Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Smooth ! [Closed]


  • This topic is locked This topic is locked

#31
KarimEhab

KarimEhab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Again it doesn't work giving the same message after disabling my anti-virus and cleaning my cache.
  • 0

Advertisements


#32
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let's try a couple more things before I contact the tool developer.

Delete the current ComboFix.exe file from the desktop. Then download a fresh copy but rename the file to godawgs.com Before you download it. To do that:

  • Click the download link as before. A window will open giving you the options to run the file or save it. Click Save File. A new window will open.
  • In the File name box type godawgs.com
  • In the Save as type: box click the down arrow and select All Files(*.*)
  • Click the Save button.
NOTE: If you are saving the file to the Downloads folder please copy and paste the file onto the desktop.

Now try to run godawgs.com using the same instructions as before for ComboFix. If that doesn't work let's see if it will run in Safe Mode.


Reboot into Safe Mode.

  • Restart Windows in Safe Mode. To do that....
  • Restart your computer and as soon as it starts booting up again continuously tap the F8 key.
  • An Advanced Boot Options screen will come up where you will be given the option to enter Safe Mode.
    NOTE: If you miss the Boot menu, continue to let the machine boot up. Then restart the machine and start tapping the F8 key.
    Very Important: Never restart the computer while it is booting up. Bad things, including the computer not being able to load Windows, can occur!
  • Use the down arrow key to highlight Safe Mode and push the ENTER key.
Windows XP
Posted Image

Once the Safe Mode desktop comes up try to run the godawgs.com file. If it runs, post the contents of the ComboFix.txt log in your next reply.
  • 0

#33
KarimEhab

KarimEhab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
still doesn't work.
  • 0

#34
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
OK. Let me run this by the tool developer and see if he has any thoughts. I'll be back. Do you still have the same issue you had in the initial post?
  • 0

#35
KarimEhab

KarimEhab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
yes the same
  • 0

#36
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
We want to have a look at the ComboFix file you download. Delete the godawgs.com file and download afresh copy of Combofix from one of the links below

Link 1
Link 2

Now right click the ComboFix.exe file and highlight Send to on the context menu and select Compressed (zipped) folder. this should put a .zip folder on the desktop named ComboFix.zip
Please attach that file to your next post. For instructions on how to add an attachment see this topic:
http://www.geekstogo...topic-or-reply/
  • 0

#37
KarimEhab

KarimEhab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I'm not sure what exactly happened but right before i zip the file and upload it I've tried to re-open it and surprisingly it worked.

The ComboFix.txt log

ComboFix 13-06-03.06 - WinXP 05/06/2013 0:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1330 [GMT 2:00]
Running from: c:\documents and settings\WinXP\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\DelBB8.tmp
c:\documents and settings\Administrator\MANBB3.tmp
c:\documents and settings\Administrator\SDBBB6.tmp
c:\documents and settings\Administrator\VWLBB4.tmp
c:\documents and settings\Administrator\WLFBB5.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\DelBB8.tmp
c:\documents and settings\Default User\MANBB3.tmp
c:\documents and settings\Default User\SDBBB6.tmp
c:\documents and settings\Default User\VWLBB4.tmp
c:\documents and settings\Default User\WLFBB5.tmp
c:\documents and settings\UpdatusUser.HOME2\DelBB8.tmp
c:\documents and settings\UpdatusUser.HOME2\MANBB3.tmp
c:\documents and settings\UpdatusUser.HOME2\SDBBB6.tmp
c:\documents and settings\UpdatusUser.HOME2\VWLBB4.tmp
c:\documents and settings\UpdatusUser.HOME2\WLFBB5.tmp
c:\documents and settings\UpdatusUser\DelBB8.tmp
c:\documents and settings\UpdatusUser\MANBB3.tmp
c:\documents and settings\UpdatusUser\SDBBB6.tmp
c:\documents and settings\UpdatusUser\VWLBB4.tmp
c:\documents and settings\UpdatusUser\WLFBB5.tmp
c:\documents and settings\WinXP\Application Data\Microsoft\~DFK14477e7.tmp
c:\documents and settings\WinXP\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\WinXP\Application Data\Microsoft\bass.dll
c:\documents and settings\WinXP\Application Data\Microsoft\engine_vx.dll
c:\documents and settings\WinXP\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\WinXP\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\WinXP\Application Data\Microsoft\peaadje.dll
c:\documents and settings\WinXP\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\WinXP\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\WinXP\Application Data\sqlite.jar
c:\documents and settings\WinXP\DelBB8.tmp
c:\documents and settings\WinXP\MANBB3.tmp
c:\documents and settings\WinXP\Recent\Thumbs.db
c:\documents and settings\WinXP\SDBBB6.tmp
c:\documents and settings\WinXP\VWLBB4.tmp
c:\documents and settings\WinXP\WLFBB5.tmp
c:\windows\system32\config\systemprofile\DelBB8.tmp
c:\windows\system32\config\systemprofile\MANBB3.tmp
c:\windows\system32\config\systemprofile\SDBBB6.tmp
c:\windows\system32\config\systemprofile\VWLBB4.tmp
c:\windows\system32\config\systemprofile\WLFBB5.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-05-04 to 2013-06-04 )))))))))))))))))))))))))))))))
.
.
2013-06-04 16:19 . 2013-06-04 16:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2013-05-28 17:54 . 2013-05-28 17:54 -------- d-----w- c:\windows\ERUNT
2013-05-28 17:53 . 2013-05-28 17:53 -------- d-----w- C:\JRT
2013-05-26 11:16 . 2013-05-26 12:09 -------- d-----w- c:\documents and settings\WinXP\Application Data\Tibia
2013-05-24 12:46 . 2013-05-24 12:46 -------- d-----w- c:\documents and settings\WinXP\Application Data\Malwarebytes
2013-05-24 12:46 . 2013-05-24 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-05-24 12:46 . 2013-05-24 12:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-24 12:46 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-23 18:34 . 2013-05-23 18:34 -------- d-----w- C:\_OTL
2013-05-21 01:14 . 2013-05-21 01:14 -------- d-----w- c:\documents and settings\WinXP\Local Settings\Application Data\VS Revo Group
2013-05-21 01:14 . 2013-05-21 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
2013-05-21 01:14 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-05-21 01:14 . 2013-05-21 01:14 -------- d-----w- c:\program files\VS Revo Group
2013-05-20 22:54 . 2013-05-20 22:54 -------- d-----w- c:\documents and settings\WinXP\Application Data\SUPERAntiSpyware.com
2013-05-20 22:53 . 2013-05-20 22:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-05-20 22:53 . 2013-05-20 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-05-20 17:10 . 2013-05-20 17:10 -------- d-----w- c:\documents and settings\WinXP\Application Data\vst
2013-05-20 17:02 . 2013-05-20 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2013-05-20 17:02 . 2013-05-20 17:02 -------- d-----w- c:\program files\AGEIA Technologies
2013-05-20 17:02 . 2013-05-20 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Graboid Inc
2013-05-14 16:21 . 2001-08-17 11:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-05-14 16:21 . 2001-08-17 11:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-05-12 00:09 . 2013-05-20 17:09 -------- d-----w- c:\documents and settings\WinXP\Application Data\[email protected]
2013-05-12 00:09 . 2013-05-12 00:09 -------- d-----w- c:\documents and settings\WinXP\Local Settings\Application Data\Opera
2013-05-12 00:09 . 2013-05-12 00:09 -------- d-----w- c:\documents and settings\WinXP\Application Data\Chrome_manager
2013-05-11 22:16 . 2013-05-11 22:16 -------- d-----w- c:\documents and settings\WinXP\Application Data\NVIDIA
2013-05-11 22:14 . 2013-05-20 17:49 -------- d-----w- c:\program files\Common Files\Java
2013-05-11 22:14 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-11 21:59 . 2013-05-11 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2013-05-11 21:58 . 2013-05-11 21:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2013-05-11 21:58 . 2013-06-04 22:12 -------- d-----w- c:\documents and settings\UpdatusUser
2013-05-11 21:58 . 2013-03-15 05:47 65536 ----a-w- c:\windows\system32\OpenCL.dll
2013-05-11 21:58 . 2013-05-19 19:15 1083956 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-05-11 21:58 . 2013-05-19 19:15 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-05-11 21:58 . 2013-05-19 19:15 1083956 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-05-11 21:57 . 2013-03-15 05:47 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2013-05-11 21:57 . 2013-03-15 05:47 6074368 ----a-w- c:\windows\system32\nvopencl.dll
2013-05-11 21:57 . 2013-03-15 05:47 2733344 ----a-w- c:\windows\system32\nvcuvid.dll
2013-05-11 21:57 . 2013-03-15 05:47 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-05-11 21:57 . 2013-03-15 05:47 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2013-05-11 21:57 . 2013-03-15 05:47 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-05-11 21:57 . 2013-05-20 17:02 -------- d-----w- c:\program files\NVIDIA Corporation
2013-05-11 21:57 . 2013-05-11 21:57 -------- d-----w- C:\NVIDIA
2013-05-11 10:37 . 2013-05-11 10:37 209472 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-05-09 16:03 . 2013-05-30 11:44 -------- d-----w- c:\documents and settings\WinXP\Application Data\vlc
2013-05-09 12:19 . 2013-05-09 12:19 -------- d-----w- c:\documents and settings\WinXP\Local Settings\Application Data\Graboid Inc
2013-05-09 12:19 . 2013-05-20 17:01 -------- d-----w- c:\documents and settings\WinXP\Local Settings\Application Data\Graboid
2013-05-09 12:19 . 2013-05-09 12:19 -------- d-----w- c:\documents and settings\WinXP\Local Settings\Application Data\Geckofx
2013-05-09 12:18 . 2013-05-09 12:18 -------- d-----w- c:\program files\VideoLAN
2013-05-09 12:18 . 2013-05-20 17:02 -------- d-----w- c:\program files\Graboid
2013-05-09 12:15 . 2013-05-20 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-04 03:22 . 2009-06-14 21:04 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-16 08:29 . 2012-10-23 20:49 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-16 08:29 . 2012-10-23 20:49 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-15 05:47 . 2008-08-02 04:20 7745536 ----a-w- c:\windows\system32\nvcuda.dll
2013-03-15 05:47 . 2008-08-02 04:20 4079104 ----a-w- c:\windows\system32\nv4_disp.dll
2013-03-15 05:47 . 2008-08-02 04:20 2490368 ----a-w- c:\windows\system32\nvapi.dll
2013-03-15 05:47 . 2008-08-02 04:20 19689472 ----a-w- c:\windows\system32\nvoglnt.dll
2013-03-15 05:47 . 2008-08-02 04:20 10713024 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-03-15 02:57 . 2008-08-02 04:20 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-03-15 02:57 . 2008-08-02 04:20 223008 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-15 02:57 . 2008-08-02 04:20 156960 ----a-w- c:\windows\system32\nvsvc32.exe
2013-03-15 02:57 . 2008-08-02 04:20 15668512 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 02:57 . 2008-08-02 04:20 144160 ----a-w- c:\windows\system32\nvcolor.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-11 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\system32\usp10.dll
.
[-] 2008-05-11 . F2DF0FDBD41B34112EE05ED04258F052 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-05-08 18680424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-03-28 295512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-03-15 15668512]
"NvMediaCenter"="NvMCTray.dll" [2013-03-15 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-03-15 1982312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
c:\documents and settings\WinXP\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Soldier of Fortune II - Double Helix MP TEST\\sof2mp.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57259:TCP"= 57259:TCP:Pando Media Booster
"57259:UDP"= 57259:UDP:Pando Media Booster
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 18:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 23:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [08/05/2013 00:36 119024]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [24/05/2013 14:46 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [24/05/2013 14:46 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [06/03/2013 02:21 39056]
R3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [06/02/2013 12:23 585728]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [21/05/2013 01:04 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [24/05/2013 14:46 22856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [14/06/2009 22:53 47360]
S2 gupdate1c9ed38ff31fd6c;Google Update Service (gupdate1c9ed38ff31fd6c);c:\program files\Google\Update\GoogleUpdate.exe [14/06/2009 23:42 133104]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [14/05/2013 13:26 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [01/03/2013 12:11 161384]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [09/10/2012 18:17 16640]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [18/11/2008 17:17 23888]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [21/05/2013 03:14 27064]
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 21:42]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-14 21:42]
.
2013-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-776561741-1801674531-1004Core.job
- c:\documents and settings\WinXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-21 20:43]
.
2013-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-776561741-1801674531-1004UA.job
- c:\documents and settings\WinXP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-21 20:43]
.
2013-05-31 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-448539723-776561741-1801674531-1004.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-03-06 00:23]
.
2013-06-04 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-448539723-776561741-1801674531-1004.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06 00:21]
.
2013-06-03 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-448539723-776561741-1801674531-1004.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06 00:21]
.
2013-06-04 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-448539723-776561741-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 09:36]
.
2013-06-04 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-448539723-776561741-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 09:36]
.
2013-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-448539723-776561741-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 09:36]
.
2013-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-776561741-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 09:36]
.
2013-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 21bed078-3aee-4cba-ba66-e495dac7d0ff.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-07 22:37]
.
2013-06-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 8ee91123-69ad-4f6f-9b5f-8bad10781501.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-07 22:37]
.
2013-06-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2012-11-25 20:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.eg/
mStart Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\WinXP\Application Data\Mozilla\Firefox\Profiles\rl476fg9.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
SafeBoot-Symantec Antvirus
AddRemove-alnaddyToolbar - c:\program files\Alnaddy.com\alnaddyToolbar\1.6.9.16\uninstall.exe
AddRemove-{03B71BBF-D818-1DFD-0448-5CC656F7C3F2} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\{A60A0~1\Setup.exe
AddRemove-{364FC02B-6759-9A7D-262E-A16A81AA77A6} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\{D8FE2~1\Setup.exe
AddRemove-{6003BF04-FAD2-C136-E9AC-2D8F90FB82D7} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\{B30BB~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-05 00:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-06-05 00:14:34
ComboFix-quarantined-files.txt 2013-06-04 22:14
.
Pre-Run: 7,181,266,944 bytes free
Post-Run: 7,326,191,616 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - ADC57EBCB7D75BA237BB2F1A949CD4C9
  • 0

#38
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I'm glad it finally ran. It removed more rubbish. There is a file I want to have checked


Step-1.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    c:\windows\system32\sfcfiles.dll
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear copy and paste the Virustotal link(s) (URL) in your next reply

Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The link to the VirusTotal results
2. How is the computer running now?
  • 0

#39
KarimEhab

KarimEhab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
1. https://www.virustot...sis/1370402615/

2. the computer is working fine but sometimes i feel it's a little heavy , do i need to have all of the 3 anti-virus on my system ?
  • 0

#40
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

do i need to have all of the 3 anti-virus on my system ?

I don't see 3 anti virus programs. I only see Symantic EndPoint


MGA Diagnostic Tool

  • Download the MGADiag Tool and save it to the desktop.
  • Double click the MGADiag.exe file to run the program
  • Right Click the MGADiag.exefile and click Run as Administrator to run the program. OK and UAC warnings
  • Click the Continue button
  • Wait for the system to finish loading your system information.
  • Wait for the Posted Image to finish loading with your system information
  • Click the Copy button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report in your next reply.

  • 0

Advertisements


#41
KarimEhab

KarimEhab

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
What about SuperAntivrius and MalwareBytes ?

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: License store error
Validation Code: 12
Cached Validation Code: N/A
Windows Product Key: *****-*****-3R89F-D2KXW-VPK3J
Windows Product Key Hash: Ro/Y7HENE9CfW7lW+QtlNbYQEE8=
Windows Product ID: 55274-640-8365391-23585
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {DC4F0379-7749-44F0-A508-072468AD6E6B}(0)
Is Admin: No
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: N/A, hr = 0x80096001
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: FCEE394C-458-80070005_025D1FF3-344-80070005_025D1FF3-229-80070005_025D1FF3-230-1_025D1FF3-238-2_025D1FF3-258-3_63BB5E84-191-80070005_63BB5E84-235-80070005_16E0B333-89-80070005_78155E4D-232-80070005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80004005
File Exists: Yes
Version: 1.7.69.2
WgaTray.exe Signed By: N/A, hr = 0x80096010
WgaLogon.dll Signed By: N/A, hr = 0x80096010

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: Registered, 1.6.28.0
Signed By: N/A, hr = 0x80096001
Office Diagnostics: FCEE394C-458-80070005_025D1FF3-344-80070005_025D1FF3-229-80070005_025D1FF3-230-1_025D1FF3-238-2_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\WINDOWS\system32\winlogon.exe[5.1.2600.5512], Hr = 0x80096001
File Mismatch: C:\WINDOWS\system32\licdll.dll[5.1.2600.5512], Hr = 0x80096001
File Mismatch: C:\WINDOWS\system32\ntoskrnl.exe[5.1.2600.6284], Hr = 0x80096001
File Mismatch: C:\WINDOWS\system32\ntdll.dll[5.1.2600.6055], Hr = 0x80096001
File Mismatch: C:\WINDOWS\system32\kernel32.dll[5.1.2600.5781], Hr = 0x80096001
File Mismatch: C:\WINDOWS\system32\crypt32.dll[5.131.2600.6239], Hr = 0x80096001
File Mismatch: C:\WINDOWS\system32\advapi32.dll[5.1.2600.5755], Hr = 0x80096001
File Mismatch: C:\WINDOWS\system32\setupapi.dll[5.1.2600.5512], Hr = 0x80096001
File Mismatch: C:\WINDOWS\system32\oembios.bin[Hr = 0x80096001]
File Mismatch: C:\WINDOWS\system32\oembios.dat[Hr = 0x80096001]
File Mismatch: C:\WINDOWS\system32\oembios.sig[Hr = 0x80096001]
File Mismatch: C:\WINDOWS\system32\syssetup.dll[5.1.2600.5512], Hr = 0x80096001

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C4BE19CD-E95E-4A77-8ED4-B243F97BA3D9}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VPK3J</PKey><PID>55274-640-8365391-23585</PID><PIDType>1</PIDType><SID>S-1-5-21-448539723-776561741-1801674531</SID><SYSTEM/><BIOS/><HWID/><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Egypt Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.69.2"/><File Name="WgaLogon.dll" Version="1.7.69.2"/></GANotification></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65496</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: N/A
Marker string from BIOS: N/A, hr = 0x80004005
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
  • 0

#42
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi KarimEhab,

SuperAntiSpyware and MalwareBytes are not anti-virus programs. They are anti-spyware programs and as long as they both don't run real time protection it is ok to have both. But if you only want one of them feel free to uninstall the other one.

I'm afraid I have some bad news. Your logs show clear evidence that the operating system on your computer is an illegal copy of Windows XP.

Unfortunately, our Terms of Use (See item 3.p) does not permit help for anyone using illegal software.

If you didn't know that your copy of Windows was illegally installed on you computer maybe you can get the person/company who sold it to you to provide a legal copy. Or you could contact Microsoft and report the illegal software and maybe they would help you obtain a legal copy.

Our assistance must end here. Good luck.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP