[Piracy] Have to reactivate windows, possible malware?

Inactive
By Wimk
Jan 19, 2011
Topic Status:
Not open for further replies.
  1. Hello,

    Yesterday I installed some software which needed to install 2 additional pieces of software to be installed first for it to work.
    Somewhere during the installing my AV avast went to 50% cpu and it all went slow. I installed everything though and the software worked fine.
    However, after I restarted my pc, windows XP suddenly said that the configuration of my hardware differed too much from the point of installing windows XP and that I had to reactivate it.
    I de-installed the software and tried a previous system restore point from the day before but that didn't work. I did notice there that there were also two windows updates installed after the software.
    Namely: windows XP KB942288-v3 (this?)
    and: Software updates KB952011 (this?)

    I started with the 8-step since those are helpfull anyway.
    The first two logs looked good to me but running the DDS didn't entirely work for me. First try it made my comp freeze at around 2/3. Second try (after a reboot and this time turning off avast) the same thing happened. (waited 3 min or more after it froze)

    I have no other problems besides suddenly having to reactivate windows within 3 days.
    On a side note: some time ago I emptied my windows DLL cache.

    My question is: do you think I should just reactivate windows XP or do you strongly suggest me to go through this malware removal process first?

    Thanks in advance.
  2. Wimk

    Wimk Newcomer, in training Topic Starter

    mbam log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Databaseversie: 5553

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    19-1-2011 15:43:27
    mbam-log-2011-01-19 (15-43-27).txt

    Scantype: Snelle scan
    Objecten gescand: 132595
    Verstreken tijd: 2 minuut/minuten, 36 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 0
    Registerwaarden geïnfecteerd: 0
    Registerdata geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 0

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)
  3. Wimk

    Wimk Newcomer, in training Topic Starter

    gmer log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-19 15:52:02
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC35L040AVVA07-0 rev.VA2OA52A
    Running: g8sof791.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\fwlcypog.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAFBF382E]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAFBF3652]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAFBF378C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \Driver\Tcpip \Device\Ip socketlock.sys

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\Tcp socketlock.sys

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\Udp socketlock.sys

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\RawIp socketlock.sys

    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Welcome to TechSpot! I
    'll help with the problem if you give me some information:

    What did you download? Where did you download it from? And the following are matters of concern:
    Is your copy of Windows OS legitimate?
    Was there a reason you deleted the dll cache? Has it repopulated again?

    My language is English, but I see all zeroes in the Mbam log, so nothing was found. but I need to be able to read the log entries. When I get some answers, I will know better how to proceed.
  5. Wimk

    Wimk Newcomer, in training Topic Starter

    My windows OS is legitimate.
    Besides using CCleaner and moving some files to uninstall windows updates, I emptied my dll cache to get some space on my c-drive which is only 8 gig and had like only 10MB free space. My father made it that size so he could make a backup of the partition with some software (max size 8 gig)
    I just checked and yea, the dll cache is filling up again, its on 34MB now. (was 500MB or something when i emptied it)

    Which log entires do you mean? DDS wasn't working for me.

    Edit:
    I finaly realize why you said that. I didn't think of or notice it at all. :eek:

    Edit2:
    Since I had only 1 day left before I was forced to reactivate windows anyway I decided to do it now already. Everything went fine but DDS still freezes on 2/3. I'm assuming everything is fine though, so I'll continue with updating everything to the newest version and de-installing the older versions and leave it at that.
    Thanks for the help anyway and keep up the good work here :)
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    I noticed you went in and edited out your sentence that you had downloaded Sony Vegas Pro 10.0 from piratebay. That program starts at $600.00. It would appear that you pirated it by getting a crack or keygen for it.

    Since you no longer need help, I am closing the thread.

    Please note that we do no support piracy. If you need help in the future:
    All pirated programs or apps must be removed.
    Logs must be in English.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.