Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

braviax [RESOLVED]


  • This topic is locked This topic is locked

#46
benhal8

benhal8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Thanks again for the help. Here's the log:

ComboFix 08-03-07.4 - HP_Administrator 2008-03-08 17:51:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.859 [GMT -6:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\dumphive.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\exit.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\GenericRenosFix.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\HostsChk.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\IEDFix.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\Process.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\Reboot.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\restart.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmitfraudFix.cmd
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SmiUpdate.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\SrchSTS.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\swreg.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\swsc.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\swxcacls.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\UIFix.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\unzip.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\VACFix.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\VCCLSID.exe
C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix\WS2Fix.exe
C:\Program Files\Malwarebytes' Anti-Malware
C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_NPF


((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-03-08 15:38 . 2008-03-08 15:38 3,272 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-08 14:28 . 2008-03-08 14:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-03-08 14:27 . 2008-03-08 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-08 13:59 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-08 13:22 . 2008-03-08 13:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-08 12:22 . 2008-03-08 12:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-08 09:31 . 2008-03-08 09:31 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-03-05 21:23 . 2008-03-05 21:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-03-05 21:19 . 2008-03-05 21:19 <DIR> d-------- C:\WINDOWS\system32\FxsTmp
2008-03-05 21:13 . 2008-03-05 21:13 35,328 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-05 19:57 . 2004-04-22 10:07 11,452 --a------ C:\WINDOWS\system32\mypixdx.chm
2008-03-05 19:56 . 2004-08-10 06:00 1,361 --a------ C:\WINDOWS\system32\fxscount.h
2008-03-02 19:17 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-02 19:17 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-02 19:17 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-02 19:17 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-02 19:17 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-02 19:17 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-02 11:34 . 2008-03-07 14:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-02 11:34 . 2008-03-02 11:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-01 16:26 . 2008-03-01 16:26 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Uniblue
2008-02-29 18:29 . 2008-02-29 18:29 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-29 18:29 . 2008-02-29 18:29 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2008-02-28 20:53 . 2008-02-28 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-02-28 20:53 . 2008-02-28 20:49 218,504 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-02-28 20:29 . 2008-02-28 20:53 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-02-28 19:33 . 2008-02-28 19:33 18,557 --a------ C:\WINDOWS\ygocifytus.ban
2008-02-28 19:33 . 2008-02-28 19:33 18,355 --a------ C:\WINDOWS\system32\asaf.dl
2008-02-28 19:33 . 2008-02-28 19:33 15,531 --a------ C:\WINDOWS\system32\tyhyfur._dl
2008-02-28 19:33 . 2008-02-28 19:33 13,230 --a------ C:\WINDOWS\system32\nisez._sy
2008-02-28 19:33 . 2008-02-28 19:33 10,448 --a------ C:\WINDOWS\system32\cebezo.ban
2008-02-28 19:27 . 2008-03-08 17:55 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-28 19:27 . 2008-02-28 19:27 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools
2008-02-28 19:27 . 2008-03-08 17:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-28 19:27 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-28 19:27 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-28 19:27 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-28 19:27 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-28 18:45 . 2008-02-28 18:45 19,085 --a------ C:\WINDOWS\system32\ofus.dl
2008-02-28 18:45 . 2008-02-28 18:45 18,771 --a------ C:\WINDOWS\zykawa._sy
2008-02-28 18:45 . 2008-02-28 18:45 16,192 --a------ C:\WINDOWS\ikukimiqav.ban
2008-02-28 18:45 . 2008-02-28 18:45 12,735 --a------ C:\WINDOWS\pipugazoti.inf
2008-02-28 18:41 . 2008-02-28 18:42 22 --a------ C:\WINDOWS\system32\ntvdm.zip
2008-02-22 20:59 . 2008-03-04 14:20 <DIR> d-------- C:\Program Files\QuickTime
2008-02-10 08:54 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-10 08:54 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-10 08:54 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-09 15:54 . 2008-02-09 15:58 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 16:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-07 23:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-01 14:22 --------- d-----w C:\Program Files\PokerStars
2008-02-23 03:01 --------- d-----w C:\Program Files\iTunes
2008-02-23 03:01 --------- d-----w C:\Program Files\iPod
2008-02-17 01:04 --------- d-----w C:\Program Files\Real
2008-02-11 04:51 --------- d-----w C:\Program Files\Incomplete
2008-02-09 14:00 --------- d--h--w C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
2008-02-01 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-16 20:48 --------- d-----w C:\Program Files\Common Files\Nikon
2008-01-16 20:48 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Nikon
2008-01-15 15:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 11:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 00:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-11-18 05:59 332 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"RECGUARD"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 00:14 237568]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44 61440]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 01:50 221184]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 10:04 52736]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:19 77312 C:\WINDOWS\arpwrmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 03:14 36975]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 01:50 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 06:05 344064]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-10 18:30 180269]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-10 18:50:28 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-09 21:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2006-09-05 19:22 26248 C:\Program Files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-02-28 20:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-01 02:34:18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 21:46:24 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
"2008-03-01 02:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 17:56:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-03-08 18:00:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-09 00:00:02
.
2008-03-08 23:01:48 --- E O F ---
  • 0

Advertisements


#47
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image

The above procedure will delete and do the following:

  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:\Deckard folder, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Let me know if that works.
  • 0

#48
benhal8

benhal8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
We are golden - thanks for everything!

The only issues I am currently having is Microsoft Word acting up. When I go to alter the name it says:

"If you change a file name or extension, the file may become unusable.
Are you sure you want to change it?"


Also, I get a blue HP screen on startup that turns to a black screen that says:

Please select the operating system to start
Windows XP Media Center Edition
Microsoft Windows Recovery Console

For troubleshooting and advanced startup options for Windows, press F8

Edited by benhal8, 08 March 2008 - 06:23 PM.

  • 0

#49
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#50
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

Please select the operating system to start
Windows XP Media Center Edition
Microsoft Windows Recovery Console

For troubleshooting and advanced startup options for Windows, press F8

This is normal.^^

"If you change a file name or extension, the file may become unusable.
Are you sure you want to change it?"
If anytime you try to change a file extention if will warn you before doing so.

If you have no other questions I will close this topic now thanks.

Edited by kahdah, 08 March 2008 - 06:30 PM.

  • 0

#51
benhal8

benhal8

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Sweet! We're done. Thank you so much for your time, patience and guidance.
  • 0

#52
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)
  • 0

#53
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP