Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

C:\Windows Folder is Empty [RESOLVED]


  • This topic is locked This topic is locked

#1
wisteria75

wisteria75

    Member

  • Member
  • PipPip
  • 11 posts
Hi, I originally posted on the Windows XP site and did a few things to see if my windows folder is indeed empty, to no avail, so I was pointed in this direction. I did everything on the You Must Read This Before Posting A Hijackthis Log - Geeks to Go! page before doing the last and final HijackThis. So...this is my log. I hope someone can help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:04 AM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 9542 bytes

Many thanks,
Wisteria75 :)

Edited by wisteria75, 16 May 2008 - 04:12 PM.

  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, wisteria75 :)

Your Windows folder cannot be empty, as you are able to boot.

Les check for malware:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
wisteria75

wisteria75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks so much for your prompt reply and your help.

So far this is the ComboFix results:

ComboFix 08-05-15.3 - Renee Fleischmann 2008-05-17 10:36:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.758 [GMT -4:00]
Running from: C:\Documents and Settings\Renee Fleischmann\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 14:46 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-16 12:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-16 11:30 --------- d-----w C:\Program Files\Trend Micro
2008-05-16 11:26 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-15 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-15 21:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-15 21:50 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\SUPERAntiSpyware.com
2008-05-15 18:04 --------- d-----w C:\Program Files\Panda Security
2008-05-15 18:00 --------- d-----w C:\Program Files\RealArcade
2008-05-15 17:59 --------- d-----w C:\Program Files\Coupons
2008-05-15 17:45 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 17:45 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\Malwarebytes
2008-05-15 17:44 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-05-15 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-14 18:10 164 ----a-w C:\install.dat
2008-05-06 00:46 27,048 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-06 00:46 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-04-30 10:00 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\Pogo Games
2008-04-30 09:58 --------- d-----w C:\Program Files\Oberon Media
2008-04-28 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-28 11:33 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\uTorrent
2008-04-27 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
2008-04-06 17:42 --------- d-----w C:\Program Files\Total Training
2008-04-01 23:54 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\Winamp
2008-04-01 23:48 --------- d-----w C:\Program Files\Winamp
2008-04-01 17:54 --------- d-----w C:\Program Files\Tri Peaks 2 Quest For The Ruby Ring
2008-03-26 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-03-22 11:57 --------- d-----w C:\Documents and Settings\Renee Fleischmann\Application Data\ICAClient
2008-02-08 01:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2008-02-08 01:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2008-02-08 01:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2008-02-08 01:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
2008-02-08 01:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2008-02-08 01:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2008-02-08 01:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-11-09 20:10 34,384 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll
2007-03-16 21:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 21:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 21:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
2007-11-09 21:11 685,648 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-08 01:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-16 07:26 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 10:33 48800]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-07-14 12:49 85744]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 19:58 856064]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 10:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 10:14 270648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-05-16 07:26 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Program Neighborhood Agent.lnk
backup=C:\WINDOWS\pss\Program Neighborhood Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 23:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-09-14 03:55 140568 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-09-14 04:02 905056 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 19:58 856064 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-03-01 00:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 17:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-28 10:14 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 10:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-08-06 09:27 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-07-27 14:48 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-09-14 03:52 2595480 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-02-01 19:35]
R2 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-09-14 05:01]
R3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [2008-01-22 17:46]
R3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;C:\WINDOWS\system32\DRIVERS\n100325.sys [2001-08-17 08:11]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 11:10:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 10:39:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\$hf_mig$
C:\WINDOWS\$MSI31Uninstall_KB893803v2$
C:\WINDOWS\netfxocm.log 127335 bytes
C:\WINDOWS\network diagnostic
C:\WINDOWS\Nircmd.exe 28160 bytes executable
C:\WINDOWS\NLSDownlevelMapping.log 31289 bytes
C:\WINDOWS\NOTEPAD.EXE 69120 bytes executable
C:\WINDOWS\nsreg.dat 0 bytes
C:\WINDOWS\ntbtlog.txt 113532 bytes
C:\WINDOWS\ntdtcsetup.log 149373 bytes
C:\WINDOWS\ocgen.log 350072 bytes
C:\WINDOWS\ocmsn.log 39873 bytes
C:\WINDOWS\ODBC.INI 376 bytes
C:\WINDOWS\ODBCINST.INI 4161 bytes
C:\WINDOWS\OEWABLog.txt 833 bytes
C:\WINDOWS\Offline Web Pages
C:\WINDOWS\pchealth
C:\WINDOWS\PeerNet
C:\WINDOWS\Prairie Wind.bmp 65954 bytes
C:\WINDOWS\Prefetch
C:\WINDOWS\Provisioning
C:\WINDOWS\PSEXESVC.EXE 53248 bytes executable
C:\WINDOWS\pss
C:\WINDOWS\QTFont.for 1409 bytes
C:\WINDOWS\QTFont.qfn 54156 bytes
C:\WINDOWS\regedit.exe 146432 bytes executable
C:\WINDOWS\Registration
C:\WINDOWS\setuperr.log 0 bytes
C:\WINDOWS\setuplog.txt 888200 bytes
C:\WINDOWS\ShellNew
C:\WINDOWS\Soap Bubbles.bmp 65978 bytes
C:\WINDOWS\SoftwareDistribution
C:\WINDOWS\spupdsvc.log 42796 bytes
C:\WINDOWS\srchasst
C:\WINDOWS\Sti_Trace.log 0 bytes
C:\WINDOWS\Sun
C:\WINDOWS\swreg.exe 161792 bytes executable
C:\WINDOWS\swsc.exe 136704 bytes executable
C:\WINDOWS\swxcacls.exe 212480 bytes executable
C:\WINDOWS\system.ini 227 bytes
C:\WINDOWS\system32
C:\WINDOWS\tabletoc.log 37059 bytes
C:\WINDOWS\TASKMAN.EXE 15360 bytes executable
C:\WINDOWS\Tasks
C:\WINDOWS\TEMP
C:\WINDOWS\tsoc.log 334497 bytes
C:\WINDOWS\twain.dll 94784 bytes
C:\WINDOWS\twain_32
C:\WINDOWS\twain_32.dll 50688 bytes executable
C:\WINDOWS\Fashion Solitaire
C:\WINDOWS\Fashion Solitaire Setup Log.txt 2185200 bytes
C:\WINDOWS\Fashion Solitaire Uninstall Log.txt 996512 bytes
C:\WINDOWS\FaxSetup.log 722561 bytes
C:\WINDOWS\fdsv.exe 73728 bytes executable
C:\WINDOWS\FeatherTexture.bmp 16730 bytes
C:\WINDOWS\Fonts
C:\WINDOWS\ftpcache
C:\WINDOWS\Gone Fishing.bmp 17336 bytes
C:\WINDOWS\Greenstone.bmp 26582 bytes
C:\WINDOWS\grep.exe 80412 bytes executable
C:\WINDOWS\halbp___.ttf 132392 bytes
C:\WINDOWS\Help
C:\WINDOWS\hh.exe 10752 bytes executable
C:\WINDOWS\hpoins04.dat 103535 bytes
C:\WINDOWS\hpoins04.dat.temp 103535 bytes
C:\WINDOWS\hpomdl04.dat 17176 bytes
C:\WINDOWS\hpomdl04.dat.temp 17176 bytes
C:\WINDOWS\IDNMitigationAPIs.log 31605 bytes
C:\WINDOWS\ie7
C:\WINDOWS\ie7.log 81945 bytes
C:\WINDOWS\twunk_32.exe 25600 bytes executable
C:\WINDOWS\uccspecc.sys 31 bytes
C:\WINDOWS\uninst.exe 299520 bytes executable
C:\WINDOWS\updspapi.log 68698 bytes
C:\WINDOWS\vb.ini 36 bytes
C:\WINDOWS\vbaddin.ini 37 bytes
C:\WINDOWS\VFind.exe 49152 bytes executable
C:\WINDOWS\VirtualEar
C:\WINDOWS\vmmreg32.dll 18944 bytes executable
C:\WINDOWS\vpc32.INI 0 bytes
C:\WINDOWS\WBEM
C:\WINDOWS\Web
C:\WINDOWS\wiadebug.log 159 bytes
C:\WINDOWS\wiaservc.log 49 bytes
C:\WINDOWS\win.ini 715 bytes
C:\WINDOWS\WindowsShell.Manifest 749 bytes
C:\WINDOWS\WindowsShellOld.Manifest.1 82 bytes
C:\WINDOWS\WindowsUpdate.log 2038329 bytes
C:\WINDOWS\REGLOCS.OLD 8192 bytes
C:\WINDOWS\regopt.log 1052 bytes
C:\WINDOWS\repair
C:\WINDOWS\Resources
C:\WINDOWS\Rhododendron.bmp 17362 bytes
C:\WINDOWS\River Sumida.bmp 26680 bytes
C:\WINDOWS\Santa Fe Stucco.bmp 65832 bytes
C:\WINDOWS\SchedLgU.Txt 22390 bytes
C:\WINDOWS\security
C:\WINDOWS\sed.exe 98816 bytes executable
C:\WINDOWS\sessmgr.setup.log 1022 bytes
C:\WINDOWS\SET3.tmp 1042903 bytes
C:\WINDOWS\SET4.tmp 1086058 bytes
C:\WINDOWS\SET8.tmp 13753 bytes
C:\WINDOWS\setupact.log 178507 bytes
C:\WINDOWS\$NtUninstallKB890859$
C:\WINDOWS\$NtUninstallKB913580$
C:\WINDOWS\$NtUninstallKB925398_WMP64$
C:\WINDOWS\$NtUninstallKB941202$
C:\WINDOWS\$NtUninstallWMFDist11$
C:\WINDOWS\Coffee Bean.bmp 17062 bytes
C:\WINDOWS\explorer.scf 80 bytes
C:\WINDOWS\ie7updates
C:\WINDOWS\KB890859.log 20345 bytes
C:\WINDOWS\KB914388.log 39282 bytes
C:\WINDOWS\KB925902.log 42264 bytes
C:\WINDOWS\KB938127.log 33008 bytes
C:\WINDOWS\Kcatchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
C:\WINDOWS\mui
C:\WINDOWS\setupapi.log 508563 bytes
C:\WINDOWS\twunk_16.exe 49680 bytes
C:\WINDOWS\KB891781.log 44733 bytes
C:\WINDOWS\KB892130.log 19629 bytes
C:\WINDOWS\KB893756.log 47798 bytes
C:\WINDOWS\KB893803v2.log 13670 bytes
C:\WINDOWS\KB894391.log 24269 bytes
C:\WINDOWS\KB896358.log 45252 bytes
C:\WINDOWS\KB896423.log 41537 bytes
C:\WINDOWS\KB896428.log 29660 bytes
C:\WINDOWS\KB898461.log 6962 bytes
C:\WINDOWS\KB899587.log 82844 bytes
C:\WINDOWS\KB899591.log
C:\WINDOWS\KB900485.log 46934 bytes
C:\WINDOWS\KB900725.log 37546 bytes
C:\WINDOWS\KB901017.log 76515 bytes
C:\WINDOWS\KB901214.log 40456 bytes
C:\WINDOWS\KB902400.log 49232 bytes
C:\WINDOWS\KB904942.log 60472 bytes
C:\WINDOWS\KB905414.log 41383 bytes
C:\WINDOWS\KB905749.log 27876 bytes
C:\WINDOWS\KB908519.log 18852 bytes
C:\WINDOWS\KB908531.log 31290 bytes
C:\WINDOWS\KB910437.log 28373 bytes
C:\WINDOWS\KB911280.log 47373 bytes
C:\WINDOWS\KB911562.log 47157 bytes
C:\WINDOWS\KB911564.log 25438 bytes
C:\WINDOWS\KB911927.log 77004 bytes
C:\WINDOWS\KB913580.log 31333 bytes
C:\WINDOWS\KB926239.log 6653 bytes
C:\WINDOWS\KB926255.log 34257 bytes
C:\WINDOWS\KB926436.log 42218 bytes
C:\WINDOWS\KB927779.log 86141 bytes
C:\WINDOWS\KB927802.log 79688 bytes
C:\WINDOWS\KB927891.log 9715 bytes
C:\WINDOWS\KB928255.log 78231 bytes
C:\WINDOWS\KB928843.log 18986 bytes
C:\WINDOWS\KB929123.log 46161 bytes
C:\WINDOWS\KB929399.log 7143 bytes
C:\WINDOWS\KB930178.log 39574 bytes
C:\WINDOWS\KB930916.log 28391 bytes
C:\WINDOWS\KB931261.log 44167 bytes
C:\WINDOWS\KB931784.log 82778 bytes
C:\WINDOWS\KB932168.log 36308 bytes
C:\WINDOWS\KB933729.log 31265 bytes
C:\WINDOWS\KB935839.log 20969 bytes
C:\WINDOWS\KB935840.log 31402 bytes
C:\WINDOWS\KB936021.log 45125 bytes
C:\WINDOWS\KB936357.log 42572 bytes
C:\WINDOWS\KB936782.log 33747 bytes
C:\WINDOWS\KB937894.log 82435 bytes
C:\WINDOWS\KB938127-IE7.log 11187 bytes
C:\WINDOWS\KB914389.log 18711 bytes
C:\WINDOWS\KB914440.log 30602 bytes
C:\WINDOWS\KB915865.log 31960 bytes
C:\WINDOWS\KB916595.log 34198 bytes
C:\WINDOWS\KB917344.log 41684 bytes
C:\WINDOWS\KB918118.log 38297 bytes
C:\WINDOWS\KB918439.log 42575 bytes
C:\WINDOWS\KB919007.log 42141 bytes
C:\WINDOWS\KB920213.log 36392 bytes
C:\WINDOWS\KB920670.log 42298 bytes
C:\WINDOWS\KB920683.log 22297 bytes
C:\WINDOWS\KB920685.log 44408 bytes
C:\WINDOWS\KB920872.log 38179 bytes
C:\WINDOWS\KB921503.log 48785 bytes
C:\WINDOWS\KB922582.log 21561 bytes
C:\WINDOWS\KB922819.log 79983 bytes
C:\WINDOWS\KB923191.log 35450 bytes
C:\WINDOWS\KB923414.log 78215 bytes
C:\WINDOWS\KB923980.log 45779 bytes
C:\WINDOWS\KB924270.log 43483 bytes
C:\WINDOWS\KB924496.log 42110 bytes
C:\WINDOWS\KB924667.log 43947 bytes
C:\WINDOWS\KB925398.log 26963 bytes
C:\WINDOWS\KB938828.log 43037 bytes
C:\WINDOWS\KB938829.log 48075 bytes
C:\WINDOWS\KB939683.log 6862 bytes
C:\WINDOWS\KB941202.log 34396 bytes
C:\WINDOWS\KB941568.log 38692 bytes
C:\WINDOWS\KB941569.log 29516 bytes
C:\WINDOWS\KB941644.log 46355 bytes
C:\WINDOWS\KB941693.log 20329 bytes
C:\WINDOWS\KB942615-IE7.log 95968 bytes
C:\WINDOWS\KB942615.log 74198 bytes
C:\WINDOWS\KB942763.log 54436 bytes
C:\WINDOWS\KB942840.log 18994 bytes
C:\WINDOWS\KB943055.log 11170 bytes
C:\WINDOWS\KB943460.log 65670 bytes
C:\WINDOWS\KB943485.log 34516 bytes
C:\WINDOWS\ComboFix.txt.txt 26707 bytes
C:\WINDOWS\comsetup.log 249030 bytes
C:\WINDOWS\Config
C:\WINDOWS\Connection Wizard
C:\WINDOWS\control.ini 0 bytes
C:\WINDOWS\cpnprt2.cid 193880 bytes executable
C:\WINDOWS\Cursors
C:\WINDOWS\Debug
C:\WINDOWS\desktop.ini 2 bytes
C:\WINDOWS\DirectX.log 68270 bytes
C:\WINDOWS\Downloaded Installations
C:\WINDOWS\Downloaded Program Files
C:\WINDOWS\Driver Cache
C:\WINDOWS\DtcInstall.log 133 bytes
C:\WINDOWS\ehome
C:\WINDOWS\erdnt
C:\WINDOWS\ERUNT
C:\WINDOWS\explorer.exe 1033216 bytes executable
C:\WINDOWS\$NtUninstallKB914388$
C:\WINDOWS\$NtUninstallKB914389$
C:\WINDOWS\$NtUninstallKB914440$
C:\WINDOWS\$NtUninstallKB915865$
C:\WINDOWS\$NtUninstallKB916595$
C:\WINDOWS\$NtUninstallKB917344$
C:\WINDOWS\$NtUninstallKB918118$
C:\WINDOWS\$NtUninstallKB918439$
C:\WINDOWS\$NtUninscatchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
C:\WINDOWS\$NtUninstallKB920213$
C:\WINDOWS\$NtUninstallKB920670$
C:\WINDOWS\$NtUninstallKB920683$
C:\WINDOWS\$NtUninstallKB920685$
C:\WINDOWS\$NtUninstallKB920872$
C:\WINDOWS\$NtUninstallKB921503$
C:\WINDOWS\$NtUninstallKB922582$
C:\WINDOWS\$NtUninstallKB922819$
C:\WINDOWS\$NtUninstallKB923191$
C:\WINDOWS\$NtUninstallKB923414$
C:\WINDOWS\$NtUninstallKB923980$
C:\WINDOWS\$NtUninstallKB924270$
C:\WINDOWS\$NtUninstallKB924496$
C:\WINDOWS\$NtUninstallKB924667$
C:\WINDOWS\$NtUninstallKB941568$
C:\WINDOWS\$NtUninstallKB941569$
C:\WINDOWS\$NtUninstallKB941644$
C:\WINDOWS\$NtUninstallKB941693$
C:\WINDOWS\$NtUninstallKB942615$
C:\WINDOWS\$NtUninstallKB942615_0$
C:\WINDOWS\$NtUninstallKB942763$
C:\WINDOWS\$NtUninstallKB943055$
C:\WINDOWS\$NtUninstallKB943460$
C:\WINDOWS\$NtUninstallKB943485$
C:\WINDOWS\$NtUninstallKB944653$
C:\WINDOWS\$NtUninstallKB945553$
C:\WINDOWS\$NtUninstallKB946026$
C:\WINDOWS\$NtUninstallKB948590$
C:\WINDOWS\$NtUninstallKB948881$
C:\WINDOWS\$NtUninstallKB950749$
C:\WINDOWS\$NtUninstallMSCompPackV1$
C:\WINDOWS\$NtUninstallKB925902$
C:\WINDOWS\$NtUninstallKB926239$
C:\WINDOWS\$NtUninstallKB926255$
C:\WINDOWS\$NtUninstallKB926436$
C:\WINDOWS\$NtUninstallKB927779$
C:\WINDOWS\$NtUninstallKB927802$
C:\WINDOWS\$NtUninstallKB927891$
C:\WINDOWS\$NtUninstallKB928255$
C:\WINDOWS\$NtUninstallKB928843$
C:\WINDOWS\$NtUninstallKB929123$
C:\WINDOWS\$NtUninstallKB929399$
C:\WINDOWS\$NtUninstallKB930178$
C:\WINDOWS\$NtUninstallKB930916$
C:\WINDOWS\$NtUninstallKB931261$
C:\WINDOWS\$NtUninstallKB931784$
C:\WINDOWS\$NtUninstallKB932168$
C:\WINDOWS\$NtUninstallKB933729$
C:\WINDOWS\$NtUninstallKB935839$
C:\WINDOWS\$NtUninstallKB935840$
C:\WINDOWS\$NtUninstallKB936021$
C:\WINDOWS\$NtUninstallKB936357$
C:\WINDOWS\$NtUninstallKB936782_WMP11$
C:\WINDOWS\$NtUninstallKB936782_WMP9$
C:\WINDOWS\$NtUninstallKB937894$
C:\WINDOWS\$NtUninstallKB938127$
C:\WINDOWS\$NtUninstallKB938828$
C:\WINDOWS\$NtUninstallKB938829$
C:\WINDOWS\$NtUninstallKB939683$
C:\WINDOWS\$NtUninstallKB891781$
C:\WINDOWS\$NtUninstallKB893756$
C:\WINDOWS\$NtUninstallKB894391$
C:\WINDOWS\$NtUninstallKB896358$
C:\WINDOWS\$NtUninstallKB896423$
C:\WINDOWS\$NtUninstallKB896428$
C:\WINDOWS\$NtUninstallKB898461$
C:\WINDOWS\$NtUninstallKB899587$
C:\WINDOWS\$NtUninstallKB899591$
C:\WINDOWS\$NtUninstallKB900485$
C:\WINDOWS\$NtUninstallKB900725$
C:\WINDOWS\$NtUninstallKB901017$
C:\WINDOWS\$NtUninstallKB901214$
C:\WINDOWS\$NtUninstallKB902400$
C:\WINDOWS\$NtUninstallKB904942$
C:\WINDOWS\$NtUninstallKB905414$
C:\WINDOWS\$NtUninstallKB905749$
C:\WINDOWS\$NtUninstallKB908519$
C:\WINDOWS\$NtUninstallKB908531$
C:\WINDOWS\$NtUninstallKB910437$
C:\WINDOWS\$NtUninstallKB911280$
C:\WINDOWS\$NtUninstallKB911562$
C:\WINDOWS\$NtUninstallKB911564$
C:\WINDOWS\$NtUninstallKB911927$
C:\WINDOWS\ie7_main.log 32930 bytes
C:\WINDOWS\iis6.log 801448 bytes
C:\WINDOWS\ime
C:\WINDOWS\imsins.BAK 1355 bytes
C:\WINDOWS\imsins.log 1374 bytes
C:\WINDOWS\inf
C:\WINDOWS\Installer
C:\WINDOWS\java
C:\WINDOWS\KB873339.log 43425 bytes
C:\WINDOWS\KB885835.log 76754 bytes
C:\WINDOWS\KB885836.log 79648 bytes
C:\WINDOWS\KB885884.log 9712 bytes
C:\WINDOWS\KB886185.log 15199 bytes
C:\WINDOWS\KB887472.log 43229 bytes
C:\WINDOWS\KB888302.log 30326 bytes
C:\WINDOWS\KB890046.log 38560 bytes
C:\WINDOWS\winhelp.exe 256192 bytes
C:\WINDOWS\winhlp32.exe 283648 bytes executable
C:\WINDOWS\winnt.bmp 48680 bytes
C:\WINDOWS\winnt256.bmp 48680 bytes
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log 24086 bytes
C:\WINDOWS\wmp11.log 17803 bytes
C:\WINDOWS\wmsetup.log 24960 bytes
C:\WINDOWS\wmsetup10.log 2538 bytes
C:\WINDOWS\WMSysPr9.prx 316640 bytes
C:\WINDOWS\Wudf01000Inst.log 9518 bytes
C:\WINDOWS\Zapotec.bmp 9522 bytes
C:\WINDOWS\zip.exe 68096 bytes executable
C:\WINDOWS\_default.pif 707 bytes
C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
C:\WINDOWS\$NtUninstallKB873339$
C:\WINDOWS\$NtUninstallKB885835$
C:\WINDOWS\$NtUninstallKB885836$
C:\WINDOWS\$NtUninstallKB885884$
C:\WINDOWS\$NtUninstallKB886185$
C:\WINDOWS\$NtUninstallKB887472$
C:\WINDOWS\$NtUninstallKB888302$
C:\WINDOWS\$NtUninstallKB890046$
C:\WINDOWS\KB944653.log 21219 bytes
C:\WINDOWS\KB945553.log 12091 bytes
C:\WINDOWS\KB946026.log 16813 bytes
C:\WINDOWS\KB947864-IE7.log 21010 bytes
C:\WINDOWS\KB948590.log 12145 bytes
C:\WINDOWS\KB948881.log 15846 bytes
C:\WINDOWS\KB950749.log 13341 bytes
C:\WINDOWS\MedCtrOC.log 50373 bytes
C:\WINDOWS\Media
C:\WINDOWS\mozver.dat 671 bytes
C:\WINDOWS\msagent
C:\WINDOWS\msapps
C:\WINDOWS\MSCompPackV1.log 4495 bytes
C:\WINDOWS\msdfmap.ini 1405 bytes
C:\WINDOWS\msgsocm.log 36406 bytes
C:\WINDOWS\msmqinst.log 222568 bytes
C:\WINDOWS\$NtUninstallwmp11$
C:\WINDOWS\$NtUninstallWudf01000$
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\addins
C:\WINDOWS\AppPatch
C:\WINDOWS\Blue Lace 16.bmp 1272 bytes
C:\WINDOWS\bootstat.dat 2048 bytes
C:\WINDOWS\Cache
C:\WINDOWS\clock.avi 82944 bytes
C:\WINDOWS\cmsetacl.log 200 bytes

scan completed successfully
hidden files: 383

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-17 10:55:21 - machine was rebooted [Renee Fleischmann]
ComboFix-quarantined-files.txt 2008-05-17 14:54:45
ComboFix2.txt 2008-05-17 09:13:28

Pre-Run: 16,723,415,040 bytes free
Post-Run: 16,714,047,488 bytes free

560 --- E O F --- 2008-05-16 11:30:58

Will be posting a new HijackThis report shortly.

Thanks again,
Wisteria75
  • 0

#4
wisteria75

wisteria75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
And here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:23 AM, on 5/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 9546 bytes
  • 0

#5
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, wisteria75 :)

They are just hidden. Attempt first to restore the computer to an earlier date using System Restore:

Got to Start->All Programs->Accessories->System Tools->System Restore

If that does not help, go to Start->Run, type CMD and click OK. The MSDOS window will be displayed. Copy and paste the following command and press Enter.

attrib -a -h -r -s c:\windows\*.* /s /d

Type Exit to return to Windows. Check if now is the folder's contents is visible.
  • 0

#6
wisteria75

wisteria75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi :)
I appreciate all of your help.

Both things did not work unfortunately, and my C:\windows drive still appears to be empty.

See attached for when I did the "cmd"

Thanks,
Wisteria75

Attached Thumbnails

  • Printscreen.jpg

  • 0

#7
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, wisteria75

That error seems to indicate that there are errors in your drive.

Run chkdsk:

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take a while, so be patient.
  • 0

#8
wisteria75

wisteria75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi JSntgRvr,

I didn't work. It said Checkdisk could not be performed! I have no idea what is happening... I hope this can be resolved. :)
  • 0

#9
wisteria75

wisteria75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi JSntgRvr,

I didn't work. It said Checkdisk could not be performed! I have no idea what is happening... I hope this can be resolved. :)


Sorry about all this. After my computer froze this morning, and I had to manually reboot, the scndsk decided to work. AND in saying that, my issue is resolved; my folder is now occupied! Thank you so much for your help! :)

Wisteria75

Edited by wisteria75, 18 May 2008 - 09:38 AM.

  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP