C:\Windows Folder is Empty [RESOLVED]

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

C:\Windows Folder is Empty [RESOLVED]

Options

wisteria75 View Member Profile	May 16 2008, 04:11 PM Post #1
Member Posts: 11 OS: Windows XP	Hi, I originally posted on the Windows XP site and did a few things to see if my windows folder is indeed empty, to no avail, so I was pointed in this direction. I did everything on the You Must Read This Before Posting A Hijackthis Log - Geeks to Go! page before doing the last and final HijackThis. So...this is my log. I hope someone can help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:31:04 AM, on 5/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe" O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 9542 bytes Many thanks, Wisteria75 This post has been edited by wisteria75*: May 16 2008, 04:12 PM

JSntgRvr View Member Profile	May 16 2008, 08:52 PM Post #2
Global Moderator Posts: 4,124 OS: Windows XP	Hi, wisteria75 Your Windows folder cannot be empty, as you are able to boot. Les check for malware: Please download ComboFix from Here or Here to your Desktop. Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop Please, never rename Combofix unless instructed. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click on this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.* ----------------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall

wisteria75 View Member Profile	May 17 2008, 09:15 AM Post #3
Member Posts: 11 OS: Windows XP	Thanks so much for your prompt reply and your help. So far this is the ComboFix results: ComboFix 08-05-15.3 - Renee Fleischmann 2008-05-17 10:36:54.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.758 [GMT -4:00] Running from: C:\Documents and Settings\Renee Fleischmann\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-17 14:46 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-05-16 12:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-16 11:30 --------- d-----w C:\Program Files\Trend Micro 2008-05-16 11:26 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-05-15 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-15 21:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-15 21:50 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\SUPERAntiSpyware.com 2008-05-15 18:04 --------- d-----w C:\Program Files\Panda Security 2008-05-15 18:00 --------- d-----w C:\Program Files\RealArcade 2008-05-15 17:59 --------- d-----w C:\Program Files\Coupons 2008-05-15 17:45 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-05-15 17:45 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\Malwarebytes 2008-05-15 17:44 --------- d-----w C:\Program Files\Common Files\Download Manager 2008-05-15 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-14 18:10 164 ----a-w C:\install.dat 2008-05-06 00:46 27,048 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-06 00:46 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-04-30 10:00 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\Pogo Games 2008-04-30 09:58 --------- d-----w C:\Program Files\Oberon Media 2008-04-28 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia 2008-04-28 11:33 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\uTorrent 2008-04-27 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2 2008-04-06 17:42 --------- d-----w C:\Program Files\Total Training 2008-04-01 23:54 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\Winamp 2008-04-01 23:48 --------- d-----w C:\Program Files\Winamp 2008-04-01 17:54 --------- d-----w C:\Program Files\Tri Peaks 2 Quest For The Ruby Ring 2008-03-26 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap 2008-03-22 11:57 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\ICAClient 2008-02-08 01:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll 2008-02-08 01:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll 2008-02-08 01:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll 2008-02-08 01:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll 2008-02-08 01:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll 2008-02-08 01:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll 2008-02-08 01:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll 2007-11-09 20:10 34,384 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll 2007-03-16 21:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll 2007-03-16 21:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll 2007-03-16 21:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll 2007-11-09 21:11 685,648 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll 2008-02-08 01:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-16 07:26 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 10:33 48800] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-07-14 12:49 85744] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232] "Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 19:58 856064] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 10:41 282624] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 10:14 270648] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-16 07:26 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk backup=C:\WINDOWS\pss\Program Neighborhood Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2007-05-10 23:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] --a------ 2007-09-14 03:55 140568 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] --a------ 2007-09-14 04:02 905056 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2] --a------ 2005-04-04 19:58 856064 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-03-01 00:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] --a------ 2007-03-20 17:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-06-28 10:14 270648 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-04-27 10:41 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-08-06 09:27 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-07-27 14:48 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] --a------ 2007-09-14 03:52 2595480 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-02-01 19:35] R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-09-14 05:01] R3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [2008-01-22 17:46] R3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-08-17 08:11] . Contents of the 'Scheduled Tasks' folder "2008-05-16 11:10:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-17 10:39:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\$hf_mig$ C:\WINDOWS\$MSI31Uninstall_KB893803v2$ C:\WINDOWS\netfxocm.log 127335 bytes C:\WINDOWS\network diagnostic C:\WINDOWS\Nircmd.exe 28160 bytes executable C:\WINDOWS\NLSDownlevelMapping.log 31289 bytes C:\WINDOWS\NOTEPAD.EXE 69120 bytes executable C:\WINDOWS\nsreg.dat 0 bytes C:\WINDOWS\ntbtlog.txt 113532 bytes C:\WINDOWS\ntdtcsetup.log 149373 bytes C:\WINDOWS\ocgen.log 350072 bytes C:\WINDOWS\ocmsn.log 39873 bytes C:\WINDOWS\ODBC.INI 376 bytes C:\WINDOWS\ODBCINST.INI 4161 bytes C:\WINDOWS\OEWABLog.txt 833 bytes C:\WINDOWS\Offline Web Pages C:\WINDOWS\pchealth C:\WINDOWS\PeerNet C:\WINDOWS\Prairie Wind.bmp 65954 bytes C:\WINDOWS\Prefetch C:\WINDOWS\Provisioning C:\WINDOWS\PSEXESVC.EXE 53248 bytes executable C:\WINDOWS\pss C:\WINDOWS\QTFont.for 1409 bytes C:\WINDOWS\QTFont.qfn 54156 bytes C:\WINDOWS\regedit.exe 146432 bytes executable C:\WINDOWS\Registration C:\WINDOWS\setuperr.log 0 bytes C:\WINDOWS\setuplog.txt 888200 bytes C:\WINDOWS\ShellNew C:\WINDOWS\Soap Bubbles.bmp 65978 bytes C:\WINDOWS\SoftwareDistribution C:\WINDOWS\spupdsvc.log 42796 bytes C:\WINDOWS\srchasst C:\WINDOWS\Sti_Trace.log 0 bytes C:\WINDOWS\Sun C:\WINDOWS\swreg.exe 161792 bytes executable C:\WINDOWS\swsc.exe 136704 bytes executable C:\WINDOWS\swxcacls.exe 212480 bytes executable C:\WINDOWS\system.ini 227 bytes C:\WINDOWS\system32 C:\WINDOWS\tabletoc.log 37059 bytes C:\WINDOWS\TASKMAN.EXE 15360 bytes executable C:\WINDOWS\Tasks C:\WINDOWS\TEMP C:\WINDOWS\tsoc.log 334497 bytes C:\WINDOWS\twain.dll 94784 bytes C:\WINDOWS\twain_32 C:\WINDOWS\twain_32.dll 50688 bytes executable C:\WINDOWS\Fashion Solitaire C:\WINDOWS\Fashion Solitaire Setup Log.txt 2185200 bytes C:\WINDOWS\Fashion Solitaire Uninstall Log.txt 996512 bytes C:\WINDOWS\FaxSetup.log 722561 bytes C:\WINDOWS\fdsv.exe 73728 bytes executable C:\WINDOWS\FeatherTexture.bmp 16730 bytes C:\WINDOWS\Fonts C:\WINDOWS\ftpcache C:\WINDOWS\Gone Fishing.bmp 17336 bytes C:\WINDOWS\Greenstone.bmp 26582 bytes C:\WINDOWS\grep.exe 80412 bytes executable C:\WINDOWS\halbp___.ttf 132392 bytes C:\WINDOWS\Help C:\WINDOWS\hh.exe 10752 bytes executable C:\WINDOWS\hpoins04.dat 103535 bytes C:\WINDOWS\hpoins04.dat.temp 103535 bytes C:\WINDOWS\hpomdl04.dat 17176 bytes C:\WINDOWS\hpomdl04.dat.temp 17176 bytes C:\WINDOWS\IDNMitigationAPIs.log 31605 bytes C:\WINDOWS\ie7 C:\WINDOWS\ie7.log 81945 bytes C:\WINDOWS\twunk_32.exe 25600 bytes executable C:\WINDOWS\uccspecc.sys 31 bytes C:\WINDOWS\uninst.exe 299520 bytes executable C:\WINDOWS\updspapi.log 68698 bytes C:\WINDOWS\vb.ini 36 bytes C:\WINDOWS\vbaddin.ini 37 bytes C:\WINDOWS\VFind.exe 49152 bytes executable C:\WINDOWS\VirtualEar C:\WINDOWS\vmmreg32.dll 18944 bytes executable C:\WINDOWS\vpc32.INI 0 bytes C:\WINDOWS\WBEM C:\WINDOWS\Web C:\WINDOWS\wiadebug.log 159 bytes C:\WINDOWS\wiaservc.log 49 bytes C:\WINDOWS\win.ini 715 bytes C:\WINDOWS\WindowsShell.Manifest 749 bytes C:\WINDOWS\WindowsShellOld.Manifest.1 82 bytes C:\WINDOWS\WindowsUpdate.log 2038329 bytes C:\WINDOWS\REGLOCS.OLD 8192 bytes C:\WINDOWS\regopt.log 1052 bytes C:\WINDOWS\repair C:\WINDOWS\Resources C:\WINDOWS\Rhododendron.bmp 17362 bytes C:\WINDOWS\River Sumida.bmp 26680 bytes C:\WINDOWS\Santa Fe Stucco.bmp 65832 bytes C:\WINDOWS\SchedLgU.Txt 22390 bytes C:\WINDOWS\security C:\WINDOWS\sed.exe 98816 bytes executable C:\WINDOWS\sessmgr.setup.log 1022 bytes C:\WINDOWS\SET3.tmp 1042903 bytes C:\WINDOWS\SET4.tmp 1086058 bytes C:\WINDOWS\SET8.tmp 13753 bytes C:\WINDOWS\setupact.log 178507 bytes C:\WINDOWS\$NtUninstallKB890859$ C:\WINDOWS\$NtUninstallKB913580$ C:\WINDOWS\$NtUninstallKB925398_WMP64$ C:\WINDOWS\$NtUninstallKB941202$ C:\WINDOWS\$NtUninstallWMFDist11$ C:\WINDOWS\Coffee Bean.bmp 17062 bytes C:\WINDOWS\explorer.scf 80 bytes C:\WINDOWS\ie7updates C:\WINDOWS\KB890859.log 20345 bytes C:\WINDOWS\KB914388.log 39282 bytes C:\WINDOWS\KB925902.log 42264 bytes C:\WINDOWS\KB938127.log 33008 bytes C:\WINDOWS\Kcatchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net C:\WINDOWS\mui C:\WINDOWS\setupapi.log 508563 bytes C:\WINDOWS\twunk_16.exe 49680 bytes C:\WINDOWS\KB891781.log 44733 bytes C:\WINDOWS\KB892130.log 19629 bytes C:\WINDOWS\KB893756.log 47798 bytes C:\WINDOWS\KB893803v2.log 13670 bytes C:\WINDOWS\KB894391.log 24269 bytes C:\WINDOWS\KB896358.log 45252 bytes C:\WINDOWS\KB896423.log 41537 bytes C:\WINDOWS\KB896428.log 29660 bytes C:\WINDOWS\KB898461.log 6962 bytes C:\WINDOWS\KB899587.log 82844 bytes C:\WINDOWS\KB899591.log C:\WINDOWS\KB900485.log 46934 bytes C:\WINDOWS\KB900725.log 37546 bytes C:\WINDOWS\KB901017.log 76515 bytes C:\WINDOWS\KB901214.log 40456 bytes C:\WINDOWS\KB902400.log 49232 bytes C:\WINDOWS\KB904942.log 60472 bytes C:\WINDOWS\KB905414.log 41383 bytes C:\WINDOWS\KB905749.log 27876 bytes C:\WINDOWS\KB908519.log 18852 bytes C:\WINDOWS\KB908531.log 31290 bytes C:\WINDOWS\KB910437.log 28373 bytes C:\WINDOWS\KB911280.log 47373 bytes C:\WINDOWS\KB911562.log 47157 bytes C:\WINDOWS\KB911564.log 25438 bytes C:\WINDOWS\KB911927.log 77004 bytes C:\WINDOWS\KB913580.log 31333 bytes C:\WINDOWS\KB926239.log 6653 bytes C:\WINDOWS\KB926255.log 34257 bytes C:\WINDOWS\KB926436.log 42218 bytes C:\WINDOWS\KB927779.log 86141 bytes C:\WINDOWS\KB927802.log 79688 bytes C:\WINDOWS\KB927891.log 9715 bytes C:\WINDOWS\KB928255.log 78231 bytes C:\WINDOWS\KB928843.log 18986 bytes C:\WINDOWS\KB929123.log 46161 bytes C:\WINDOWS\KB929399.log 7143 bytes C:\WINDOWS\KB930178.log 39574 bytes C:\WINDOWS\KB930916.log 28391 bytes C:\WINDOWS\KB931261.log 44167 bytes C:\WINDOWS\KB931784.log 82778 bytes C:\WINDOWS\KB932168.log 36308 bytes C:\WINDOWS\KB933729.log 31265 bytes C:\WINDOWS\KB935839.log 20969 bytes C:\WINDOWS\KB935840.log 31402 bytes C:\WINDOWS\KB936021.log 45125 bytes C:\WINDOWS\KB936357.log 42572 bytes C:\WINDOWS\KB936782.log 33747 bytes C:\WINDOWS\KB937894.log 82435 bytes C:\WINDOWS\KB938127-IE7.log 11187 bytes C:\WINDOWS\KB914389.log 18711 bytes C:\WINDOWS\KB914440.log 30602 bytes C:\WINDOWS\KB915865.log 31960 bytes C:\WINDOWS\KB916595.log 34198 bytes C:\WINDOWS\KB917344.log 41684 bytes C:\WINDOWS\KB918118.log 38297 bytes C:\WINDOWS\KB918439.log 42575 bytes C:\WINDOWS\KB919007.log 42141 bytes C:\WINDOWS\KB920213.log 36392 bytes C:\WINDOWS\KB920670.log 42298 bytes C:\WINDOWS\KB920683.log 22297 bytes C:\WINDOWS\KB920685.log 44408 bytes C:\WINDOWS\KB920872.log 38179 bytes C:\WINDOWS\KB921503.log 48785 bytes C:\WINDOWS\KB922582.log 21561 bytes C:\WINDOWS\KB922819.log 79983 bytes C:\WINDOWS\KB923191.log 35450 bytes C:\WINDOWS\KB923414.log 78215 bytes C:\WINDOWS\KB923980.log 45779 bytes C:\WINDOWS\KB924270.log 43483 bytes C:\WINDOWS\KB924496.log 42110 bytes C:\WINDOWS\KB924667.log 43947 bytes C:\WINDOWS\KB925398.log 26963 bytes C:\WINDOWS\KB938828.log 43037 bytes C:\WINDOWS\KB938829.log 48075 bytes C:\WINDOWS\KB939683.log 6862 bytes C:\WINDOWS\KB941202.log 34396 bytes C:\WINDOWS\KB941568.log 38692 bytes C:\WINDOWS\KB941569.log 29516 bytes C:\WINDOWS\KB941644.log 46355 bytes C:\WINDOWS\KB941693.log 20329 bytes C:\WINDOWS\KB942615-IE7.log 95968 bytes C:\WINDOWS\KB942615.log 74198 bytes C:\WINDOWS\KB942763.log 54436 bytes C:\WINDOWS\KB942840.log 18994 bytes C:\WINDOWS\KB943055.log 11170 bytes C:\WINDOWS\KB943460.log 65670 bytes C:\WINDOWS\KB943485.log 34516 bytes C:\WINDOWS\ComboFix.txt.txt 26707 bytes C:\WINDOWS\comsetup.log 249030 bytes C:\WINDOWS\Config C:\WINDOWS\Connection Wizard C:\WINDOWS\control.ini 0 bytes C:\WINDOWS\cpnprt2.cid 193880 bytes executable C:\WINDOWS\Cursors C:\WINDOWS\Debug C:\WINDOWS\desktop.ini 2 bytes C:\WINDOWS\DirectX.log 68270 bytes C:\WINDOWS\Downloaded Installations C:\WINDOWS\Downloaded Program Files C:\WINDOWS\Driver Cache C:\WINDOWS\DtcInstall.log 133 bytes C:\WINDOWS\ehome C:\WINDOWS\erdnt C:\WINDOWS\ERUNT C:\WINDOWS\explorer.exe 1033216 bytes executable C:\WINDOWS\$NtUninstallKB914388$ C:\WINDOWS\$NtUninstallKB914389$ C:\WINDOWS\$NtUninstallKB914440$ C:\WINDOWS\$NtUninstallKB915865$ C:\WINDOWS\$NtUninstallKB916595$ C:\WINDOWS\$NtUninstallKB917344$ C:\WINDOWS\$NtUninstallKB918118$ C:\WINDOWS\$NtUninstallKB918439$ C:\WINDOWS\$NtUninscatchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net C:\WINDOWS\$NtUninstallKB920213$ C:\WINDOWS\$NtUninstallKB920670$ C:\WINDOWS\$NtUninstallKB920683$ C:\WINDOWS\$NtUninstallKB920685$ C:\WINDOWS\$NtUninstallKB920872$ C:\WINDOWS\$NtUninstallKB921503$ C:\WINDOWS\$NtUninstallKB922582$ C:\WINDOWS\$NtUninstallKB922819$ C:\WINDOWS\$NtUninstallKB923191$ C:\WINDOWS\$NtUninstallKB923414$ C:\WINDOWS\$NtUninstallKB923980$ C:\WINDOWS\$NtUninstallKB924270$ C:\WINDOWS\$NtUninstallKB924496$ C:\WINDOWS\$NtUninstallKB924667$ C:\WINDOWS\$NtUninstallKB941568$ C:\WINDOWS\$NtUninstallKB941569$ C:\WINDOWS\$NtUninstallKB941644$ C:\WINDOWS\$NtUninstallKB941693$ C:\WINDOWS\$NtUninstallKB942615$ C:\WINDOWS\$NtUninstallKB942615_0$ C:\WINDOWS\$NtUninstallKB942763$ C:\WINDOWS\$NtUninstallKB943055$ C:\WINDOWS\$NtUninstallKB943460$ C:\WINDOWS\$NtUninstallKB943485$ C:\WINDOWS\$NtUninstallKB944653$ C:\WINDOWS\$NtUninstallKB945553$ C:\WINDOWS\$NtUninstallKB946026$ C:\WINDOWS\$NtUninstallKB948590$ C:\WINDOWS\$NtUninstallKB948881$ C:\WINDOWS\$NtUninstallKB950749$ C:\WINDOWS\$NtUninstallMSCompPackV1$ C:\WINDOWS\$NtUninstallKB925902$ C:\WINDOWS\$NtUninstallKB926239$ C:\WINDOWS\$NtUninstallKB926255$ C:\WINDOWS\$NtUninstallKB926436$ C:\WINDOWS\$NtUninstallKB927779$ C:\WINDOWS\$NtUninstallKB927802$ C:\WINDOWS\$NtUninstallKB927891$ C:\WINDOWS\$NtUninstallKB928255$ C:\WINDOWS\$NtUninstallKB928843$ C:\WINDOWS\$NtUninstallKB929123$ C:\WINDOWS\$NtUninstallKB929399$ C:\WINDOWS\$NtUninstallKB930178$ C:\WINDOWS\$NtUninstallKB930916$ C:\WINDOWS\$NtUninstallKB931261$ C:\WINDOWS\$NtUninstallKB931784$ C:\WINDOWS\$NtUninstallKB932168$ C:\WINDOWS\$NtUninstallKB933729$ C:\WINDOWS\$NtUninstallKB935839$ C:\WINDOWS\$NtUninstallKB935840$ C:\WINDOWS\$NtUninstallKB936021$ C:\WINDOWS\$NtUninstallKB936357$ C:\WINDOWS\$NtUninstallKB936782_WMP11$ C:\WINDOWS\$NtUninstallKB936782_WMP9$ C:\WINDOWS\$NtUninstallKB937894$ C:\WINDOWS\$NtUninstallKB938127$ C:\WINDOWS\$NtUninstallKB938828$ C:\WINDOWS\$NtUninstallKB938829$ C:\WINDOWS\$NtUninstallKB939683$ C:\WINDOWS\$NtUninstallKB891781$ C:\WINDOWS\$NtUninstallKB893756$ C:\WINDOWS\$NtUninstallKB894391$ C:\WINDOWS\$NtUninstallKB896358$ C:\WINDOWS\$NtUninstallKB896423$ C:\WINDOWS\$NtUninstallKB896428$ C:\WINDOWS\$NtUninstallKB898461$ C:\WINDOWS\$NtUninstallKB899587$ C:\WINDOWS\$NtUninstallKB899591$ C:\WINDOWS\$NtUninstallKB900485$ C:\WINDOWS\$NtUninstallKB900725$ C:\WINDOWS\$NtUninstallKB901017$ C:\WINDOWS\$NtUninstallKB901214$ C:\WINDOWS\$NtUninstallKB902400$ C:\WINDOWS\$NtUninstallKB904942$ C:\WINDOWS\$NtUninstallKB905414$ C:\WINDOWS\$NtUninstallKB905749$ C:\WINDOWS\$NtUninstallKB908519$ C:\WINDOWS\$NtUninstallKB908531$ C:\WINDOWS\$NtUninstallKB910437$ C:\WINDOWS\$NtUninstallKB911280$ C:\WINDOWS\$NtUninstallKB911562$ C:\WINDOWS\$NtUninstallKB911564$ C:\WINDOWS\$NtUninstallKB911927$ C:\WINDOWS\ie7_main.log 32930 bytes C:\WINDOWS\iis6.log 801448 bytes C:\WINDOWS\ime C:\WINDOWS\imsins.BAK 1355 bytes C:\WINDOWS\imsins.log 1374 bytes C:\WINDOWS\inf C:\WINDOWS\Installer C:\WINDOWS\java C:\WINDOWS\KB873339.log 43425 bytes C:\WINDOWS\KB885835.log 76754 bytes C:\WINDOWS\KB885836.log 79648 bytes C:\WINDOWS\KB885884.log 9712 bytes C:\WINDOWS\KB886185.log 15199 bytes C:\WINDOWS\KB887472.log 43229 bytes C:\WINDOWS\KB888302.log 30326 bytes C:\WINDOWS\KB890046.log 38560 bytes C:\WINDOWS\winhelp.exe 256192 bytes C:\WINDOWS\winhlp32.exe 283648 bytes executable C:\WINDOWS\winnt.bmp 48680 bytes C:\WINDOWS\winnt256.bmp 48680 bytes C:\WINDOWS\WinSxS C:\WINDOWS\WMFDist11.log 24086 bytes C:\WINDOWS\wmp11.log 17803 bytes C:\WINDOWS\wmsetup.log 24960 bytes C:\WINDOWS\wmsetup10.log 2538 bytes C:\WINDOWS\WMSysPr9.prx 316640 bytes C:\WINDOWS\Wudf01000Inst.log 9518 bytes C:\WINDOWS\Zapotec.bmp 9522 bytes C:\WINDOWS\zip.exe 68096 bytes executable C:\WINDOWS\_default.pif 707 bytes C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ C:\WINDOWS\$NtUninstallKB873339$ C:\WINDOWS\$NtUninstallKB885835$ C:\WINDOWS\$NtUninstallKB885836$ C:\WINDOWS\$NtUninstallKB885884$ C:\WINDOWS\$NtUninstallKB886185$ C:\WINDOWS\$NtUninstallKB887472$ C:\WINDOWS\$NtUninstallKB888302$ C:\WINDOWS\$NtUninstallKB890046$ C:\WINDOWS\KB944653.log 21219 bytes C:\WINDOWS\KB945553.log 12091 bytes C:\WINDOWS\KB946026.log 16813 bytes C:\WINDOWS\KB947864-IE7.log 21010 bytes C:\WINDOWS\KB948590.log 12145 bytes C:\WINDOWS\KB948881.log 15846 bytes C:\WINDOWS\KB950749.log 13341 bytes C:\WINDOWS\MedCtrOC.log 50373 bytes C:\WINDOWS\Media C:\WINDOWS\mozver.dat 671 bytes C:\WINDOWS\msagent C:\WINDOWS\msapps C:\WINDOWS\MSCompPackV1.log 4495 bytes C:\WINDOWS\msdfmap.ini 1405 bytes C:\WINDOWS\msgsocm.log 36406 bytes C:\WINDOWS\msmqinst.log 222568 bytes C:\WINDOWS\$NtUninstallwmp11$ C:\WINDOWS\$NtUninstallWudf01000$ C:\WINDOWS\0.log 0 bytes C:\WINDOWS\addins C:\WINDOWS\AppPatch C:\WINDOWS\Blue Lace 16.bmp 1272 bytes C:\WINDOWS\bootstat.dat 2048 bytes C:\WINDOWS\Cache C:\WINDOWS\clock.avi 82944 bytes C:\WINDOWS\cmsetacl.log 200 bytes scan completed successfully hidden files: 383 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2008-05-17 10:55:21 - machine was rebooted [Renee Fleischmann] ComboFix-quarantined-files.txt 2008-05-17 14:54:45 ComboFix2.txt 2008-05-17 09:13:28 Pre-Run: 16,723,415,040 bytes free Post-Run: 16,714,047,488 bytes free 560 --- E O F --- 2008-05-16 11:30:58 Will be posting a new HijackThis report shortly. Thanks again, Wisteria75

wisteria75 View Member Profile	May 17 2008, 09:19 AM Post #4
Member Posts: 11 OS: Windows XP	And here is the HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:18:23 AM, on 5/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe" O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 9546 bytes

JSntgRvr View Member Profile	May 17 2008, 11:32 AM Post #5
Global Moderator Posts: 4,124 OS: Windows XP	Hi, wisteria75 They are just hidden. Attempt first to restore the computer to an earlier date using System Restore: Got to Start->All Programs->Accessories->System Tools->System Restore If that does not help, go to Start->Run, type CMD and click OK. The MSDOS window will be displayed. Copy and paste the following command and press Enter. *attrib -a -h -r -s c:\windows\.* /s /d** Type Exit to return to Windows. Check if now is the folder's contents is visible.

wisteria75

May 17 2008, 12:18 PM

Post #6

Member

Posts: 11
OS: Windows XP

I appreciate all of your help.

Both things did not work unfortunately, and my C:\windows drive still appears to be empty.

See attached for when I did the "cmd"

Thanks,
Wisteria75

Attached thumbnail(s)

JSntgRvr View Member Profile	May 17 2008, 12:39 PM Post #7
Global Moderator Posts: 4,124 OS: Windows XP	Hi, wisteria75 That error seems to indicate that there are errors in your drive. Run chkdsk: To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take a while, so be patient.

wisteria75 View Member Profile	May 17 2008, 06:15 PM Post #8
Member Posts: 11 OS: Windows XP	Hi JSntgRvr, I didn't work. It said Checkdisk could not be performed! I have no idea what is happening... I hope this can be resolved.

wisteria75 View Member Profile	May 18 2008, 09:37 AM Post #9
Member Posts: 11 OS: Windows XP	QUOTE (wisteria75 @ May 17 2008, 08:15 PM) Hi JSntgRvr, I didn't work. It said Checkdisk could not be performed! I have no idea what is happening... I hope this can be resolved. Sorry about all this. After my computer froze this morning, and I had to manually reboot, the scndsk decided to work. AND in saying that, my issue is resolved; my folder is now occupied! Thank you so much for your help! Wisteria75 This post has been edited by wisteria75: May 18 2008, 09:38 AM

JSntgRvr View Member Profile	May 18 2008, 02:41 PM Post #10
Global Moderator Posts: 4,124 OS: Windows XP	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Malware Removal - HijackThis™ Logs Go Here · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members: