Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Used Combofix But Hkdrv Driver Removed


  • Please log in to reply
2 replies to this topic

#1 wakanwanbli

wakanwanbli

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 13 February 2008 - 09:20 PM

Hello

I would greatly appreciate any advice on this issue. I recently used combofix to remove several tojans/viruses that I had previously been unable to get rid of using other methods. I found the combofix suggestion/instructions on this site here http://www.bleepingcomputer.com/combofix/how-to-use-combofix. I am happy to report it worked but a side effect of this fix was that I believe what is called the HKDRV driver appears to have been removed. It is my understanding that this is associated with my D: drive(CD-ROM) and indeed this is now not working and does not show up in my Windows Explorer. I have a Toshiba Satellite A75. I have posted the combofix log below. Can anyone help me with this and recommend how I can find and install this missing drive. Thank you very much

Combofix log




ComboFix 08-02-12.1 - KAVATAR 2008-02-11 20:27:56.1 - NTFSx86
Running from: C:\Documents and Settings\KAVATAR\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\tnqlkdox.dat
C:\WINDOWS\system32\dbmsads.dll
C:\WINDOWS\system32\drivers\tnqlkdox.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ZHRNZPTK
-------\zhrnzptk


((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-07 00:30 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-26 23:19 . 2008-01-26 23:19 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-16 00:43 . 2008-01-16 00:43 <DIR> d-------- C:\Program Files\Amazon
2008-01-15 00:14 . 2008-01-15 00:14 <DIR> d-------- C:\Program Files\CCleaner
2008-01-14 23:48 . 2008-01-14 23:50 <DIR> d-------- C:\Documents and Settings\KAVATAR\Application Data\PrevxCSI
2008-01-14 23:48 . 2008-01-14 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 01:38 9,150,496 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-12 01:35 108,260 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-07 05:50 --------- d-----w C:\Program Files\DivX
2008-02-07 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo
2008-02-07 05:48 --------- d-----w C:\Program Files\Yahoo!
2008-02-07 05:46 --------- d-----w C:\Program Files\Java
2008-02-05 16:07 --------- d-----w C:\Program Files\Trillian
2008-02-05 03:50 --------- d-----w C:\Program Files\XoftSpySE
2008-01-27 04:19 --------- d-----w C:\Program Files\Real
2008-01-27 04:17 --------- d-----w C:\Program Files\Common Files\Real
2008-01-17 02:21 164 ----a-w C:\install.dat
2008-01-16 06:09 --------- d-----w C:\Program Files\Google
2008-01-15 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-15 02:50 --------- d-----w C:\Program Files\a-squared Free
2008-01-13 07:16 --------- d-----w C:\Program Files\Max Registry Cleaner
2008-01-12 06:21 --------- d-----w C:\Documents and Settings\KAVATAR\Application Data\Creative
2008-01-08 05:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-07 02:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-05 01:56 1,526,640 ----a-w C:\WINDOWS\WRSetup.dll
2008-01-05 01:34 23,920 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-05 01:34 21,872 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-05 01:34 20,336 ----a-w C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-05 01:34 163,696 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-03 03:11 --------- d-----w C:\Program Files\Viewpoint
2008-01-01 08:35 --------- d-----w C:\Documents and Settings\KAVATAR\Application Data\Amazon
2008-01-01 08:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-01 06:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-12-29 06:11 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Webroot
2007-12-29 06:07 --------- d-----w C:\Program Files\Webroot
2007-12-29 06:07 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-29 06:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Webroot
2007-12-29 06:05 --------- d-----w C:\Documents and Settings\KAVATAR\Application Data\Webroot
2007-12-29 05:50 --------- d-----w C:\Program Files\Security Task Manager
2007-12-21 02:40 --------- d-----w C:\Program Files\ZoneAlarmSB
2007-11-14 21:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2004-11-29 05:52 46,584 ----a-w C:\Documents and Settings\KAVATAR\Application Data\GDIPFONTCACHEV1.DAT
2007-09-07 02:14 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2007-12-20 21:40 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-20 21:40 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 06:24 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-10-24 15:10 4662776]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 19:09 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-04-21 03:04 118843]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 00:10 335872]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 18:43 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 18:00 88363 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 19:46 192512]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-05-14 13:29 712704]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-06 16:12 638976]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-15 14:17 53248]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 17:47 1089589]
"NDSTray.exe"="NDSTray.exe" []
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-20 12:21 135168]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 12:39 159744]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2002-06-20 06:28 725046]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41 28738]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-15 14:29 98304]
"SpyHunter"="" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-26 23:15 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Documents and Settings\KAVATAR\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-07-26 15:59:44 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Corel MEDIA FOLDERS INDEXER 8.LNK - C:\Corel\Graphics8\Programs\MFIndexer.exe [2004-10-07 12:13:12 83456]
ELSBLaunch.lnk - C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe [2004-10-05 11:19:12 40960]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 16:23:32 51776]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2003-12-02 17:45:18 155648]

R1 ECioctl;ECioctl;C:\WINDOWS\system32\Drivers\ECioctl.sys [2004-05-06 15:40]
R1 NEOFLTR_520_9469;Juniper Networks TDI Filter Driver (NEOFLTR_520_9469);C:\WINDOWS\System32\Drivers\NEOFLTR_520_9469.SYS [2005-11-09 23:32]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-09-12 22:13]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 00:18:57 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
- C:\
"2008-02-12 01:37:18 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-05 03:49:03 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 20:38:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\ACS.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\DVDRAMSV.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-02-11 20:45:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 01:45:38
.
2008-01-10 02:32:46 --- E O F ---

BC AdBot (Login to Remove)

 


m

#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:05:06 PM

Posted 13 February 2008 - 09:36 PM

I will not address the Combofix file. You can get what you want Here Did you computer come with a recovery disk or do you have a MS XP disk?
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 wakanwanbli

wakanwanbli
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 13 February 2008 - 11:50 PM

I have the XP disk somewhere but have had trouble finding it, not smart I know. I will check out this link.

Thank you and I will post my results later.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users