View Full Version : Can't install antivirus software & disable wzc
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:32:08, on 16-1-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Keybreeze\Keybreeze.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jonas\My Documents\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\iehelper3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Keybreeze] C:\Program Files\Keybreeze\Keybreeze.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151070346581
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 10120 bytes
My wzc service is disabled and I get an 1068 error when I try to enable it.
Also I can't install antivirus software (tried avg/nod32/avfree).
Please help!
Hi
Download GMER (http://www.gmer.net/gmer.zip) and save it your desktop:
Extract it to your desktop and double-click GMER.exe
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
Hi! Thanks for you response.
Before I start scanning GMER I get the following error:
http://bewoog.nl/filez/warning00.jpg
Afterwards I got this error:
http://bewoog.nl/filez/warning.jpg
I thought it might be essential information...
Here is the log (it's waaaay to large to post here): http://bewoog.nl/filez/GMERlog.txt
Thanks!
Hi
Yes. You've got rootkit stealth using Bagle there. I recommend you change all your passwords using other non-infected system if it's possible.
1. Download this file -
combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your desktop.
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your
next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall
Hi Blade81.
Bad news: Combofix.exe only shows a blue screen. It doesn't prompt me to do anything.
Thanks a lot for your help!
Hi
Try to run ComboFix using these instructions:
1. Ensure that you have latest combofix.exe on your desktop.
2. Make sure you save and close ALL open windows and programs that you are running in the taskbar as combofix will attempt to end all non-windows processes for a faster and more successful cleaning.
Click start > run > copy and paste:
"%userprofile%\desktop\combofix.exe" /killall
It worked!
Here is the log:
ComboFix 08-01-23.2 - Jonas 2008-01-25 11:59:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.662 [GMT 1:00]
Running from: C:\Documents and Settings\Jonas\desktop\ComboFix.exe
Command switches used :: /killall
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NPF
-------\LEGACY_SROSA
-------\NPF
-------\srosa
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.
2008-01-25 12:09 . 2008-01-25 12:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-25 12:09 . 2008-01-25 12:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-25 11:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 15:35 . 2008-01-23 15:35 <DIR> d-------- C:\Program Files\ViceVersa Pro 2
2008-01-22 12:00 . 2008-01-24 14:43 250 --a------ C:\WINDOWS\gmer.ini
2008-01-22 10:21 . 2008-01-22 10:28 <DIR> d-------- C:\Program Files\crayon
2008-01-21 16:37 . 2004-08-04 08:20 2,180,992 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-01-21 16:37 . 2004-08-04 08:20 2,180,992 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-17 01:58 . 2008-01-23 23:18 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-01-17 01:46 . 2008-01-17 01:46 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-17 01:46 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-17 01:46 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-17 01:46 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-17 01:46 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-16 22:35 . 2008-01-17 01:37 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-16 18:16 . 2008-01-16 18:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-16 16:03 . 2003-07-16 21:25 11,776 --a------ C:\WINDOWS\system32\chkdsk.exe
2008-01-16 15:46 . 2008-01-16 15:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-15 13:31 . 2008-01-23 19:08 70,660 --a------ C:\WINDOWS\system32\mdelk.exe
2008-01-15 11:07 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-13 12:09 . 2008-01-13 12:09 <DIR> d-------- C:\Program Files\Common Files\Mediafour
2008-01-10 10:19 . 2004-02-20 15:14 110,592 --------- C:\WINDOWS\system32\AegisI5.exe
2008-01-10 10:19 . 2008-01-10 10:19 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-01-06 23:59 . 2006-01-12 02:03 561,022 --------- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-06 23:50 . 2008-01-06 23:50 <DIR> d-------- C:\Program Files\Wondershare
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-25 11:09 --------- d-----w C:\Program Files\KeyBreeze
2008-01-24 13:07 --------- d-----w C:\Program Files\NOD32
2008-01-24 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 13:03 --------- d-----w C:\Program Files\Crimson Editor
2008-01-23 17:06 --------- d-----w C:\Program Files\eMule 0.47c beba_v1.3
2008-01-22 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-22 09:36 --------- d-----w C:\Program Files\Red Kawa
2008-01-22 09:34 --------- d-----w C:\Program Files\MXPLAY
2008-01-13 11:09 --------- d-----w C:\Program Files\Mediafour
2008-01-09 23:00 --------- d-----w C:\Program Files\Cisco Systems
2008-01-02 13:25 --------- d-----w C:\Program Files\SyncBackSE
2007-12-18 21:32 --------- d-----w C:\Program Files\ACD Systems
2007-12-18 21:31 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-12-17 08:53 256 --sh--w C:\SYSFH.SYS
2007-12-06 23:07 --------- d-----w C:\Program Files\Java
2007-12-05 15:31 --------- d-----w C:\Program Files\MSN Messenger
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}]
2007-05-17 23:05 71184 -ra------ C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{A08FB30D-51C4-4E54-AA5E-FF18739802EA}]
@=Mediafour Mac Volume Icons
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"="C:\WINDOWS\system32\wintems.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RegKillElbyCheck"="C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2001-12-06 13:09 45056]
"MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2007-05-20 14:29 86016]
"Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2007-05-20 14:31 61440]
"MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2007-05-20 14:29 94208]
"Keybreeze"="C:\Program Files\Keybreeze\Keybreeze.exe" [2007-01-26 04:34 1089536]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-30 11:15 335872]
"MRT"="C:\WINDOWS\system32\MRT.exe" [2008-01-02 19:21 17642616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]
C:\Documents and Settings\Jonas\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-20 18:57:16 2913584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility]
C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2007-05-20 14:30 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"MMReminderService"=C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
"BCMSMMSG"=BCMSMMSG.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Lightroom\apdproxy.exe"
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe
R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2007-05-20 14:30]
R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2007-05-20 14:32]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:56]
R3 RegKill;RegKill;C:\WINDOWS\system32\Drivers\RegKill.sys [2002-03-10 04:37]
S3 QuarticsWP;QuarticsWP_Display_Driver;C:\WINDOWS\system32\DRIVERS\QuarticsWP.sys []
S3 QuarticsWPMirror;QuarticsWPMirror_Display_Driver;C:\WINDOWS\system32\DRIVERS\QuarticsWPMirror.sys []
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 14:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 14:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 14:38]
S3 vidcap;vidcap;C:\WINDOWS\system32\DRIVERS\vidcap.sys []
S3 zlportio;zlportio;C:\Program Files\UltraStar\zlportio.sys []
S4 Inmsrapidm;Inmsrapidm;C:\WINDOWS\system32\ieudinit.exe [2007-10-10 11:59]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{878ba328-9481-11dc-90e8-000f1f269dc3}]
\Shell\AutoRun\command - SVCH0ST.EXE
\Shell\explore\Command - SVCH0ST.EXE
\Shell\open\Command - SVCH0ST.EXE
.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 16:50:49 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-11 19:22:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-25 10:55:19 C:\WINDOWS\Tasks\User_Feed_Synchronization-{461E792E-BAA7-4F83-8703-30762A76001B}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-25 12:09:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Hi
Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Upload following file to http://virusscan.jotti.org or http://www.virustotal.com and post back the results:
C:\SYSFH.SYS
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop. Don't run it yet.
Please download also SafeBootKeyRepair.exe by sUBs to repair Safe Mode.
Download HERE (http://www.techsupportforum.com/sectools/sUBs/SafeBootKeyRepair.exe) to your desktop. Don't run it yet.
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
Folder::
C:\WINDOWS\system32\drivers\down
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"=-
Save this as
CFScript
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Hi!
Couldn't find SYSFH.SYS (I did make hidden files visible, but it's just not there...).
Ran CFScript and combofix produced the following log:
----------
-- 1/2 ---
----------
ComboFix 08-01-23.2 - Jonas 2008-01-28 12:26:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.603 [GMT 1:00]
Running from: C:\Documents and Settings\Jonas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jonas\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\102657.exe
C:\WINDOWS\system32\drivers\down\104279.exe
C:\WINDOWS\system32\drivers\down\104880.exe
C:\WINDOWS\system32\drivers\down\109607.exe
C:\WINDOWS\system32\drivers\down\115235.exe
C:\WINDOWS\system32\drivers\down\118640.exe
C:\WINDOWS\system32\drivers\down\120363.exe
C:\WINDOWS\system32\drivers\down\124519.exe
C:\WINDOWS\system32\drivers\down\126171.exe
C:\WINDOWS\system32\drivers\down\126501.exe
C:\WINDOWS\system32\drivers\down\128284.exe
C:\WINDOWS\system32\drivers\down\128925.exe
C:\WINDOWS\system32\drivers\down\129764150.exe
C:\WINDOWS\system32\drivers\down\129765162.exe
C:\WINDOWS\system32\drivers\down\129773073.exe
C:\WINDOWS\system32\drivers\down\129778040.exe
C:\WINDOWS\system32\drivers\down\129787885.exe
C:\WINDOWS\system32\drivers\down\129803207.exe
C:\WINDOWS\system32\drivers\down\129805019.exe
C:\WINDOWS\system32\drivers\down\129805630.exe
C:\WINDOWS\system32\drivers\down\129816736.exe
C:\WINDOWS\system32\drivers\down\129826781.exe
C:\WINDOWS\system32\drivers\down\129832419.exe
C:\WINDOWS\system32\drivers\down\129834361.exe
C:\WINDOWS\system32\drivers\down\129835603.exe
C:\WINDOWS\system32\drivers\down\129846709.exe
C:\WINDOWS\system32\drivers\down\129849323.exe
C:\WINDOWS\system32\drivers\down\129849794.exe
C:\WINDOWS\system32\drivers\down\129850154.exe
C:\WINDOWS\system32\drivers\down\129852157.exe
C:\WINDOWS\system32\drivers\down\129861811.exe
C:\WINDOWS\system32\drivers\down\129867459.exe
C:\WINDOWS\system32\drivers\down\129900917.exe
C:\WINDOWS\system32\drivers\down\129918092.exe
C:\WINDOWS\system32\drivers\down\129930720.exe
C:\WINDOWS\system32\drivers\down\134383.exe
C:\WINDOWS\system32\drivers\down\139921.exe
C:\WINDOWS\system32\drivers\down\141413.exe
C:\WINDOWS\system32\drivers\down\143145.exe
C:\WINDOWS\system32\drivers\down\144351716.exe
C:\WINDOWS\system32\drivers\down\144396921.exe
C:\WINDOWS\system32\drivers\down\144401538.exe
C:\WINDOWS\system32\drivers\down\144410170.exe
C:\WINDOWS\system32\drivers\down\144421597.exe
C:\WINDOWS\system32\drivers\down\144423840.exe
C:\WINDOWS\system32\drivers\down\144423940.exe
C:\WINDOWS\system32\drivers\down\144434696.exe
C:\WINDOWS\system32\drivers\down\144438611.exe
C:\WINDOWS\system32\drivers\down\144440013.exe
C:\WINDOWS\system32\drivers\down\144441105.exe
C:\WINDOWS\system32\drivers\down\144443919.exe
C:\WINDOWS\system32\drivers\down\144447965.exe
C:\WINDOWS\system32\drivers\down\144451259.exe
C:\WINDOWS\system32\drivers\down\144451830.exe
C:\WINDOWS\system32\drivers\down\144452091.exe
C:\WINDOWS\system32\drivers\down\144452571.exe
C:\WINDOWS\system32\drivers\down\144454294.exe
C:\WINDOWS\system32\drivers\down\144459802.exe
C:\WINDOWS\system32\drivers\down\144488052.exe
C:\WINDOWS\system32\drivers\down\144489474.exe
C:\WINDOWS\system32\drivers\down\144496074.exe
C:\WINDOWS\system32\drivers\down\14468454.exe
C:\WINDOWS\system32\drivers\down\14469285.exe
C:\WINDOWS\system32\drivers\down\14480571.exe
C:\WINDOWS\system32\drivers\down\14485438.exe
C:\WINDOWS\system32\drivers\down\14528410.exe
C:\WINDOWS\system32\drivers\down\14532096.exe
C:\WINDOWS\system32\drivers\down\14533488.exe
C:\WINDOWS\system32\drivers\down\14546787.exe
C:\WINDOWS\system32\drivers\down\14557512.exe
C:\WINDOWS\system32\drivers\down\14568167.exe
C:\WINDOWS\system32\drivers\down\14570130.exe
C:\WINDOWS\system32\drivers\down\14571823.exe
C:\WINDOWS\system32\drivers\down\14579544.exe
C:\WINDOWS\system32\drivers\down\14581627.exe
C:\WINDOWS\system32\drivers\down\14586984.exe
C:\WINDOWS\system32\drivers\down\14587295.exe
C:\WINDOWS\system32\drivers\down\14590740.exe
C:\WINDOWS\system32\drivers\down\14627413.exe
C:\WINDOWS\system32\drivers\down\14627513.exe
C:\WINDOWS\system32\drivers\down\14630327.exe
C:\WINDOWS\system32\drivers\down\14631218.exe
C:\WINDOWS\system32\drivers\down\14631288.exe
C:\WINDOWS\system32\drivers\down\14631839.exe
C:\WINDOWS\system32\drivers\down\14632079.exe
C:\WINDOWS\system32\drivers\down\14632210.exe
C:\WINDOWS\system32\drivers\down\14632310.exe
C:\WINDOWS\system32\drivers\down\14632380.exe
C:\WINDOWS\system32\drivers\down\14632640.exe
C:\WINDOWS\system32\drivers\down\14632670.exe
C:\WINDOWS\system32\drivers\down\14632850.exe
C:\WINDOWS\system32\drivers\down\14632961.exe
C:\WINDOWS\system32\drivers\down\14633001.exe
C:\WINDOWS\system32\drivers\down\14633051.exe
C:\WINDOWS\system32\drivers\down\14633061.exe
C:\WINDOWS\system32\drivers\down\14633501.exe
C:\WINDOWS\system32\drivers\down\14634112.exe
C:\WINDOWS\system32\drivers\down\14634793.exe
C:\WINDOWS\system32\drivers\down\14640201.exe
C:\WINDOWS\system32\drivers\down\14670084.exe
C:\WINDOWS\system32\drivers\down\14679057.exe
C:\WINDOWS\system32\drivers\down\14695480.exe
C:\WINDOWS\system32\drivers\down\147702.exe
C:\WINDOWS\system32\drivers\down\14795955.exe
C:\WINDOWS\system32\drivers\down\14827671.exe
C:\WINDOWS\system32\drivers\down\14946622.exe
C:\WINDOWS\system32\drivers\down\14995262.exe
C:\WINDOWS\system32\drivers\down\15006508.exe
C:\WINDOWS\system32\drivers\down\15006538.exe
C:\WINDOWS\system32\drivers\down\15021499.exe
C:\WINDOWS\system32\drivers\down\15031313.exe
C:\WINDOWS\system32\drivers\down\15039004.exe
C:\WINDOWS\system32\drivers\down\15041899.exe
C:\WINDOWS\system32\drivers\down\15046485.exe
C:\WINDOWS\system32\drivers\down\15075687.exe
C:\WINDOWS\system32\drivers\down\15088796.exe
C:\WINDOWS\system32\drivers\down\15091951.exe
C:\WINDOWS\system32\drivers\down\15093453.exe
C:\WINDOWS\system32\drivers\down\15095235.exe
C:\WINDOWS\system32\drivers\down\15105720.exe
C:\WINDOWS\system32\drivers\down\15111729.exe
C:\WINDOWS\system32\drivers\down\15155272.exe
C:\WINDOWS\system32\drivers\down\15169833.exe
C:\WINDOWS\system32\drivers\down\15181810.exe
C:\WINDOWS\system32\drivers\down\152509.exe
C:\WINDOWS\system32\drivers\down\154001.exe
C:\WINDOWS\system32\drivers\down\158998.exe
C:\WINDOWS\system32\drivers\down\159449.exe
C:\WINDOWS\system32\drivers\down\161960957.exe
C:\WINDOWS\system32\drivers\down\161969069.exe
C:\WINDOWS\system32\drivers\down\161973074.exe
C:\WINDOWS\system32\drivers\down\161973826.exe
C:\WINDOWS\system32\drivers\down\161979764.exe
C:\WINDOWS\system32\drivers\down\161984621.exe
C:\WINDOWS\system32\drivers\down\164596.exe
C:\WINDOWS\system32\drivers\down\168832.exe
C:\WINDOWS\system32\drivers\down\174390.exe
C:\WINDOWS\system32\drivers\down\177535.exe
C:\WINDOWS\system32\drivers\down\178847.exe
C:\WINDOWS\system32\drivers\down\180850.exe
C:\WINDOWS\system32\drivers\down\182312.exe
C:\WINDOWS\system32\drivers\down\183093.exe
C:\WINDOWS\system32\drivers\down\204704.exe
C:\WINDOWS\system32\drivers\down\208960.exe
C:\WINDOWS\system32\drivers\down\209230.exe
C:\WINDOWS\system32\drivers\down\210773.exe
C:\WINDOWS\system32\drivers\down\211634.exe
C:\WINDOWS\system32\drivers\down\213617.exe
C:\WINDOWS\system32\drivers\down\215910.exe
C:\WINDOWS\system32\drivers\down\217092.exe
C:\WINDOWS\system32\drivers\down\222850.exe
C:\WINDOWS\system32\drivers\down\229720.exe
C:\WINDOWS\system32\drivers\down\233595.exe
C:\WINDOWS\system32\drivers\down\253724.exe
C:\WINDOWS\system32\drivers\down\262237.exe
C:\WINDOWS\system32\drivers\down\262908.exe
C:\WINDOWS\system32\drivers\down\264620.exe
C:\WINDOWS\system32\drivers\down\267744.exe
C:\WINDOWS\system32\drivers\down\268986.exe
C:\WINDOWS\system32\drivers\down\269807.exe
C:\WINDOWS\system32\drivers\down\270338.exe
C:\WINDOWS\system32\drivers\down\272211.exe
C:\WINDOWS\system32\drivers\down\272331.exe
C:\WINDOWS\system32\drivers\down\275616.exe
C:\WINDOWS\system32\drivers\down\276297.exe
C:\WINDOWS\system32\drivers\down\282606.exe
C:\WINDOWS\system32\drivers\down\289035.exe
C:\WINDOWS\system32\drivers\down\29036632.exe
C:\WINDOWS\system32\drivers\down\29036712.exe
C:\WINDOWS\system32\drivers\down\29038304.exe
C:\WINDOWS\system32\drivers\down\29039696.exe
C:\WINDOWS\system32\drivers\down\29040257.exe
C:\WINDOWS\system32\drivers\down\29040457.exe
C:\WINDOWS\system32\drivers\down\29040858.exe
C:\WINDOWS\system32\drivers\down\29041339.exe
C:\WINDOWS\system32\drivers\down\29041369.exe
C:\WINDOWS\system32\drivers\down\29041479.exe
C:\WINDOWS\system32\drivers\down\29041509.exe
C:\WINDOWS\system32\drivers\down\29041569.exe
C:\WINDOWS\system32\drivers\down\29041589.exe
C:\WINDOWS\system32\drivers\down\29041609.exe
C:\WINDOWS\system32\drivers\down\29041629.exe
C:\WINDOWS\system32\drivers\down\29041649.exe
C:\WINDOWS\system32\drivers\down\29337975.exe
C:\WINDOWS\system32\drivers\down\29440563.exe
C:\WINDOWS\system32\drivers\down\29441084.exe
C:\WINDOWS\system32\drivers\down\29441144.exe
C:\WINDOWS\system32\drivers\down\29441825.exe
C:\WINDOWS\system32\drivers\down\29442305.exe
C:\WINDOWS\system32\drivers\down\29627241.exe
C:\WINDOWS\system32\drivers\down\29628133.exe
C:\WINDOWS\system32\drivers\down\29635814.exe
C:\WINDOWS\system32\drivers\down\29644005.exe
C:\WINDOWS\system32\drivers\down\29672426.exe
C:\WINDOWS\system32\drivers\down\29676502.exe
C:\WINDOWS\system32\drivers\down\29676632.exe
C:\WINDOWS\system32\drivers\down\29685114.exe
C:\WINDOWS\system32\drivers\down\29691213.exe
C:\WINDOWS\system32\drivers\down\29694057.exe
C:\WINDOWS\system32\drivers\down\29698934.exe
C:\WINDOWS\system32\drivers\down\29704272.exe
C:\WINDOWS\system32\drivers\down\29715218.exe
C:\WINDOWS\system32\drivers\down\29719864.exe
C:\WINDOWS\system32\drivers\down\29720275.exe
C:\WINDOWS\system32\drivers\down\29720706.exe
C:\WINDOWS\system32\drivers\down\29720926.exe
C:\WINDOWS\system32\drivers\down\29725563.exe
C:\WINDOWS\system32\drivers\down\29731211.exe
C:\WINDOWS\system32\drivers\down\29761685.exe
C:\WINDOWS\system32\drivers\down\29764408.exe
C:\WINDOWS\system32\drivers\down\29772170.exe
C:\WINDOWS\system32\drivers\down\321832.exe
C:\WINDOWS\system32\drivers\down\329393.exe
C:\WINDOWS\system32\drivers\down\332778.exe
C:\WINDOWS\system32\drivers\down\348300.exe
C:\WINDOWS\system32\drivers\down\351184.exe
C:\WINDOWS\system32\drivers\down\376651.exe
C:\WINDOWS\system32\drivers\down\40468831.exe
C:\WINDOWS\system32\drivers\down\40474709.exe
C:\WINDOWS\system32\drivers\down\40495529.exe
C:\WINDOWS\system32\drivers\down\40510971.exe
C:\WINDOWS\system32\drivers\down\40523019.exe
C:\WINDOWS\system32\drivers\down\40538761.exe
C:\WINDOWS\system32\drivers\down\40551860.exe
C:\WINDOWS\system32\drivers\down\40553552.exe
C:\WINDOWS\system32\drivers\down\40572510.exe
C:\WINDOWS\system32\drivers\down\40591237.exe
C:\WINDOWS\system32\drivers\down\40601091.exe
C:\WINDOWS\system32\drivers\down\40608191.exe
C:\WINDOWS\system32\drivers\down\40611636.exe
C:\WINDOWS\system32\drivers\down\40643271.exe
C:\WINDOWS\system32\drivers\down\40650782.exe
C:\WINDOWS\system32\drivers\down\40651984.exe
C:\WINDOWS\system32\drivers\down\40657191.exe
C:\WINDOWS\system32\drivers\down\40661628.exe
C:\WINDOWS\system32\drivers\down\40672283.exe
C:\WINDOWS\system32\drivers\down\40678142.exe
C:\WINDOWS\system32\drivers\down\40727182.exe
C:\WINDOWS\system32\drivers\down\40733681.exe
C:\WINDOWS\system32\drivers\down\44189811.exe
C:\WINDOWS\system32\drivers\down\44463805.exe
C:\WINDOWS\system32\drivers\down\44473359.exe
C:\WINDOWS\system32\drivers\down\44481060.exe
C:\WINDOWS\system32\drivers\down\44533265.exe
C:\WINDOWS\system32\drivers\down\44537010.exe
C:\WINDOWS\system32\drivers\down\44538352.exe
C:\WINDOWS\system32\drivers\down\44547405.exe
C:\WINDOWS\system32\drivers\down\44557840.exe
C:\WINDOWS\system32\drivers\down\44563018.exe
C:\WINDOWS\system32\drivers\down\44565061.exe
C:\WINDOWS\system32\drivers\down\44567775.exe
C:\WINDOWS\system32\drivers\down\44580833.exe
C:\WINDOWS\system32\drivers\down\44584238.exe
C:\WINDOWS\system32\drivers\down\44585099.exe
C:\WINDOWS\system32\drivers\down\44585821.exe
C:\WINDOWS\system32\drivers\down\44586652.exe
C:\WINDOWS\system32\drivers\down\44607291.exe
C:\WINDOWS\system32\drivers\down\44613631.exe
C:\WINDOWS\system32\drivers\down\44644885.exe
C:\WINDOWS\system32\drivers\down\44651986.exe
C:\WINDOWS\system32\drivers\down\44662601.exe
C:\WINDOWS\system32\drivers\down\53296.exe
C:\WINDOWS\system32\drivers\down\53693747.exe
C:\WINDOWS\system32\drivers\down\53695690.exe
C:\WINDOWS\system32\drivers\down\53696671.exe
C:\WINDOWS\system32\drivers\down\53696761.exe
C:\WINDOWS\system32\drivers\down\53697082.exe
C:\WINDOWS\system32\drivers\down\53697242.exe
C:\WINDOWS\system32\drivers\down\53697723.exe
C:\WINDOWS\system32\drivers\down\53697943.exe
C:\WINDOWS\system32\drivers\down\53698053.exe
C:\WINDOWS\system32\drivers\down\53699095.exe
C:\WINDOWS\system32\drivers\down\53700006.exe
C:\WINDOWS\system32\drivers\down\53700246.exe
C:\WINDOWS\system32\drivers\down\53700447.exe
C:\WINDOWS\system32\drivers\down\53700487.exe
C:\WINDOWS\system32\drivers\down\53700507.exe
C:\WINDOWS\system32\drivers\down\53700637.exe
C:\WINDOWS\system32\drivers\down\53700777.exe
C:\WINDOWS\system32\drivers\down\54928.exe
C:\WINDOWS\system32\drivers\down\56130.exe
C:\WINDOWS\system32\drivers\down\56601.exe
C:\WINDOWS\system32\drivers\down\56841.exe
C:\WINDOWS\system32\drivers\down\57739765.exe
C:\WINDOWS\system32\drivers\down\57742699.exe
C:\WINDOWS\system32\drivers\down\57744021.exe
C:\WINDOWS\system32\drivers\down\57744091.exe
C:\WINDOWS\system32\drivers\down\57745283.exe
C:\WINDOWS\system32\drivers\down\57745944.exe
C:\WINDOWS\system32\drivers\down\57873.exe
C:\WINDOWS\system32\drivers\down\58353.exe
C:\WINDOWS\system32\drivers\down\58814.exe
C:\WINDOWS\system32\drivers\down\59093922.exe
C:\WINDOWS\system32\drivers\down\59094994.exe
C:\WINDOWS\system32\drivers\down\59113120.exe
C:\WINDOWS\system32\drivers\down\59119799.exe
C:\WINDOWS\system32\drivers\down\59144705.exe
C:\WINDOWS\system32\drivers\down\59150253.exe
C:\WINDOWS\system32\drivers\down\59150283.exe
C:\WINDOWS\system32\drivers\down\59155671.exe
C:\WINDOWS\system32\drivers\down\59158375.exe
C:\WINDOWS\system32\drivers\down\59161179.exe
C:\WINDOWS\system32\drivers\down\59162330.exe
C:\WINDOWS\system32\drivers\down\59168740.exe
C:\WINDOWS\system32\drivers\down\59176291.exe
C:\WINDOWS\system32\drivers\down\59182219.exe
C:\WINDOWS\system32\drivers\down\59182539.exe
C:\WINDOWS\system32\drivers\down\59183030.exe
C:\WINDOWS\system32\drivers\down\59183992.exe
C:\WINDOWS\system32\drivers\down\59186405.exe
C:\WINDOWS\system32\drivers\down\59190451.exe
C:\WINDOWS\system32\drivers\down\59221666.exe
C:\WINDOWS\system32\drivers\down\59227414.exe
C:\WINDOWS\system32\drivers\down\59235155.exe
C:\WINDOWS\system32\drivers\down\59255.exe
C:\WINDOWS\system32\drivers\down\59275.exe
C:\WINDOWS\system32\drivers\down\59345.exe
C:\WINDOWS\system32\drivers\down\59365.exe
C:\WINDOWS\system32\drivers\down\59395.exe
C:\WINDOWS\system32\drivers\down\59495.exe
C:\WINDOWS\system32\drivers\down\62139.exe
C:\WINDOWS\system32\drivers\down\62850.exe
C:\WINDOWS\system32\drivers\down\72147292.exe
C:\WINDOWS\system32\drivers\down\72147943.exe
C:\WINDOWS\system32\drivers\down\72148474.exe
C:\WINDOWS\system32\drivers\down\72148524.exe
C:\WINDOWS\system32\drivers\down\72149044.exe
C:\WINDOWS\system32\drivers\down\72149375.exe
C:\WINDOWS\system32\drivers\down\76990.exe
C:\WINDOWS\system32\drivers\down\81657.exe
C:\WINDOWS\system32\drivers\down\83229.exe
C:\WINDOWS\system32\drivers\down\84030.exe
C:\WINDOWS\system32\drivers\down\84211.exe
C:\WINDOWS\system32\drivers\down\84301.exe
C:\WINDOWS\system32\drivers\down\84892.exe
C:\WINDOWS\system32\drivers\down\85673.exe
C:\WINDOWS\system32\drivers\down\85783.exe
C:\WINDOWS\system32\drivers\down\85853.exe
C:\WINDOWS\system32\drivers\down\85883.exe
C:\WINDOWS\system32\drivers\down\85943.exe
C:\WINDOWS\system32\drivers\down\85953.exe
C:\WINDOWS\system32\drivers\down\85973.exe
C:\WINDOWS\system32\drivers\down\86093.exe
C:\WINDOWS\system32\drivers\down\86123.exe
C:\WINDOWS\system32\drivers\down\86794.exe
C:\WINDOWS\system32\drivers\down\87565.exe
C:\WINDOWS\system32\drivers\down\90510.exe
.
---- Previous Run -------
.
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NPF
-------\LEGACY_SROSA
-------\NPF
-------\srosa
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.
2008-01-25 12:15 . 2008-01-25 12:15 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-25 12:09 . 2008-01-28 09:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-25 12:09 . 2008-01-25 12:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-25 11:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 15:35 . 2008-01-23 15:35 <DIR> d-------- C:\Program Files\ViceVersa Pro 2
2008-01-22 12:00 . 2008-01-24 14:43 250 --a------ C:\WINDOWS\gmer.ini
2008-01-22 10:21 . 2008-01-22 10:28 <DIR> d-------- C:\Program Files\crayon
2008-01-21 16:37 . 2007-02-28 10:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-01-21 16:37 . 2007-02-28 10:10 2,180,352 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-17 01:46 . 2008-01-17 01:46 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-17 01:46 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-17 01:46 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-17 01:46 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-17 01:46 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-16 22:35 . 2008-01-17 01:37 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-16 18:16 . 2008-01-16 18:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-16 16:03 . 2003-07-16 21:25 11,776 --a------ C:\WINDOWS\system32\chkdsk.exe
2008-01-16 15:46 . 2008-01-16 15:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-15 11:07 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-13 12:09 . 2008-01-13 12:09 <DIR> d-------- C:\Program Files\Common Files\Mediafour
2008-01-10 10:19 . 2004-02-20 15:14 110,592 --------- C:\WINDOWS\system32\AegisI5.exe
2008-01-10 10:19 . 2008-01-10 10:19 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-01-06 23:50 . 2008-01-06 23:50 <DIR> d-------- C:\Program Files\Wondershare
.
---- see next post for rest of log
----------
-- 2/2 ---
----------
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 08:50 --------- d-----w C:\Program Files\KeyBreeze
2008-01-27 20:48 --------- d-----w C:\Program Files\eMule 0.47c beba_v1.3
2008-01-24 13:07 --------- d-----w C:\Program Files\NOD32
2008-01-24 13:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 13:03 --------- d-----w C:\Program Files\Crimson Editor
2008-01-22 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-22 09:36 --------- d-----w C:\Program Files\Red Kawa
2008-01-22 09:34 --------- d-----w C:\Program Files\MXPLAY
2008-01-13 11:09 --------- d-----w C:\Program Files\Mediafour
2008-01-09 23:00 --------- d-----w C:\Program Files\Cisco Systems
2008-01-02 13:25 --------- d-----w C:\Program Files\SyncBackSE
2007-12-18 21:32 --------- d-----w C:\Program Files\ACD Systems
2007-12-18 21:31 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-12-17 08:53 256 --sh--w C:\SYSFH.SYS
2007-12-06 23:07 --------- d-----w C:\Program Files\Java
2007-12-05 15:31 --------- d-----w C:\Program Files\MSN Messenger
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-25_12.17.01.99 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-03-02 01:04:22 2,179,456 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
- 2005-02-24 17:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
+ 2005-02-24 18:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
- 2005-02-24 17:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
+ 2005-02-24 18:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
- 2005-02-24 17:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
+ 2005-02-24 18:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
+ 2005-02-24 18:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
- 2005-02-24 17:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
+ 2005-02-24 18:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
+ 2007-02-28 09:55:14 2,182,144 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-02-28 09:10:57 2,180,352 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
- 2008-01-25 10:59:25 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-28 11:26:41 1,122,304 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-25 10:59:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-28 11:26:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-25 10:59:25 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-28 11:26:41 1,118,208 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-25 10:59:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-28 11:26:41 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-25 10:59:26 14,827,520 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-28 11:26:42 15,626,240 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-25 10:59:26 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-28 11:26:42 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 15:44:15 10,134 ----a-r C:\WINDOWS\Installer\{BB703122-AF65-4AD9-BCA0-273E165DABEE}\callmsi.exe
+ 2008-01-25 15:44:15 136,448 ----a-r C:\WINDOWS\Installer\{BB703122-AF65-4AD9-BCA0-273E165DABEE}\egui.exe
- 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-11-14 14:03:52 33,800 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
+ 2007-11-14 14:04:14 27,656 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
+ 2007-11-14 14:06:38 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2008-01-13 11:13:56 1,823,168 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-25 21:52:11 572,488 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-01-17 01:29:24 71,312 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-25 11:13:47 71,312 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-17 01:29:24 439,392 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-25 11:13:48 439,392 ----a-w C:\WINDOWS\system32\perfh009.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}]
2007-05-17 23:05 71184 -ra------ C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{A08FB30D-51C4-4E54-AA5E-FF18739802EA}]
@=Mediafour Mac Volume Icons
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RegKillElbyCheck"="C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2001-12-06 13:09 45056]
"Keybreeze"="C:\Program Files\Keybreeze\Keybreeze.exe" [2007-01-26 04:34 1089536]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-30 11:15 335872]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05 1410304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]
C:\Documents and Settings\Jonas\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-20 18:57:16 2913584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility]
C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll 2007-05-20 14:30 61440 C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"MMReminderService"=C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
"BCMSMMSG"=BCMSMMSG.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Lightroom\apdproxy.exe"
"Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
"MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
"MDDiskProtect.exe"=C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2007-05-20 14:30]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-14 15:06]
R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2007-05-20 14:32]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:56]
R3 RegKill;RegKill;C:\WINDOWS\system32\Drivers\RegKill.sys [2002-03-10 04:37]
S3 QuarticsWP;QuarticsWP_Display_Driver;C:\WINDOWS\system32\DRIVERS\QuarticsWP.sys []
S3 QuarticsWPMirror;QuarticsWPMirror_Display_Driver;C:\WINDOWS\system32\DRIVERS\QuarticsWPMirror.sys []
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 14:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 14:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 14:38]
S3 vidcap;vidcap;C:\WINDOWS\system32\DRIVERS\vidcap.sys []
S3 zlportio;zlportio;C:\Program Files\UltraStar\zlportio.sys []
S4 Inmsrapidm;Inmsrapidm;C:\WINDOWS\system32\ieudinit.exe [2007-10-10 11:59]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{878ba328-9481-11dc-90e8-000f1f269dc3}]
\Shell\AutoRun\command - SVCH0ST.EXE
\Shell\explore\Command - SVCH0ST.EXE
\Shell\open\Command - SVCH0ST.EXE
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 16:40:51 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-01-25 19:22:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-27 11:32:34 C:\WINDOWS\Tasks\User_Feed_Synchronization-{461E792E-BAA7-4F83-8703-30762A76001B}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 12:34:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
THanks!
Hi
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
To run SafeBootKeyRepair.exe:
1. Close all programs/windows so that you have nothing open and are at your Desktop.
2. Double-click the SafeBootKeyRepair.exe file.
When finished, it shall produce a log for you.
3. Post the entire contents of C:\SafeBoot_Repair.txt in your next reply.
Run Kaspersky scanner and post its report & a fresh hjt log.
Due to inactivity, this thread will now be closed.
Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.