Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

C:\Windows Folder is Empty [RESOLVED]


  • This topic is locked This topic is locked

#1
wisteria75

wisteria75

    Member

  • Member
  • PipPip
  • 11 posts
Hi, I originally posted on the Windows XP site and did a few things to see if my windows folder is indeed empty, to no avail, so I was pointed in this direction. I did everything on the You Must Read This Before Posting A Hijackthis Log - Geeks to Go! page before doing the last and final HijackThis. So...this is my log. I hope someone can help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:04 AM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 9542 bytes

Many thanks,
Wisteria75 :)

Edited by wisteria75, 16 May 2008 - 04:12 PM.

  • 0

Advertisement


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,424 posts
Hi, wisteria75 :)

Your Windows folder cannot be empty, as you are able to boot.

Les check for malware:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
wisteria75

wisteria75

    Member

  • Member
  • PipPip
  • 11 posts
Thanks so much for your prompt reply and your help.

So far this is the ComboFix results:

ComboFix 08-05-15.3 - Renee Fleischmann 2008-05-17 10:36:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.758 [GMT -4:00]
Running from: C:\Documents and Settings\Renee Fleischmann\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 14:46 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-16 12:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-16 11:30 --------- d-----w C:\Program Files\Trend Micro
2008-05-16 11:26 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-15 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-15 21:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-15 21:50 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\SUPERAntiSpyware.com
2008-05-15 18:04 --------- d-----w C:\Program Files\Panda Security
2008-05-15 18:00 --------- d-----w C:\Program Files\RealArcade
2008-05-15 17:59 --------- d-----w C:\Program Files\Coupons
2008-05-15 17:45 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 17:45 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\Malwarebytes
2008-05-15 17:44 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-05-15 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-14 18:10 164 ----a-w C:\install.dat
2008-05-06 00:46 27,048 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-06 00:46 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-04-30 10:00 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\Pogo Games
2008-04-30 09:58 --------- d-----w C:\Program Files\Oberon Media
2008-04-28 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-28 11:33 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\uTorrent
2008-04-27 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
2008-04-06 17:42 --------- d-----w C:\Program Files\Total Training
2008-04-01 23:54 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\Winamp
2008-04-01 23:48 --------- d-----w C:\Program Files\Winamp
2008-04-01 17:54 --------- d-----w C:\Program Files\Tri Peaks 2 Quest For The Ruby Ring
2008-03-26 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-03-22 11:57 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\ICAClient
2008-02-08 01:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 01:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 01:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-08 01:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 01:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 01:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-08 01:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-11-09 20:10 34,384 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll
2007-03-16 21:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 21:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 21:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-11-09 21:11 685,648 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 01:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-16 07:26 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 10:33 48800]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-07-14 12:49 85744]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 19:58 856064]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 10:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 10:14 270648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-16 07:26 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
backup=C:\WINDOWS\pss\Program Neighborhood Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 23:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-09-14 03:55 140568 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-09-14 04:02 905056 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 19:58 856064 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-03-01 00:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 17:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-28 10:14 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 10:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-08-06 09:27 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-07-27 14:48 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-09-14 03:52 2595480 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-02-01 19:35]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-09-14 05:01]
R3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [2008-01-22 17:46]
R3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-08-17 08:11]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 11:10:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 10:39:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\$hf_mig$
C:\WINDOWS\$MSI31Uninstall_KB893803v2$
C:\WINDOWS\netfxocm.log 127335 bytes
C:\WINDOWS\network diagnostic
C:\WINDOWS\Nircmd.exe 28160 bytes executable
C:\WINDOWS\NLSDownlevelMapping.log 31289 bytes
C:\WINDOWS\NOTEPAD.EXE 69120 bytes executable
C:\WINDOWS\nsreg.dat 0 bytes
C:\WINDOWS\ntbtlog.txt 113532 bytes
C:\WINDOWS\ntdtcsetup.log 149373 bytes
C:\WINDOWS\ocgen.log 350072 bytes
C:\WINDOWS\ocmsn.log 39873 bytes
C:\WINDOWS\ODBC.INI 376 bytes
C:\WINDOWS\ODBCINST.INI 4161 bytes
C:\WINDOWS\OEWABLog.txt 833 bytes
C:\WINDOWS\Offline Web Pages
C:\WINDOWS\pchealth
C:\WINDOWS\PeerNet
C:\WINDOWS\Prairie Wind.bmp 65954 bytes
C:\WINDOWS\Prefetch
C:\WINDOWS\Provisioning
C:\WINDOWS\PSEXESVC.EXE 53248 bytes executable
C:\WINDOWS\pss
C:\WINDOWS\QTFont.for 1409 bytes
C:\WINDOWS\QTFont.qfn 54156 bytes
C:\WINDOWS\regedit.exe 146432 bytes executable
C:\WINDOWS\Registration
C:\WINDOWS\setuperr.log 0 bytes
C:\WINDOWS\setuplog.txt 888200 bytes
C:\WINDOWS\ShellNew
C:\WINDOWS\Soap Bubbles.bmp 65978 bytes
C:\WINDOWS\SoftwareDistribution
C:\WINDOWS\spupdsvc.log 42796 bytes
C:\WINDOWS\srchasst
C:\WINDOWS\Sti_Trace.log 0 bytes
C:\WINDOWS\Sun
C:\WINDOWS\swreg.exe 161792 bytes executable
C:\WINDOWS\swsc.exe 136704 bytes executable
C:\WINDOWS\swxcacls.exe 212480 bytes executable
C:\WINDOWS\system.ini 227 bytes
C:\WINDOWS\system32
C:\WINDOWS\tabletoc.log 37059 bytes
C:\WINDOWS\TASKMAN.EXE 15360 bytes executable
C:\WINDOWS\Tasks
C:\WINDOWS\TEMP
C:\WINDOWS\tsoc.log 334497 bytes
C:\WINDOWS\twain.dll 94784 bytes
C:\WINDOWS\twain_32
C:\WINDOWS\twain_32.dll 50688 bytes executable
C:\WINDOWS\Fashion Solitaire
C:\WINDOWS\Fashion Solitaire Setup Log.txt 2185200 bytes
C:\WINDOWS\Fashion Solitaire Uninstall Log.txt 996512 bytes
C:\WINDOWS\FaxSetup.log 722561 bytes
C:\WINDOWS\fdsv.exe 73728 bytes executable
C:\WINDOWS\FeatherTexture.bmp 16730 bytes
C:\WINDOWS\Fonts
C:\WINDOWS\ftpcache
C:\WINDOWS\Gone Fishing.bmp 17336 bytes
C:\WINDOWS\Greenstone.bmp 26582 bytes
C:\WINDOWS\grep.exe 80412 bytes executable
C:\WINDOWS\halbp___.ttf 132392 bytes
C:\WINDOWS\Help
C:\WINDOWS\hh.exe 10752 bytes executable
C:\WINDOWS\hpoins04.dat 103535 bytes
C:\WINDOWS\hpoins04.dat.temp 103535 bytes
C:\WINDOWS\hpomdl04.dat 17176 bytes
C:\WINDOWS\hpomdl04.dat.temp 17176 bytes
C:\WINDOWS\IDNMitigationAPIs.log 31605 bytes
C:\WINDOWS\ie7
C:\WINDOWS\ie7.log 81945 bytes
C:\WINDOWS\twunk_32.exe 25600 bytes executable
C:\WINDOWS\uccspecc.sys 31 bytes
C:\WINDOWS\uninst.exe 299520 bytes executable
C:\WINDOWS\updspapi.log 68698 bytes
C:\WINDOWS\vb.ini 36 bytes
C:\WINDOWS\vbaddin.ini 37 bytes
C:\WINDOWS\VFind.exe 49152 bytes executable
C:\WINDOWS\VirtualEar
C:\WINDOWS\vmmreg32.dll 18944 bytes executable
C:\WINDOWS\vpc32.INI 0 bytes
C:\WINDOWS\WBEM
C:\WINDOWS\Web
C:\WINDOWS\wiadebug.log 159 bytes
C:\WINDOWS\wiaservc.log 49 bytes
C:\WINDOWS\win.ini 715 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsShellOld.Manifest.1 82 bytes
C:\WINDOWS\WindowsUpdate.log 2038329 bytes
C:\WINDOWS\REGLOCS.OLD 8192 bytes
C:\WINDOWS\regopt.log 1052 bytes
C:\WINDOWS\repair
C:\WINDOWS\Resources
C:\WINDOWS\Rhododendron.bmp 17362 bytes
C:\WINDOWS\River Sumida.bmp 26680 bytes
C:\WINDOWS\Santa Fe Stucco.bmp 65832 bytes
C:\WINDOWS\SchedLgU.Txt 22390 bytes
C:\WINDOWS\security
C:\WINDOWS\sed.exe 98816 bytes executable
C:\WINDOWS\sessmgr.setup.log 1022 bytes
C:\WINDOWS\SET3.tmp 1042903 bytes
C:\WINDOWS\SET4.tmp 1086058 bytes
C:\WINDOWS\SET8.tmp 13753 bytes
C:\WINDOWS\setupact.log 178507 bytes
C:\WINDOWS\$NtUninstallKB890859$
C:\WINDOWS\$NtUninstallKB913580$
C:\WINDOWS\$NtUninstallKB925398_WMP64$
C:\WINDOWS\$NtUninstallKB941202$
C:\WINDOWS\$NtUninstallWMFDist11$
C:\WINDOWS\Coffee Bean.bmp 17062 bytes
C:\WINDOWS\explorer.scf 80 bytes
C:\WINDOWS\ie7updates
C:\WINDOWS\KB890859.log 20345 bytes
C:\WINDOWS\KB914388.log 39282 bytes
C:\WINDOWS\KB925902.log 42264 bytes
C:\WINDOWS\KB938127.log 33008 bytes
C:\WINDOWS\Kcatchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
C:\WINDOWS\mui
C:\WINDOWS\setupapi.log 508563 bytes
C:\WINDOWS\twunk_16.exe 49680 bytes
C:\WINDOWS\KB891781.log 44733 bytes
C:\WINDOWS\KB892130.log 19629 bytes
C:\WINDOWS\KB893756.log 47798 bytes
C:\WINDOWS\KB893803v2.log 13670 bytes
C:\WINDOWS\KB894391.log 24269 bytes
C:\WINDOWS\KB896358.log 45252 bytes
C:\WINDOWS\KB896423.log 41537 bytes
C:\WINDOWS\KB896428.log 29660 bytes
C:\WINDOWS\KB898461.log 6962 bytes
C:\WINDOWS\KB899587.log 82844 bytes
C:\WINDOWS\KB899591.log
C:\WINDOWS\KB900485.log 46934 bytes
C:\WINDOWS\KB900725.log 37546 bytes
C:\WINDOWS\KB901017.log 76515 bytes
C:\WINDOWS\KB901214.log 40456 bytes
C:\WINDOWS\KB902400.log 49232 bytes
C:\WINDOWS\KB904942.log 60472 bytes
C:\WINDOWS\KB905414.log 41383 bytes
C:\WINDOWS\KB905749.log 27876 bytes
C:\WINDOWS\KB908519.log 18852 bytes
C:\WINDOWS\KB908531.log 31290 bytes
C:\WINDOWS\KB910437.log 28373 bytes
C:\WINDOWS\KB911280.log 47373 bytes
C:\WINDOWS\KB911562.log 47157 bytes
C:\WINDOWS\KB911564.log 25438 bytes
C:\WINDOWS\KB911927.log 77004 bytes
C:\WINDOWS\KB913580.log 31333 bytes
C:\WINDOWS\KB926239.log 6653 bytes
C:\WINDOWS\KB926255.log 34257 bytes
C:\WINDOWS\KB926436.log 42218 bytes
C:\WINDOWS\KB927779.log 86141 bytes
C:\WINDOWS\KB927802.log 79688 bytes
C:\WINDOWS\KB927891.log 9715 bytes
C:\WINDOWS\KB928255.log 78231 bytes
C:\WINDOWS\KB928843.log 18986 bytes
C:\WINDOWS\KB929123.log 46161 bytes
C:\WINDOWS\KB929399.log 7143 bytes
C:\WINDOWS\KB930178.log 39574 bytes
C:\WINDOWS\KB930916.log 28391 bytes
C:\WINDOWS\KB931261.log 44167 bytes
C:\WINDOWS\KB931784.log 82778 bytes
C:\WINDOWS\KB932168.log 36308 bytes
C:\WINDOWS\KB933729.log 31265 bytes
C:\WINDOWS\KB935839.log 20969 bytes
C:\WINDOWS\KB935840.log 31402 bytes
C:\WINDOWS\KB936021.log 45125 bytes
C:\WINDOWS\KB936357.log 42572 bytes
C:\WINDOWS\KB936782.log 33747 bytes
C:\WINDOWS\KB937894.log 82435 bytes
C:\WINDOWS\KB938127-IE7.log 11187 bytes
C:\WINDOWS\KB914389.log 18711 bytes
C:\WINDOWS\KB914440.log 30602 bytes
C:\WINDOWS\KB915865.log 31960 bytes
C:\WINDOWS\KB916595.log 34198 bytes
C:\WINDOWS\KB917344.log 41684 bytes
C:\WINDOWS\KB918118.log 38297 bytes
C:\WINDOWS\KB918439.log 42575 bytes
C:\WINDOWS\KB919007.log 42141 bytes
C:\WINDOWS\KB920213.log 36392 bytes
C:\WINDOWS\KB920670.log 42298 bytes
C:\WINDOWS\KB920683.log 22297 bytes
C:\WINDOWS\KB920685.log 44408 bytes
C:\WINDOWS\KB920872.log 38179 bytes
C:\WINDOWS\KB921503.log 48785 bytes
C:\WINDOWS\KB922582.log 21561 bytes
C:\WINDOWS\KB922819.log 79983 bytes
C:\WINDOWS\KB923191.log 35450 bytes
C:\WINDOWS\KB923414.log 78215 bytes
C:\WINDOWS\KB923980.log 45779 bytes
C:\WINDOWS\KB924270.log 43483 bytes
C:\WINDOWS\KB924496.log 42110 bytes
C:\WINDOWS\KB924667.log 43947 bytes
C:\WINDOWS\KB925398.log 26963 bytes
C:\WINDOWS\KB938828.log 43037 bytes
C:\WINDOWS\KB938829.log 48075 bytes
C:\WINDOWS\KB939683.log 6862 bytes
C:\WINDOWS\KB941202.log 34396 bytes
C:\WINDOWS\KB941568.log 38692 bytes
C:\WINDOWS\KB941569.log 29516 bytes
C:\WINDOWS\KB941644.log 46355 bytes
C:\WINDOWS\KB941693.log 20329 bytes
C:\WINDOWS\KB942615-IE7.log 95968 bytes
C:\WINDOWS\KB942615.log 74198 bytes
C:\WINDOWS\KB942763.log 54436 bytes
C:\WINDOWS\KB942840.log 18994 bytes
C:\WINDOWS\KB943055.log 11170 bytes
C:\WINDOWS\KB943460.log 65670 bytes
C:\WINDOWS\KB943485.log 34516 bytes
C:\WINDOWS\ComboFix.txt.txt 26707 bytes
C:\WINDOWS\comsetup.log 249030 bytes
C:\WINDOWS\Config
C:\WINDOWS\Connection Wizard
C:\WINDOWS\control.ini 0 bytes
C:\WINDOWS\cpnprt2.cid 193880 bytes executable
C:\WINDOWS\Cursors
C:\WINDOWS\Debug
C:\WINDOWS\desktop.ini 2 bytes
C:\WINDOWS\DirectX.log 68270 bytes
C:\WINDOWS\Downloaded Installations
C:\WINDOWS\Downloaded Program Files
C:\WINDOWS\Driver Cache
C:\WINDOWS\DtcInstall.log 133 bytes
C:\WINDOWS\ehome
C:\WINDOWS\erdnt
C:\WINDOWS\ERUNT
C:\WINDOWS\explorer.exe 1033216 bytes executable
C:\WINDOWS\$NtUninstallKB914388$
C:\WINDOWS\$NtUninstallKB914389$
C:\WINDOWS\$NtUninstallKB914440$
C:\WINDOWS\$NtUninstallKB915865$
C:\WINDOWS\$NtUninstallKB916595$
C:\WINDOWS\$NtUninstallKB917344$
C:\WINDOWS\$NtUninstallKB918118$
C:\WINDOWS\$NtUninstallKB918439$
C:\WINDOWS\$NtUninscatchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
C:\WINDOWS\$NtUninstallKB920213$
C:\WINDOWS\$NtUninstallKB920670$
C:\WINDOWS\$NtUninstallKB920683$
C:\WINDOWS\$NtUninstallKB920685$
C:\WINDOWS\$NtUninstallKB920872$
C:\WINDOWS\$NtUninstallKB921503$
C:\WINDOWS\$NtUninstallKB922582$
C:\WINDOWS\$NtUninstallKB922819$
C:\WINDOWS\$NtUninstallKB923191$
C:\WINDOWS\$NtUninstallKB923414$
C:\WINDOWS\$NtUninstallKB923980$
C:\WINDOWS\$NtUninstallKB924270$
C:\WINDOWS\$NtUninstallKB924496$
C:\WINDOWS\$NtUninstallKB924667$
C:\WINDOWS\$NtUninstallKB941568$
C:\WINDOWS\$NtUninstallKB941569$
C:\WINDOWS\$NtUninstallKB941644$
C:\WINDOWS\$NtUninstallKB941693$
C:\WINDOWS\$NtUninstallKB942615$
C:\WINDOWS\$NtUninstallKB942615_0$
C:\WINDOWS\$NtUninstallKB942763$
C:\WINDOWS\$NtUninstallKB943055$
C:\WINDOWS\$NtUninstallKB943460$
C:\WINDOWS\$NtUninstallKB943485$
C:\WINDOWS\$NtUninstallKB944653$
C:\WINDOWS\$NtUninstallKB945553$
C:\WINDOWS\$NtUninstallKB946026$
C:\WINDOWS\$NtUninstallKB948590$
C:\WINDOWS\$NtUninstallKB948881$
C:\WINDOWS\$NtUninstallKB950749$
C:\WINDOWS\$NtUninstallMSCompPackV1$
C:\WINDOWS\$NtUninstallKB925902$
C:\WINDOWS\$NtUninstallKB926239$
C:\WINDOWS\$NtUninstallKB926255$
C:\WINDOWS\$NtUninstallKB926436$
C:\WINDOWS\$NtUninstallKB927779$
C:\WINDOWS\$NtUninstallKB927802$
C:\WINDOWS\$NtUninstallKB927891$
C:\WINDOWS\$NtUninstallKB928255$
C:\WINDOWS\$NtUninstallKB928843$
C:\WINDOWS\$NtUninstallKB929123$
C:\WINDOWS\$NtUninstallKB929399$
C:\WINDOWS\$NtUninstallKB930178$
C:\WINDOWS\$NtUninstallKB930916$
C:\WINDOWS\$NtUninstallKB931261$
C:\WINDOWS\$NtUninstallKB931784$
C:\WINDOWS\$NtUninstallKB932168$
C:\WINDOWS\$NtUninstallKB933729$
C:\WINDOWS\$NtUninstallKB935839$
C:\WINDOWS\$NtUninstallKB935840$
C:\WINDOWS\$NtUninstallKB936021$
C:\WINDOWS\$NtUninstallKB936357$
C:\WINDOWS\$NtUninstallKB936782_WMP11$
C:\WINDOWS\$NtUninstallKB936782_WMP9$
C:\WINDOWS\$NtUninstallKB937894$
C:\WINDOWS\$NtUninstallKB938127$
C:\WINDOWS\$NtUninstallKB938828$
C:\WINDOWS\$NtUninstallKB938829$
C:\WINDOWS\$NtUninstallKB939683$
C:\WINDOWS\$NtUninstallKB891781$
C:\WINDOWS\$NtUninstallKB893756$
C:\WINDOWS\$NtUninstallKB894391$
C:\WINDOWS\$NtUninstallKB896358$
C:\WINDOWS\$NtUninstallKB896423$
C:\WINDOWS\$NtUninstallKB896428$
C:\WINDOWS\$NtUninstallKB898461$
C:\WINDOWS\$NtUninstallKB899587$
C:\WINDOWS\$NtUninstallKB899591$
C:\WINDOWS\$NtUninstallKB900485$
C:\WINDOWS\$NtUninstallKB900725$
C:\WINDOWS\$NtUninstallKB901017$
C:\WINDOWS\$NtUninstallKB901214$
C:\WINDOWS\$NtUninstallKB902400$
C:\WINDOWS\$NtUninstallKB904942$
C:\WINDOWS\$NtUninstallKB905414$
C:\WINDOWS\$NtUninstallKB905749$
C:\WINDOWS\$NtUninstallKB908519$
C:\WINDOWS\$NtUninstallKB908531$
C:\WINDOWS\$NtUninstallKB910437$
C:\WINDOWS\$NtUninstallKB911280$
C:\WINDOWS\$NtUninstallKB911562$
C:\WINDOWS\$NtUninstallKB911564$
C:\WINDOWS\$NtUninstallKB911927$
C:\WINDOWS\ie7_main.log 32930 bytes
C:\WINDOWS\iis6.log 801448 bytes
C:\WINDOWS\ime
C:\WINDOWS\imsins.BAK 1355 bytes
C:\WINDOWS\imsins.log 1374 bytes
C:\WINDOWS\inf
C:\WINDOWS\Installer
C:\WINDOWS\java
C:\WINDOWS\KB873339.log 43425 bytes
C:\WINDOWS\KB885835.log 76754 bytes
C:\WINDOWS\KB885836.log 79648 bytes
C:\WINDOWS\KB885884.log 9712 bytes
C:\WINDOWS\KB886185.log 15199 bytes
C:\WINDOWS\KB887472.log 43229 bytes
C:\WINDOWS\KB888302.log 30326 bytes
C:\WINDOWS\KB890046.log 38560 bytes
C:\WINDOWS\winhelp.exe 256192 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log 24086 bytes
C:\WINDOWS\wmp11.log 17803 bytes
C:\WINDOWS\wmsetup.log 24960 bytes
C:\WINDOWS\wmsetup10.log 2538 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\Wudf01000Inst.log 9518 bytes
C:\WINDOWS\Zapotec.bmp 9522 bytes
C:\WINDOWS\zip.exe 68096 bytes executable
C:\WINDOWS\_default.pif 707 bytes
C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
C:\WINDOWS\$NtUninstallKB873339$
C:\WINDOWS\$NtUninstallKB885835$
C:\WINDOWS\$NtUninstallKB885836$
C:\WINDOWS\$NtUninstallKB885884$
C:\WINDOWS\$NtUninstallKB886185$
C:\WINDOWS\$NtUninstallKB887472$
C:\WINDOWS\$NtUninstallKB888302$
C:\WINDOWS\$NtUninstallKB890046$
C:\WINDOWS\KB944653.log 21219 bytes
C:\WINDOWS\KB945553.log 12091 bytes
C:\WINDOWS\KB946026.log 16813 bytes
C:\WINDOWS\KB947864-IE7.log 21010 bytes
C:\WINDOWS\KB948590.log 12145 bytes
C:\WINDOWS\KB948881.log 15846 bytes
C:\WINDOWS\KB950749.log 13341 bytes
C:\WINDOWS\MedCtrOC.log 50373 bytes
C:\WINDOWS\Media
C:\WINDOWS\mozver.dat 671 bytes
C:\WINDOWS\msagent
C:\WINDOWS\msapps
C:\WINDOWS\MSCompPackV1.log 4495 bytes
C:\WINDOWS\msdfmap.ini 1405 bytes
C:\WINDOWS\msgsocm.log 36406 bytes
C:\WINDOWS\msmqinst.log 222568 bytes
C:\WINDOWS\$NtUninstallwmp11$
C:\WINDOWS\$NtUninstallWudf01000$
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\addins
C:\WINDOWS\AppPatch
C:\WINDOWS\Blue Lace 16.bmp 1272 bytes
C:\WINDOWS\bootstat.dat 2048 bytes
C:\WINDOWS\Cache
C:\WINDOWS\clock.avi 82944 bytes
C:\WINDOWS\cmsetacl.log 200 bytes

scan completed successfully
hidden files: 383

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-17 10:55:21 - machine was rebooted [Renee Fleischmann]
ComboFix-quarantined-files.txt 2008-05-17 14:54:45
ComboFix2.txt 2008-05-17 09:13:28

Pre-Run: 16,723,415,040 bytes free
Post-Run: 16,714,047,488 bytes free

560 --- E O F --- 2008-05-16 11:30:58

Will be posting a new HijackThis report shortly.

Thanks again,
Wisteria75
  • 0

#4
wisteria75

wisteria75

    Member

  • Member
  • PipPip
  • 11 posts
And here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:23 AM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 9546 bytes
  • 0

#5
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,424 posts
Hi, wisteria75 :)

They are just hidden. Attempt first to restore the computer to an earlier date using System Restore:

Got to Start->All Programs->Accessories->System Tools->System Restore

If that does not help, go to Start->Run, type CMD and click OK. The MSDOS window will be displayed. Copy and paste the following command and press Enter.

attrib -a -h -r -s c:\windows\*.* /s /d

Type Exit to return to Windows. Check if now is the folder's contents is visible.
  • 0

#6
wisteria75

wisteria75

    Member

  • Member
  • PipPip
  • 11 posts
Hi :)
I appreciate all of your help.

Both things did not work unfortunately, and my C:\windows drive still appears to be empty.

See attached for when I did the "cmd"

Thanks,
Wisteria75

Attached Thumbnails

  • Printscreen.jpg

  • 0

#7
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,424 posts
Hi, wisteria75

That error seems to indicate that there are errors in your drive.

Run chkdsk:

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take a while, so be patient.
  • 0

#8
wisteria75

wisteria75

    Member

  • Member
  • PipPip
  • 11 posts
Hi JSntgRvr,

I didn't work. It said Checkdisk could not be performed! I have no idea what is happening... I hope this can be resolved. :)
  • 0

#9
wisteria75

wisteria75

    Member

  • Member
  • PipPip
  • 11 posts

Hi JSntgRvr,

I didn't work. It said Checkdisk could not be performed! I have no idea what is happening... I hope this can be resolved. :)


Sorry about all this. After my computer froze this morning, and I had to manually reboot, the scndsk decided to work. AND in saying that, my issue is resolved; my folder is now occupied! Thank you so much for your help! :)

Wisteria75

Edited by wisteria75, 18 May 2008 - 09:38 AM.

  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,424 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisement




Similar Topics: C:\Windows Folder is Empty [RESOLVED]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured