PDA

View Full Version : XP illegal copy



tylden
15-06-2007, 09:27 AM
After a couple of years with this desktop MS tells me I've got an illegal copy of XP, and it's telling me so often it's becoming a nuisance. Since it started this a few months back, the machines getting slower and slower, and occasionally just locks up, cursor won't move etc. and I have to reboot when it may run for a few minutes or for hours.
I don't want to spend money on getting a legal copy (the guy who built it admits he recopied his own XP disc) as I'll get a new machine with Vista as soon as the funds run to it. Could the MS interference have anything to do with my problems, and can I get rid of this without going into the scary bits of the works?
I'm reluctantly attaching a Highjack scan, which means absolutely nothing to me. Would some kind person help me, please

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:12:04, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Bob\Desktop\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [b9] C:\Program Files\Firetrust\Benign\B9.exe /minimize
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: offline - https://static.ir.dgi.minefi.gouv.fr/secure/installation/offline/ie4n4/offline.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/058b9ef87241b5e86216/netzip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165945806285
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: LEC TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8995 bytes

Billy T
15-06-2007, 10:33 AM
No. 5 on this list (http://pressf1.pcworld.co.nz/showthread.php?t=52243) may steer you in the right direction.

Cheers

Billy 8-{)

PinoyKiw
15-06-2007, 11:19 AM
You are in a pickle.........

As Speedy has correctly pointed out, be very unlikely that any one here will assiast you in making a copy of XP "legal".

But you may have some recourse via MS NZ. At one time Microsoft for a small fee, I heard $50, would exchange or something a illegial copy of Windows for the genuine version. I don't know the details as it is now just a foggy memory like brerakfast was this morning.......thats another story.

And whether that offer would still be valid with Vista now being pushed as the greatest thing since sliced bread.....

If your system was built by someone who does this sort of thing as a job or part time job, am sure MS would be keen to know about the supplier. And if you bought the system in good faith there may be some recourse.

Am sure that MS would be keen to know the details of anyone making and selling copies of there software for that matter.

Of course if you knowlingly entered into a arrangement that you would be "purchasing" a illegial copy of Windows, then MS is not likely to give you much support for good reason.

Poppa John
15-06-2007, 11:41 AM
If the supplier is still in business, go back there. Surely they would rather replace your OS, rather than you report it to MS in Auckland??? PJ

racepics
15-06-2007, 01:25 PM
M$ will allow you to make your illegal copy of XP legit online by paying them $NZ281.00
I know cause I did this for a guy just the other day.
Just click on the nag message and follow the prompts.. (they also post you a genuine CD )

OR - ever thought of using Linux?

beeswax34
15-06-2007, 01:46 PM
If its going to cost $281 then you might as well get Vista and then install it on this machine and use it for the new computer as well.

pctek
15-06-2007, 02:36 PM
After a couple of years with this desktop MS tells me I've got an illegal copy of XP, and it's telling me so often it's becoming a nuisance. Since it started this a few months back, the machines getting slower and slower, and occasionally just locks up, cursor won't move etc. and I have to reboot when it may run for a few minutes or for hours.

Could the MS interference have anything to do with my problems,


No.


Just clutter and possible malware would affect it like that.
MS will just nag you, not cause it to slow down.

Greg
15-06-2007, 02:50 PM
you might as well get Vista and then install it on this machine and use it for the new computer as well.Or you might as well shoot yourself. (Someone else also named Greg may be able to help you there).

george12
15-06-2007, 04:21 PM
No. 5 on this list (http://pressf1.pcworld.co.nz/showthread.php?t=52243) may steer you in the right direction.

Cheers

Billy 8-{)

The poor guy isn't asking anybody to help him do anything illegal. He wants us to help him get rid of malware and get his computer running faster.

Billy T
15-06-2007, 04:59 PM
The poor guy isn't asking anybody to help him do anything illegal. He wants us to help him get rid of malware and get his computer running faster.
No he's not George, he admits his OS is pirated and has known that for some time, but first and foremost he is asking for help to stop Microsoft nagging him. That he thinks it is in-part the MS nagging that is slowing his computer down is irrelevant. Read his post very carefully. I did that before I replied.

It is outside the rules of PF1 to help somebody get pirated software operating. It is not a "no fault of his own" situation, he has other remedies available that don't include restoring a pirated OS.

I note that no other members have fallen for his story.

Cheers

Billy 8-{)

wratterus
15-06-2007, 05:05 PM
just for the record, the M$ WGA software DOES slow down your pc if theres a problem and it's telling you about it. I have seen PCs speed up quite a bit after sorting WGA issues, but by no means is that his whole problem...WGA doesn't make a huge difference.:cool: I would simply recommend running all the usuaull porgrams through ( the ones in speedy's sig for example) and seeing what difference that makes. also check in msconfig that there isn't heaps of programs runnig themselves on startup.

Rayman
15-06-2007, 07:57 PM
To get rid of the annoying popup telling you that your version of windows is not genurine, Download the program called "Autoruns" From www.sysinternals.com. Select the tab called winlogon and deselect the item called wgalogon and reboot your pc. You should never see it again. You can download windows updates as normal.

tylden
16-06-2007, 06:48 AM
Thanks for all your help. I should, perhaps, have pointed out that I originally tried to go legal, but my attempts to pay on line just didn't work - bear in mind this is Microsoft we're talking about. As to buying a copy of Vista, when I buy a new machine it will be already loaded, so I'd have to pay twice if I did that.
All I wanted to know was if MS was giving me this problem, or was there something else in my running programmes.
Yes, I realise the Forum does not support piracy, I just want a way out till my purse is not quite so empty.

SurferJoe46
16-06-2007, 06:58 AM
I think you were OK with you last post until you said this:
"I realise the Forum does not support piracy, I just want a way out till my purse is not quite so empty.

...and as such I have no mercy but to say what you ask is illegal and therefore not answerable on this site.

Financial conditions do not make a good excuse for piracy or sidestepping issues with Microsoft.

Phil B
16-06-2007, 10:07 AM
Its not that hard to get a legal copy cheap. I bought 2 Dell win xp home discs for $100 each I think, from a bloke in whangarei. It, at the time, was a lot cheaper than being stitched up if you got the same (although not dell) from a shop. He didn't want them as he uses another os on his pc's. Found them in T&E

Greg
16-06-2007, 10:34 AM
As to buying a copy of Vista, when I buy a new machine it will be already loaded, so I'd have to pay twice if I did that.
Not necessarily. It's possible to buy a rig without any operating system installed. Most people here prefer it that way so that they have a standalone full version of the operating system, which can be ported to a new machine when they upgrade.

Renmoo
16-06-2007, 01:17 PM
Hmmm... just noticed that HijackThis now belongs to Trend Micro - or has Trend Micro designed one for its own instead?

Cheers :)

Speedy Gonzales
16-06-2007, 01:30 PM
Hmmm... just noticed that HijackThis now belongs to Trend Micro - or has Trend Micro designed one for its own instead?

Cheers :)

I think Trendmicro took over from the previous author.

pctek
16-06-2007, 03:07 PM
T As to buying a copy of Vista, when I buy a new machine it will be already loaded, .

Buy an OEM copy now, and when you get the new PC ask for no O/S. You don't get it free then either you know.