Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 7


  • Please log in to reply
14 replies to this topic

#1 ed-e-dee

ed-e-dee

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:54 AM

Posted 07 December 2010 - 03:25 AM

I'm hit with Antivirus7 and just can't get rid of it.

I've have looked at the antivirus7 uninstalled guide and I'm not having any luck.

I've ran malwarebytes in normal and safe mode also ran avast,but still can't move it.
tried to download Rkill and the others only to have them terminated before they even started.

Had a look in the registry but could not find any thing that belonged to AV7.

IE was infected first so I loaded Mozilla FireFox and uninstalled IE,

Help.
Eddee

BC AdBot (Login to Remove)

 


#2 katewinslate

katewinslate

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 07 December 2010 - 07:14 AM

Firstly you must remove previous antivirus from your computer then re-install another good antivirus for your pc.

#3 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:54 AM

Posted 07 December 2010 - 07:41 AM

Yeah,and then what?.
Eddee

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:54 PM

Posted 07 December 2010 - 09:52 AM

tried to download Rkill and the others only to have them terminated before they even started.

Some malware infections target .exe files and alter associations. Without repairing the file association, .exe files will lose functionality and you may be unable to run any programs.

Please download FixExe.reg and save it to your desktop. Double-click on the file and select Yes when it asks if you want to merge the data into your Registry. Once that is completed you should be able to run other programs.


If you're having problems running RKill, it is available in various forms:RKill.exe Download Link
RKill.com Download Link
RKill.scr Download LinkRenamed versions if the above do not work:
eXplorer.exe Download Link <- this renamed copy may trigger an alert from MBAM...just ignore it.
iExplore.exe Download Link
WiNlOgOn.exe Download Link
uSeRiNiT.exe Download LinkIf one of them does not work, then try downloading and running another copy.

-- You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.

-- If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.

If you cannot use the Internet or download any required programs to the infected machine, try downloading them from another computer (family member, friend, library, etc) with an Internet connection. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s). If you cannot copy files to your usb drive, make sure it is not "Write Protected". Some flash drives have a switch on the side or on the back as shown here which could have accidentally been moved to write protect.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:54 AM

Posted 07 December 2010 - 09:43 PM

I downloaded rkill and Fixexe. to usb stick from another computer.

I'm still not able to rid virus.

Malwarebytes and avast are not finding anything so loaded Superantispyware and it found a lot.
I'm at stalemate.
Eddee

#6 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:54 AM

Posted 08 December 2010 - 05:06 AM

This thing is so frusting, run malwarebytes and it comes up with a clean sheet bah!!!!
Eddee

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:54 PM

Posted 08 December 2010 - 09:03 AM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.


Please download Norman Malware Cleaner and save to your desktop.
alternate download link
If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.
-- Note: If you need to scan a usb flash drives or other removable drives not listed, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:54 AM

Posted 08 December 2010 - 10:02 PM

2010/12/09 10:33:21.0937 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/09 10:33:21.0937 ================================================================================
2010/12/09 10:33:21.0937 SystemInfo:
2010/12/09 10:33:21.0937
2010/12/09 10:33:21.0937 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/09 10:33:21.0937 Product type: Workstation
2010/12/09 10:33:21.0937 ComputerName: HOME-0B63DCAE4C
2010/12/09 10:33:21.0937 UserName: Eddie
2010/12/09 10:33:21.0937 Windows directory: C:\WINDOWS
2010/12/09 10:33:21.0937 System windows directory: C:\WINDOWS
2010/12/09 10:33:21.0937 Processor architecture: Intel x86
2010/12/09 10:33:21.0937 Number of processors: 1
2010/12/09 10:33:21.0937 Page size: 0x1000
2010/12/09 10:33:21.0937 Boot type: Normal boot
2010/12/09 10:33:21.0937 ================================================================================
2010/12/09 10:33:22.0187 Initialize success
2010/12/09 10:33:27.0890 ================================================================================
2010/12/09 10:33:27.0890 Scan started
2010/12/09 10:33:27.0890 Mode: Manual;
2010/12/09 10:33:27.0890 ================================================================================
2010/12/09 10:33:28.0296 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/09 10:33:28.0625 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/09 10:33:28.0750 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/09 10:33:28.0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/09 10:33:29.0218 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/09 10:33:30.0390 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/12/09 10:33:31.0562 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/09 10:33:31.0640 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/09 10:33:31.0687 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/09 10:33:31.0812 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/09 10:33:31.0875 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/09 10:33:32.0031 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/09 10:33:32.0125 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/09 10:33:32.0468 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/09 10:33:32.0625 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/09 10:33:32.0750 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/09 10:33:32.0921 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/12/09 10:33:33.0015 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/09 10:33:33.0125 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/09 10:33:33.0281 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/09 10:33:33.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/09 10:33:33.0609 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/09 10:33:33.0687 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/09 10:33:34.0515 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/09 10:33:34.0671 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/09 10:33:34.0750 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/09 10:33:34.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/09 10:33:34.0875 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/09 10:33:35.0046 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/09 10:33:35.0203 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/09 10:33:35.0312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/09 10:33:35.0375 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/09 10:33:35.0437 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/09 10:33:35.0515 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/09 10:33:35.0609 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/09 10:33:35.0671 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/09 10:33:35.0750 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/09 10:33:35.0937 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/09 10:33:36.0218 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/09 10:33:36.0265 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/09 10:33:36.0343 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/09 10:33:36.0453 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/09 10:33:36.0703 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/09 10:33:36.0828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/09 10:33:37.0078 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/09 10:33:37.0156 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/09 10:33:37.0250 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/09 10:33:37.0343 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/09 10:33:37.0437 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/09 10:33:37.0484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/09 10:33:37.0562 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/09 10:33:37.0671 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/09 10:33:37.0750 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/09 10:33:37.0828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/09 10:33:37.0921 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/09 10:33:38.0671 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/09 10:33:38.0750 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/09 10:33:38.0828 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/09 10:33:38.0921 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/09 10:33:39.0031 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/09 10:33:39.0203 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/09 10:33:39.0343 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/09 10:33:39.0484 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/09 10:33:39.0578 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/09 10:33:39.0656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/09 10:33:39.0734 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/09 10:33:39.0812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/09 10:33:39.0875 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/09 10:33:39.0953 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/09 10:33:40.0031 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/09 10:33:40.0140 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/09 10:33:40.0218 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/09 10:33:40.0312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/09 10:33:40.0406 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/09 10:33:40.0484 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/09 10:33:40.0578 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/09 10:33:40.0671 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/09 10:33:40.0781 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/09 10:33:41.0000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/09 10:33:41.0109 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/09 10:33:41.0296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/09 10:33:41.0359 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/09 10:33:41.0437 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/09 10:33:41.0625 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/09 10:33:41.0703 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/09 10:33:41.0781 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/09 10:33:41.0875 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/09 10:33:42.0031 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/09 10:33:42.0125 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/09 10:33:42.0734 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/09 10:33:42.0812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/09 10:33:42.0921 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/09 10:33:43.0015 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/09 10:33:43.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/09 10:33:43.0562 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/09 10:33:43.0656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/09 10:33:43.0718 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/09 10:33:43.0796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/09 10:33:43.0859 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/09 10:33:43.0953 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/09 10:33:44.0078 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/09 10:33:44.0187 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/09 10:33:44.0484 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/09 10:33:44.0546 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/09 10:33:44.0734 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/09 10:33:44.0875 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/09 10:33:44.0953 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/09 10:33:45.0140 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/09 10:33:45.0375 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2010/12/09 10:33:45.0453 SiSide (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys
2010/12/09 10:33:45.0546 sisidex (6225224b8e846ac230f8d9b343635910) C:\WINDOWS\system32\drivers\sisidex.sys
2010/12/09 10:33:45.0625 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2010/12/09 10:33:45.0750 SISNICXP (a1348a901a44760ccd76043525e851d0) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
2010/12/09 10:33:45.0796 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
2010/12/09 10:33:45.0875 SiSRaid (d20af0111a30abcf6d82300abcc0f21c) C:\WINDOWS\system32\DRIVERS\SiSRaid.sys
2010/12/09 10:33:46.0015 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/09 10:33:46.0203 snpstd (0d10cf42f5b596b6447893704e22bd1d) C:\WINDOWS\system32\DRIVERS\snpstd.sys
2010/12/09 10:33:46.0343 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/09 10:33:46.0421 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/09 10:33:46.0531 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/09 10:33:46.0671 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/09 10:33:46.0765 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/09 10:33:46.0828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/09 10:33:47.0328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/09 10:33:47.0500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/09 10:33:47.0625 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/09 10:33:47.0703 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/09 10:33:47.0796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/09 10:33:48.0000 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2010/12/09 10:33:48.0062 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/09 10:33:48.0203 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/09 10:33:48.0375 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/09 10:33:48.0468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/09 10:33:48.0578 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/09 10:33:48.0656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/09 10:33:48.0734 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/09 10:33:48.0796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/09 10:33:48.0859 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/09 10:33:48.0937 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/09 10:33:49.0015 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/09 10:33:49.0171 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/09 10:33:49.0343 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/09 10:33:49.0484 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/09 10:33:49.0781 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/09 10:33:49.0859 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/09 10:33:49.0921 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/09 10:33:50.0265 ================================================================================
2010/12/09 10:33:50.0265 Scan finished
2010/12/09 10:33:50.0265 ================================================================================




Norman Malware Cleaner
Version 1.8.3
Copyright © 1990 - 2010, Norman ASA. Built 2010/12/08 08:59:54

Norman Scanner Engine Version: 6.06.07
Nvcbin.def Version: 6.06.00, Date: 2010/12/08 08:59:54, Variants: 8304917

Scan started: 2010/12/09 10:35:41

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: HOME-0B63DCAE4C\Eddie

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> DisallowRun = 0x00000001

Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 1s 141ms


Scanning running processes and process memory...

Number of processes/threads found: 3073
Number of processes/threads scanned: 3073
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 2m 44s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\32788R22FWJFW\catchme.cfxxe (Infected with W32/Smalltroj.ZLDK)
Deleted file

C:\Documents and Settings\eddie\My Documents\Downloads\Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer.rar/Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer\Patch\Patch.exe (Infected with W32/Suspicious_Gen.AZKR)
Deleted file

C:\Documents and Settings\eddie\My Documents\Downloads\Nero.Multimedia.Suite.10.MULTiLANGUAGE-RESTORE-Keygen\nero10_keygen.rar/keygen.exe (Infected with W32/Suspicious_Gen2.BHKHC)
Deleted file

C:\Documents and Settings\eddie\My Documents\Downloads\Nero.Multimedia.Suite.10.MULTiLANGUAGE-RESTORE-Keygen\nero10_keygen.rar (Empty archive after cleaning)
Deleted file

C:\Documents and Settings\eddie\My Documents\Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer.rar/Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer\Patch\Patch.exe (Infected with W32/Suspicious_Gen.AZKR)
Deleted file

C:\Documents and Settings\eddie\My Documents\Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer.zip/Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer.rar/Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer\Patch\Patch.exe (Infected with W32/Suspicious_Gen.AZKR)
Deleted file

C:\Documents and Settings\eddie\My Documents\Unzipped\Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer\Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer.rar/Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer\Patch\Patch.exe (Infected with W32/Suspicious_Gen.AZKR)
Deleted file

C:\Documents and Settings\Eddie.HOME-0B63DCAE4C\My Documents\Unzipped\Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer\Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer.rar/Nero.9.0.9.4.Ultra.Edition.WinALL.Cracked.by.TAMer\Patch\Patch.exe (Infected with W32/Suspicious_Gen.AZKR)
Deleted file

C:\Program Files\Nero\Nero 10\Nero BackItUp\BackItUp_ImageTool\root.img/root.img (Error whilst scanning file: I/O Error (0x0022000A))
C:\Program Files\Nero\Nero 10\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)

C:\System Volume Information\_restore{2A9A9ACF-4776-4E55-AA26-70558058E9F4}\RP62\A0010918.lnk (Infected with Text/RegHelper.A)
Deleted file

C:\System Volume Information\_restore{2A9A9ACF-4776-4E55-AA26-70558058E9F4}\RP62\A0010921.exe (Infected with BetterInternet.AVU)
Deleted file

C:\System Volume Information\_restore{2A9A9ACF-4776-4E55-AA26-70558058E9F4}\RP62\A0010929.exe (Infected with W32/FakeAV.AA!genr)
Deleted file

C:\System Volume Information\_restore{5C5BEB15-753F-40C4-A27B-9B52483DB00F}\RP427\A0110630.reg (Infected with REG/FakeAV.A)
Deleted file

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 345741
Number of archives unpacked: 17641
Number of files scanned: 345739
Number of files not scanned: 2
Number of files skipped due to exclude list: 0
Number of infected files found: 13
Number of infected files repaired/deleted: 12
Number of infections removed: 12
Total scanning time: 3h 12m 5s
Eddee

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:54 PM

Posted 09 December 2010 - 07:26 AM

IMPORTANT NOTE: Your scan log results indicate you are using keygens/crack tools.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before continuing, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is very likely how your computer got infected!!

Please download CKScanner and save it to your Desktop. <-Important!!!
  • Double-click on CKScanner.exe and click Search For Files.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A text file will be created on your desktop named ckfiles.txt.
  • Click OK at the file saved message box.
  • Double-click the ckfiles.txt icon on your desktop to open the log and copy/paste the contents in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:54 AM

Posted 09 December 2010 - 04:51 PM

Is it Nero that is the problem or is there others, Nero has been on here for quite a long time at least 12 months.

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\eddie\favorites\crack found cracks serials and key generators.url
c:\documents and settings\eddie\my documents\keygen.exe
c:\documents and settings\eddie\my documents\keygen.zipx
c:\documents and settings\eddie\my documents\nero.9.0.9.4.ultra.edition.winall.cracked.by.tamer.rar
c:\documents and settings\eddie\my documents\nero.9.0.9.4.ultra.edition.winall.cracked.by.tamer.zip
c:\documents and settings\eddie\my documents\downloads\nero multimedia suite 10.0.13100 + key crack tested.rar
c:\documents and settings\eddie\my documents\downloads\nero.9.0.9.4.ultra.edition.winall.cracked.by.tamer.rar
c:\documents and settings\eddie\my documents\downloads\windows media player 11 final + windows validation crack.rar
c:\documents and settings\eddie\my documents\downloads\nero multimedia suite 10_serial+keygen - new keys and serials\nero multimedia suite 10.0.13100.exe
c:\documents and settings\eddie\my documents\downloads\nero multimedia suite 10_serial+keygen - new keys and serials\nero recode digital plug-in nms 10.reg
c:\documents and settings\eddie\my documents\unzipped\527dfff93f093917533e586d73f7d5d6391[1]\keygen.nfo
c:\documents and settings\eddie\my documents\unzipped\527dfff93f093917533e586d73f7d5d6391[1]\winzip.pro.v12.1.8497.winall.incl.keygen-brd\brd.nfo
c:\documents and settings\eddie\my documents\unzipped\nero.9.0.9.4.ultra.edition.winall.cracked.by.tamer\nero.9.0.9.4.ultra.edition.winall.cracked.by.tamer.rar
c:\documents and settings\eddie.home-0b63dcae4c\my documents\dns_v10_preferred__ultimatenoobfighterz.release\readme_installation guide_nfo\cracked .exe files\agent.exe
c:\documents and settings\eddie.home-0b63dcae4c\my documents\dns_v10_preferred__ultimatenoobfighterz.release\readme_installation guide_nfo\cracked .exe files\ereg.exe
c:\documents and settings\eddie.home-0b63dcae4c\my documents\dns_v10_preferred__ultimatenoobfighterz.release\readme_installation guide_nfo\cracked .exe files\isdm.exe
c:\documents and settings\eddie.home-0b63dcae4c\my documents\dns_v10_preferred__ultimatenoobfighterz.release\readme_installation guide_nfo\cracked .exe files\issch.exe
c:\documents and settings\eddie.home-0b63dcae4c\my documents\dns_v10_preferred__ultimatenoobfighterz.release\readme_installation guide_nfo\cracked .exe files\isuspm.exe
c:\documents and settings\eddie.home-0b63dcae4c\my documents\dns_v10_preferred__ultimatenoobfighterz.release\readme_installation guide_nfo\cracked .exe files\ssbkgdupdate.exe
c:\documents and settings\eddie.home-0b63dcae4c\my documents\downloads\windows xp keygen sp3 all versions\password.txt
c:\documents and settings\eddie.home-0b63dcae4c\my documents\downloads\windows xp keygen sp3 all versions\windows xp keygen sp3 all versions.rar
c:\documents and settings\eddie.home-0b63dcae4c\my documents\nero.9.0.9.4.ultra.edition.winall.cracked.by.tamer\setup\nero-9.0.9.4.exe
c:\documents and settings\eddie.home-0b63dcae4c\my documents\unzipped\nero.9.0.9.4.ultra.edition.winall.cracked.by.tamer\nero.9.0.9.4.ultra.edition.winall.cracked.by.tamer.rar
scanner sequence 3.ZZ.11
----- EOF -----


Do I now have to delete every thing that has a keygen associated with it.
Eddee

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:54 PM

Posted 09 December 2010 - 05:07 PM

Where did you download that version of Nero? All I can find are torrent and warez sites. See here.

Legit copies are downloaded from the Nero web site or download sites such as CNET.


Then you have these.

c:\documents and settings\eddie\my documents\keygen.exe
c:\documents and settings\eddie\my documents\keygen.zipx
c:\documents and settings\eddie.home-0b63dcae4c\my documents\downloads\windows
xp keygen sp3 all versions\password.txt
c:\documents and settings\eddie.home-0b63dcae4c\my documents\downloads\windows
xp keygen sp3 all versions\windows xp keygen sp3 all versions.rar


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:54 AM

Posted 09 December 2010 - 06:58 PM

Nero is in All Programs. some time ago I had problems and had to reinstall Windows, microsoft would not activate my new copy even though it was my original disk, my son did the search to get windows to work, I'm not that smart to do things like that lol. This happened about 12 months ago.

Since this antivirus7 has been on I'm having trouble with logon.

I get a message....Logon Message... The system could not log you on.Make sure your User name and Domain are correct.
I've never had to logon to this computer, is it something that antivirus 7 has caused. I just don't know how to correct this.
Eddee

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:54 PM

Posted 09 December 2010 - 08:06 PM

From what you describe, it appears your son attempted to work around Microsoft rather than contact them for assistance.

This forum does not endorse or recommend the use of pirated software, including the Windows operating system. While we understand that you may not have been aware, your copy of Windows does not appear to be legitimate.

Please read the BC Discussion/Message Boards Rules

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.


If you were not aware that your copy of Windows was not genuine or believe you are a victim of software piracy/counterfeiting, I suggest you do the following:

Collect information on your Windows OS product.
  • Retry the validation process at least once. Electronic verification errors do occur.
  • Look for your Certificate of Authenticity (COA). There are four COA types. Most manufacturers attach this label to your computer.
  • Check to see if your Windows CD has a hologram on it.
  • Find your Windows OS booklet.
With this information in hand, call Microsoft Online and Telephone Support at 1-866-PC SAFETY (1-866-727-2338). Phone numbers for international support can be found here. Help is available 24 hours a day for the U.S. and Canada at no charge.

Alternatively, you can do either of the following:

1. Submit a technical support request

The Microsoft Technical Support team can help with technical issues that can’t be resolved by following the instructions on the validation failure page or running online diagnostics. Support for technical problems related to validation is available at no charge, and most support requests receive a response within one business day.


2. Ask for assistance at the Microsoft Genuine Advantage Forums.

Before asking, you need to download the MGA Diagnostic Tool (MGADiag.exe) and save it to your desktop.
alternate download link

  • Double-click MGADiag.exe on your desktop.
  • Click Continue and the tool will create a Diagnostic Report.
  • Click Copy, open Notepad and save the Diagnostic Report results to your desktop.
  • Then go to the here and start a topic in the forum dedicated to your operating system.
    You will need to sign up for a Windows Live ID if you have not done so already in order to ask your question.
  • Describe your problem with validation and copy/paste the results of the Diagnostic Report below your description.

Edited by quietman7, 09 December 2010 - 08:11 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 ed-e-dee

ed-e-dee
  • Topic Starter

  • Members
  • 276 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:11:54 AM

Posted 09 December 2010 - 09:04 PM

After running the MGAD I can see I'm in deep s--t nothing seems legitimate on this computer.

I will today microsoft and see what they will do to help me. I do have a genuine copy of windows was first installed onto this computer about 3 yrs ago

Ok.thanks for your help Quiteman sorry to have put you through all this, its been an eye opener for me
Eddee

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:54 PM

Posted 09 December 2010 - 10:09 PM

Not a problem ed-e-dee.

I'm sure Microsoft can help you undue this mess once you explain the situtation and how this happened.

Once they assit you with sorting all this out and you still need help, please don't hesitate to come back to BC. I'm inclined to suspect they are going to have you perform a clean install, then reactivate and validate. If they do that, your computer will be like new.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users