Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Fixed] XP pro problems- started with no icons - will not install progs etc

[Fixed] Hijackthis! Logs - [Fixed] XP pro problems- started with no icons - will not install progs etc posted in the Security & Safety forums; Thanks Pancake.. here we go.. ComboFix 08-06-04.1 - Administrator 2008-06-05 10:13:05.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1668 [GMT 10:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 4 of 5 < 1 2 3 4 5 >
  #19  
Old 06-05-2008
ozrock's Avatar
Bronze Member
  
Join Date: Jun 2008
Location: Sydney
Posts: 15
PC Experience: web designer - entertainment industry
ozrock - See this Members User comments on their Profile page
Default Re: XP pro problems- started with no icons - will not install progs etc
Thanks Pancake.. here we go..

ComboFix 08-06-04.1 - Administrator 2008-06-05 10:13:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1668 [GMT 10:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM4f7c948b.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\akyttcrw.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\chfibdre.dll
C:\WINDOWS\system32\fccdcYPf.dll
C:\WINDOWS\system32\fPYcdccf.ini
C:\WINDOWS\system32\fPYcdccf.ini2
C:\WINDOWS\system32\ileuqqaj.dll
C:\WINDOWS\system32\jaqqueli.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\oqdvbgxu.ini
C:\WINDOWS\system32\oudeeuqn.ini
C:\WINDOWS\system32\srmaykog.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 10:17 . 2008-06-05 10:17 <DIR> d--hs---- C:\WINDOWS\system32\dllcache
2008-06-05 09:47 . 2008-06-05 09:47 162,800 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-06-04 21:36 . 2008-06-04 21:36 116,736 --a------ C:\WINDOWS\system32\wrcttyka.dll
2008-06-04 14:38 . 2008-06-04 14:38 <DIR> d-------- C:\Program Files\Belarc
2008-06-04 14:38 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Deckard
2008-06-04 12:47 . 2008-06-04 12:47 13 --a------ C:\WINDOWS\system32\WinUser32.crc
2008-06-04 12:09 . 2008-06-04 12:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-04 12:09 . 2008-06-04 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 12:08 . 2008-06-04 15:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 10:46 . 2008-06-04 10:45 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-06-04 10:46 . 2008-06-04 10:45 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-06-04 10:45 . 2008-06-04 12:27 <DIR> d-------- C:\Program Files\ESET
2008-06-04 09:17 . 2008-06-04 13:25 1,648 --a------ C:\WINDOWS\mozver.dat
2008-06-03 22:45 . 2008-06-03 22:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-03 22:45 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-03 21:30 . 2008-06-03 21:30 51,200 --a------ C:\WINDOWS\system32\matnjmxi.dll
2008-06-03 21:23 . 2008-06-03 21:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-02 21:46 . 2008-06-02 21:46 51,200 --a------ C:\WINDOWS\system32\eoeghbrs.dll
2008-06-02 21:46 . 2008-06-02 21:46 51,200 --a------ C:\WINDOWS\system32\acchspkk.dll
2008-06-02 21:46 . 2008-06-02 21:46 51,200 --a------ C:\WINDOWS\system32\__c0012448.dat
2008-06-02 21:43 . 2008-06-02 21:43 51,200 --a------ C:\WINDOWS\system32\pxhreewj.dll
2008-06-02 21:37 . 2008-06-02 21:37 51,200 --a------ C:\WINDOWS\system32\xmshjops.dll
2008-06-02 21:34 . 2008-06-02 21:34 51,200 --a------ C:\WINDOWS\system32\gebygprg.dll
2008-06-02 18:04 . 2008-06-02 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-06-02 17:59 . 2008-06-02 17:59 <DIR> d-------- C:\Program Files\Corel
2008-06-02 17:59 . 2008-06-02 18:01 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-02 17:59 . 2008-06-02 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-02 16:16 . 2008-06-02 16:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlobalSCAPE
2008-06-02 15:50 . 2008-06-02 15:50 <DIR> d-------- C:\Program Files\GlobalSCAPE
2008-06-02 15:45 . 2008-06-02 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-02 15:25 . 2008-06-02 15:29 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-02 15:25 . 2008-06-02 15:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-06-02 10:41 . 2008-06-02 10:41 <DIR> d-------- C:\6200ps2k
2008-06-02 10:21 . 2008-06-02 10:21 <DIR> d-------- C:\WINDOWS\Sun
2008-06-02 10:20 . 2008-06-02 10:20 <DIR> d-------- C:\Program Files\Java
2008-06-02 10:20 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-02 10:19 . 2008-06-02 10:19 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-02 07:47 . 2008-06-02 07:47 <DIR> d-------- C:\Documents and Settings\Webmaster
2008-06-01 21:30 . 2008-06-01 21:30 51,200 --a------ C:\WINDOWS\system32\ukjliyse.dll
2008-06-01 21:30 . 2008-06-01 21:30 51,200 --a------ C:\WINDOWS\system32\__c0022964.dat
2008-06-01 20:00 . 2008-06-05 10:12 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 19:56 . 2008-06-01 19:56 <DIR> d-------- C:\5pc17ed6.default
2008-06-01 17:38 . 2008-06-02 19:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-01 17:12 . 2008-06-01 17:12 <DIR> d-------- C:\Thunderbird Signatures
2008-06-01 15:41 . 2008-06-01 15:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2008-06-01 11:45 . 2008-06-01 11:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-01 10:05 . 2008-06-03 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-01 09:50 . 2008-06-04 16:57 578 --a------ C:\WINDOWS\M3JPEG.INI
2008-06-01 09:44 . 2008-06-01 09:44 <DIR> d-------- C:\Program Files\Active WebCam
2008-06-01 09:44 . 2008-06-01 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PY_Software
2008-06-01 09:40 . 2008-06-01 09:40 <DIR> d-------- C:\Program Files\Morgan
2008-06-01 09:40 . 2002-01-16 23:45 224,256 --a------ C:\WINDOWS\system32\MMIJG32.dll
2008-06-01 09:40 . 2002-02-13 05:09 62,976 --a------ C:\WINDOWS\system32\M3JPEGdec.ax
2008-06-01 09:40 . 2001-11-09 10:19 53,248 --a------ C:\WINDOWS\system32\MMTray.exe
2008-06-01 09:40 . 2001-11-15 01:18 51,200 --a------ C:\WINDOWS\system32\M3JPEGenc.ax
2008-06-01 09:30 . 2008-06-01 09:30 <DIR> d-------- C:\Program Files\PowerISO
2008-06-01 09:22 . 2008-06-01 09:22 <DIR> d-------- C:\Program Files\Common Files\Acronis
2008-06-01 09:22 . 2008-06-01 09:22 <DIR> d-------- C:\Program Files\Acronis
2008-06-01 09:22 . 2008-06-01 09:22 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-06-01 09:14 . 2008-06-01 09:14 <DIR> d-------- C:\Program Files\SourceTec
2008-06-01 09:14 . 2008-06-01 09:14 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-06-01 09:08 . 2008-06-01 09:08 <DIR> d-------- C:\Program Files\Audio Maker Pro
2008-06-01 09:04 . 2000-08-22 15:09 532,480 --a------ C:\WINDOWS\system32\imagx5.dll
2008-06-01 09:04 . 2000-08-14 12:38 503,808 --a------ C:\WINDOWS\system32\imagr5.dll
2008-06-01 09:04 . 2000-08-29 13:08 275,312 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-06-01 09:04 . 2000-10-11 11:49 201,568 --a------ C:\WINDOWS\system32\CapPRO.dll
2008-06-01 09:04 . 2000-08-09 16:30 66,509 --a------ C:\WINDOWS\system32\Picn1220.ssm
2008-06-01 09:04 . 2000-08-09 16:10 37,553 --a------ C:\WINDOWS\system32\Picn1520.ssm
2008-06-01 09:04 . 2000-08-11 10:35 35,328 --a------ C:\WINDOWS\system32\picn20.dll
2008-06-01 09:03 . 1999-02-08 10:16 340,480 --a------ C:\WINDOWS\system32\ActBar.ocx
2008-06-01 09:01 . 2008-06-01 09:01 <DIR> d-------- C:\Program Files\Applet Headline Factory
2008-06-01 09:01 . 1999-11-11 15:42 297,472 --a------ C:\WINDOWS\system32\OpenClass.exe
2008-06-01 08:58 . 2008-06-01 08:58 <DIR> d-------- C:\Program Files\Free Icon Studio
2008-06-01 08:58 . 2003-09-10 12:09 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-06-01 08:58 . 2003-09-10 11:59 84,480 --a------ C:\WINDOWS\system32\axcolctl.ocx
2008-06-01 08:58 . 2003-09-10 11:59 69,632 --a------ C:\WINDOWS\system32\jckPortal.ocx
2008-06-01 08:58 . 2003-09-10 11:59 53,248 --a------ C:\WINDOWS\system32\vbalIcoM6.dll
2008-06-01 08:58 . 2003-09-10 11:59 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-06-01 08:56 . 2008-06-01 08:56 13 --a------ C:\WINDOWS\system32\WinSys64.crc
2008-06-01 08:51 . 2008-06-01 08:52 <DIR> d-------- C:\Program Files\Applet Marquee Wizard
2008-06-01 08:51 . 1996-09-11 14:33 48,640 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-06-01 08:50 . 2008-06-01 08:50 <DIR> d-------- C:\Program Files\Applet Navigation Factory 2.0
2008-06-01 08:39 . 2008-06-02 18:03 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-01 08:39 . 2008-06-01 08:39 <DIR> d-------- C:\Program Files\askSam
2008-06-01 08:39 . 2008-06-01 08:39 422 --a------ C:\WINDOWS\system32\MSST42.DLL
2008-06-01 08:38 . 2008-06-02 17:54 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-01 08:38 . 2008-06-02 15:50 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-01 05:09 . 2005-03-23 19:04 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-06-01 05:08 . 2005-03-23 19:06 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-06-01 05:08 . 2005-03-23 19:05 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-01 05:07 . 2005-03-23 19:06 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-01 05:07 . 2005-03-23 19:05 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-06-01 05:06 . 2005-03-23 19:04 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2008-06-01 05:06 . 2005-03-23 19:05 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-06-01 05:04 . 2008-06-04 12:02 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-06-01 05:03 . 2008-06-05 10:18 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-06-01 05:03 . 2008-06-02 10:42 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2008-06-01 05:03 . 2004-08-04 01:57 1,086,058 -ra------ C:\WINDOWS\SET4.tmp
2008-06-01 05:03 . 2004-08-04 02:03 1,042,903 -ra------ C:\WINDOWS\SET3.tmp
2008-06-01 05:03 . 2004-08-04 01:58 13,753 -ra------ C:\WINDOWS\SET8.tmp
2008-06-01 05:02 . 2004-10-15 00:30 155,648 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2008-06-01 05:02 . 2004-11-17 01:52 126,976 --a------ C:\WINDOWS\system32\Prounstl.exe
2008-06-01 05:02 . 2002-06-01 06:35 76,976 --a------ C:\WINDOWS\system32\drivers\pnp680r.sys
2008-06-01 05:02 . 2004-11-16 17:16 36,864 --a------ C:\WINDOWS\system32\e100bmsg.dll
2008-06-01 05:02 . 2004-10-30 01:01 19,456 --a------ C:\WINDOWS\system32\IntelNic.dll
2008-06-01 05:02 . 2004-10-15 00:22 5,110 --a------ C:\WINDOWS\system32\e100b325.din
2008-06-01 05:00 . 2008-05-31 19:16 <DIR> d--h----- C:\Documents and Settings\Default User
2008-06-01 05:00 . 2008-05-31 19:15 <DIR> d-------- C:\Documents and Settings\All Users
2008-06-01 05:00 . 2008-06-02 07:47 <DIR> d-------- C:\Documents and Settings
2008-06-01 05:00 . 2008-05-31 19:17 1,194 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-05-31 21:09 . 2008-05-31 21:09 <DIR> d-------- C:\Program Files\QuickTime
2008-05-31 21:09 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-05-31 21:09 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-05-31 21:00 . 2008-05-31 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-31 20:49 . 2008-06-01 09:28 <DIR> d-------- C:\Program Files\CoffeeCup Software
2008-05-31 20:49 . 2006-01-27 01:56 938,272 --a------ C:\WINDOWS\system32\wodFtpDLX.OCX
2008-05-31 20:44 . 2008-05-31 20:44 <DIR> d-------- C:\Program Files\Bonjour
2008-05-31 20:35 . 2008-05-31 20:35 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-31 20:34 . 2008-06-04 13:26 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-31 20:32 . 2008-05-31 20:32 <DIR> d-------- C:\Program Files\JGsoft
2008-05-31 20:32 . 2008-05-31 20:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\JGsoft
2008-05-31 20:32 . 2006-06-06 02:08 67,472 --a------ C:\WINDOWS\UnDeploy.exe
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-04 22:29 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-31 09:37 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-29 01:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 01:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 01:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
.

------- Sigcheck -------

2005-01-31 18:49 577024 f893a7a2045eb34bc2ca4d5708d1026e C:\WINDOWS\system32\user32.dll

2005-02-08 18:34 657920 a8eac5330876548e9966a7d13025d196 C:\WINDOWS\system32\wininet.dll

2005-01-19 20:50 359040 a8cc16a5b3faae8c9ec04e44ea952fc0 C:\WINDOWS\system32\drivers\tcpip.sys

2005-01-19 07:12 502784 b66dbc40d428fe1293041d621d836ac8 C:\WINDOWS\system32\winlogon.exe

2005-03-23 08:17 2056832 110e7aa558e68917696f45a2e9b0b68c C:\WINDOWS\system32\ntkrnlpa.exe

2005-01-21 06:45 2179456 cd532a08f0c9929e9e582b8248019a50 C:\WINDOWS\system32\ntoskrnl.exe

2005-01-31 18:49 1032192 98d45efddd1a67f90353be8d28ed72db C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-03-23 09:07 1694208]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 09:01 43008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 19:53 2209224]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 10:05 200704]
"MMTray"="MMTray.exe" [2001-11-09 10:19 53248 C:\WINDOWS\system32\MMTray.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 21:08 95504]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-04 10:45 917504]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"4c4fa717"="C:\WINDOWS\system32\wrcttyka.dll" [2008-06-04 21:36 116736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free Image Slicer\ThirtyDayTimer.exe [2008-06-01 08:59:04 372224]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoInternetIcon"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=

S0 pnp680;pnp680;C:\WINDOWS\system32\drivers\pnp680.s ys [2005-03-23 08:49]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{52b5306f-2f41-11dd-9b2d-806d6172696f}]
\Shell\AutoRun\command - I:\setup.exe

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 10:18:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [1904] 0x897FE378

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2008-06-05 10:24:01 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-06-05 00:23:33

Pre-Run: 68,765,499,392 bytes free
Post-Run: 68,866,023,424 bytes free

240


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:19 AM, on 5/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\MMTray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [4c4fa717] rundll32.exe "C:\WINDOWS\system32\wrcttyka.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Web Page to askSam... - C:\Program Files\askSam\askSam6\ASAdd.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: asksam6 - {72A9B8AD-6895-422C-A3F7-F2A7A88B88DA} - C:\Program Files\askSam\askSam6\AS6_AIPP.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 5063 bytes
  #20  
Old 06-05-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,958
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: XP pro problems- started with no icons - will not install progs etc
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKLM\..\Run: [4c4fa717] rundll32.exe "C:\WINDOWS\system32\wrcttyka.dll",b
Reboot...........................

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Killall::
File::
C:\WINDOWS\system32\wrcttyka.dll
C:\WINDOWS\system32\__c0012448.dat
C:\WINDOWS\system32\pxhreewj.dll
C:\WINDOWS\system32\xmshjops.dll
C:\WINDOWS\system32\gebygprg.dll
C:\WINDOWS\system32\eoeghbrs.dll
C:\WINDOWS\system32\acchspkk.dll
C:\WINDOWS\system32\ukjliyse.dll
C:\WINDOWS\system32\__c0022964.dat
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"4c4fa717"=-
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #21  
Old 06-05-2008
ozrock's Avatar
Bronze Member
  
Join Date: Jun 2008
Location: Sydney
Posts: 15
PC Experience: web designer - entertainment industry
ozrock - See this Members User comments on their Profile page
Default Re: XP pro problems- started with no icons - will not install progs etc
Okay Done that..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:16 AM, on 5/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\MMTray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Web Page to askSam... - C:\Program Files\askSam\askSam6\ASAdd.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: asksam6 - {72A9B8AD-6895-422C-A3F7-F2A7A88B88DA} - C:\Program Files\askSam\askSam6\AS6_AIPP.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 4903 bytes





ComboFix 08-06-04.1 - Administrator 2008-06-05 11:16:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1697 [GMT 10:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\__c0012448.dat
C:\WINDOWS\system32\__c0022964.dat
C:\WINDOWS\system32\acchspkk.dll
C:\WINDOWS\system32\eoeghbrs.dll
C:\WINDOWS\system32\gebygprg.dll
C:\WINDOWS\system32\pxhreewj.dll
C:\WINDOWS\system32\ukjliyse.dll
C:\WINDOWS\system32\wrcttyka.dll
C:\WINDOWS\system32\xmshjops.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\__c0012448.dat
C:\WINDOWS\system32\__c0022964.dat
C:\WINDOWS\system32\acchspkk.dll
C:\WINDOWS\system32\eoeghbrs.dll
C:\WINDOWS\system32\gebygprg.dll
C:\WINDOWS\system32\MSST42.DLL
C:\WINDOWS\system32\pxhreewj.dll
C:\WINDOWS\system32\ukjliyse.dll
C:\WINDOWS\system32\wrcttyka.dll
C:\WINDOWS\system32\xmshjops.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 10:19 . 2008-06-05 10:24 354 ---hs---- C:\WINDOWS\system32\akyttcrw.ini
2008-06-05 10:17 . 2008-06-05 10:17 <DIR> d--hs---- C:\WINDOWS\system32\dllcache
2008-06-05 09:47 . 2008-06-05 09:47 162,800 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-06-04 14:38 . 2008-06-04 14:38 <DIR> d-------- C:\Program Files\Belarc
2008-06-04 14:38 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Deckard
2008-06-04 12:47 . 2008-06-04 12:47 13 --a------ C:\WINDOWS\system32\WinUser32.crc
2008-06-04 12:09 . 2008-06-04 12:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-04 12:09 . 2008-06-04 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 12:08 . 2008-06-04 15:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 10:46 . 2008-06-04 10:45 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-06-04 10:46 . 2008-06-04 10:45 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-06-04 10:45 . 2008-06-04 12:27 <DIR> d-------- C:\Program Files\ESET
2008-06-04 09:17 . 2008-06-04 13:25 1,648 --a------ C:\WINDOWS\mozver.dat
2008-06-03 22:45 . 2008-06-03 22:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-03 22:45 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-03 21:30 . 2008-06-03 21:30 51,200 --a------ C:\WINDOWS\system32\matnjmxi.dll
2008-06-03 21:23 . 2008-06-03 21:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-02 18:04 . 2008-06-02 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-06-02 17:59 . 2008-06-02 17:59 <DIR> d-------- C:\Program Files\Corel
2008-06-02 17:59 . 2008-06-02 18:01 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-02 17:59 . 2008-06-02 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-02 16:16 . 2008-06-02 16:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlobalSCAPE
2008-06-02 15:50 . 2008-06-02 15:50 <DIR> d-------- C:\Program Files\GlobalSCAPE
2008-06-02 15:45 . 2008-06-02 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-02 15:25 . 2008-06-02 15:29 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-02 15:25 . 2008-06-02 15:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-06-02 10:41 . 2008-06-02 10:41 <DIR> d-------- C:\6200ps2k
2008-06-02 10:21 . 2008-06-02 10:21 <DIR> d-------- C:\WINDOWS\Sun
2008-06-02 10:20 . 2008-06-02 10:20 <DIR> d-------- C:\Program Files\Java
2008-06-02 10:20 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-02 10:19 . 2008-06-02 10:19 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-02 07:47 . 2008-06-02 07:47 <DIR> d-------- C:\Documents and Settings\Webmaster
2008-06-01 20:00 . 2008-06-05 11:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 19:56 . 2008-06-01 19:56 <DIR> d-------- C:\5pc17ed6.default
2008-06-01 17:38 . 2008-06-02 19:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-01 17:12 . 2008-06-01 17:12 <DIR> d-------- C:\Thunderbird Signatures
2008-06-01 15:41 . 2008-06-01 15:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2008-06-01 11:45 . 2008-06-01 11:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-01 10:05 . 2008-06-03 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-01 09:50 . 2008-06-04 16:57 578 --a------ C:\WINDOWS\M3JPEG.INI
2008-06-01 09:44 . 2008-06-01 09:44 <DIR> d-------- C:\Program Files\Active WebCam
2008-06-01 09:44 . 2008-06-01 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PY_Software
2008-06-01 09:40 . 2008-06-01 09:40 <DIR> d-------- C:\Program Files\Morgan
2008-06-01 09:40 . 2002-01-16 23:45 224,256 --a------ C:\WINDOWS\system32\MMIJG32.dll
2008-06-01 09:40 . 2002-02-13 05:09 62,976 --a------ C:\WINDOWS\system32\M3JPEGdec.ax
2008-06-01 09:40 . 2001-11-09 10:19 53,248 --a------ C:\WINDOWS\system32\MMTray.exe
2008-06-01 09:40 . 2001-11-15 01:18 51,200 --a------ C:\WINDOWS\system32\M3JPEGenc.ax
2008-06-01 09:30 . 2008-06-01 09:30 <DIR> d-------- C:\Program Files\PowerISO
2008-06-01 09:22 . 2008-06-01 09:22 <DIR> d-------- C:\Program Files\Common Files\Acronis
2008-06-01 09:22 . 2008-06-01 09:22 <DIR> d-------- C:\Program Files\Acronis
2008-06-01 09:22 . 2008-06-01 09:22 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2008-06-01 09:14 . 2008-06-01 09:14 <DIR> d-------- C:\Program Files\SourceTec
2008-06-01 09:14 . 2008-06-01 09:14 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-06-01 09:08 . 2008-06-01 09:08 <DIR> d-------- C:\Program Files\Audio Maker Pro
2008-06-01 09:04 . 2000-08-22 15:09 532,480 --a------ C:\WINDOWS\system32\imagx5.dll
2008-06-01 09:04 . 2000-08-14 12:38 503,808 --a------ C:\WINDOWS\system32\imagr5.dll
2008-06-01 09:04 . 2000-08-29 13:08 275,312 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-06-01 09:04 . 2000-10-11 11:49 201,568 --a------ C:\WINDOWS\system32\CapPRO.dll
2008-06-01 09:04 . 2000-08-09 16:30 66,509 --a------ C:\WINDOWS\system32\Picn1220.ssm
2008-06-01 09:04 . 2000-08-09 16:10 37,553 --a------ C:\WINDOWS\system32\Picn1520.ssm
2008-06-01 09:04 . 2000-08-11 10:35 35,328 --a------ C:\WINDOWS\system32\picn20.dll
2008-06-01 09:03 . 1999-02-08 10:16 340,480 --a------ C:\WINDOWS\system32\ActBar.ocx
2008-06-01 09:01 . 2008-06-01 09:01 <DIR> d-------- C:\Program Files\Applet Headline Factory
2008-06-01 09:01 . 1999-11-11 15:42 297,472 --a------ C:\WINDOWS\system32\OpenClass.exe
2008-06-01 08:58 . 2008-06-01 08:58 <DIR> d-------- C:\Program Files\Free Icon Studio
2008-06-01 08:58 . 2003-09-10 12:09 140,288 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-06-01 08:58 . 2003-09-10 11:59 84,480 --a------ C:\WINDOWS\system32\axcolctl.ocx
2008-06-01 08:58 . 2003-09-10 11:59 69,632 --a------ C:\WINDOWS\system32\jckPortal.ocx
2008-06-01 08:58 . 2003-09-10 11:59 53,248 --a------ C:\WINDOWS\system32\vbalIcoM6.dll
2008-06-01 08:58 . 2003-09-10 11:59 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2008-06-01 08:56 . 2008-06-01 08:56 13 --a------ C:\WINDOWS\system32\WinSys64.crc
2008-06-01 08:51 . 2008-06-01 08:52 <DIR> d-------- C:\Program Files\Applet Marquee Wizard
2008-06-01 08:51 . 1996-09-11 14:33 48,640 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-06-01 08:50 . 2008-06-01 08:50 <DIR> d-------- C:\Program Files\Applet Navigation Factory 2.0
2008-06-01 08:39 . 2008-06-02 18:03 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-01 08:39 . 2008-06-01 08:39 <DIR> d-------- C:\Program Files\askSam
2008-06-01 08:38 . 2008-06-02 17:54 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-01 08:38 . 2008-06-02 15:50 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-01 05:09 . 2005-03-23 19:04 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-06-01 05:08 . 2005-03-23 19:06 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-06-01 05:08 . 2005-03-23 19:05 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-06-01 05:07 . 2005-03-23 19:06 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-06-01 05:07 . 2005-03-23 19:05 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-06-01 05:06 . 2005-03-23 19:04 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2008-06-01 05:06 . 2005-03-23 19:05 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-06-01 05:04 . 2008-06-04 12:02 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-06-01 05:03 . 2008-06-05 10:18 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-06-01 05:03 . 2008-06-02 10:42 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2008-06-01 05:03 . 2004-08-04 01:57 1,086,058 -ra------ C:\WINDOWS\SET4.tmp
2008-06-01 05:03 . 2004-08-04 02:03 1,042,903 -ra------ C:\WINDOWS\SET3.tmp
2008-06-01 05:03 . 2004-08-04 01:58 13,753 -ra------ C:\WINDOWS\SET8.tmp
2008-06-01 05:02 . 2004-10-15 00:30 155,648 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2008-06-01 05:02 . 2004-11-17 01:52 126,976 --a------ C:\WINDOWS\system32\Prounstl.exe
2008-06-01 05:02 . 2002-06-01 06:35 76,976 --a------ C:\WINDOWS\system32\drivers\pnp680r.sys
2008-06-01 05:02 . 2004-11-16 17:16 36,864 --a------ C:\WINDOWS\system32\e100bmsg.dll
2008-06-01 05:02 . 2004-10-30 01:01 19,456 --a------ C:\WINDOWS\system32\IntelNic.dll
2008-06-01 05:02 . 2004-10-15 00:22 5,110 --a------ C:\WINDOWS\system32\e100b325.din
2008-06-01 05:00 . 2008-05-31 19:16 <DIR> d--h----- C:\Documents and Settings\Default User
2008-06-01 05:00 . 2008-05-31 19:15 <DIR> d-------- C:\Documents and Settings\All Users
2008-06-01 05:00 . 2008-06-02 07:47 <DIR> d-------- C:\Documents and Settings
2008-06-01 05:00 . 2008-05-31 19:17 1,194 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-05-31 21:09 . 2008-05-31 21:09 <DIR> d-------- C:\Program Files\QuickTime
2008-05-31 21:09 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-05-31 21:09 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-05-31 21:00 . 2008-05-31 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-31 20:49 . 2008-06-01 09:28 <DIR> d-------- C:\Program Files\CoffeeCup Software
2008-05-31 20:49 . 2006-01-27 01:56 938,272 --a------ C:\WINDOWS\system32\wodFtpDLX.OCX
2008-05-31 20:44 . 2008-05-31 20:44 <DIR> d-------- C:\Program Files\Bonjour
2008-05-31 20:35 . 2008-05-31 20:35 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-31 20:34 . 2008-06-04 13:26 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-31 20:32 . 2008-05-31 20:32 <DIR> d-------- C:\Program Files\JGsoft
2008-05-31 20:32 . 2008-05-31 20:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\JGsoft
2008-05-31 20:32 . 2006-06-06 02:08 67,472 --a------ C:\WINDOWS\UnDeploy.exe
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-05 00:34 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-31 09:37 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-29 01:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 01:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 01:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
.

------- Sigcheck -------

2005-01-31 18:49 577024 f893a7a2045eb34bc2ca4d5708d1026e C:\WINDOWS\system32\user32.dll

2005-02-08 18:34 657920 a8eac5330876548e9966a7d13025d196 C:\WINDOWS\system32\wininet.dll

2005-01-19 20:50 359040 a8cc16a5b3faae8c9ec04e44ea952fc0 C:\WINDOWS\system32\drivers\tcpip.sys

2005-01-19 07:12 502784 b66dbc40d428fe1293041d621d836ac8 C:\WINDOWS\system32\winlogon.exe

2005-03-23 08:17 2056832 110e7aa558e68917696f45a2e9b0b68c C:\WINDOWS\system32\ntkrnlpa.exe

2005-01-21 06:45 2179456 cd532a08f0c9929e9e582b8248019a50 C:\WINDOWS\system32\ntoskrnl.exe

2005-01-31 18:49 1032192 98d45efddd1a67f90353be8d28ed72db C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-05_10.23.13.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 00:17:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 01:18:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-05 00:17:54 202,245 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-06-05 01:19:18 202,245 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-03-23 09:07 1694208]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 09:01 43008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 19:53 2209224]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 10:05 200704]
"MMTray"="MMTray.exe" [2001-11-09 10:19 53248 C:\WINDOWS\system32\MMTray.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 21:08 95504]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-04 10:45 917504]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Free WebSite Tools.lnk - C:\Program Files\CoffeeCup Software\CoffeeCup Free Image Slicer\ThirtyDayTimer.exe [2008-06-01 08:59:04 372224]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoInternetIcon"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=

S0 pnp680;pnp680;C:\WINDOWS\system32\drivers\pnp680.s ys [2005-03-23 08:49]

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 11:19:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2008-06-05 11:25:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 01:24:55
ComboFix2.txt 2008-06-05 00:24:01

Pre-Run: 68,853,641,216 bytes free
Post-Run: 68,846,731,264 bytes free

241
  #22  
Old 06-05-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,958
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: XP pro problems- started with no icons - will not install progs etc
This should be the last things to fix.Are things anybetter ?

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Killall::
File::
C:\WINDOWS\system32\akyttcrw.ini
C:\WINDOWS\system32\matnjmxi.dll
Folder::
C:\5pc17ed6.default


Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #23  
Old 06-05-2008
ozrock's Avatar
Bronze Member
  
Join Date: Jun 2008
Location: Sydney
Posts: 15
PC Experience: web designer - entertainment industry
ozrock - See this Members User comments on their Profile page
Default Re: XP pro problems- started with no icons - will not install progs etc
Thanks Pancake!! Yes it running much better..faster and it had allowed my NOD32 updates which were blocked. haven't tried IE yet as it had that blasted spywarefixer pop ups all over the place before. Here are the last logs..

ComboFix 08-06-04.1 - Administrator 2008-06-05 12:02:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1620 [GMT 10:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\system32\akyttcrw.ini
C:\WINDOWS\system32\matnjmxi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\5pc17ed6.default
C:\5pc17ed6.default\bookmarkbackups\bookmarks-2008-06-01.html
C:\5pc17ed6.default\bookmarks.bak
C:\5pc17ed6.default\bookmarks.html
C:\5pc17ed6.default\cert8.db
C:\5pc17ed6.default\chrome\userChrome-example.css
C:\5pc17ed6.default\chrome\userContent-example.css
C:\5pc17ed6.default\compatibility.ini
C:\5pc17ed6.default\compreg.dat
C:\5pc17ed6.default\cookies.txt
C:\5pc17ed6.default\downloads.rdf
C:\5pc17ed6.default\extensions.cache
C:\5pc17ed6.default\extensions.ini
C:\5pc17ed6.default\extensions.rdf
C:\5pc17ed6.default\formhistory.dat
C:\5pc17ed6.default\history.dat
C:\5pc17ed6.default\key3.db
C:\5pc17ed6.default\localstore.rdf
C:\5pc17ed6.default\mimeTypes.rdf
C:\5pc17ed6.default\prefs.js
C:\5pc17ed6.default\search.rdf
C:\5pc17ed6.default\search.sqlite
C:\5pc17ed6.default\secmod.db
C:\5pc17ed6.default\urlclassifier2.sqlite
C:\5pc17ed6.default\xpti.dat
C:\WINDOWS\system32\akyttcrw.ini
C:\WINDOWS\system32\matnjmxi.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-05 10:17 . 2008-06-05 10:17 <DIR> d--hs---- C:\WINDOWS\system32\dllcache
2008-06-05 09:47 . 2008-06-05 09:47 162,800 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-06-04 14:38 . 2008-06-04 14:38 <DIR> d-------- C:\Program Files\Belarc
2008-06-04 14:38 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-06-04 12:48 . 2008-06-04 12:48 <DIR> d-------- C:\Deckard
2008-06-04 12:47 . 2008-06-04 12:47 13 --a------ C:\WINDOWS\system32\WinUser32.crc
2008-06-04 12:09 . 2008-06-04 12:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-04 12:09 . 2008-06-04 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 12:08 . 2008-06-04 15:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 10:46 . 2008-06-04 10:45 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-06-04 10:46 . 2008-06-04 10:45 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-06-04 10:45 . 2008-06-05 12:03 <DIR> d-------- C:\Program Files\ESET
2008-06-04 09:17 . 2008-06-04 13:25 1,648 --a------ C:\WINDOWS\mozver.dat
2008-06-03 22:45 . 2008-06-03 22:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-03 22:45 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-06-03 21:23 . 2008-06-03 21:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-02 18:04 . 2008-06-02 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-06-02 17:59 . 2008-06-02 17:59 <DIR> d-------- C:\Program Files\Corel
2008-06-02 17:59 . 2008-06-02 18:01 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-06-02 17:59 . 2008-06-02 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-06-02 16:16 . 2008-06-02 16:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlobalSCAPE
2008-06-02 15:50 . 2008-06-02 15:50 <DIR> d-------- C:\Program Files\GlobalSCAPE
2008-06-02 15:45 . 2008-06-02 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-02 15:25 . 2008-06-02 15:29 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-02 15:25 . 2008-06-02 15:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-06-02 10:41 . 2008-06-02 10:41 <DIR> d-------- C:\6200ps2k
2008-06-02 10:21 . 2008-06-02 10:21 <DIR> d-------- C:\WINDOWS\Sun
2008-06-02 10:20 . 2008-06-02 10:20 <DIR> d-------- C:\Program Files\Java
2008-06-02 10:20 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-02 10:19 . 2008-06-02 10:19 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-02 07:47 . 2008-06-02 07:47 <DIR> d-------- C:\Documents and Settings\Webmaster
2008-06-01 20:00 . 2008-06-05 11:58 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-01 17:38 . 2008-06-02 19:39 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-01 17:12 . 2008-06-01 17:12 <DIR> d-------- C:\Thunderbird Signatures
2008-06-01 15:41 . 2008-06-01 15:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2008-06-01 11:45 . 2008-06-01 11:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-01 10:05 . 2008-06-03 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-01 09:50 . 2008-06-04 16:57 578 --a------ C:\WINDOWS\M3JPEG.INI
2008-06-01 09:44 . 2008-06-01 09:44 <DIR> d-------- C:\Program Files\Active WebCam
2008-06-01 09:44 . 2008-06-01 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PY_Software