|
|
#21
20th Feb 2009, 21:26
|
|||
|
|||
|
kk do you know about the other thing were my very old files are still on the computer. Is there a program to take those off for instance, stopzilla is very old
|
|
#22
20th Feb 2009, 22:48
|
|||
|
|||
|
What if I can't find the Windows XP Professional cds. If its a laptop does it even come with the cds for this. We got it like two years for my moms work. So I don't know were my mom put it, they might have not even sent it at all.
|
|
#23
21st Feb 2009, 00:15
|
|||
|
|||
|
I have read read this before posting for malware help. There are two scans you use. dds.scr and Gmer rootkit scanner could those scans be better than the others, in finding the malware if any?
|
|
#24
21st Feb 2009, 22:18
|
|||
|
|||
|
I am thinking of doing a non-destructive recovery. I have done this before when I got a trojan on the computer. When I first, did this I turned on the computer and pressed f11 or r. The system came on and I pressed non destructive recovery and the computer did it. But now I did the same thing and its asking me for the discs. I know I didn't do a recovery because the whole computer was redone and the previous drive was in a file. I jsut wanted to know if i am doing anything wrong. This is a gateway laptop. Model cx210x. A tablet PC.
|
|
#25
21st Feb 2009, 22:25
|
|||
|
|||
|
The previous scans should have been enough but we can do another to be sure and if nothing turns up you can try the recovery.
Where are you seeing the Stopzilla at? Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
__________________
 |
|
#26
21st Feb 2009, 22:46
|
|||
|
|||
|
Maybe something in my computer is getting mixed up. There are a lot of suff I have seen in logs that are old and I have deleted.
ComboFix 09-02-19.01 - Administrator 2009-02-21 21:36:19.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.572 [GMT -8:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat D:\Autorun.inf ----- BITS: Possible infected sites ----- hxxp://updates.smithmicro.com . ((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 ))))))))))))))))))))))))))))))) . 2009-02-21 21:30 . 2009-02-21 21:32 <DIR> d-------- C:\Downloads 2009-02-21 19:51 . 2009-02-21 19:51 <DIR> d-------- c:\program files\SigmaTel 2009-02-21 18:40 . 2006-01-12 14:52 1,904 --------- c:\windows\system32\SetupBD.din 2009-02-21 18:37 . 2009-02-21 19:51 <DIR> d-------- c:\program files\IDT 2009-02-21 17:58 . 2009-02-21 21:22 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0 2009-02-21 17:41 . 2009-02-21 21:24 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~1 2009-02-21 17:41 . 2009-02-21 17:41 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2009-02-21 17:24 . 2009-02-21 17:24 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\SACore 2009-02-21 14:00 . 2009-02-21 14:00 250 --a------ c:\windows\gmer.ini 2009-02-21 01:50 . 2009-02-21 01:50 <DIR> d-------- c:\documents and settings\Administrator\Library 2009-02-21 01:50 . 2009-02-21 01:50 <DIR> d-------- c:\documents and settings\Administrator\Application Data\com.adobe.ExMan 2009-02-21 00:32 . 2009-02-21 00:32 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-02-21 00:30 . 2009-02-21 00:30 <DIR> d-------- c:\program files\Common Files\Macrovision Shared 2009-02-21 00:27 . 2009-02-21 01:14 <DIR> d-------- c:\program files\Common Files\Adobe 2009-02-20 20:32 . 2009-02-20 20:32 <DIR> d-------- c:\program files\uTorrent 2009-02-20 20:32 . 2009-02-21 19:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent 2009-02-19 14:55 . 2009-02-19 14:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-19 14:55 . 2009-02-19 14:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-02-18 18:50 . 2009-02-18 18:50 <DIR> d-------- c:\documents and settings\Administrator\Application Data\VSRevoGroup 2009-02-18 17:17 . 2009-02-18 17:17 <DIR> d-------- c:\program files\VS Revo Group 2009-02-18 16:55 . 2008-04-13 16:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll 2009-02-18 16:55 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe 2009-02-18 16:55 . 2004-08-04 11:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls 2009-02-18 16:55 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe 2009-02-18 16:55 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-02-18 16:55 . 2008-04-13 16:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll 2009-02-18 16:55 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe 2009-02-18 16:53 . 2001-08-17 13:28 765,884 --a--c--- c:\windows\system32\dllcache\usrti.sys 2009-02-18 16:52 . 2001-08-17 13:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys 2009-02-18 16:51 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll 2009-02-18 16:50 . 2004-08-04 11:00 185,344 --a--c--- c:\windows\system32\dllcache\thawbrkr.dll 2009-02-18 16:49 . 2001-08-17 12:18 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys 2009-02-18 16:48 . 2001-08-17 14:56 157,696 --a--c--- c:\windows\system32\dllcache\sisv256.dll 2009-02-18 16:47 . 2001-08-17 22:36 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll 2009-02-18 16:46 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll 2009-02-18 16:45 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys 2009-02-18 16:44 . 2008-04-13 16:12 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll 2009-02-18 16:43 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys 2009-02-18 16:42 . 2001-08-17 12:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys 2009-02-18 16:41 . 2004-08-04 11:00 229,439 --a--c--- c:\windows\system32\dllcache\multibox.dll 2009-02-18 16:40 . 2004-08-04 11:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex 2009-02-18 16:39 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys 2009-02-18 16:38 . 2004-08-04 11:00 1,158,818 --a--c--- c:\windows\system32\dllcache\korwbrkr.lex 2009-02-18 16:37 . 2009-02-18 16:37 <DIR> d-------- c:\program files\Java 2009-02-18 16:37 . 2004-08-04 11:00 471,102 --a--c--- c:\windows\system32\dllcache\imskdic.dll 2009-02-18 16:36 . 2004-08-04 11:00 10,129,408 --a--c--- c:\windows\system32\dllcache\hwxkor.dll 2009-02-18 16:35 . 2001-08-17 13:28 907,456 --a--c--- c:\windows\system32\dllcache\hcf_msft.sys 2009-02-18 16:34 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll 2009-02-18 16:33 . 2001-08-17 12:17 629,952 --a--c--- c:\windows\system32\dllcache\eqn.sys 2009-02-18 16:32 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys 2009-02-18 16:31 . 2001-08-17 22:36 419,357 --a--c--- c:\windows\system32\dllcache\dgconfig.dll 2009-02-18 16:30 . 2004-08-04 11:00 1,677,824 --a--c--- c:\windows\system32\dllcache\chsbrkr.dll 2009-02-18 16:29 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys 2009-02-18 16:28 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys 2009-02-18 16:27 . 2004-08-04 11:00 94,720 --a--c--- c:\windows\system32\dllcache\certmap.ocx 2009-02-18 15:48 . 2002-12-29 01:14 81,920 --a------ c:\windows\system32\Startup.cpl 2009-02-15 10:59 . 2008-10-15 19:50 <DIR> d-------- c:\windows\system32\NtmsData 2009-02-14 22:52 . 2009-02-14 22:52 <DIR> d-------- c:\program files\Common Files\McNeel Shared 2009-02-14 21:14 . 2009-02-14 21:14 <DIR> d--h----- c:\temp\pt8q3khslw 2009-02-14 21:13 . 2009-02-14 21:14 1,609,728 --------- c:\windows\MEDB.mdb 2009-02-14 21:13 . 2007-05-01 14:23 528,384 --------- c:\windows\system32\VZWDownManager.exe 2009-02-14 21:13 . 2007-05-01 14:23 49,152 --------- c:\windows\system32\VZWDLManager.dll 2009-02-14 21:13 . 2007-05-02 00:34 375 --------- c:\windows\system32\VZWDLManager.inf 2009-02-14 17:31 . 2008-10-15 15:32 <DIR> d-------- c:\program files\Leadership Training 2009-02-14 12:55 . 2007-09-02 20:56 1,686,016 --------- c:\windows\system32\clinetsuitex6.ocx 2009-02-14 12:55 . 2004-06-14 14:56 427,864 --------- c:\windows\system32\XceedZip.dll 2009-02-14 11:42 . 2009-02-14 11:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-02-14 11:02 . 2009-02-14 11:02 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Canneverbe_Limited 2009-02-14 11:01 . 2009-02-14 11:01 <DIR> d-------- c:\program files\CDBurnerXP 2009-02-14 02:25 . 2009-02-14 02:25 <DIR> d-------- c:\documents and settings\Administrator\Application Data\CyberLink 2009-02-14 02:24 . 2009-02-14 02:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink 2009-02-12 15:02 . 2004-11-24 20:07 79,679 --------- c:\windows\system32\E_FLMACA.DLL 2009-02-12 15:02 . 2003-05-20 18:27 64,000 --------- c:\windows\system32\E_FBCBACA.DLL 2009-02-12 15:02 . 2000-06-06 17:01 34,304 --------- c:\windows\system32\E_FBCHACA.DLL 2009-02-12 15:01 . 2005-02-25 00:00 46,080 --------- c:\windows\system32\escimgd.dll 2009-02-12 15:01 . 2005-02-25 00:00 29,696 --------- c:\windows\system32\escwiad.dll 2009-02-12 15:01 . 2005-02-25 00:00 22,016 --------- c:\windows\system32\esccmd.dll 2009-02-12 14:59 . 2009-02-12 14:59 25 --------- c:\windows\EPCX3800.ini 2009-02-12 13:17 . 2009-02-21 18:11 <DIR> d-------- c:\program files\PeerGuardian2 2009-02-12 07:36 . 2009-02-13 15:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_ 2009-02-11 20:15 . 2009-02-11 20:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Autodesk, Inc 2009-02-11 14:13 . 2009-02-11 14:13 120 --------- c:\windows\CIS_Setup_3.5.57173.439_XP_Vista_x32.IN I 2009-02-10 20:58 . 2009-02-14 14:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Autodesk 2009-02-10 20:55 . 2009-02-11 21:04 <DIR> d-------- c:\program files\Common Files\Autodesk Shared 2009-02-10 20:55 . 2009-02-14 14:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Autodesk 2009-02-10 20:25 . 2009-02-10 20:25 69 --------- c:\windows\NeroDigital.ini 2009-02-08 17:15 . 2003-12-11 11:15 626,960 -r------- c:\windows\system32\hpvaut32.dll 2009-02-08 17:15 . 2003-12-11 11:15 487,424 -r------- c:\windows\system32\hpvcp70.dll 2009-02-08 17:15 . 2003-12-11 11:15 344,064 -r------- c:\windows\system32\hpvcr70.dll 2009-02-08 17:15 . 2003-12-11 11:15 44,544 -r------- c:\windows\system32\MSXML4a.dll 2009-02-08 17:14 . 2009-02-08 17:14 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard 2009-02-08 17:03 . 2008-04-13 10:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-02-08 17:03 . 2008-04-13 10:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-02-08 17:02 . 2004-01-04 23:30 94,208 -r------- c:\windows\system32\HPZipt12.dll 2009-02-08 17:01 . 2004-01-04 23:30 266,296 -r------- c:\windows\system32\HPZidr12.dll 2009-02-08 17:01 . 2004-01-04 23:30 196,608 -r------- c:\windows\system32\HPZipr12.dll 2009-02-08 17:01 . 2004-01-04 23:30 65,795 -r------- c:\windows\system32\HPZipm12.exe 2009-02-08 17:01 . 2004-01-04 23:30 61,699 -r------- c:\windows\system32\HPZinw12.exe 2009-02-08 17:01 . 2004-01-04 23:30 57,344 -r------- c:\windows\system32\HPZisn12.dll 2009-02-08 17:01 . 2004-01-04 23:30 51,056 -r------- c:\windows\system32\drivers\hpzid412.sys 2009-02-08 17:01 . 2004-01-04 23:30 16,496 -r------- c:\windows\system32\drivers\HPZipr12.sys 2009-02-08 17:00 . 2004-01-04 23:30 38,867 --------- c:\windows\hpomdl03.dat 2009-02-08 17:00 . 2009-02-08 17:18 29,160 --------- c:\windows\hpoins03.dat 2009-02-08 16:56 . 2009-02-08 16:56 419 --------- c:\windows\BRWMARK.INI 2009-02-08 16:56 . 2009-02-08 16:56 184 --------- c:\windows\system32\brsvc01a.bsi 2009-02-08 16:56 . 2009-02-08 16:56 30 --------- c:\windows\system32\brss01a.ini 2009-02-08 16:56 . 2009-02-08 16:56 27 --------- c:\windows\BRPP2KA.INI 2009-02-08 16:39 . 2008-04-13 10:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-02-08 16:39 . 2008-04-13 10:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2009-02-08 00:59 . 2009-02-08 00:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro 2009-02-08 00:59 . 2009-02-08 00:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools 2009-02-08 00:58 . 2009-02-08 00:58 <DIR> d-------- c:\program files\DAEMON Tools Lite 2009-02-08 00:58 . 2009-02-08 00:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-02-08 00:50 . 2009-02-08 01:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite 2009-02-08 00:50 . 2009-02-08 00:50 717,296 --------- c:\windows\system32\drivers\sptd.sys 2009-02-07 23:05 . 2009-02-07 23:05 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Nero 2009-02-07 22:26 . 2009-02-14 03:26 4,767 --------- c:\windows\Irremote.ini 2009-02-07 21:53 . 2009-02-15 02:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero 2009-02-07 14:00 . 2009-02-18 17:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\LimeWire 2009-02-03 19:49 . 2009-02-03 19:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Move Networks 2009-02-01 00:57 . 2009-02-01 00:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2009-01-31 23:42 . 2008-10-15 16:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Download Manager 2009-01-25 18:52 . 2009-01-25 18:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ChessBase 2009-01-25 18:51 . 2009-01-25 18:51 <DIR> d-------- c:\program files\Common Files\ChessBase 2009-01-25 18:51 . 2009-01-25 18:51 <DIR> d-------- c:\program files\ChessBase . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-02-22 05:28 --------- d-----w c:\program files\Michael's file 2009-02-22 02:40 --------- d-----w c:\program files\Intel 2009-02-22 02:38 400 ----a-w c:\windows\system32\drivers\sthdae.log 2009-02-22 02:37 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-19 02:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-19 00:37 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-02-15 10:26 --------- d-----w c:\program files\Gateway 2009-02-15 10:05 --------- d-----w c:\program files\CCleaner 2009-02-15 09:39 --------- d-----w c:\program files\a-squared Anti-Malware 2009-02-08 08:55 --------- d-----w c:\program files\SUPERAntiSpyware 2009-02-02 02:01 --------- d-----w c:\program files\Synaptics 2009-01-19 07:21 34 ------w c:\documents and settings\Administrator\jagex_runescape_preferences .dat 2009-01-09 23:21 3,636,864 ------w c:\windows\system32\drivers\NETw5x32.sys 2009-01-09 23:21 2,756,608 ------w c:\windows\system32\NETw5r32.dll 2009-01-09 05:03 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel 2009-01-09 05:03 --------- d-----w c:\documents and settings\All Users\Application Data\Intel(3) 2009-01-09 05:03 --------- d-----w c:\documents and settings\All Users\Application Data\Intel 2009-01-09 05:03 --------- d-----w c:\documents and settings\Administrator\Application Data\Intel(3) 2009-01-09 05:03 --------- d-----w c:\documents and settings\Administrator\Application Data\Intel 2009-01-09 05:03 --------- d-----w c:\documents and settings\Administrator\Application Data\AdobeUM 2009-01-09 05:02 --------- d-----w c:\documents and settings\All Users\Application Data\Intel(5) 2009-01-09 05:02 --------- d-----w c:\documents and settings\All Users\Application Data\Intel(4) 2009-01-09 05:02 --------- d-----w c:\documents and settings\Administrator\Application Data\Sierra Wireless 2009-01-09 05:02 --------- d-----w c:\documents and settings\Administrator\Application Data\Intel(5) 2009-01-09 05:02 --------- d-----w c:\documents and settings\Administrator\Application Data\Intel(4) 2009-01-09 03:22 19,915 ------w c:\windows\system32\drivers\AegisP.sys 2009-01-03 04:53 --------- d-----w c:\documents and settings\Administrator\Application Data\Smith Micro 2009-01-01 03:20 --------- d-----w c:\documents and settings\Administrator\Application Data\Windows Search 2008-12-31 08:48 --------- d-----w c:\program files\MSBuild 2008-12-31 08:47 --------- d-----w c:\program files\Reference Assemblies 2008-12-31 07:40 --------- d-----w c:\documents and settings\Administrator\Application Data\WinPatrol 2008-12-31 05:26 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime 2008-12-31 01:58 --------- d-----w c:\program files\DIFX 2008-12-31 01:57 663,552 ------w c:\windows\system32\NETw5c32.dll 2008-12-30 22:33 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel.sav 2008-12-30 22:33 --------- d-----w c:\documents and settings\All Users\Application Data\Intel.sav 2008-12-30 22:33 --------- d-----w c:\documents and settings\Administrator\Application Data\Intel.sav 2008-12-30 22:13 --------- d-----w c:\documents and settings\Administrator\Application Data\Windows Desktop Search 2008-12-30 22:12 --------- d-----w c:\program files\Windows Desktop Search 2008-12-30 22:08 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-30 09:43 --------- d-----w c:\program files\Google 2008-12-30 03:15 --------- d-----w c:\documents and settings\All Users\Application Data\Napster 2008-12-29 23:00 --------- d-----w c:\program files\McAfee 2008-12-29 07:15 --------- d-----w c:\program files\Windows Journal 2008-12-29 01:32 --------- d-----w c:\program files\MSXML 4.0 2008-12-28 22:20 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard 2008-12-28 17:58 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2008-12-28 08:26 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-12-28 08:25 --------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-12-28 08:24 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-28 07:49 --------- d-----w c:\program files\McAfee.com 2008-12-28 07:49 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com 2008-12-28 07:49 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2008-12-28 07:46 --------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor 2008-12-28 07:43 --------- d-----w c:\program files\Common Files\McAfee 2008-12-28 07:38 --------- d-----w c:\program files\BigFix 2008-12-28 06:06 --------- d-----w c:\windows\system32\config\systemprofile\Applicati on Data\McAfee.com Personal Firewall 2008-12-28 05:56 --------- d-----w c:\windows\system32\config\systemprofile\Applicati on Data\ATI 2008-12-28 05:56 --------- d-----w c:\documents and settings\Administrator\Application Data\ATI 2008-12-28 05:49 --------- d-----w c:\program files\Phoenix Technologies Ltd 2008-12-28 05:48 --------- d-----w c:\windows\system32\config\systemprofile\Applicati on Data\Intel 2008-12-28 05:47 --------- d-----w c:\windows\system32\config\systemprofile\Applicati on Data\Leadertech 2008-12-28 05:47 --------- d-----w c:\documents and settings\Administrator\Application Data\Leadertech 2008-12-28 05:41 --------- d-----w c:\program files\WIDCOMM 2008-12-28 05:39 --------- d-----w c:\program files\Motorola 2008-12-28 05:36 --------- d-----w c:\program files\Common Files\ATI Technologies 2008-12-28 05:35 --------- d-----w c:\program files\ATI Technologies 2008-12-28 05:33 --------- d-----w c:\program files\Microsoft Experience Pack 2008-12-28 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\Pure Networks 2008-12-28 05:32 8,552 ------w c:\windows\system32\drivers\asctrm.sys 2008-12-28 05:32 --------- d-----w c:\windows\system32\config\systemprofile\Applicati on Data\You've Got Pictures Screensaver 2008-12-28 05:32 --------- d-----w c:\program files\Viewpoint 2008-12-28 05:32 --------- d-----w c:\program files\Real 2008-12-28 05:32 --------- d-----w c:\program files\QuickTime 2008-12-28 05:32 --------- d-----w c:\program files\Pure Networks 2008-12-28 05:32 --------- d-----w c:\program files\Learn2.com 2008-12-28 05:32 --------- d-----w c:\program files\Common Files\Real 2008-12-28 05:32 --------- d-----w c:\program files\Common Files\Nullsoft 2008-12-28 05:32 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2008-12-28 05:32 --------- d-----w c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver 2008-12-28 05:30 --------- d-----w c:\windows\system32\config\systemprofile\Applicati on Data\SampleView 2008-12-28 05:30 --------- d-----w c:\program files\Texas Instruments Inc 2008-12-28 05:30 --------- d-----w c:\documents and settings\Administrator\Application Data\SampleView 2008-12-28 05:29 --------- d-----w c:\program files\Microsoft.NET 2008-12-28 05:26 --------- d-----w c:\program files\CyberLink 2008-12-28 05:25 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-28 05:16 --------- d-----w c:\program files\Microsoft ActiveSync 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-12-27 98304] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-02-09 1711304] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-02-08 00:55 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-13 16:11 47104 c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 09:41 11776 c:\windows\system32\tabbtnwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-13 16:12 32256 c:\windows\system32\tpgwlnot.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MEMonitor.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MEMonitor.lnk backup=c:\windows\pss\MEMonitor.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk backup=c:\windows\pss\BigFix.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk backup=c:\windows\pss\Orbit.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress] NA [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared] --------- 2009-01-27 16:59 2784912 c:\program files\a-squared Anti-Malware\a2guard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] --a------ 2008-08-14 07:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --------- 2006-01-02 17:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 16:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --------- 2008-12-29 02:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelayShred] --------- 2008-07-09 18:10 111904 c:\progra~1\McAfee\MSHR\ShrCL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe] --------- 2008-07-11 16:48 641208 c:\program files\McAfee.com\Agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] --a------ 2008-04-13 16:12 169984 c:\windows\pchealth\helpctr\binaries\msconfig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --------- 2008-12-27 21:32 98304 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --------- 2002-09-13 22:42 212992 c:\windows\SMINST\Recguard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2005-01-12 03:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --------- 2006-09-14 13:00 577536 c:\program files\Motorola\SMSERIAL\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snippet] --------- 2005-02-25 19:20 68296 c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2009-02-18 16:37 148888 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --------- 2009-02-08 00:55 1830128 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --------- 2004-11-05 09:47 688218 c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --------- 2004-11-05 09:47 98394 c:\program files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip] --a------ 2008-04-13 16:12 271872 c:\program files\Common Files\Microsoft Shared\Ink\tabtip.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard] --a------ 2008-04-13 16:12 16384 c:\windows\Help\splshwrp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationA gent] --a------ 2008-04-13 16:12 110592 c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --------- 2005-12-27 08:20 413696 c:\windows\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager .exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [2008-12-28 28544] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-12-27 206096] R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [2008-12-27 24736] R3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;c:\windows\system32\drivers\mstabbtn.sys [2008-12-27 10496] S3 kwkxusb;Kyocera CDMA Wireless Modem Driver; [x] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408] S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; [x] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{05811023-d49d-11dd-ba1a-806d6172696f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 . Contents of the 'Scheduled Tasks' folder 2009-02-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10] 2009-02-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10] . - - - - ORPHANS REMOVED - - - - Toolbar-SITEguard - (no file) MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe MSConfigStartUp-EPSON Stylus CX3800 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIA CA.EXE MSConfigStartUp-Gateway Extended Warranty - c:\program files\Gateway\GWCares\GWCares.exe MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd.exe MSConfigStartUp-PC Pitstop Optimize Scheduler - c:\program files\PCPitstop\Optimize\PCPOptimize.exe . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.mcafee.com/ uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\kfqq77k3.default\ FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google) FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-21 21:39:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(920) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-21 21:40:36 ComboFix-quarantined-files.txt 2009-02-22 05:40:34 Pre-Run: 51,726,319,616 bytes free Post-Run: 51,719,942,144 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect 413 --- E O F --- 2009-02-11 06:17:59 |
|
#27
22nd Feb 2009, 01:23
|
|||
|
|||
|
If there is nothing in this post then I would like to do a non-destructive recovery.
I am thinking of doing a non-destructive recovery. I have done this before when I got a trojan on the computer. When I first, did this I turned on the computer and pressed f11 or r. The system came on and I pressed non destructive recovery and the computer did it. But now I did the same thing and its asking me for the discs. I know I didn't do a recovery because the whole computer was redone and the previous drive was in a file. I jsut wanted to know if i am doing anything wrong. This is a gateway laptop. Model cx210x. A tablet PC. |
|
#28
22nd Feb 2009, 09:56
|
|||
|
|||
|
Did you ever Get the Gateway restore disks?
Have you thought about uninstalling any programs you don't use, do a disk clean up and a defrag? Sometimes just basic maintenance will do wonders.
__________________
|
|
#29
22nd Feb 2009, 14:18
|
|||
|
|||
|
no i didnt get the discs so i sent in a email to support. Also I have done all those other things
|
|
#30
22nd Feb 2009, 14:51
|
|||
|
|||
|
Download GMER and save it to your desktop
---------- Use the Kaspersky Lab Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.
When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As
 Copy and paste the Kaspersky Online Scanner Report in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
__________________
|
