Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I seem to have got the virus which has made my C: drive a big red X and my C: drive had about 20,000 pos*.tmp files. I have downloaded hijack this and combofix and run them as specified in the other posts.i could post the files if someone is willing to look at it and help me out. After running combofix, all the pos*.tmp files in C: drive have disappeared, but i would like to make sure that the virus is out of the system.
Has the red X changed back to the normal icon?
Have you run any other scanners? It would be a really good idea to run Malware Bytes AntiMalware (MBAM) to follow up.
Download Malware Bytes AntiMalware (MBAM) to your desktop.
Click here to to start MBAM download
Once downloaded close all windows (including this one) and double click the file on your desktop Download_mbam-setup.exe
During the installation leave the options to Launch and Update checked.
When the installation has finished MBAM will open, perform the complete scan.
Remove everything it finds.
Post the combofix log and I'll have a look at it. The log should be at the root of C drive "C:\ComboFix.txt".
0 
The Red X on C drive is still there. I have run MBAM as you instructed. It detected 99 infected objects, which have been deleted.Do you want to see the log file for that as well? The log file for ComboFix is given below. Thank You so much for helping me out.
ComboFix 08-06-16.5 - homepc 2008-06-17 22:31:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.117 [GMT 5.5:30]
Running from: C:\Documents and Settings\homepc\Desktop\ComboFix.exe
* Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:\autorun.inf
C:\Documents and Settings\All Users\Application Data\Starware358
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\646_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\646_button_1b_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\651_button_1b_def.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\Free_Credit_Score0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\Free_Music0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\Heavy.com0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\buttons\Movie_Reviews0.bmp
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\Related.xml
C:\Documents and Settings\All Users\Application Data\Starware358\contexts\Travel.xml
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware358\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware358\Tem2337.tmp
C:\Documents and Settings\All Users\Application Data\Starware358\Tem4461.tmp
C:\Documents and Settings\homepc\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\homepc\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\homepc\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\homepc\Application Data\Starware358
C:\Documents and Settings\homepc\Application Data\Starware358\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\homepc\Application Data\Starware358\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\Celebrity_News\Celebrity_NewsOptions.xml
C:\Documents and Settings\homepc\Application Data\Starware358\Celebrity_News\Celebrity_NewsOptions.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\Celebrity_Search\Celebrity_SearchOptions.xml
C:\Documents and Settings\homepc\Application Data\Starware358\Celebrity_Search\Celebrity_SearchOptions.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\Configurator\Configurator.xml
C:\Documents and Settings\homepc\Application Data\Starware358\Configurator\Configurator.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\homepc\Application Data\Starware358\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\Free_Credit_Score\Free_Credit_ScoreOptions.xml
C:\Documents and Settings\homepc\Application Data\Starware358\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\Free_Music\Free_MusicOptions.xml
C:\Documents and Settings\homepc\Application Data\Starware358\Free_Music\Free_MusicOptions.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\Heavy.com\Heavy.comOptions.xml
C:\Documents and Settings\homepc\Application Data\Starware358\Heavy.com\Heavy.comOptions.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\Layouts\ToolbarLayout.xml
C:\Documents and Settings\homepc\Application Data\Starware358\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\Manager\ManagerOptions.xml
C:\Documents and Settings\homepc\Application Data\Starware358\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\Movie_Reviews\Movie_ReviewsOptions.xml
C:\Documents and Settings\homepc\Application Data\Starware358\Movie_Reviews\Movie_ReviewsOptions.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\homepc\Application Data\Starware358\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\Tem2D22.tmp
C:\Documents and Settings\homepc\Application Data\Starware358\Tem30DD.tmp
C:\Documents and Settings\homepc\Application Data\Starware358\Tem8.tmp
C:\Documents and Settings\homepc\Application Data\Starware358\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\homepc\Application Data\Starware358\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\homepc\Application Data\Starware358\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\homepc\Application Data\Starware358\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\homepc\Application Data\Starware358\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\homepc\Application Data\Starware358\TravelSearch\TravelSearchOptions.xml.backup
C:\Program Files\Starware358
C:\Program Files\Starware358\bin\Starware358.dll
C:\Program Files\Starware358\icons\star_16.ico
C:\Program Files\Starware358\Starware358Config.xml
C:\Program Files\Starware358\Starware358Uninstall.exe
C:\WINDOWS\BMc704c9d3.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adssite_sidebar.dll
C:\WINDOWS\system32\aiyneiky.ini
C:\WINDOWS\system32\akdbrbqj.dll
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\armgspwj.dll
C:\WINDOWS\system32\bbsefuob.dll
C:\WINDOWS\system32\bfyfqtrj.dll
C:\WINDOWS\system32\bitbqtud.ini
C:\WINDOWS\system32\bjmmdfqj.ini
C:\WINDOWS\system32\bpvafytb.dll
C:\WINDOWS\system32\bslkstte.dll
C:\WINDOWS\system32\cbcqraji.ini
C:\WINDOWS\system32\crwmjypq.dll
C:\WINDOWS\system32\cuuqndnn.dll
C:\WINDOWS\system32\daitsuvg.dll
C:\WINDOWS\system32\dnguwqrq.ini
C:\WINDOWS\system32\dofrtcno.dll
C:\WINDOWS\system32\drlnjhgq.dll
C:\WINDOWS\system32\dutqbtib.dll
C:\WINDOWS\system32\ekctwtma.dll
C:\WINDOWS\system32\eothnwur.dll
C:\WINDOWS\system32\eqilugwm.dll
C:\WINDOWS\system32\erhnvong.dll
C:\WINDOWS\system32\etyibdeg.ini
C:\WINDOWS\system32\fasncjnj.dll
C:\WINDOWS\system32\fevbwcnp.dll
C:\WINDOWS\system32\fevjeagd.dll
C:\WINDOWS\system32\fglgaqjv.dll
C:\WINDOWS\system32\ftniifkf.dll
C:\WINDOWS\system32\fvijpftv.ini
C:\WINDOWS\system32\fxptoaks.dll
C:\WINDOWS\system32\gedbiyte.dll
C:\WINDOWS\system32\gfqgfyxo.ini
C:\WINDOWS\system32\gmueoqyh.dll
C:\WINDOWS\system32\gnwsxqtv.ini
C:\WINDOWS\system32\gqfvfmmc.dll
C:\WINDOWS\system32\gtavocfo.dll
C:\WINDOWS\system32\gvpfwups.dll
C:\WINDOWS\system32\gvustiad.ini
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\system32\hmtblckc.dll
C:\WINDOWS\system32\hpetuvyl.dll
C:\WINDOWS\system32\huueewtq.ini
C:\WINDOWS\system32\hvlktgti.dll
C:\WINDOWS\system32\hwpmxpti.ini
C:\WINDOWS\system32\hxarplie.dll
C:\WINDOWS\system32\iagxmfcb.dll
C:\WINDOWS\system32\ijarqcbc.dll
C:\WINDOWS\system32\ijipnuar.dll
C:\WINDOWS\system32\iltneogb.dll
C:\WINDOWS\system32\iudmlagm.dll
C:\WINDOWS\system32\jbehwkcm.dll
C:\WINDOWS\system32\jfvuniqe.dll
C:\WINDOWS\system32\jmheqkht.ini
C:\WINDOWS\system32\jnjcnsaf.ini
C:\WINDOWS\system32\jqfdmmjb.dll
C:\WINDOWS\system32\jrtqfyfb.ini
C:\WINDOWS\system32\jsctitxy.ini
C:\WINDOWS\system32\kffkybyp.dll
C:\WINDOWS\system32\khyraafq.ini
C:\WINDOWS\system32\kkcoucvg.ini
C:\WINDOWS\system32\kkhxoyhb.ini
C:\WINDOWS\system32\kmxjhcnl.ini
C:\WINDOWS\system32\kpnhntea.ini
C:\WINDOWS\system32\kychmmgg.dll
C:\WINDOWS\system32\liipmhsh.ini
C:\WINDOWS\system32\lnchjxmk.dll
C:\WINDOWS\system32\lsythfym.dll
C:\WINDOWS\system32\lylnmsyq.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mttthlce.dll
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\njlcspwi.dll
C:\WINDOWS\system32\nkiomyqw.ini
C:\WINDOWS\system32\nqtanpqu.ini
C:\WINDOWS\system32\nwfevnsi.ini
C:\WINDOWS\system32\nyiynmeh.dll
C:\WINDOWS\system32\ofcovatg.ini
C:\WINDOWS\system32\oxyfgqfg.dll
C:\WINDOWS\system32\pdvtaafr.dll
C:\WINDOWS\system32\pgdjomie.ini
C:\WINDOWS\system32\plmrehlp.dll
C:\WINDOWS\system32\ptdvtden.dll
C:\WINDOWS\system32\qfaaryhk.dll
C:\WINDOWS\system32\qfqbxyuq.dll
C:\WINDOWS\system32\qkusttjf.ini
C:\WINDOWS\system32\qrqwugnd.dll
C:\WINDOWS\system32\qtweeuuh.dll
C:\WINDOWS\system32\qvsnkgjd.dll
C:\WINDOWS\system32\qxsuetkh.dll
C:\WINDOWS\system32\raunpiji.ini
C:\WINDOWS\system32\rbtddetf.dll
C:\WINDOWS\system32\reiwtgao.dll
C:\WINDOWS\system32\rfaatvdp.ini
C:\WINDOWS\system32\rightonadz-uninst.exe
C:\WINDOWS\system32\rimnqlhl.dll
C:\WINDOWS\system32\rjsnxqjo.dll
C:\WINDOWS\system32\rknffrkq.dll
C:\WINDOWS\system32\rlnsdhyb.dll
C:\WINDOWS\system32\rpnkleni.dll
C:\WINDOWS\system32\ruwnhtoe.ini
C:\WINDOWS\system32\shemtscy.ini
C:\WINDOWS\system32\skpgfpxx.ini
C:\WINDOWS\system32\snmslkuh.dll
C:\WINDOWS\system32\spnrlrnw.ini
C:\WINDOWS\system32\txjeigav.ini
C:\WINDOWS\system32\udgmpmds.ini
C:\WINDOWS\system32\uhktoviu.dll
C:\WINDOWS\system32\uhqkupkx.ini
C:\WINDOWS\system32\uivotkhu.ini
C:\WINDOWS\system32\uqdaxuue.dll
C:\WINDOWS\system32\vagiejxt.dll
C:\WINDOWS\system32\vjqaglgf.ini
C:\WINDOWS\system32\vmihhkxd.dll
C:\WINDOWS\system32\vnouilsv.dll
C:\WINDOWS\system32\vtfpjivf.dll
C:\WINDOWS\system32\vtqxswng.dll
C:\WINDOWS\system32\vvahshxw.dll
C:\WINDOWS\system32\weimkylv.dll
C:\WINDOWS\system32\wfhfdisl.ini
C:\WINDOWS\system32\wkcwgnws.dll
C:\WINDOWS\system32\wnrlrnps.dll
C:\WINDOWS\system32\wqymoikn.dll
C:\WINDOWS\system32\wwgcwbnx.dll
C:\WINDOWS\system32\xhqqpukt.dll
C:\WINDOWS\system32\xhtrynjl.dll
C:\WINDOWS\system32\xrjnshdy.ini
C:\WINDOWS\system32\xtihbtld.dll
C:\WINDOWS\system32\xxpfgpks.dll
C:\WINDOWS\system32\xyygseyu.ini
C:\WINDOWS\system32\ygcdjeyg.dll
C:\WINDOWS\system32\yhaodcfi.ini
C:\WINDOWS\system32\yvqqjhxw.dll
C:\WINDOWS\system32\yxhltycp.ini
C:\WINDOWS\system32\yxtitcsj.dll
C:\x.dat
C:\z.dat
D:\Autorun.inf
E:\Autorun.inf.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.-------\Legacy_DOMAINSERVICE
-------\Service_DomainService
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.2008-06-17 22:08 . 2008-06-17 22:21 <DIR> d-------- C:\VundoFix Backups
2008-06-16 21:01 . 2008-06-16 21:01 90,923 --a------ C:\WINDOWS\system32\stdqyesdkkxuqqh.dll-uninst.exe
2008-06-16 20:08 . 2008-06-16 20:08 35,704 --a------ C:\Documents and Settings\homepc\Application Data\GDIPFONTCACHEV1.DAT
2008-06-15 01:59 . 2008-06-17 22:27 63,916 --a------ C:\WINDOWS\system32\{71a32af0-83e5-542f-90b9-1d781fcc4b15}.dll-uninst.exe
2008-06-13 20:55 . 2008-06-13 20:55 <DIR> d-------- C:\Documents and Settings\homepc\Application Data\TeamViewer
2008-06-13 20:54 . 2008-06-13 20:54 <DIR> d-------- C:\Program Files\TeamViewer3
2008-06-13 20:54 . 2008-06-13 20:54 <DIR> d-------- C:\Documents and Settings\homepc\temp
2008-06-11 14:40 . 2008-04-14 16:31 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:40 . 2008-04-14 16:31 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 13:19 . 2008-06-07 13:19 447,488 --a------ C:\WINDOWS\system32\stdqyesdkkxuqqh.dll
2008-06-06 20:37 . 2008-05-04 11:26 104,147 -r-hs---- C:\igxv.cmd
2008-05-26 20:33 . 2008-05-26 20:33 365,056 --a------ C:\WINDOWS\system32\{71a32af0-83e5-542f-90b9-1d781fcc4b15}.dll
2008-05-19 12:46 . 2008-05-19 12:48 94,208 --a------ C:\WINDOWS\ScUnin.exe
2008-05-19 12:46 . 2008-05-19 12:48 35,775 --a------ C:\WINDOWS\scunin.dat
2008-05-19 12:46 . 2008-05-19 12:48 967 --a------ C:\WINDOWS\ScUnin.pif.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-16 15:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-16 11:09 --------- d-----w C:\Program Files\BitComet
2008-06-14 15:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 15:05 611,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-03 11:50 --------- d-----w C:\Documents and Settings\homepc\Application Data\LimeWire
2008-06-03 07:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-29 07:03 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-29 07:03 --------- d-----w C:\Program Files\Common Files\Real
2008-04-24 03:17 --------- d-----w C:\Program Files\Picasa2
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-16 14:23 89,070 ----a-w C:\WINDOWS\system32\myss_sb_uninstall.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-11-19 15:58 128 ----a-w C:\Documents and Settings\homepc\services.exe
2007-11-17 13:15 272 ----a-w C:\Documents and Settings\homepc\x.dat
2007-11-17 13:15 199,097 ----a-w C:\Documents and Settings\homepc\z.dat
2006-11-09 00:45 0 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\wklnhst.dat
2006-11-09 00:45 0 ----a-w C:\Documents and Settings\homepc\Application Data\wklnhst.dat
2004-10-01 23:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{659578d9-7cee-900c-eaa3-31ba160f4541}]
2008-06-07 13:19 447488 --a------ C:\WINDOWS\system32\stdqyesdkkxuqqh.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{662ea7d1-0251-8903-7f4a-66f5b91c30cf}]
2008-05-26 20:33 365056 --a------ C:\WINDOWS\system32\{71a32af0-83e5-542f-90b9-1d781fcc4b15}.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1962C5BC-E475-465B-823B-133E711BCEB9}"= "C:\Program Files\Starware358\bin\Starware358.dll" [ ][HKEY_CLASSES_ROOT\clsid\{1962c5bc-e475-465b-823b-133e711bceb9}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2006-06-09 17:30 159744]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 17:30 15360]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 12:13 68856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19 52840]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 09:54 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 06:33 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 06:29 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-29 12:32 185896]
"{109abe7d-497a-4aad-8179-9e2640aecf57}"="C:\WINDOWS\system32\{71a32af0-83e5-542f-90b9-1d781fcc4b15}.dll" [2008-05-26 20:33 365056]C:\Documents and Settings\homepc\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-12-25 01:38:22 225280]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 16:05:52 2297856][HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
--a------ 2007-11-05 11:12 884176 C:\Program Files\AdVantage\AdVantage.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-21 01:13 331776 C:\Program Files\AGEIA Technologies\TrayIcon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc704c9d3]
C:\WINDOWS\system32\ytljouoh.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c437fa4f]
C:\WINDOWS\system32\eothnwur.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-02-28 17:30 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2007-07-22 22:13 4376328 C:\Program Files\DAP\DAP.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\system32\gzmrotate.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-10 01:20 155648 C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]
--a------ 2006-07-13 18:47 651264 C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
--------- 2004-04-21 23:56 86016 C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1188.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-10-19 01:20 20058152 C:\Program Files\Skype\Phone\Skype.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-08-03 18:42 577536 C:\WINDOWS\SOUNDMAN.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
--a------ 2003-09-29 15:53 607232 C:\PROGRA~1\SPEEDO~1\SPO.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-03-30 12:13 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\vikram\\limewire\\limewire crap\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\VIKRAM\\GAMES\\red faction\\rf.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26964:TCP"= 26964:TCP:BitComet 26964 TCP
"26964:UDP"= 26964:UDP:BitComet 26964 UDPR2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-07-22 22:16]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 17:53]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]
S3 XDva038;XDva038;C:\WINDOWS\system32\XDva038.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00858747-c194-11dc-bcd7-0016179ad523}]
\Shell\AutoRun\command - G:\igxv.cmd
\Shell\explore\Command - G:\igxv.cmd
\Shell\open\Command - G:\igxv.cmd[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99150e3e-9711-11db-ba64-00184d1da061}]
\Shell\AutoRun\command - G:\setupSNK.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cabe2d70-a17c-11dc-bc9d-0016179ad523}]
\Shell\AutoRun\command - H:\Autorun.exe /run
\Shell\Shell00\Command - H:\Autorun.exe /run
\Shell\Shell01\Command - H:\Autorun.exe /action
\Shell\Shell02\Command - H:\Autorun.exe /uninstall*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 01:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-17 16:23:14 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.exe
"2008-06-06 14:30:43 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - homepc.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 22:41:53
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RtlGina2.dll
.
r Running Proce
.
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-06-17 22:47:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-17 17:17:44Pre-Run: 6,603,837,440 bytes free
Post-Run: 17,023,840,256 bytes free448 --- E O F --- 2008-06-12 16:51:28
0
Heya sshika,
There are still a few nasties lurking.
1) Temporarily disable any real-time protection by following instructions provided in the link below:
Temporarily Disable Real Time Monitoring Programs
2) Can you upload the file below to Jotti for a scan:
C:\Documents and Settings\homepc\services.exe <<< This file
Click on the browse button at the top of the page and navigate to each of the files one at a time and submit.
Click here to go to Jotti Online Malware Scanner
3) Open notepad, Don't use any other text editor than notepad or the script will fail.
Copy/paste the blue text below into notepad
(NOTE:File:: is to show at the top of the document):File::
C:\WINDOWS\system32\stdqyesdkkxuqqh.dll
C:\WINDOWS\system32\{71a32af0-83e5-542f-90b9-1d781fcc4b15}.dll
C:\igxv.cmd
C:\WINDOWS\system32\myss_sb_uninstall.exe
C:\Documents and Settings\homepc\Application Data\wklnhst.dat
C:\WINDOWS\system32\{71a32af0-83e5-542f-90b9-1d781fcc4b15}.dll
C:\WINDOWS\system32\ytljouoh.dll
C:\WINDOWS\system32\eothnwur.dll
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\mrofinu1188.exeRegistry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{659578d9-7cee-900c-eaa3-31ba160f4541}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{662ea7d1-0251-8903-7f4a-66f5b91c30cf}]
[-HKEY_CLASSES_ROOT\clsid\{1962c5bc-e475-465b-823b-133e711bceb9}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc704c9d3]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c437fa4f]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00858747-c194-11dc-bcd7-0016179ad523}]
Save this as a text file with name ofCFScript
Select "All files" from Save as Type. Save to the desktop.
Now click and drag the CFScript file onto the combofix icon on your desktop.
Combofix will now start and run the scan again. It may reboot your system when it has finished, this is normal.
Please don't mouseclick combofix's window while it's running it can cause the program to freeze/hang.
Post the fresh combofix log and a fresh HJT log in your next reply
0
Hi,
Im sorry, but I can't find a services.exe file at the specified folder. I checked to see if it was hidden, but its not. I ran a search for it and there is a services.exe file under C:\WINDOWS\system32 . Please tell me what I need to do. Also, this might be a dumb question but should i run the HJT after the ComboFix or before?
Thanks again :)
0
Hi,
Don't worry about the file, I will have a look to see if it appears in your next log.
Run the Combofix then run HJT afterwards.
0
Hi,
Ive done the scans and the logs are in the following 2 posts. Also, the show desktop icon, Windows update and help and support center icons are missing and its not able to find the related files when I click on them. The C drive also suddenly seems to have about 40 sqmdata*.sqm had sqmnoopt*.sqm files, and they weren't there earlier.
0
ComboFix 08-06-16.5 - homepc 2008-06-22 16:59:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.155 [GMT 5.5:30]
Running from: C:\Documents and Settings\homepc\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\homepc\Desktop\CFScript.txt
* Created a new restore point[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\Documents and Settings\homepc\Application Data\wklnhst.dat
C:\igxv.cmd
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\{71a32af0-83e5-542f-90b9-1d781fcc4b15}.dll
C:\WINDOWS\system32\eothnwur.dll
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\system32\myss_sb_uninstall.exe
C:\WINDOWS\system32\stdqyesdkkxuqqh.dll
C:\WINDOWS\system32\ytljouoh.dll
.((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.C:\Documents and Settings\homepc\Application Data\wklnhst.dat
C:\WINDOWS\system32\stdqyesdkkxuqqh.dll.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.2008-06-19 18:31 . 2008-06-19 18:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 18:31 . 2008-06-19 18:31 <DIR> d-------- C:\Documents and Settings\homepc\Application Data\Malwarebytes
2008-06-19 18:31 . 2008-06-19 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-19 18:31 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-19 18:31 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-17 22:08 . 2008-06-17 22:21 <DIR> d-------- C:\VundoFix Backups
2008-06-16 21:01 . 2008-06-16 21:01 90,923 --a------ C:\WINDOWS\system32\stdqyesdkkxuqqh.dll-uninst.exe
2008-06-16 20:08 . 2008-06-16 20:08 35,704 --a------ C:\Documents and Settings\homepc\Application Data\GDIPFONTCACHEV1.DAT
2008-06-13 20:55 . 2008-06-13 20:55 <DIR> d-------- C:\Documents and Settings\homepc\Application Data\TeamViewer
2008-06-13 20:54 . 2008-06-13 20:54 <DIR> d-------- C:\Program Files\TeamViewer3
2008-06-13 20:54 . 2008-06-13 20:54 <DIR> d-------- C:\Documents and Settings\homepc\temp
2008-06-11 14:40 . 2008-06-13 18:40 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:40 . 2008-06-13 18:40 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 10:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-19 13:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-16 11:09 --------- d-----w C:\Program Files\BitComet
2008-06-14 15:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 15:05 611,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-03 11:50 --------- d-----w C:\Documents and Settings\homepc\Application Data\LimeWire
2008-06-03 07:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 07:18 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-29 07:03 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-29 07:03 --------- d-----w C:\Program Files\Common Files\Real
2008-04-24 03:17 --------- d-----w C:\Program Files\Picasa2
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2007-11-17 13:15 272 ----a-w C:\Documents and Settings\homepc\x.dat
2007-11-17 13:15 199,097 ----a-w C:\Documents and Settings\homepc\z.dat
2006-11-09 00:45 0 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\wklnhst.dat
2004-10-01 23:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.((((((((((((((((((((((((((((( snapshot@2008-06-17_22.47.20.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 17:09:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-22 08:03:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhilipsLime"="C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" [2006-06-09 17:30 159744]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 17:30 15360]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 12:13 68856][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-11-21 06:22 218496][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19 52840]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 09:54 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 06:33 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 06:29 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-29 12:32 185896]C:\Documents and Settings\homepc\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-12-25 01:38:22 225280]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 16:05:52 2297856][HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
--a------ 2007-11-05 11:12 884176 C:\Program Files\AdVantage\AdVantage.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-21 01:13 331776 C:\Program Files\AGEIA Technologies\TrayIcon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2006-02-28 17:30 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2007-07-22 22:13 4376328 C:\Program Files\DAP\DAP.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Host Process]
C:\WINDOWS\Fonts\svchost.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-10 01:20 155648 C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]
--a------ 2006-07-13 18:47 651264 C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
--------- 2004-04-21 23:56 86016 C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-10-19 01:20 20058152 C:\Program Files\Skype\Phone\Skype.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2006-08-03 18:42 577536 C:\WINDOWS\SOUNDMAN.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
--a------ 2003-09-29 15:53 607232 C:\PROGRA~1\SPEEDO~1\SPO.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-03-30 12:13 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\vikram\\limewire\\limewire crap\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\VIKRAM\\GAMES\\red faction\\rf.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26964:TCP"= 26964:TCP:BitComet 26964 TCP
"26964:UDP"= 26964:UDP:BitComet 26964 UDPR2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-07-22 22:16]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 17:53]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 09:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 09:42]
S3 XDva038;XDva038;C:\WINDOWS\system32\XDva038.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99150e3e-9711-11db-ba64-00184d1da061}]
\Shell\AutoRun\command - G:\setupSNK.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cabe2d70-a17c-11dc-bc9d-0016179ad523}]
\Shell\AutoRun\command - H:\Autorun.exe /run
\Shell\Shell00\Command - H:\Autorun.exe /run
\Shell\Shell01\Command - H:\Autorun.exe /action
\Shell\Shell02\Command - H:\Autorun.exe /uninstall*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 01:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-22 11:23:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.exe
"2008-06-06 14:30:43 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - homepc.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 17:01:10
Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\RtlGina2.dll
.
Completion time: 2008-06-22 17:03:37
ComboFix-quarantined-files.txt 2008-06-22 11:32:48
ComboFix2.txt 2008-06-17 17:17:56Pre-Run: 17,010,585,600 bytes free
Post-Run: 17,044,733,952 bytes free197 --- E O F --- 2008-06-20 13:21:40
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:51 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: NormalRunning processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\homepc\Desktop\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gmail.com/
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd....
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/229?bb9096eaf1b64344999f8d716e394d35
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-in\msntabres.dll.mui/230?bb9096eaf1b64344999f8d716e394d35
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/de...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe--
End of file - 10985 bytes
0
Heya sshika
Your logs are clean apart from 1 entry that appears in HJT.
We will fix the entry then work on repairing some of the damage.
There is 1 line that needs to be fixed with HJT.
Open HJT and select "Do a system scan only" close all windows except for HJT. Put a check mark beside the line that shows below and select "Fix Checked"
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
The sqmdata*.sqm and sqmnoopt*.sqm files belong to Windows Live Messenger.
To stop the accumulation of these files open messenger, Click on "help" on the menu bar at the top, click on "Customer Experience Improvement Program" and turn it off.
To restore your C drive icon Click on "start" > "run "> type in notepad and cick ok. Copy / paste the following into notepad making [autorun] the very top line:
[autorun]
ICON=C:\WINDOWS\SYSTEM\SHELL32.DLL,8
Click "save as" > then using the drop down arrow on the far right of the "save in" window select Local Disk C: to be displayed in the "save in" window.
Next type
"C:\autorun.inf"
(you must use the quotes"") in the file name window> click save.
Restart the computer.
I'm gonna guess that the show desktop icon is missing from the quick launch menu on the task bar.
Click here to download Taskbar Repair Tool Plus!
Once you have downloaded the tool, run it. Disregard the opening message. At the bottom of the window select the drop down arrow under "Quick Launch Bar", next select "Restore Show Desktop Icon" then click on the restore button that appears.
"Windows update and help and support center icons are missing and its not able to find the related files when I click on them."
Can you explain to me exactly whats happening with the icons and where they are located. Are these start menu items or are they system tray icons (bottom right by the clock)? If you get an error message can you post back what it says also.
0
Hi,
Thanks again for all your help, and sorry about the really late reply. Ive deleted the file you specified and the C drive is back to normal. :)The Taskbar repair tool dint exactly repair the problem, it just created a new one, and i deleted the old one.
The problem is in the quick launch menu. The Windows update and help and support center icons are there but they are the icons the computer shows when it doesn't know what to open the application with. When I click on them, earlier, it used to show a message box, where it would keep searching for the files, and not find them.
Now, for some weird reason, it opens them in Firefox.
Thanks again for everything.
0
Heya sshika,
What happens when you open up Windows update and help and support from the start menu?
If they open up normally, how they are meant to from the quick launch bar, you can click, drag and drop them into the quick launch bar, test them then remove the old ones.
0
Hi,
Thanks a ton!! Everything works perfectly now!
Couldn't have done it without your help! :D
Thanks again,
sshika
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
