Windows XP not genuine after "READ ME FIRST"??

Discussion in 'Malware Help (A Specialist Will Reply)' started by BadMoodMoose, Jan 4, 2010.

  1. BadMoodMoose

    BadMoodMoose Private E-2

    Hi! Please excuse my long message here...just giving all the details

    A few weeks ago, I was playing a stream from Rhapdosy when the song started 'stuttereing'. At first I thought it was the stream but nothing else I played came thru fine either. I had Norton 360 installed and ran a full scan and it turned up with nothing. I then switched to Kaspersky and it found nothing out of the ordinary. Everything was just running slow.

    Few days dealing with its slowness, I started getting the BSOD quite frequently. I finally saw that it claims there was a malware issue and sent me to Windows Live scanner thing. It scanned for over 48 hours and found nothing but cookies and normal temp files.

    After rebooting, the Windows site was loaded claiming 'spooldr.sys' was a malware problem and it needed to be removed which brought me to this site. I read and followed the 'READ ME FIRST' post and it found nothing on ANY of the scanners. However, my Windows XP 'validation' had disappeared and it now wants me to buy the 'Genuine Advantage' stuff. Problem is, my version IS a real copy. It came with the computer.

    Any ideas on how or why this happened? I really dont want to pay the $150 to buy something I already own....

    Thanks for reading my babbling...
     
    BadMoodMoose, Jan 4, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please attach the requested logs from running the Read and Run First Instructions. We can't help you without knowing what is going on in your system.
     
    TimW, Jan 5, 2010
    #2
  3. BadMoodMoose

    BadMoodMoose Private E-2


    Damn good point Tim! Here are the logs I got today...
     

    Attached Files:

    BadMoodMoose, Jan 8, 2010
    #3
  4. BadMoodMoose

    BadMoodMoose Private E-2

    And the last one. Thanks for the help.

    I WILL say that the 'Genuine Advantage' thing is a non issue. I had the notifications stopped.

    However, the BSOD still does appear fro time to time whether Im just workin gin Photoshop or searching for something on Google.
     

    Attached Files:

    BadMoodMoose, Jan 8, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I suggest that you read this:
    Warning about Porn, Keygens, Cracks, and other Illegal Software


    There are some things we can do, so let's try this first:

    Do you know what this refers to:
    C:\WINDOWS\dice.ini ?? ---> if not delete it.

    Please double-click the RootRepeal.exe previously downloaded.

    * Select File then Scan
    * On the Select Drives form select drive C by "ticking" the box for drive C and click OK
    * When the scan is complete - highlight each of the following file(s) (one at a time if more then one is listed) by left clicking it. Then use right mouse click and select the Wipe File option only for each file.
    C:\WINDOWS\temp\cch~34db1c4287.htp
    C:\WINDOWS\temp\cch~34db1c502c.htp
    C:\WINDOWS\temp\cch~34eac2bfc1.htp
    C:\WINDOWS\temp\cch~34eac2c6bb.htp
    * After Wiping all files, immediately reboot your pc!

    You still have leftovers from AVG.

    You can use windows explorer to find and delete:
    C:\Documents and Settings\Fat Guy\Application Data\2b716c
    C:\Documents and Settings\All Users\Application Data\AVG9
    C:\Program Files\AVG
    C:\Documents and Settings\Fat Guy\Desktop\RiodudesKasperskyPatch.rar --> this maybe where you got infected, so I would be wary of now relying on Kaspersky to protect you.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Jan 10, 2010
    #5
  6. BadMoodMoose

    BadMoodMoose Private E-2

    Thanks Tim....I'll give it a shot and post the results.

    But just to let you know, it was infected before the Kaspersky patch thing. I just knew that worked in the past so I dug it up from my 'former programs used' disc and used it again. Guess it doesnt do so well the second time around...
     
    BadMoodMoose, Jan 10, 2010
    #6
  7. BadMoodMoose

    BadMoodMoose Private E-2

    Okay here are the two new log files.

    I deleted the leftover AVG stuff as well as the 'dice.ini' that was there....which was leftover file as well.

    The first batch of files you said to wipe out after the RootRepeal never showed their faces.

    After reboot, it still seems very sluggish and choppy when loading and playing music/video....
     

    Attached Files:

    BadMoodMoose, Jan 11, 2010
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any malware in your system. Other than sluggish, what malware problems are you having?

    You may need to post in the software forum for additional assistance with your speeds.
     
    TimW, Jan 14, 2010
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds