GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Problems on my mom's computer

View previous topic View next topic Go down

Re: Problems on my mom's computer

Post by spacephrawgg on Tue Jul 21, 2009 3:02 am

Here is the rootrepeal scan:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/07/20 22:58
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF6F7D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A8D000 Size: 8192 File Visible: No Signed: -
Status: -

Name: jpjuw.sys
Image Path: jpjuw.sys
Address: 0xF7565000 Size: 61440 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF68BD000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF744D000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\liz\local settings\temp\etilqs_rj7llbccrahbluph9am7
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\documents and settings\liz\application data\mozilla\firefox\profiles\3a49bh7j.default\sessionstore.js
Status: Allocation size mismatch (API: 8192, Raw: 4096)

Path: C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\3a49bh7j.default\sessionstore-1.js
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\liz\local settings\application data\mozilla\firefox\profiles\3a49bh7j.default\cache\_cache_001_
Status: Size mismatch (API: 463248, Raw: 387667)

Path: c:\documents and settings\liz\local settings\application data\mozilla\firefox\profiles\3a49bh7j.default\cache\_cache_002_
Status: Size mismatch (API: 307856, Raw: 281635)

Path: c:\documents and settings\liz\local settings\application data\mozilla\firefox\profiles\3a49bh7j.default\cache\_cache_003_
Status: Size mismatch (API: 610559, Raw: 503167)

Path: C:\Documents and Settings\Liz\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a49bh7j.default\Cache\013E2B8Cd01
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Liz\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a49bh7j.default\Cache\0B42B96Ad01
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Liz\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a49bh7j.default\Cache\A7B9018Bd01
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Liz\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a49bh7j.default\Cache\B581BA44d01
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Liz\Local Settings\Application Data\Mozilla\Firefox\Profiles\3a49bh7j.default\Cache\DED39251d01
Status: Visible to the Windows API, but not on disk.

Hidden Services
-------------------
Service Name: nchuneg
Image Pathsystem32\drivers\jpjuw.sys

==EOF==

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Problems on my mom's computer

Post by Origin on Tue Jul 21, 2009 7:05 pm

I suggest you copy these instructions into a notepad file, because we need to use safe mode and you won't have internet access to read from here.

Download [You must be registered and logged in to see this link.] and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Problems on my mom's computer

Post by spacephrawgg on Wed Jul 22, 2009 3:36 am

Here is the SDfix log:


SDFix: Version 1.240
Run by Liz on Tue 07/21/2009 at 07:49 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-21 23:32:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Juno\\bin\\juno.exe"="C:\\Program Files\\Juno\\bin\\juno.exe:*:Enabled:Juno"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :


Finished!

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Problems on my mom's computer

Post by Origin on Thu Jul 23, 2009 7:21 pm

Now open a new notepad file.
Input this into the notepad file:

DirLook:
c:\documents and settings\liz\local settings\temp\etilqs_rj7llbccrahbluph9am7

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Problems on my mom's computer

Post by spacephrawgg on Fri Jul 24, 2009 1:26 am

Ok so i did all that you told me to and the scan started up as per normal and i went away from the computer for ten minutes. when i came back it had the BLUESCREENOFERRORMESSAGE and the white text reading as follows:

STOP:C000007B{bad image}
The application or DLL [i dont know how to do forward slashes so I'll use the normal ones to tell you what it said]: ///?/C:/windows/system32/Sfcfiles.dll is not a valid windows image. Please check this against your installation diskette.

I turned the machine off and atempted a reboot in safe mode and no sooner did I choose "safemode" from the menu than it gave me the very same error message.

The computer had its hard drive replaced not too long ago. Does that have anything to do with this?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Problems on my mom's computer

Post by spacephrawgg on Mon Jul 27, 2009 4:00 am

I can't use the computer now. Is in the perpetual blue screen of error message. What should I do?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Problems on my mom's computer

Post by spacephrawgg on Mon Jul 27, 2009 11:30 pm

So my dad just took a look at it and has managed to get it to boot normally but it refuses to connect to the internet in any way shape or form.

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

Re: Problems on my mom's computer

Post by Origin on Tue Jul 28, 2009 5:11 pm

Please download WinSockFix here and see if it fixes your problem:

[You must be registered and logged in to see this link.]

Run it and see if you have internet connection.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Problems on my mom's computer

Post by spacephrawgg on Wed Jul 29, 2009 2:12 am

I can't connect to the internet on that computer 8>/ What should I do?

spacephrawgg
Senior
Senior

Status :
Online
Offline

Posts : 210
Joined : 2009-02-02
Gender : Male
OS : XP
Points : 29431
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum