Jump to content

Can't kill it


Guy

Recommended Posts

Hi I am so tired with these beasts. Dont know if this is the write please to post this but simply let me know.

I have been using Avatar, Malwarebyte, Avast and AVG all latest version and updated. They are always coming back after deleting. Here are the two logs for review and comments. Had to log here using another computer as I am always redirected on IE.

Cheers

mbam_log_2009_08_26__17_56_05_.txt

Link to post
Share on other sites

Hi I am so tired with these beasts. Dont know if this is the write please to post this but simply let me know.

I have been using Avatar, Malwarebyte, Avast and AVG all latest version and updated. They are always coming back after deleting. Here are the two logs for review and comments. Had to log here using another computer as I am always redirected on IE.

Cheers

For some reason the HJT log didn't upload and still cant. I am not permitted for that type.

Link to post
Share on other sites

Please note that all instructions given are customised for this computer only,

the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Failure to reply within 5 days will result in the topic being closed.
  5. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.

Be assured, any links I give are safe

----------------------------------------------------------------------------------------

Please copy/paste the logs rather than attaching them

Download and Run RSIT

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.

    [*]Please post the contents of both log.txt and info.txt.

    ( They can also be found in the C:\RSIT folder )

Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

----------------------------------------------------------------------------------------

Logs/Information to Post in Reply

Please post the following logs/Information in your reply

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

  • RSIT Logs
  • GMER Log

Link to post
Share on other sites

Well I shoud of followed the directions. Tried to post but was blank. Will post seperatly my logs.

As I originaly posted I appriciate you helping me on this matter.

FYI I only scaned the C drive not all my other ones. Akso no network was connected.

Logfile of random's system information tool 1.06 (written by random/random)

Run by Guylain at 2009-08-29 07:25:30

Microsoft Windows XP Professional Service Pack 3

System drive C: has 9 GB (13%) free of 71 GB

Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:25:31 AM, on 29/08/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\BITWARE\NT\bwprnmon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\M

Link to post
Share on other sites

info.txt logfile of random's system information tool 1.06 2009-08-29 07:22:45

======Uninstall list======

-->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 3.13-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\7-zip.inf,SevenZip.Uninstall

Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}

Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}

Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}

Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}

Adobe

Link to post
Share on other sites

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net

Rootkit scan 2009-08-29 09:05:43

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

Code 86C9B8A0 ZwEnumerateKey

Code 86C99AF8 ZwFlushInstructionCache

Code 86C9EBA6 IofCallDriver

Code 86C9FE0E IofCompleteRequest

Code 86C98A4D ZwSaveKey

Code 86C986BD ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 86C9EBAB

.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 86C9FE13

.text ntoskrnl.exe!ZwSaveKey 804E42AE 5 Bytes JMP 86C98A52

.text ntoskrnl.exe!ZwSaveKeyEx 804E42C2 5 Bytes JMP 86C986C2

PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 5 Bytes JMP 86C9B8A4

PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 86C99AFC

? system32\drivers\wkae.sys The system cannot find the path specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACwevsiemntr.sys (*** hidden *** ) [sYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACwevsiemntr.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACwevsiemntr.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACdsiwqwbvfu.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACirwkwblhta.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqpqmofjwfo.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACleusvxtgwb.db

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACwweyqbnrem.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACpbaypruuvf.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACfkoexyyrjc.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACwevsiemntr.sys

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACwevsiemntr.sys

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACdsiwqwbvfu.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACirwkwblhta.dat

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqpqmofjwfo.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACleusvxtgwb.db

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACwweyqbnrem.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACpbaypruuvf.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACfkoexyyrjc.dll

Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.1@ UAAddressBookBttn Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAAddressBookButtonCtrl.1\CLSID@ {C0E10003-001C-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.1@ UAButton Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAButtonCtrl.1\CLSID@ {C0E10003-0007-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.1@ UACheckBox Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UACheckBoxCtrl.1\CLSID@ {C0E10003-0013-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.1@ UADropDown Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UADropDwnCtrl.1\CLSID@ {C0E10003-000A-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.1@ UAEdit Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAEditCtrl.1\CLSID@ {C0E10003-0023-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.1@ UAGalleryBttn Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryButtonCtrl.1\CLSID@ {C0E10003-0010-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.1@ UAGallery Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGalleryCtrl.1\CLSID@ {C0E10003-0019-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.1@ UAGraphicDropDown Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAGraphicDropDown.1\CLSID@ {C0E10003-0026-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.1@ UAHelp Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAHelpCtrl.1\CLSID@ {C0E10003-002F-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.1@ UAPartsList Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAPartsListCtrl.1\CLSID@ {C0E10003-000D-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.1@ UARadioButton Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UARadioBttnCtrl.1\CLSID@ {C0E10003-0016-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.1@ UAScrapBookBttn Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UAScrapBookButtonCtrl.1\CLSID@ {C0E10003-001F-0001-C0E1-C0E1C0E1C0E1}

Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.1

Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.1@ UAText Control

Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\UACTLS.UATextCtrl.1\CLSID@ {C0E10003-002C-0001-C0E1-C0E1C0E1C0E1}

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Guylain\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-05-07-1147-08\D'eux 0 bytes

File C:\Documents and Settings\Guylain\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-05-07-1147-08\desktop.ini 364 bytes

File C:\Documents and Settings\Guylain\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-05-07-1147-08\The Colour Of My Love 0 bytes

File C:\Documents and Settings\Guylain\My Documents\My Pictures\Adobe\Digital Camera Photos\2008-05-07-1147-08\Unison 0 bytes

File C:\Documents and Settings\Guylain\Application Data\Adobe\Updater\Data\Come On Over 0 bytes

File C:\Documents and Settings\Guylain\Application Data\Adobe\Updater\Data\desktop.ini 359 bytes

File C:\Documents and Settings\Guylain\Application Data\Adobe\Updater\Data\VH1 Divas Live 0 bytes

File C:\Documents and Settings\Guylain\Application Data\Macromedia\Flash Player\#SharedObjects\X4B4MPKM\media.tattomedia.com\Love is all 0 bytes

File C:\Documents and Settings\Guylain\Application Data\Macromedia\Flash Player\#SharedObjects\X4B4MPKM\media.tattomedia.com\Un peu plus haut - Le Nouveau 0 bytes

File C:\Documents and Settings\Guylain\Application Data\Macromedia\Flash Player\#SharedObjects\X4B4MPKM\media.tattomedia.com\Un peu plus haut- Le nouveau 0 bytes

File C:\Documents and Settings\Guylain\Application Data\Macromedia\Flash Player\#SharedObjects\X4B4MPKM\media.tattomedia.com\Unknown Album 0 bytes

File C:\Documents and Settings\Guylain\Local Settings\Temp\UAC4375.tmp 343040 bytes executable

File C:\Documents and Settings\Guylain\Local Settings\Temp\UACa19d.tmp 343040 bytes executable

File C:\WINDOWS\system32\drivers\UACwevsiemntr.sys 54784 bytes executable <-- ROOTKIT !!!

File C:\WINDOWS\system32\UACdsiwqwbvfu.dll 26624 bytes executable

File C:\WINDOWS\system32\UACfkoexyyrjc.dll 19968 bytes executable

File C:\WINDOWS\system32\uacinit.dll 6145 bytes

File C:\WINDOWS\system32\UACirwkwblhta.dat 174 bytes

File C:\WINDOWS\system32\UACleusvxtgwb.db 1110399 bytes

File C:\WINDOWS\system32\UACpbaypruuvf.dll 18432 bytes executable

File C:\WINDOWS\system32\UACqpqmofjwfo.dll 74240 bytes executable

File C:\WINDOWS\system32\UACwweyqbnrem.dll 30208 bytes executable

File C:\WINDOWS\Temp\UAC4dfc.tmp 74240 bytes executable

File C:\WINDOWS\Temp\UAC5ffd.tmp 74240 bytes executable

File C:\WINDOWS\Temp\UAC68c7.tmp 74240 bytes executable

File C:\WINDOWS\Temp\UAC7ab9.tmp 74240 bytes executable

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Information

IMPORTANT

I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

KaZaA Lite 2.0.0

LimeWire 4.18.3

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs

Please note: you must NOT use any P2P whilst we are cleaning your machine.

AntiVirus

You appear to have

  • avast! Antivirus
    AVG Free 8.5
    Avira AntiVir Personal - Free Antivirus

First you should know that you're actually doing more harm than good by running more than one Anti Virus program.

When you do this the programs compete for resources, and the end result is none does it's best and can cause system instability.

I recommend that you choose one that you want to keep.

The other/s I would either uninstall, or disable from startup and use as "on demand" for an occasional scan.

----------------------------------------------------------------------------------------

Download and Run ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Kaspersky Online Scanner .

Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal

NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin

Go Here http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Read the Requirements and limitations before you click Accept.

Once the database has downloaded, click My Computer in the left pane

Now go and put the kettle on !

When the scan has completed, click Save Report As...

Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)

Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------

Logs/Information to Post in Reply

Please post the following logs/Information in your reply

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

  • Combofix Log
  • Kaspersky Log
  • How are things running now ?

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) . ( don't install it yet )

  • Scroll down to where it says "Java SE Runtime Environment (JRE)".
  • Click the "Download" button to the right.
    • Platform = Windows
    • Language = Multi Language

    [*]Check the box that says: "Accept License Agreement".

    [*]The page will refresh.

    [*]Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded

(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

Link to post
Share on other sites

Information

IMPORTANT

I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

KaZaA Lite 2.0.0

LimeWire 4.18.3

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs

Please note: you must NOT use any P2P whilst we are cleaning your machine.

AntiVirus

You appear to have

  • avast! Antivirus
    AVG Free 8.5
    Avira AntiVir Personal - Free Antivirus

First you should know that you're actually doing more harm than good by running more than one Anti Virus program.

When you do this the programs compete for resources, and the end result is none does it's best and can cause system instability.

I recommend that you choose one that you want to keep.

The other/s I would either uninstall, or disable from startup and use as "on demand" for an occasional scan.

----------------------------------------------------------------------------------------

Download and Run ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

Kaspersky Online Scanner .

Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal

NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin

Go Here http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Read the Requirements and limitations before you click Accept.

Once the database has downloaded, click My Computer in the left pane

Now go and put the kettle on !

When the scan has completed, click Save Report As...

Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)

Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------

Logs/Information to Post in Reply

Please post the following logs/Information in your reply

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

  • Combofix Log
  • Kaspersky Log
  • How are things running now ?

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) . ( don't install it yet )

  • Scroll down to where it says "Java SE Runtime Environment (JRE)".
  • Click the "Download" button to the right.
    • Platform = Windows
    • Language = Multi Language

    [*]Check the box that says: "Accept License Agreement".

    [*]The page will refresh.

    [*]Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded

(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

Sorry to interfere with this process but must say before I proceed that I will not be able to acces a derect link to combofix on IE as I am always rederected by the Windowclick. So I will not be able to download directly to my infected desktop computer. I have and must dowload from an another computer "laptop" onto a stick. Please correct me if I am wrong.

As for Antivirus I would like you to express your preference on witch one is best to use as at this point I have no comfidence in any. I thought Malwarebyte was one and active on my computer or is it a scan only. Sory for my ingnorance but this has been a nightmare.

Regards,

Guy

Link to post
Share on other sites

1)I have and must dowload from an another computer "laptop" onto a stick.

2) As for Antivirus I would like you to express your preference on witch one is best to use as at this point I have no comfidence in any.

3) I thought Malwarebyte was one and active on my computer or is it a scan only. Sory for my ingnorance but this has been a nightmare.

1) That's fine

2) I use Avast on my machines

3) MalwareBytes isn't an antivirus, it is an AntiSpyware

Link to post
Share on other sites

1) That's fine

2) I use Avast on my machines

3) MalwareBytes isn't an antivirus, it is an AntiSpyware

Man that is what confuses me. All those different things, Antypsywares, antyvirus , and ever thing else. Witch sofwares is one have to use to be protected?

Off topic: what the heck is one expected to have to protect against every potential actacts?

In the mean while I will countinue to proceed as you have instructed me to do and will forward my logs.

Again thank you for guiding me through this, hope to restores back to where I am safe to operate.

Guy

Link to post
Share on other sites

1) Which software is one have to use to be protected?

2) Off topic: what the heck is one expected to have to protect against every potential actacts?

1) You really need AntiVirus and AntiSpyware to be protected

2) I will give you a full list of how to stay safe before we are finished :)

Link to post
Share on other sites

1) You really need AntiVirus and AntiSpyware to be protected

2) I will give you a full list of how to stay safe before we are finished :)

Cheers to you!

Write now I have done as much as I can within my faculties on this saturday. Will come back tomorrow morning with my logs. Again many thanks Kanata for your help.

Guy

Link to post
Share on other sites

Ok,, I have followed all of your instructions to the teeth. had to rename Combo fix to work as I did for verious exe.

Here are my logs, and my operating system seems to be working fine. Thank you Katana.

ComboFix 09-08-29.01 - Guylain 30/08/2009 8:04.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.653 [GMT -4:00]

Running from: c:\documents and settings\Guylain\Desktop\Combonono.com.exe

AV: avast! antivirus 4.8.1351 [VPS 090829-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\recycler\NPROTECT

c:\recycler\NPROTECT\00064606.

c:\recycler\NPROTECT\00125506.

c:\recycler\NPROTECT\00125507.

c:\recycler\NPROTECT\00125508.

c:\recycler\NPROTECT\00125509.

c:\recycler\NPROTECT\00125540.

c:\windows\Fonts\WPHV07NB.TTF

c:\windows\Install.txt

c:\windows\Installer\170f97e7.msi

c:\windows\Installer\1d707.msi

c:\windows\Installer\33ad7a3b.msi

c:\windows\Installer\b8482a.msi

c:\windows\Installer\eaa7aa0.msi

c:\windows\run.log

c:\windows\system32\42KJE738.ocx

c:\windows\system32\drivers\UACwevsiemntr.sys

c:\windows\system32\UACdsiwqwbvfu.dll

c:\windows\system32\UACfkoexyyrjc.dll

c:\windows\system32\uacinit.dll

c:\windows\system32\UACirwkwblhta.dat

c:\windows\system32\UACleusvxtgwb.db

c:\windows\system32\UACpbaypruuvf.dll

c:\windows\system32\UACqpqmofjwfo.dll

c:\windows\system32\UACwweyqbnrem.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

-------\Legacy_UACd.sys

-------\Legacy_$SYS$ARIES

-------\Legacy_$SYS$DRMSERVER

-------\Legacy_CD_PROXY

-------\Service_$sys$DRMServer

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))

.

2009-08-30 11:07 . 2009-08-30 11:32 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-08-30 10:56 . 2009-08-30 10:58 -------- d-----w- c:\documents and settings\Guylain\.SunDownloadManager

2009-08-29 11:22 . 2009-08-29 11:22 -------- d-----w- C:\rsit

2009-08-26 21:20 . 2009-08-26 21:20 -------- d-----w- c:\program files\Trend Micro

2009-08-25 02:18 . 2009-08-25 02:18 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-25 02:18 . 2009-08-25 02:18 -------- d-----w- c:\program files\MSBuild

2009-08-25 02:18 . 2009-08-25 02:18 -------- d-----w- c:\program files\Reference Assemblies

2009-08-25 02:17 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-25 02:17 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-25 02:17 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-25 02:17 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-25 02:17 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-25 02:17 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-25 02:17 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-20 21:51 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-20 21:51 . 2009-08-20 22:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-20 21:51 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-20 20:14 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-08-19 22:17 . 2009-08-19 22:17 687104 ----a-w- c:\windows\is-4412C.exe

2009-08-19 19:57 . 2009-08-19 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2009-08-19 19:56 . 2009-08-19 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2009-08-19 19:56 . 2009-08-19 19:56 -------- d-----w- c:\program files\Common Files\iS3

2009-08-19 01:40 . 2009-08-25 20:25 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-19 01:40 . 2009-08-25 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-08-18 22:57 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-08-18 22:57 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-08-18 22:57 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-08-18 22:57 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-08-18 22:57 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-08-18 22:57 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-08-18 22:57 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-08-18 22:57 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-08-18 22:56 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-08-18 22:56 . 2009-08-18 22:56 -------- d-----w- c:\program files\Alwil Software

2009-08-18 20:57 . 2009-08-18 20:57 72122 ----a-w- c:\documents and settings\Guylain\avg removal.reg

2009-08-18 20:12 . 2009-08-18 20:12 -------- d-----w- c:\program files\Includes

2009-08-17 23:32 . 2009-08-17 23:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2009-08-17 09:28 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-04 23:14 . 2009-08-04 23:14 -------- d-----w- c:\documents and settings\Guylain\Application Data\Malwarebytes

2009-08-04 23:14 . 2009-08-04 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-04 22:40 . 2009-08-25 09:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-04 21:37 . 2009-08-04 21:37 -------- d-----w- c:\documents and settings\Guylain\Application Data\Logs

2009-08-03 17:21 . 2009-08-03 17:21 -------- d-----w- c:\program files\Common Files\DivX Shared

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-30 11:07 . 2006-02-07 11:28 -------- d-----w- c:\program files\Java

2009-08-20 19:38 . 2005-03-19 15:10 -------- d-----w- c:\program files\Viewpoint

2009-08-19 20:03 . 2009-08-19 19:58 2648 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2009-08-18 19:56 . 2005-10-16 11:43 -------- d-----w- c:\program files\Lavasoft

2009-08-05 09:01 . 2001-08-23 15:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-03 17:21 . 2007-04-15 23:01 -------- d-----w- c:\program files\DivX

2009-07-26 02:11 . 2009-07-26 02:11 -------- d-----w- c:\program files\iTunes

2009-07-26 02:11 . 2009-07-26 02:11 -------- d-----w- c:\program files\iPod

2009-07-26 02:11 . 2007-08-19 18:01 -------- d-----w- c:\program files\Common Files\Apple

2009-07-26 02:06 . 2009-07-26 02:06 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe

2009-07-17 19:01 . 2001-08-23 15:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 03:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:09 . 2004-01-08 23:23 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-16 14:36 . 2001-08-23 15:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2001-08-23 15:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2001-08-23 15:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2001-08-23 15:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:13 . 2001-08-23 15:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 13:19 . 2004-11-19 03:45 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:14 . 2001-08-23 15:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 15:42 . 2009-06-14 13:31 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-06-05 15:42 . 2009-06-14 13:31 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-06-03 19:09 . 2001-08-23 15:00 1291264 ----a-w- c:\windows\system32\quartz.dll

2007-02-25 11:46 . 2007-02-25 11:46 1488 ----a-w- c:\program files\Imp

Link to post
Share on other sites

XP PRO OR HOME KEY GEN KEYGEN, NO ACTIVATION HACK. REALLY WORKS!!!!!!

What is this ?

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe

Choose the language, then choose Option 1 (Search)

Wait till the end of the scan

Post the log which is created: (%SystemDrive%\lopR.txt)

Link to post
Share on other sites

What is this ?

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe

Choose the language, then choose Option 1 (Search)

Wait till the end of the scan

Post the log which is created: (%SystemDrive%\lopR.txt)

Kanata I dont know! I have unsinstall all antivirus except the Avast and have disable it while scanining. Maybe f*** up but not intentianal.

Will folllow your next instructions. Thanks

Link to post
Share on other sites

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 2.60GHz )

BIOS : BIOS Date: 11/21/03 12:14:47 Ver: 08.00.09

USER : Guylain ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1351 [VPS 090830-0] 4.8.1351 (Not Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:68 Go (Free:10 Go)

F:\ (Local Disk) - NTFS - Total:233 Go (Free:141 Go)

G:\ (Local Disk) - FAT32 - Total:37 Go (Free:4 Go)

H:\ (Local Disk) - NTFS - Total:46 Go (Free:46 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 31/08/2009| 5:33 )

--------------------\\ Listing folders in APPLIC~1

[26/03/2009|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[08/03/2009|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {66E2F539-12B6-4870-A500-7689CDE75C5E}

[13/04/2009|07:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[13/03/2009|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe

[31/12/2004|10:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead

[19/08/2007|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple

[26/11/2006|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer

[08/03/2009|09:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DriverScanner

[30/08/2008|07:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink

[25/09/2006|06:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> espionServerData

[23/12/2008|08:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google

[28/01/2006|08:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek

[13/11/2006|08:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP

[30/04/2009|05:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP Product Assistant

[29/02/2008|03:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit Canada

[04/02/2008|08:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft

[04/08/2009|07:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes

[04/02/2008|08:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft

[16/11/2007|08:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN6

[02/11/2008|08:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS

[03/04/2007|06:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NVIDIA

[26/02/2009|06:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Drivers HeadQuarters

[30/12/2004|01:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime

[19/08/2009|04:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SITEguard

[25/08/2009|04:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy

[19/08/2009|04:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> STOPzilla!

[25/08/2009|05:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP

[09/08/2008|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint

[12/09/2006|08:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[18/11/2004|11:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[05/10/2008|07:29] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Adobe

[06/08/2006|08:48] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> AdobeAUM

[11/07/2008|03:04] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> AdobeUM

[07/12/2004|06:56] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Ahead

[29/04/2008|11:41] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Apple Computer

[14/08/2005|09:40] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> avenir

[24/12/2006|02:14] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> dvdcss

[15/04/2007|07:23] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Google

[28/01/2006|08:07] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> GTek

[11/07/2005|09:21] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Help

[13/11/2006|09:27] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> HP

[16/04/2005|09:09] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> ICAClient

[21/11/2004|01:59] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Identities

[06/01/2007|09:31] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> ieSpell

[23/01/2007|07:07] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Image Zone Express

[29/02/2008|03:30] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Intuit Canada

[20/11/2004|07:16] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Ipswitch

[04/02/2008|08:11] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Lavasoft

[30/12/2004|01:12] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Leadertech

[04/08/2009|05:37] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Logs

[21/11/2004|08:23] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Macromedia

[02/11/2008|01:40] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> MailWasher

[04/08/2009|07:14] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Malwarebytes

[09/11/2008|11:30] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Microsoft

[16/11/2007|08:28] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> MSN6

[23/09/2007|04:50] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> RipIt4Me

[04/11/2006|07:39] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Seiko Instruments

[19/02/2006|09:32] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Sun

[08/03/2009|09:03] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Uniblue

[09/08/2008|07:58] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> Viewpoint

[24/12/2006|09:02] C:\DOCUME~1\Guylain\APPLIC~1\<DIR> vlc

[30/08/2009|06:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[30/08/2009|06:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[21/10/2005|11:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Symantec

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[29/08/2009 06:05 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[30/08/2009 08:10 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT

[23/08/2001 11:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[09/07/2005|07:29] C:\Program Files\<DIR> 321Studios

[25/01/2005|07:43] C:\Program Files\<DIR> 7-Zip

[02/11/2008|11:21] C:\Program Files\<DIR> ACW

[13/03/2009|07:01] C:\Program Files\<DIR> Adobe

[21/06/2009|06:16] C:\Program Files\<DIR> Ahead

[05/12/2004|12:40] C:\Program Files\<DIR> Alcohol Soft

[18/08/2009|06:56] C:\Program Files\<DIR> Alwil Software

[20/11/2004|09:35] C:\Program Files\<DIR> Analog Devices

[27/08/2008|06:17] C:\Program Files\<DIR> Apple Software Update

[20/11/2004|06:17] C:\Program Files\<DIR> AppMan

[14/08/2005|09:40] C:\Program Files\<DIR> Avenir

[14/06/2008|09:49] C:\Program Files\<DIR> AVG

[20/11/2004|01:51] C:\Program Files\<DIR> BITWARE

[21/12/2008|06:07] C:\Program Files\<DIR> Bonjour

[24/08/2008|11:43] C:\Program Files\<DIR> CCleaner

[16/04/2005|08:59] C:\Program Files\<DIR> Citrix

[30/08/2009|08:07] C:\Program Files\<DIR> Common Files

[18/11/2004|11:46] C:\Program Files\<DIR> ComPlus Applications

[11/01/2006|08:30] C:\Program Files\<DIR> Copperhead

[20/11/2004|06:18] C:\Program Files\<DIR> Dad

[22/04/2006|02:58] C:\Program Files\<DIR> Datapol

[03/08/2009|01:21] C:\Program Files\<DIR> DivX

[04/02/2006|01:19] C:\Program Files\<DIR> DssEvolution.com

[10/07/2005|05:23] C:\Program Files\<DIR> DVD Shrink

[23/09/2006|12:32] C:\Program Files\<DIR> ElcomSoft

[30/12/2004|01:12] C:\Program Files\<DIR> EPSON

[30/12/2004|04:53] C:\Program Files\<DIR> EPSON Print CD

[30/12/2004|01:07] C:\Program Files\<DIR> EPSON Software

[23/12/2008|08:13] C:\Program Files\<DIR> Google

[20/11/2004|06:16] C:\Program Files\<DIR> Graphics

[31/12/2007|12:34] C:\Program Files\<DIR> Grisoft

[14/03/2007|08:44] C:\Program Files\<DIR> Hewlett-Packard

[20/11/2004|05:49] C:\Program Files\<DIR> HighMAT CD Writing Wizard

[30/04/2009|05:42] C:\Program Files\<DIR> HP

[06/01/2007|09:30] C:\Program Files\<DIR> ieSpell

[23/04/2006|02:34] C:\Program Files\<DIR> IMPOTNET ARC

[19/04/2008|07:13] C:\Program Files\<DIR> ImpotRapide 2007

[18/08/2009|04:12] C:\Program Files\<DIR> Includes

[26/02/2009|06:13] C:\Program Files\<DIR> InstallShield Installation Information

[20/11/2004|09:42] C:\Program Files\<DIR> Intel

[24/08/2009|10:16] C:\Program Files\<DIR> Internet Explorer

[25/07/2009|10:11] C:\Program Files\<DIR> iPod

[28/04/2008|07:53] C:\Program Files\<DIR> IR2005

[10/09/2007|06:15] C:\Program Files\<DIR> IR2006

[25/07/2009|10:11] C:\Program Files\<DIR> iTunes

[30/08/2009|07:07] C:\Program Files\<DIR> Java

[18/08/2009|03:56] C:\Program Files\<DIR> Lavasoft

[26/12/2006|05:19] C:\Program Files\<DIR> Logitech

[20/11/2004|06:15] C:\Program Files\<DIR> Macros

[19/11/2006|06:39] C:\Program Files\<DIR> MailWasher

[20/08/2009|06:33] C:\Program Files\<DIR> Malwarebytes' Anti-Malware

[31/10/2006|09:50] C:\Program Files\<DIR> Maxtor

[23/08/2008|08:14] C:\Program Files\<DIR> Messenger

[14/03/2007|08:48] C:\Program Files\<DIR> M

Link to post
Share on other sites

Cracks/Kegens/Warez etc.

As you have admitted to, or the log(s) you've posted indicate that, you've used one or more of the above, we can not provide you with any help.

We do NOT knowingly provide help for anyone using any form of cracked software and/or Operating Systems.

In using the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product concerned.

The distribution and use of cracked software is illegal in almost every developed country.

They are also one of the biggest causes of infection.

This applies to Cracks, Keygens and Warez

As most other forums have the same policy, your best option is to format and re-install your operating system and programs from legitimate sources.

In the future I strongly suggest you stay away from using cracks and/or Keygens.

This topic will be closed and archived.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.