If you want to be more sure that your machine is clean then do this:
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
==Please use IE to do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.
To fix your icon get Powertoys for Windows Tweak UI [from M$ or whoever has it when you google for it]. Got it installed? Right, down the bottom to Repair, option you wnat is Rebuild Icons. This will reset your system to use the corect icons from Shell32.
Red X On C Drive Pleas Help
A while back i downloaded a program form limewire. That wasn't a very good idea =\. Now my pc has a red x next to my C drive. i used to have constant irritating popups and error messages(kernel error system unstability etc.). now when i run a trend micro internet security scan, it doesn't detect any viruses. But the red x is still there. But all the errors and lagging is completely gone but the red X is still there.Who ever knows how to fix this please help me. I'm getting very irritated that the red X is still there. Thanks to whoever helps me
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-05 20:28:21
PROTECTIONS: 0
MALWARE: 16
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@doubleclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@mediaplex[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@statcounter[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@advertising[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@questionmarket[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@atwola[1].txt
01262593 Application/NirCmd.A HackTools No 0 No No H:\FixAdrian'sComp\New Folder\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No H:\FixAdrian'sComp\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No H:\FixAdrian'sComp\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 No No H:\FixAdrian'sComp\New Folder\ComboFix.exe[327882R2FWJFW\nircmd.com]
02885362 Adware/Lop Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\ADSTechnology\ADSTechnology.dll.vir
02885377 Adware/ActivationManager Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\ActivationManager\ActivationManager.dll.vir
02887738 Trj/Downloader.PLF Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\nGpxx07\nGpxx071084.exe
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{D1BB0304-A786-4975-AF24-FA6CCA085657}\RP178\snapshot\MFEX-1.DAT
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{D1BB0304-A786-4975-AF24-FA6CCA085657}\RP177\snapshot\MFEX-1.DAT
02896639 Adware/Matcash Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Router\UnInstall.exe.vir
02899162 Trj/Agent.HYR Virus/Trojan No 0 Yes Yes C:\Documents and Settings\frank\Application Data\Microsoft\Windows\emnubt.exe
02900909 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\byxyvsr.dll.vir
02901758 Trj/Downloader.SQZ Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\wb3\snmaildriv3.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location \
;===================================================================================================================================================================================
No C:\WINDOWS\SYSTEM32\MYSIDESEARCH_SIDEBAR.DLL \
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description \
;===================================================================================================================================================================================
;===================================================================================================================================================================================
ehhh is this the log?if it isnt sry but cud u tell me where it is?
sry if this si a double post but i cudnt fina how to edit my post. heres new log more viruses =\
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-06 12:25:52
PROTECTIONS: 0
MALWARE: 19
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@atdmt[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@mediaplex[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@statcounter[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@apmebf[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@advertising[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@ads.pointroll[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@zedo[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\frank\Cookies\frank@atwola[1].txt
01262593 Application/NirCmd.A HackTools No 0 No No H:\FixAdrian'sComp\New Folder\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No H:\FixAdrian'sComp\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No H:\FixAdrian'sComp\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 No No H:\FixAdrian'sComp\New Folder\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
02885362 Adware/Lop Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\ADSTechnology\ADSTechnology.dll.vir
02885377 Adware/ActivationManager Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\ActivationManager\ActivationManager.dll.vir
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{D1BB0304-A786-4975-AF24-FA6CCA085657}\RP178\snapshot\MFEX-1.DAT
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{D1BB0304-A786-4975-AF24-FA6CCA085657}\RP177\snapshot\MFEX-1.DAT
02896639 Adware/Matcash Adware No 0 Yes No C:\QooBox\Quarantine\C\Program Files\Router\UnInstall.exe.vir
02900909 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\byxyvsr.dll.vir
;===================================================================================================================================================================================
SUSPECTS
Sent Location p
;===================================================================================================================================================================================
No C:\WINDOWS\SYSTEM32\MYSIDESEARCH_SIDEBAR.DLL p
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description p
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Most of the results in those two scans are benign cookies in frank's account. Run CCleaner in frank's ac.
When did you run Combofix? Please post the log if it was recent -ie to try to solve this problem.
Delete C:\Qoobox.
Panda deleted these three objects:
02887738 Trj/Downloader.PLF Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\nGpxx07\nGpxx071084.exe
02899162 Trj/Agent.HYR Virus/Trojan No 0 Yes Yes C:\Documents and Settings\frank\Application Data\Microsoft\Windows\emnubt.exe
02901758 Trj/Downloader.SQZ Virus/Trojan No 0 Yes Yes C:\WINDOWS\system32\wb3\snmaildriv3.exe
These are infecting your restore points:
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{D1BB0304-A786-4975-AF24-FA6CCA085657}\RP178\snapshot\MFEX-1.DAT
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{D1BB0304-A786-4975-AF24-FA6CCA085657}\RP177\snapshot\MFEX-1.DAT
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{D1BB0304-A786-4975-AF24-FA6CCA085657}\RP178\snapshot\MFEX-1.DAT
02892536 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{D1BB0304-A786-4975-AF24-FA6CCA085657}\RP177\snapshot\MFEX-1.DAT
==You should clear all your system restore points because some have been infected.... So go control panel > system > system restore tab, check Turn off sys res on all drives, Apply and OK. Do it all again but uncheck that box, Apply and OK.
=Now make a fresh, clean restore point: Start > programs > accessories > system tools > system restore and create a restore point now!!
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
Did you do the bit I suggested re TweakUI?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:52 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\frank\Desktop\HiJackThis\imabunny.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {31D7F734-02C3-46F2-BDB0-B01EE77B9AC5} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-21-842925246-838170752-682003330-1002\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-842925246-838170752-682003330-1002\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: hqjpkson - hqjpkson.dll (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O24 - Desktop Component 0: (no name) - http://a133.ac-images.myspacecdn.com/images01/112/l_55f93fae7cab24ed6ecd55d8c65e1d1c.jpg
O24 - Desktop Component 1: (no name) - http://a946.ac-images.myspacecdn.com/images01/32/l_d6b7ded450e8254e548c62a8c0b95131.jpg
O24 - Desktop Component 2: (no name) - http://a793.ac-images.myspacecdn.com/images01/14/l_71e64db8bd6cfcdf73e3b5979ca35930.jpg
O24 - Desktop Component 3: (no name) - http://a544.ac-images.myspacecdn.com/images01/70/l_a23c86916ed3f1a27c52db9d65f2222f.jpg
--
End of file - 5389 bytes
ComboFix 08-02-18.1 - frank 2008-02-19 22:19:41.1 - NTFSx86
Running from: H:\FixAdrian'sComp\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\frank\Application Data\WinTouch\WinTouch.exe
C:\WINDOWS\system32\hgghiii.dll
C:\Documents and Settings\frank\Application Data\SSTEM3~1
C:\Documents and Settings\frank\Application Data\SSTEM3~1\n?lookup.exe
C:\Documents and Settings\frank\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\frank\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\frank\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\frank\Start Menu\Programs\Outerinfo
C:\Documents and Settings\frank\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\frank\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\ActivationManager.dll
C:\Program Files\ActivationManager\Uninstall.exe
C:\Program Files\ADSTechnology
C:\Program Files\ADSTechnology\ADSTechnology.dll
C:\Program Files\ADSTechnology\ADSTechnology.exe
C:\Program Files\ADSTechnology\Uninstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\Program Files\Router
C:\Program Files\Router\Router.exe
C:\Program Files\Router\UnInstall.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERInst.exe
C:\Program Files\Temporary\kernInst.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\crosof~1
C:\WINDOWS\crosof~1\??crosoft\
C:\WINDOWS\crosof~1\svchost.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1000137.exe
C:\WINDOWS\mrofinu1000140.exe
C:\WINDOWS\system32\byxyvsr.dll
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\dccdd.ini2
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\gsvwrrsj.dll
C:\WINDOWS\system32\gumphpge.dll
C:\WINDOWS\system32\hgghiii.dll
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\lqwodadm.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nokzaqjb.dll
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\nqtss.ini2
C:\WINDOWS\system32\nsa14.dll
C:\WINDOWS\system32\nsq15.dll
C:\WINDOWS\system32\orkdujcf.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pjbrre.dll
C:\WINDOWS\system32\qvljofix.dll
C:\WINDOWS\system32\sprt_ads.dll
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\tjbjnykw.ini
C:\WINDOWS\system32\uggtkyak.dll
C:\WINDOWS\system32\v9
C:\WINDOWS\system32\v9\rabs2135.exe
C:\WINDOWS\system32\whpxjevv.dll
C:\WINDOWS\system32\wkynjbjt.dll
C:\WINDOWS\system32\wxacpvyy.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.
2008-02-19 23:41 . 2008-02-19 23:42 134 ---hs---- C:\WINDOWS\system32\nokzaqjb.dllbox
2008-02-10 22:24 . 2008-02-10 22:24 d-------- C:\Program Files\IEEE 802.11g Wireless LAN Utility
2008-02-10 12:47 . 2008-02-10 12:47 d-------- C:\Program Files\xInsIDE
2008-02-10 00:23 . 2008-02-10 13:58 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-02-09 19:50 . 2008-02-09 19:50 72,566 --a------ C:\WINDOWS\system32\GameFly_2.ico
2008-02-09 19:03 . 2008-02-10 18:43 2,274 --ahs---- C:\WINDOWS\system32\mbcemesn.ini
2008-02-09 09:14 . 2005-11-10 12:54 402,944 -ra------ C:\WINDOWS\system32\drivers\BLKWGU.sys
2008-02-08 20:53 . 2008-02-08 20:53 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-08 19:21 . 2008-02-08 19:21 163,904 --a------ C:\WINDOWS\system32\nokzaqjb.dll_old
2008-02-08 19:21 . 2008-02-19 22:24 163,904 --a------ C:\WINDOWS\system32\nokzaqjb.dll
2008-02-08 19:00 . 2008-02-09 18:51 1,614 --ahs---- C:\WINDOWS\system32\fcgjbmbc.ini
2008-02-07 17:09 . 2008-02-08 16:54 1,134 --ahs---- C:\WINDOWS\system32\lpxqksno.ini
2008-02-06 22:38 . 2008-02-06 22:40 d-------- C:\Documents and Settings\frank\Application Data\PrevxCSI
2008-02-06 22:27 . 2008-02-06 22:56 7,168 --a------ C:\WINDOWS\system32\windows_old
2008-02-06 22:08 . 2008-02-07 16:54 474 --ahs---- C:\WINDOWS\system32\amgkjgey.ini
2008-02-06 22:01 . 2008-02-06 22:01 d-------- C:\Program Files\Drmupgds
2008-02-06 22:00 . 2008-02-06 22:00 86 --a------ C:\Documents and Settings\frank\n.bat
2008-02-06 21:59 . 2008-02-06 21:59 778 --a------ C:\Documents and Settings\frank\z.dat
2008-02-06 21:59 . 2008-02-06 21:59 291 --a------ C:\Documents and Settings\frank\x.dat
2008-02-06 21:58 . 2008-02-06 21:58 d-------- C:\WINDOWS\system32\wb3
2008-02-06 21:58 . 2008-02-07 06:55 d-------- C:\WINDOWS\system32\rp4
2008-02-06 21:58 . 2008-02-06 21:58 d-------- C:\WINDOWS\system32\nGpxx07
2008-02-06 21:58 . 2008-02-07 06:55 d-------- C:\WINDOWS\system32\cz6
2008-02-06 21:58 . 2008-02-19 22:20 d-------- C:\Temp
2008-02-06 21:58 . 2008-02-06 21:58 53,248 --------- C:\Documents and Settings\frank\hl.exe
2008-02-06 16:56 . 2008-02-06 16:56 d-------- C:\Program Files\Belkin
2008-02-03 23:00 . 2008-02-03 23:00 46,300 --a------ C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
2008-02-03 21:24 . 2008-02-03 23:00 77,353 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2008-02-03 21:23 . 2008-02-03 21:23 80,090 --a------ C:\WINDOWS\system32\adssite-remove.exe
2008-02-03 21:19 . 2008-02-03 22:55 d-------- C:\Program Files\Incomplete
2008-02-03 21:18 . 2008-02-03 21:18 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-02-03 19:11 . 2008-02-07 19:55 d-------- C:\Program Files\Common Files\Adobe
2008-02-03 19:09 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-03 19:00 . 2008-02-03 19:01 84,761 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-02-03 19:00 . 2008-02-03 19:00 46,300 --a------ C:\WINDOWS\system32\DcadsSocial-uninstall.exe
2008-02-03 18:59 . 2008-02-10 18:45 80,112 --a------ C:\WINDOWS\system32\dcads-remove.exe
2008-02-03 18:59 . 2008-02-03 19:01 40,730 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2008-01-30 15:52 . 2008-01-30 15:52 d-------- C:\Program Files\Common Files\INCA Shared
2008-01-28 19:53 . 2008-01-28 19:53 d-------- C:\WINDOWS\Sun
2008-01-28 19:20 . 2008-01-28 19:35 d-------- C:\Program Files\PDF Reader 2
2008-01-28 19:20 . 2008-01-28 19:20 72,192 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-01-24 20:36 . 2008-01-24 20:46 d-------- C:\Program Files\Rockstar Custom Tracks
2008-01-21 14:58 . 2008-01-21 14:58 d-------- C:\WINDOWS\ShellNew
2008-01-21 14:58 . 2008-01-21 14:58 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-21 14:58 . 2008-01-21 14:58 376 --a------ C:\WINDOWS\ODBC.INI
2008-01-21 14:53 . 2008-01-21 14:54 d-------- C:\Program Files\Microsoft Works
2008-01-21 14:52 . 2008-01-21 14:52 d-------- C:\Program Files\Microsoft Works Suite 2003
2008-01-21 10:08 . 2008-02-19 08:10 980 --a------ C:\WINDOWS\WININIT.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 03:28 --------- d-----w C:\Documents and Settings\frank\Application Data\U3
2008-02-19 01:51 --------- d-----w C:\Documents and Settings\frank\Application Data\MegauploadToolbar
2008-02-11 04:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 02:53 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-09 02:53 --------- d-----w C:\Program Files\Common Files\Stardock
2008-02-04 05:15 --------- d-----w C:\Documents and Settings\frank\Application Data\LimeWire
2008-02-04 03:18 278,542 ----a-w C:\WINDOWS\Fonts\Setup.exe
2008-01-21 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-01-21 16:36 --------- d-----w C:\Program Files\Common Files\ATI
2008-01-21 16:36 --------- d-----w C:\Program Files\ATI Multimedia
2008-01-12 15:28 --------- d-----w C:\Program Files\LegacyGamers
2008-01-10 22:31 --------- d-----w C:\Program Files\Java
2008-01-01 08:18 --------- d-----w C:\Documents and Settings\frank\Application Data\Xfire
2007-12-31 02:35 --------- d-----w C:\Program Files\Game Cam v1.4
2007-12-30 05:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-29 18:14 --------- d-----w C:\Documents and Settings\frank\Application Data\Search Settings
2007-12-29 18:01 --------- d-----w C:\Program Files\Search Settings
2007-12-29 18:01 --------- d-----w C:\Program Files\Common Files\SWF Studio
2007-12-29 02:58 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-27 01:08 22,328 ----a-w C:\Documents and Settings\frank\Application Data\PnkBstrK.sys
2007-12-27 00:34 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-27 00:05 --------- d-----w C:\Documents and Settings\frank\Application Data\ATI
2007-12-27 00:01 --------- d-----w C:\Program Files\Common Files\Borland Shared
2007-12-26 23:51 --------- d-----w C:\Program Files\Common Files\CyberLink
2007-12-25 20:01 --------- d-----w C:\Program Files\directx
2007-12-25 19:55 --------- d-----w C:\Program Files\PIXELA
2007-12-24 04:02 --------- d--h--w C:\Documents and Settings\frank\Application Data\ijjigame
2007-12-23 07:26 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-12-23 07:26 --------- d-----w C:\Documents and Settings\frank\Application Data\teamspeak2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-24 07:02 319488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]
2008-01-18 04:06 294912 --a------ C:\WINDOWS\system32\iebrowserc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31D7F734-02C3-46F2-BDB0-B01EE77B9AC5}]
C:\WINDOWS\system32\mljgh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-19 22:24 163904 --a------ C:\WINDOWS\system32\nokzaqjb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-12-06 11:58 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB766"="command /c del C:\WINDOWS\system32\nokzaqjb.dllbox" [ ]
"SpybotDeletingD2670"="cmd /c del C:\WINDOWS\system32\nokzaqjb.dllbox" [ ]
"SpybotDeletingB3805"="command /c del C:\WINDOWS\system32\nokzaqjb.dll_old" [ ]
"SpybotDeletingD8412"="cmd /c del C:\WINDOWS\system32\nokzaqjb.dll_old" [ ]
"SpybotDeletingB3287"="command /c del C:\WINDOWS\system32\nokzaqjb.dll" [ ]
"SpybotDeletingD4237"="cmd /c del C:\WINDOWS\system32\nokzaqjb.dll" [ ]
"SpybotDeletingB7495"="command /c del C:\WINDOWS\system32\nokzaqjb.dll_old" [ ]
"SpybotDeletingD1088"="cmd /c del C:\WINDOWS\system32\nokzaqjb.dll_old" [ ]
"SpybotDeletingB1430"="command /c del C:\WINDOWS\system32\nokzaqjb.dllbox" [ ]
"SpybotDeletingD8590"="cmd /c del C:\WINDOWS\system32\nokzaqjb.dllbox" [ ]
"SpybotDeletingB3751"="command /c del C:\WINDOWS\system32\nokzaqjb.dll" [ ]
"SpybotDeletingD1755"="cmd /c del C:\WINDOWS\system32\nokzaqjb.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-05-25 07:43 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-05-25 07:43 126976]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 06:00 158208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA7446"="command /c del C:\WINDOWS\system32\nokzaqjb.dllbox" [ ]
"SpybotDeletingC2699"="cmd /c del C:\WINDOWS\system32\nokzaqjb.dllbox" [ ]
"SpybotDeletingA1993"="command /c del C:\WINDOWS\system32\nokzaqjb.dll_old" [ ]
"SpybotDeletingC7547"="cmd /c del C:\WINDOWS\system32\nokzaqjb.dll_old" [ ]
"SpybotDeletingA8221"="command /c del C:\WINDOWS\system32\nokzaqjb.dll" [ ]
"SpybotDeletingC7780"="cmd /c del C:\WINDOWS\system32\nokzaqjb.dll" [ ]
"SpybotDeletingA1239"="command /c del C:\WINDOWS\system32\nokzaqjb.dll_old" [ ]
"SpybotDeletingC1622"="cmd /c del C:\WINDOWS\system32\nokzaqjb.dll_old" [ ]
"SpybotDeletingA5442"="command /c del C:\WINDOWS\system32\nokzaqjb.dllbox" [ ]
"SpybotDeletingC442"="cmd /c del C:\WINDOWS\system32\nokzaqjb.dllbox" [ ]
"SpybotDeletingA6302"="command /c del C:\WINDOWS\system32\nokzaqjb.dll" [ ]
"SpybotDeletingC1931"="cmd /c del C:\WINDOWS\system32\nokzaqjb.dll" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hqjpkson]
hqjpkson.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nokzaqjb]
nokzaqjb.dll 2008-02-19 22:24 163904 C:\WINDOWS\system32\nokzaqjb.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
backup=C:\WINDOWS\pss\Belkin Wireless USB Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IEEE 802.11g Wireless LAN Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IEEE 802.11g Wireless LAN Utility.lnk
backup=C:\WINDOWS\pss\IEEE 802.11g Wireless LAN Utility.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VersionTrackerPro.lnk
backup=C:\WINDOWS\pss\VersionTrackerPro.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^frank^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\frank\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^frank^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\frank\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-11-23 10:18 962560 C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
--a------ 2005-05-10 16:21 1482752 C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-09-06 04:06 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bbbq]
C:\Documents and Settings\frank\Application Data\s?stem32\n?lookup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ecsu]
C:\WINDOWS\CROSOF~1\svchost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 18:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Router]
C:\Program Files\Router\Router.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1000140.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
--a------ 2007-12-06 11:58 1069920 C:\Program Files\Search Settings\SearchSettings.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
--a------ 2008-02-10 12:58 35840 C:\Documents and Settings\frank\Application Data\Microsoft\Windows\emnubt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-30 22:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
C:\Documents and Settings\frank\Application Data\WinTouch\WinTouch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xInsIDE]
--a------ 2008-02-10 12:47 57344 C:\Program Files\xInsIDE\xInsIDE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"PnkBstrA"=2 (0x2)
"NVSvc"=2 (0x2)
"gusvc"=3 (0x3)
"AresChatServer"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 23:42:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\nokzaqjb.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
.
**************************************************************************
.
Completion time: 2008-02-19 23:53:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-20 05:53:19
.
2008-01-22 21:35:16 --- E O F ---
Okay, bo... start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
O2 - BHO: (no name) - {31D7F734-02C3-46F2-BDB0-B01EE77B9AC5} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O20 - Winlogon Notify: hqjpkson - hqjpkson.dll (file missing)
Good, Now uninstall Search Settings.
Delete this file:
C:\WINDOWS\system32\mysidesearch_sidebar.dll
And say how things are...
ok i fixed the files u sed to deleted the file u sed to and did the repair icons thing but no diff. any ideas? wut do i do next?
I'd like to look at a key in your registry; this will do that, and then delete it.
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt
__________________________________________________________
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons" /s >C:\showkey.txt
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons" /f
start C:\showkey.txt
__________________________________________________________
Open a fresh explorer window [my computer]
srry for all the questions but im still confused. i made a note pad with the text format/wordwrap unchecked in it and saved it with a .bat extension. but once i double clicked it a command prompt came up for like a fourth of a second then it automatically closed. and by posting the file showkeys.txt do u mean to change the .bat back to .txt? sorry again for all the questions but im really confused and i really wanna get this virus off my computer
If yu look in your C: root there should be a file C:\showkey.txt. If you dclick that it will open; if it is empty [no text] just say so.
You may delete showkey.bat - it has done its job. That black command window does just flash like that as the batch file runs.
lemee try agn but i dont think theres one. wut exactly do i do again? i mite have did it wrong
Bo, from what you said a couple of posts back it sounds like you ran the batch file correctly [the no-wordwrap" bit is/was important, but you did that correctly, so the showkey.txt file should have been created, and it should have popped on your desktop too. Running the batch file again would not do damage but will only create an empty notepad the second time, so no need to do that.
Do you still have a red cross?
Here is a fresh way: save this text in the box using a notepad [wordwrap unchecked] as showkey.bat, dclick it to run and post the notepad that opens...
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\DefaultIcon" /s >> C:\showkey.txt
reg query "HKEY_CLASSES_ROOT\Drive\DefaultIcon" /s >> C:\showkey.txt
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive" /s >> C:\showkey.txt
start C:\showkey.txt! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\DefaultIcon
REG_EXPAND_SZ %SystemRoot%\System32\shell32.dll,8
! REG.EXE VERSION 3.0
HKEY_CLASSES_ROOT\Drive\DefaultIcon
REG_EXPAND_SZ %SystemRoot%\System32\shell32.dll,8
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\DefaultIcon
REG_EXPAND_SZ %SystemRoot%\System32\shell32.dll,8
! REG.EXE VERSION 3.0
HKEY_CLASSES_ROOT\Drive\DefaultIcon
REG_EXPAND_SZ %SystemRoot%\System32\shell32.dll,8
thats wat pops up in notepad
Sigh... those are correct. For the moment then I am stumped on solving the actual red cross problem, getting rid of the cross. I think your sys is clean, just that cross remains to be rid of.
Could you dlete your copy of combofix and dl a fresh copy and run it?
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
