New
#61
Code:Diagnostic Report (1.9.0027.0): ----------------------------------------- Windows Validation Data--> Validation Code: 0 Cached Online Validation Code: N/A, hr = 0x800706be Windows Product Key: *****-*****-X92GV-V7DCV-P4K27 Windows Product Key Hash: aU2z1/fnhnLHmhBm699qYZT2E6s= Windows Product ID: 00426-OEM-8992662-00400 Windows Product ID Type: 2 Windows License Type: OEM SLP Windows OS version: 6.1.7601.2.00010100.1.0.001 ID: {D0E80BA7-BFB9-4131-9FE8-40E581F8BDC2}(1) Is Admin: Yes TestCab: 0x0 LegitcheckControl ActiveX: N/A, hr = 0x80070002 Signed By: N/A, hr = 0x80070002 Product Name: Windows 7 Ultimate Architecture: 0x00000000 Build lab: 7601.win7sp1_gdr.130104-1431 TTS Error: Validation Diagnostic: Resolution Status: N/A Vista WgaER Data--> ThreatID(s): N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 Windows XP Notifications Data--> Cached Result: N/A, hr = 0x80070002 File Exists: No Version: N/A, hr = 0x80070002 WgaTray.exe Signed By: N/A, hr = 0x80070002 WgaLogon.dll Signed By: N/A, hr = 0x80070002 OGA Notifications Data--> Cached Result: N/A, hr = 0x80070002 Version: N/A, hr = 0x80070002 OGAExec.exe Signed By: N/A, hr = 0x80070002 OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data--> Office Status: 109 N/A OGA Version: N/A, 0x80070002 Signed By: N/A, hr = 0x80070002 Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3 Browser Data--> Proxy settings: N/A User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32) Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe Download signed ActiveX controls: Prompt Download unsigned ActiveX controls: Disabled Run ActiveX controls and plug-ins: Allowed Initialize and script ActiveX controls not marked as safe: Disabled Allow scripting of Internet Explorer Webbrowser control: Disabled Active scripting: Allowed Script ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data--> Office Details: <GenuineResults><MachineData><UGUID>{D0E80BA7-BFB9-4131-9FE8-40E581F8BDC2}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-P4K27</PKey><PID>00426-OEM-8992662-00400</PID><PIDType>2</PIDType><SID>S-1-5-21-659727603-1867771639-4004724754</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron N4030</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A07</Version><SMBIOSVersion major="2" minor="6"/><Date>20110323000000.000000+000</Date></BIOS><HWID>E6853707018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>India Standard Time(GMT+05:30)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>WN09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> Spsys.log Content: 0x80070002 Licensing Data--> Software licensing service version: 6.1.7601.17514 Name: Windows(R) 7, Ultimate edition Description: Windows Operating System - Windows(R) 7, OEM_SLP channel Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8 Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f Extended PID: 00426-00178-926-600400-02-1033-7600.0000-0462013 Installation ID: 016136374711054802825014496172259365469570657611581023 Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338 Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339 Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341 Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340 Partial Product Key: P4K27 License Status: Licensed Remaining Windows rearm count: 4 Trusted time: 4/11/2013 12:05:15 AM Windows Activation Technologies--> HrOffline: 0x00000000 HrOnline: 0x00000000 HealthStatus: 0x0000000000000000 Event Time Stamp: 2:26:2013 12:48 ActiveX: Registered, Version: 7.1.7600.16395 Admin Service: Registered, Version: 7.1.7600.16395 HealthStatus Bitmask Output: HWID Data--> HWID Hash Current: LAAAAAEAAQABAAEAAAABAAAAAgABAAEAJJTWnnTcqFXg9fxc3J64qU4CXF0= OEM Activation 1.0 Data--> N/A OEM Activation 2.0 Data--> BIOS valid for OA 2.0: yes Windows marker version: 0x20001 OEMID and OEMTableID Consistent: yes BIOS Information: ACPI Table Name OEMID Value OEMTableID Value APIC DELL WN09 FACP DELL WN09 HPET DELL WN09 MCFG DELL WN09 SSDT AMICPU PROC SLIC DELL WN09 OSFR DELL M08
gopu2013,
On Post # 57...
When a user installs Windows Genuine Advantage, an Internet Explorer add-on is installed and used.
Do not believe this would work with Chrome.
However, please do the following:
Download WVCheck from Artellos.com
- Double click: WVCheck.exe
- As indicated by the prompt, this program can take a while depending on your hard drive space.
- Once the program is done, please provide the results in your reply.
Also, in your initial post you mention:
As far as actions with Quarantined files - did you delete the files, or are the files still located in Quarantine?...ran kaspersky and found a trojan named backdoor
kaspersky deleted certain files...
Quarantine location for Windows 7:
◦%ALLUSERSPROFILE%\Kaspersky Lab\AVP13\QB
In order to open the folder, do the following:
1.Open: Windows Explorer
2.In the Address bar paste the folder address.
3.Press: Enter
If there are files in Quarantine, please capture the image of what is in there, or, if there is an option for a report, preferably, provide it.
i used to scan malwareebytes everyday hoping i would end up catching some files....2day i was lucky enuf
here s d log file of malwarebytes scan
found two programs....i dint delete it yet
wanted to share dis wit u guys and get suggestions before i go ahead
gopu2013,
Please proceed with Post #57, and running Windows Genuine Advantage using Chrome. See if it works, and provide the results.
Also, run WVCheck from Artellos.com (Post #64), and also provide the results.
On:
Those items are contained in the TDSSKiller Quarantine, so they can do no harm. Let them be for now. TDSSKiller created those, however, in normal Windows TDSSKiller refuses to run.Files Detected: 2
c:\tdsskiller_quarantine\10.04.2013_00.42.09\tdlfs0000\tsk0005.dta (Rootkit.Agent) -> No action taken.
c:\tdsskiller_quarantine\10.04.2013_00.42.09\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> No action taken.
After you present the reports indicated above, they get analyzed, and if all is well, have a program for you to run and address issues which preclude programs from running.
Wouldn't gopu have Internet Explorer installed as the default browser? It should already be there: C:\Program Files (x86)\Internet Explorer
I would like to thank Noel, and Jacee for pitchin' in to help figure this out.
For cb, since gopu fixed his report with the code box, Thank you gopu!
I'm thinking the only other post I see might be your #45
If you could place this part of your post, into a code box, let's see what happens:
Code:When done, please post its new report to see if it states that a locked service was found. ================================================================================ 2013/04/09 10:10:28.0859 Scan finished 2013/04/09 10:10:28.0859 ================================================================================ 2013/04/09 10:10:28.0875 Detected object count: 1 2013/04/09 10:10:41.0250 Locked service(xxxxxxx) - User select action: Skip (xxxxxxx = random name) 2013/04/09 10:10:52.0937