Güvenlik Güncelleştirmesi (KB2507618)
    Windows XP için Güvenlik Güncelleştirmesi (KB2507938)
    Windows XP için Güvenlik Güncelleştirmesi (KB2508272)
    Windows XP için Güvenlik Güncelleştirmesi (KB2508429)
    Windows XP için Güvenlik Güncelleştirmesi (KB2509553)
    Windows XP için Güvenlik Güncelleştirmesi (KB2524375)
    Windows XP için Güvenlik Güncelleştirmesi (KB2535512)
    Windows XP için Güvenlik Güncelleştirmesi (KB2536276-v2)
    Windows XP için Güvenlik Güncelleştirmesi (KB2544893)
    Windows XP için Güvenlik Güncelleştirmesi (KB2555917)
    Windows XP için Güvenlik Güncelleştirmesi (KB2562937)
    Windows XP için Güvenlik Güncelleştirmesi (KB2566454)
    Windows XP için Güvenlik Güncelleştirmesi (KB2567680)
    Windows XP için Güvenlik Güncelleştirmesi (KB2570222)
    Windows XP için Güvenlik Güncelleştirmesi (KB923789)
    Windows XP için Güvenlik Güncelleştirmesi (KB969059)
    Windows XP için Güvenlik Güncelleştirmesi (KB970430)
    Windows XP için Güvenlik Güncelleştirmesi (KB972270)
    Windows XP için Güvenlik Güncelleştirmesi (KB973904)
    Windows XP için Güvenlik Güncelleştirmesi (KB974112)
    Windows XP için Güvenlik Güncelleştirmesi (KB974318)
    Windows XP için Güvenlik Güncelleştirmesi (KB974392)
    Windows XP için Güvenlik Güncelleştirmesi (KB974571)
    Windows XP için Güvenlik Güncelleştirmesi (KB975025)
    Windows XP için Güvenlik Güncelleştirmesi (KB975467)
    Windows XP için Güvenlik Güncelleştirmesi (KB975562)
    Windows XP için Güvenlik Güncelleştirmesi (KB975713)
    Windows XP için Güvenlik Güncelleştirmesi (KB977816)
    Windows XP için Güvenlik Güncelleştirmesi (KB977914)
    Windows XP için Güvenlik Güncelleştirmesi (KB978338)
    Windows XP için Güvenlik Güncelleştirmesi (KB978542)
    Windows XP için Güvenlik Güncelleştirmesi (KB978601)
    Windows XP için Güvenlik Güncelleştirmesi (KB978706)
    Windows XP için Güvenlik Güncelleştirmesi (KB979309)
    Windows XP için Güvenlik Güncelleştirmesi (KB979482)
    Windows XP için Güvenlik Güncelleştirmesi (KB979687)
    Windows XP için Güvenlik Güncelleştirmesi (KB980436)
    Windows XP için Güvenlik Güncelleştirmesi (KB981322)
    Windows XP için Güvenlik Güncelleştirmesi (KB981997)
    Windows XP için Güvenlik Güncelleştirmesi (KB982132)
    Windows XP için Güvenlik Güncelleştirmesi (KB982665)
    WinRAR 4.01 (32-bit)
    XML Paper Specification Shared Components Language Pack 1.0
    .
    ==== End Of File ===========================
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    It appears that you may have a file infector from the Sality family on the system.

    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ============================================
    You will need to remove AVG to run Combofix:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ===========================================
    Download Security Check by screen317 from one of these links:
    Link1
    Link 2
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  8. ttecht

    ttecht TS Rookie Topic Starter

    AppRemover couldn't find AVG.I uninstalled it previously but there is a folder named AVG.Inside this folder there are avgcorex.dll avgcremx and notification files.Here are my logs
     
  9. ttecht

    ttecht TS Rookie Topic Starter

    Eset:

    C:\Documents and Settings\fklrszd\Desktop\cnet_wrar401_exe.exe a variant of Win32/InstallCore.C application
     
  10. ttecht

    ttecht TS Rookie Topic Starter

    ComboFix 11-09-19.01 - fklrszd 19.09.2011 14:44:39.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.383.144 [GMT 3:00]
    Running from: c:\documents and settings\fklrszd\Desktop\ComboFix.exe
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\mmc.exe . . . is infected!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-13 20:09 . 2011-09-13 20:09 -------- d-----w- C:\c816ea9bd733ed30bf
    2011-08-25 00:46 . 2011-08-25 00:46 16336548 ------w- C:\Persi0.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-24 14:28 . 2008-04-15 12:00 45056 ----a-w- c:\windows\system32\shmgrate.exe
    2011-07-15 13:29 . 2009-09-30 00:17 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02 . 2008-04-15 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-06-23 18:29 . 2009-09-30 00:26 919552 ----a-w- c:\windows\system32\wininet.dll
    2011-06-23 18:28 . 2009-09-30 00:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-23 18:28 . 2009-09-30 00:26 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-23 12:21 . 2009-09-30 00:26 385024 ----a-w- c:\windows\system32\html.iec
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-09-30 . E47D77A2F5D64974D9B6724552EB44AD . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-15 110592]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-09-09 88203]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    "Desktop Lock"="c:\progra~1\DESKTO~1\TLDL.EXE" [2011-08-24 200704]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
    2011-02-25 14:33 65536 ----a-w- c:\windows\system32\LogonDll.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /k:C /k:D *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\RTHDCPL.EXE"=
    "c:\\Program Files\\webcamXP 5\\wLite.exe"=
    "c:\\Program Files\\webcamXP 5\\wService.exe"=
    .
    R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [25.02.2011 17:36 160792]
    R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [01.09.2011 02:16 17264]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 19:27 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13.07.2011 00:55 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12.08.2011 02:38 116608]
    R2 DFServ;DFServ;c:\program files\Faronics\Deep Freeze\Install C-0\DFServ.exe [25.02.2011 17:27 1075200]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11.09.2011 20:02 366640]
    R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [04.03.2011 11:39 584488]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.09.2011 20:02 22712]
    S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
    S3 WMI_MFC_TPSHOKER_80;WMI_MFC_TPSHOKER_80;\??\c:\windows\system32\drivers\mmlkg.sys --> c:\windows\system32\drivers\mmlkg.sys [?]
    S3 wxpSvc;webcamXP Service;c:\program files\webcamXP 5\wService.exe [27.07.2011 22:58 5023744]
    S3 ZSMC0305;Shiny SH2166 webcam;c:\windows\system32\drivers\usbVM305.sys [24.08.2011 19:49 391737]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-19 c:\windows\Tasks\User_Feed_Synchronization-{88456747-37B8-4CD3-8DC8-CCC2802DEB07}.job
    - c:\windows\system32\msfeedssync.exe [2009-09-30 00:27]
    .
    2011-09-19 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2011-08-24 19:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.tr/
    TCP: DhcpNameServer = 62.248.80.162 62.248.80.161
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-BigDog305 - c:\windows\VM305_STI.EXE
    AddRemove-wLite - c:\program files\webcamXP 5\wl-uninst.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-19 14:49
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wxpSvc]
    "ImagePath"="c:\program files\webcamXP 5\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\5.tmp"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(868)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\LogonDll.dll
    .
    - - - - - - - > 'explorer.exe'(3084)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\wpdshserviceobj.dll
    c:\windows\system32\portabledevicetypes.dll
    c:\windows\system32\portabledeviceapi.dll
    .
    Completion time: 2011-09-19 14:51:38
    ComboFix-quarantined-files.txt 2011-09-19 11:51
    ComboFix2.txt 2011-09-12 20:04
    .
    Pre-Run: 33.836.236.800 bayt boş
    Post-Run: 34.193.924.096 bayt boş
    .
    - - End Of File - - 46189A9CD274292EC026527DB672995E
     
  11. ttecht

    ttecht TS Rookie Topic Starter

    Check up:

    Results of screen317's Security Check version 0.99.18
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    AVG 2011
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 27
    Adobe Flash Player
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    ``````````End of Log````````````
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    As I said before, you have basically no security on this system.

    Please run the MGA Diagnostics tool
    • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
    • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
    • You must choose to Run this tool when prompted.
    • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
    • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
    • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
    • Please return to this thread and Paste the results here for review.

    This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). I
    NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
     
  13. ttecht

    ttecht TS Rookie Topic Starter

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-BDWVG-33T78-VFDFQ
    Windows Product Key Hash: p9eZJx1iExhjAzRVpNDOWPnpXEg=
    Windows Product ID: 76407-640-9245215-23007
    Windows Product ID Type: 1
    Windows License Type: Volume
    Windows OS version: 5.1.2600.2.00010100.3.0.pro
    ID: {3E0C6079-A1D3-4E6F-9605-F01A20706AB1}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->
    File Mismatch: C:\WINDOWS\system32\syssetup.dll[5.1.2600.5512], Hr = 0x800b0100

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{3E0C6079-A1D3-4E6F-9605-F01A20706AB1}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VFDFQ</PKey><PID>76407-640-9245215-23007</PID><PIDType>1</PIDType><SID>S-1-5-21-1844237615-1214440339-682003330</SID><SYSTEM><Manufacturer>Micro-Star International</Manufacturer><Model>VR330</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>A1326NMS V1.05</Version><SMBIOSVersion major="2" minor="5"/><Date>20070705000000.000000+000</Date></BIOS><HWID>1E3235E70184C05C</HWID><UserLCID>041F</UserLCID><SystemLCID>041F</SystemLCID><TimeZone>GTB Standart Saati(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 1E840:MICRO-STAR INTERNATIONAL CO., LTD
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    ALL passwords are important because they get you or someone else into where the password is set for- just getting into your system my be all they want.

    The bottom line on your 'can someone track me' question is simply this:
    If you don't put security on your system, you leave it open to viruses, Trojans, worms, key loggers, PUP, pests Script, and on and on.

    You have an AV only and it may not be working. See my Reply #4- I left you a list of security trips. I suggest you use as many as you can. To the best of my knowledge, AVG doesn't have a free- standing firewall.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...