Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

virus wont let me get to safemode [Closed]


  • This topic is locked This topic is locked

#1
anito

anito

    New Member

  • Member
  • Pip
  • 1 posts
help virus trouble :)
my computer wont go to safe mode due to a virus after pressing f8 and selecting safemode my comp just restarts but i can go in normal mode the virus also corupted my avira antivirus cause I get an error the av guard has been deleted or destroyed tried everything i know i even used combofix but still had the problem heres my hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:27 PM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\eBoostr\EBstrSvc.exe
H:\WINDOWS\System32\GEARSec.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\HHVcdV6Sys\VC6SecS.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\HHVcdV6Sys\VC6Play.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
L:\Internet Download Manager\IDMan.exe
H:\Program Files\eBoostr\eBoostrCP.exe
H:\Program Files\MagicDisc\MagicDisc.exe
L:\Internet Download Manager\IEMonitor.exe
H:\Program Files\Virtual CD v6\System\VC6Tray.exe
H:\WINDOWS\explorer.exe
H:\Program Files\SmartBRO\USB Modem.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
H:\DOCUME~1\kyo1.KYO\LOCALS~1\Temp\Rar$EX00.484\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - L:\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] H:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [VC6Player] H:\Program Files\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [AtiTrayTools] "H:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] L:\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = H:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: eBoostr Control Panel.lnk = H:\Program Files\eBoostr\eBoostrCP.exe
O8 - Extra context menu item: Download all links with IDM - L:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - L:\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - L:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{063230F4-62D1-4CD0-96C4-AB41C9AE6A16}: NameServer = 121.1.3.57 203.84.191.216
O17 - HKLM\System\CS18\Services\Tcpip\..\{063230F4-62D1-4CD0-96C4-AB41C9AE6A16}: NameServer = 121.1.3.57 203.84.191.216
O17 - HKLM\System\CS21\Services\Tcpip\..\{063230F4-62D1-4CD0-96C4-AB41C9AE6A16}: NameServer = 121.1.3.57 203.84.191.216
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - Unknown owner - H:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: GEARSecurity - GEAR Software - H:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - H:\Program Files\HHVcdV6Sys\VC6SecS.exe

--
End of file - 6106 bytes

and heres my combofix log
ComboFix 09-02-06.01 - kyo1 2009-02-07 12:35:27.14 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.658 [GMT -8:00]
Running from: L:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\program files\\setup.exe
h:\windows\system32\dumphive.exe
h:\windows\system32\IEDFix.exe
h:\windows\system32\iifdbYOf.dll
h:\windows\system32\mlJDuuSk.dll
h:\windows\system32\Process.exe
h:\windows\system32\SrchSTS.exe
h:\windows\system32\tmp.reg
h:\windows\system32\VACFix.exe
h:\windows\system32\VCCLSID.exe
h:\windows\system32\WS2Fix.exe
h:\windows\Tasks\tyrtwpjd.job

.
((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-02-05 23:11 . 2009-02-05 23:11 <DIR> d-------- h:\windows\Sun
2009-02-05 16:50 . 2009-02-05 16:50 <DIR> d-------- h:\program files\FreeFixer
2009-02-03 18:11 . 2009-02-03 18:11 <DIR> d-------- H:\DwnlData
2009-02-03 17:55 . 2009-02-03 17:55 120,286 --a------ h:\documents and settings\All Users.WINDOWS\Application Data\firstlsp.reg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 00:46 --------- d-----w h:\documents and settings\All Users.WINDOWS\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-12-28 00:04 --------- d-----w h:\program files\QuickSolutions
2008-12-27 21:12 --------- d-----w h:\program files\Rar Repair Tool
2008-12-26 03:50 21,904 ----a-w h:\documents and settings\kyo1.KYO\Application Data\GDIPFONTCACHEV1.DAT
2008-12-23 03:57 86,016 ----a-w h:\windows\system32\OpenAL32.dll
2008-12-23 03:57 413,696 ----a-w h:\windows\system32\wrap_oal.dll
2008-12-23 03:57 --------- d-----w h:\program files\OpenAL
2008-12-20 10:23 410,984 ----a-w h:\windows\system32\deploytk.dll
2008-12-20 10:23 --------- d-----w h:\program files\Java
2008-12-20 06:54 --------- d-----w h:\program files\Free M4a to MP3 Converter
2008-12-20 02:40 --------- d-----w h:\program files\the white chamber
2008-12-18 06:42 --------- d-----w h:\program files\ATITool
2008-12-18 06:28 --------- d-----w h:\program files\Ray Adams
2008-12-18 06:28 --------- d-----w h:\documents and settings\kyo1.KYO\Application Data\atitray
2008-12-15 20:28 48,128 ----a-w h:\windows\system32\tuvULETj.dll
2008-12-15 20:27 --------- d-----w h:\program files\Avira
2008-12-15 07:35 127,493 ----a-w H:\trial_setup.exe
2008-12-15 03:58 --------- d-----w h:\program files\SmartBRO
2008-12-12 02:24 --------- d-----w h:\documents and settings\kyo1.KYO\Application Data\ATI
2008-12-11 02:14 --------- d-----w h:\program files\GhostSecuritySuite
2008-12-08 07:20 --------- d-----w h:\program files\WinRescue XP
2008-12-08 01:05 --------- d-----w h:\program files\ATI Technologies(2)
2008-12-01 20:51 318,464 ----a-w h:\windows\system32\OLD6E.tmp
2008-12-01 20:40 143,360 ----a-w h:\windows\system32\OLD6A.tmp
2008-12-01 20:27 4,120,384 ----a-w h:\windows\system32\OLD6C.tmp
2008-12-01 20:11 2,495,360 ----a-w h:\windows\system32\OLD6B.tmp
2008-12-01 19:53 401,408 ----a-w h:\windows\system32\OLD69.tmp
2008-12-01 19:50 286,720 ----a-w h:\windows\system32\OLD68.tmp
2008-12-01 19:45 577,536 ----a-w h:\windows\system32\OLD6D.tmp
2005-09-10 03:55 7,155,864 ----a-w h:\program files\NGhost10.msi
2005-09-10 03:55 37,766,164 ----a-w h:\program files\Data1.cab
2005-09-10 03:55 35 ----a-w h:\program files\SCSSDist.ini
2002-08-30 21:50 35,840 ----a-w h:\program files\drvmgt.dll
2002-08-30 21:50 29,392 ----a-w h:\program files\secdrv.sys
2002-08-15 01:54 358,963 ----a-w h:\program files\binkw32.dll
2002-02-02 10:02 9,039,872 ----a-w h:\program files\Fate-WT.exe
1998-11-21 00:37 6,768 ----a-w h:\documents and settings\kyo1\TMP.EXE
2005-09-16 02:26 41,573 ----a-w h:\program files\mozilla firefox\components\jar50.dll
2005-09-16 02:26 160,871 ----a-w h:\program files\mozilla firefox\components\xpinstal.dll
2005-09-16 02:26 48,223 ----a-w h:\program files\mozilla firefox\components\jsd3250.dll
2005-09-16 02:26 150,912 ----a-w h:\program files\mozilla firefox\components\fullsoft.dll
2005-09-16 02:26 94,208 ----a-w h:\program files\mozilla firefox\components\BrandRes.dll
2005-09-16 02:26 8,813 ----a-w h:\program files\mozilla firefox\components\qfaservices.dll
.

((((((((((((((((((((((((((((( [email protected]_19.49.09.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-05-04 02:43:28 69,632 ----a-w h:\windows\ALCMTR.EXE
+ 2005-05-04 02:43:28 131,072 ----a-w h:\windows\ALCMTR.EXE
- 2003-06-14 01:23:06 50,176 ----a-w h:\windows\AppPatch\AppLoc.exe
+ 2003-06-14 01:23:06 111,616 ----a-w h:\windows\AppPatch\AppLoc.exe
- 2008-03-31 13:04:38 249,856 ------w h:\windows\eiunin21.exe
+ 2008-03-31 13:04:38 311,296 ------w h:\windows\eiunin21.exe
+ 2008-12-15 06:14:04 884,736 ----a-w h:\windows\gmer.dll
+ 2008-04-18 05:13:02 811,008 ----a-w h:\windows\gmer.exe
- 2008-01-04 06:40:32 10,134 ----a-r h:\windows\Installer\{E39041F7-6F24-439A-99BC-C2163BB1429B}\ARPPRODUCTICON.exe
+ 2008-12-15 19:09:02 10,134 ----a-r h:\windows\Installer\{E39041F7-6F24-439A-99BC-C2163BB1429B}\ARPPRODUCTICON.exe
- 2000-08-31 16:00:00 28,672 ----a-w h:\windows\NIRCMD.exe
+ 2000-08-31 16:00:00 29,696 ----a-w h:\windows\NIRCMD.exe
- 2008-12-21 03:00:40 290,816 ---ha-w h:\windows\repair\ntuser.dat
+ 2008-12-15 19:00:20 307,200 ---ha-w h:\windows\repair\ntuser.dat
- 2006-07-22 00:14:36 86,016 ----a-w h:\windows\SOUNDMAN.EXE
+ 2006-07-22 00:14:36 217,088 ----a-w h:\windows\SOUNDMAN.EXE
- 2007-06-07 06:45:00 26,112 ----a-w h:\windows\system32\Ati2mdxx.exe
+ 2007-06-07 06:45:00 87,552 ----a-w h:\windows\system32\Ati2mdxx.exe
- 2008-12-21 03:04:32 16,384 ----a-w h:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-15 19:04:06 16,384 ----a-w h:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-15 19:04:28 16,384 ----a-w h:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2008-12-21 03:04:32 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-15 19:04:06 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-15 19:04:06 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008121520081216\index.dat
- 2008-12-21 03:04:32 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-15 19:04:06 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-14 06:04:16 701,440 ----a-w h:\windows\system32\dllcache\ati2mtag.sys
+ 2001-08-23 12:00:00 11,264 ----a-w h:\windows\system32\dllcache\atrace.dll
+ 2008-04-14 03:42:36 774,144 ----a-w h:\windows\system32\dllcache\setup_wm.exe
+ 2008-04-14 03:42:42 73,728 ----a-w h:\windows\system32\dllcache\wmplayer.exe
+ 2008-12-15 06:14:04 85,969 ----a-w h:\windows\system32\drivers\gmer.sys
- 2008-04-14 08:15:40 32,128 ----a-w h:\windows\system32\drivers\usbccgp.sys
+ 2008-04-14 06:15:40 32,128 ----a-w h:\windows\system32\drivers\usbccgp.sys
- 2008-12-21 02:55:56 22,780 ----a-w h:\windows\system32\emptyregdb.dat
+ 2008-12-15 18:57:56 22,780 ----a-w h:\windows\system32\emptyregdb.dat
- 2008-12-22 20:51:24 80,744 ----a-w h:\windows\system32\FNTCACHE.DAT
+ 2008-12-15 19:03:42 102,232 ----a-w h:\windows\system32\FNTCACHE.DAT
- 2007-08-10 21:38:48 166,424 ----a-w h:\windows\system32\hkcmd.exe
+ 2007-08-10 21:38:48 227,864 ----a-w h:\windows\system32\hkcmd.exe
- 2007-08-10 21:38:52 526,872 ----a-w h:\windows\system32\igfxcfg.exe
+ 2007-08-10 21:38:52 588,312 ----a-w h:\windows\system32\igfxcfg.exe
- 2007-08-10 21:38:58 137,752 ----a-w h:\windows\system32\igfxpers.exe
+ 2007-08-10 21:38:58 199,192 ----a-w h:\windows\system32\igfxpers.exe
- 2007-08-10 21:39:02 141,848 ----a-w h:\windows\system32\igfxtray.exe
+ 2007-08-10 21:39:02 203,288 ----a-w h:\windows\system32\igfxtray.exe
- 2008-12-20 10:23:12 144,792 ----a-w h:\windows\system32\java.exe
+ 2008-12-20 10:23:12 206,232 ----a-w h:\windows\system32\java.exe
- 2005-07-21 05:07:00 1,519,616 ----a-w h:\windows\system32\nwiz.exe
+ 2005-07-21 05:07:00 1,581,056 ----a-w h:\windows\system32\nwiz.exe
- 2008-12-21 03:06:26 65,982 ----a-w h:\windows\system32\perfc009.dat
+ 2008-12-15 19:26:20 65,982 ----a-w h:\windows\system32\perfc009.dat
- 2008-12-21 03:06:26 402,040 ----a-w h:\windows\system32\perfh009.dat
+ 2008-12-15 19:26:20 402,040 ----a-w h:\windows\system32\perfh009.dat
+ 2008-04-14 13:41:50 229,376 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2cqag.dll
+ 2008-04-14 13:41:50 201,728 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2dvag.dll
+ 2007-06-07 06:45:00 42,496 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2edxx.dll
+ 2007-06-07 06:09:00 49,152 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2erec.dll
+ 2007-06-07 06:45:00 118,784 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2evxx.dll
+ 2007-06-07 06:43:00 483,328 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2evxx.exe
+ 2007-06-07 06:45:00 87,552 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\Ati2mdxx.exe
+ 2008-04-14 06:04:16 701,440 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2mtag.sys
+ 2008-04-14 13:41:52 1,888,992 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati3duag.dll
+ 2007-06-07 06:42:00 53,248 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ATIDDC.DLL
+ 2007-06-07 06:53:00 339,968 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ATIDEMGX.dll
+ 2007-04-05 22:15:00 144,357 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atiicdxx.dat
+ 2007-06-07 06:48:00 307,200 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atiiiexx.dll
+ 2007-06-07 06:11:00 262,144 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atikvmag.dll
+ 2007-06-07 07:00:00 8,097,792 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atioglx2.dll
+ 2007-06-07 06:21:00 5,431,296 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atioglxx.dll
+ 2007-06-07 06:30:00 50,176 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atiok3x2.dll
+ 2007-06-07 06:45:00 139,264 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atipdlxx.dll
+ 2007-06-07 06:10:00 17,408 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atitvo32.dll
+ 2001-11-09 19:01:00 24,064 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativcoxx.dll
+ 2007-06-07 06:25:00 3,107,788 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativva5x.dat
+ 2007-06-07 06:25:00 972,072 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativva6x.dat
+ 2007-06-07 06:25:00 3,107,788 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativvaxx.dat
+ 2008-04-14 13:41:52 516,768 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativvaxx.dll
+ 2007-06-07 06:45:00 118,784 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\Oemdspif.dll
+ 2007-06-07 06:04:00 368,640 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2cqag.dll
+ 2007-06-07 06:52:00 268,288 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2dvag.dll
+ 2007-06-07 06:45:00 42,496 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2edxx.dll
+ 2007-06-07 06:09:00 49,152 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2erec.dll
+ 2007-06-07 06:45:00 118,784 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2evxx.dll
+ 2007-06-07 06:43:00 483,328 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2evxx.exe
+ 2007-06-07 06:45:00 26,112 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\Ati2mdxx.exe
+ 2007-06-07 06:52:00 2,155,520 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2mtag.sys
+ 2007-06-07 06:35:00 2,922,208 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati3duag.dll
+ 2007-06-07 06:42:00 53,248 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ATIDDC.DLL
+ 2007-06-07 06:53:00 339,968 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ATIDEMGX.dll
+ 2007-04-05 22:15:00 144,357 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atiicdxx.dat
+ 2007-06-07 06:48:00 307,200 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atiiiexx.dll
+ 2007-06-07 06:11:00 262,144 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atikvmag.dll
+ 2007-06-07 07:00:00 8,097,792 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atioglx2.dll
+ 2007-06-07 06:21:00 5,431,296 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atioglxx.dll
+ 2007-06-07 06:30:00 50,176 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atiok3x2.dll
+ 2007-06-07 06:45:00 139,264 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atipdlxx.dll
+ 2007-06-07 06:10:00 17,408 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atitvo32.dll
+ 2001-11-09 19:01:00 24,064 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativcoxx.dll
+ 2007-06-07 06:25:00 3,107,788 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativva5x.dat
+ 2007-06-07 06:25:00 972,072 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativva6x.dat
+ 2007-06-07 06:25:00 3,107,788 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativvaxx.dat
+ 2007-06-07 06:25:00 1,512,960 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativvaxx.dll
+ 2007-06-07 06:45:00 118,784 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\Oemdspif.dll
+ 2006-01-09 17:36:06 102,400 ----a-w h:\windows\system32\swsc.exe
+ 2009-02-07 20:38:42 16,384 ----a-w h:\windows\temp\Perflib_Perfdata_57c.dat
+ 2009-02-07 20:38:42 16,384 ----a-w h:\windows\temp\Perflib_Perfdata_5a0.dat
+ 2001-08-23 12:00:00 921,088 ----a-w h:\windows\WinSxS\InstallTemp\112373\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="h:\program files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 521128]
"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="l:\internet download manager\IDMan.exe" [2008-12-26 2651568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="h:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"IMEKRMIG6.1"="h:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"VC6Player"="h:\program files\HHVcdV6Sys\VC6Play.exe" [2004-06-15 245760]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 198040]
"Ptipbmf"="ptipbmf.dll" [2003-06-19 h:\windows\system32\ptipbmf.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 h:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="h:\windows\system32\tscupgrd.exe" [BU]

h:\documents and settings\kyo1\Start Menu\Programs\Startup\
MagicDisc.lnk - h:\program files\MagicDisc\MagicDisc.exe [5/8/2008 7:45:57 PM 608256]

h:\documents and settings\kyo1.KYO\Start Menu\Programs\Startup\
MagicDisc.lnk - h:\program files\MagicDisc\MagicDisc.exe [5/8/2008 7:45:57 PM 608256]

h:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - h:\program files\eBoostr\eBoostrCP.exe [12/25/2007 10:19:14 AM 695944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
"MaxRecentDocs"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 h:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-03 03:03 176128 h:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain

[HKLM\~\startupfolder\H:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=h:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=h:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\H:^Documents and Settings^kyo1.KYO^Start Menu^Programs^Startup^MagicDisc.lnk]
path=h:\documents and settings\kyo1.KYO\Start Menu\Programs\Startup\MagicDisc.lnk
backup=h:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
\ [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-12-13 15:30 58992 h:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:42 15360 h:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 03:48 219032 h:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 06:08 197576 h:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
--a------ 2007-04-08 09:44 303104 h:\program files\Essentials Codec Pack\update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-07-28 22:35 156165 h:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
--a------ 2005-09-09 19:09 1537648 h:\program files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-07-20 21:07 86016 h:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 00:05 217088 h:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--ahs---- 2008-07-28 18:04 2097664 h:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 131072 h:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2003-03-19 22:21 1855488 h:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-07-20 21:07 1581056 h:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
-ra------ 2003-06-19 23:06 118784 h:\windows\system32\ptipbmf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RawOs]
--a------ 2008-04-14 03:42 155648 h:\windows\system32\wscript.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-09-12 16:58 16264192 h:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-07-21 16:14 217088 h:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 17:56 24576 h:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"CiSvc"=3 (0x3)
"srservice"=2 (0x2)
"Schedule"=2 (0x2)
"wuauserv"=2 (0x2)
"ewido anti-spyware 4.0 guard"=2 (0x2)
"UPS"=3 (0x3)
"WZCSVC"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"ImapiService"=3 (0x3)
"NVSvc"=2 (0x2)
"aspnet_state"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"AntiVirMailService"=2 (0x2)
"AVEService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Medal of Honor Pacific Assault\\mohpa.exe"=
"h:\\WINDOWS\\system32\\wscntfy.exe"=
"h:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"t:\\NOOB_KILLER_JUC.SOH.FUST.KG.Leerz.u\\NOOB.KILLER.leerz.exe"=
"h:\\WINDOWS\\system32\\taskmgr.exe"=
"h:\\Program Files\\Ray Adams\\ATI Tray Tools\\atitray.exe"=
"l:\\Internet Download Manager\\IEMonitor.exe"=
"l:\\Internet Download Manager\\IDMan.exe"=
"h:\\Program Files\\Virtual CD v6\\System\\VC6Tray.exe"=
"h:\\Program Files\\Stardock\\Object Desktop\\WindowBlinds\\wbload.exe"=
"h:\\Program Files\\eBoostr\\eBoostrCP.exe"=
"h:\\Program Files\\HHVcdV6Sys\\VC6Play.exe"=
"h:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"l:\\KOEI\\Dynasty Warriors 6\\DW6_WIN..exe"=
"h:\\WINDOWS\\SOUNDMAN.EXE"=
"h:\\PROGRA~1\\MAGICD~1\\MAGICD~1.EXE"=
"h:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 eBoost;eBoostr caching filter driver;h:\windows\system32\drivers\EBoost.sys [12/25/2007 10:19:18 AM 72840]
R1 atitray;atitray;h:\program files\Ray Adams\ATI Tray Tools\atitray.sys [5/22/2007 1:04:54 AM 18088]
R2 EBOOSTRSVC;eBoostr Service;h:\program files\eBoostr\EBstrSvc.exe [12/25/2007 10:19:18 AM 814728]
R3 aic32p;aic32p;\??\h:\windows\system32\drivers\lnmmqn.sys --> h:\windows\system32\drivers\lnmmqn.sys [?]
R3 padenum;Enumerador de dispositivos de NTPAD;h:\windows\system32\drivers\padenum.sys [2/21/2000 11:07:27 AM 10624]
R3 PsxPortEnumerator;Psx Port Enumerator;h:\windows\system32\drivers\psxenum.sys [8/26/2008 8:13:41 PM 16896]
R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;h:\windows\system32\drivers\cmusbser.sys [12/26/2008 5:15:55 PM 97408]
S3 avfwim;AvFw Packet Filter Miniport;h:\windows\system32\DRIVERS\avfwim.sys --> h:\windows\system32\DRIVERS\avfwim.sys [?]
S3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;h:\windows\system32\drivers\psxpad.sys [8/26/2008 8:13:41 PM 12160]
S3 VendorJoystickEnabler;Driver para joystick paralelo de consola;h:\windows\system32\drivers\NTPAD.sys [2/21/2000 11:07:27 AM 20992]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATI_HOTKEY_POLLER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4a1689c-d3b3-11dd-a001-d601c0b82d16}]
\Shell\AutoRun\command - p:\.\ShowModem.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-23 h:\windows\Tasks\XoftSpySE.job
- h:\program files\XoftSpySE\XoftSpy.exe []

2009-02-07 h:\windows\Tasks\XoftSpySE 2.job
- h:\program files\XoftSpySE\XoftSpy.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Download all links with IDM - l:\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - l:\internet download manager\IEGetVL.htm
IE: Download with IDM - l:\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{85e1f530-48f4-11d9-9629-08ff2ffc9f67}
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 12:39:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3929224f-24c8-4a83-8013-9dc820bec416}]
@Denied: (Full) (Everyone)
"Model"=dword:00000169
"Therad"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6b,9c,25,27,e4,dd,db,ab,e1,2a,14,a0,86,ab,f4,8a,30,56,53,b7,a1,
83,97,54,fe,fb,31,2d,94,ea,98,9f,70,95,2f,08,9c,16,b4,54,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):14,81,58,da,bb,2b,62,36,ea,b3,e6,7d,64,33,bb,e3,68,b1,0c,a6,c2,
57,d8,7a,6e,30,cf,e6,27,79,23,fa,15,62,0a,87,a1,f3,20,0b,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{95add45d-3634-4363-9fc7-cd22b378c88b}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015d
"Therad"=dword:00000016
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
h:\windows\system32\Ati2evxx.dll
h:\progra~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
h:\progra~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
.
------------------------ Other Running Processes ------------------------
.
h:\windows\SYSTEM32\SAVEDUMP.EXE
h:\windows\SYSTEM32\GEARSEC.EXE
h:\program files\JAVA\JRE6\BIN\JQS.EXE
h:\program files\HHVCDV6SYS\VC6SECS.EXE
h:\windows\SYSTEM32\WSCNTFY.EXE
l:\internet download manager\IEMonitor.exe
h:\program files\Virtual CD v6\System\VC6Tray.exe
.
**************************************************************************
.
Completion time: 2009-02-07 12:41:11 - machine was rebooted
ComboFix4.txt 2008-12-13 05:13:04
ComboFix-quarantined-files.txt 2009-02-07 20:41:10
ComboFix3.txt 2008-12-15 03:49:34
ComboFix2.txt 2008-12-15 02:43:42

Pre-Run: 2,564,517,888 bytes free
Post-Run: 1,523,736,576 bytes free

406

i even tried OTScanit heres the log
[code=auto:0]OTScanIt2 logfile created on: 2/7/2009 12:48:30 PM - Run 3
OTScanIt2 by OldTimer - Version 1.0.7.1 Folder = L:\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 601.47 Mb Available Physical Memory | 58.85% Memory free
2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.07% Paging File free
Paging file location(s): h:\pagefile.sys 1536 2971;

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive C: | 17.57 Gb Total Space | 0.07 Gb Free Space | 0.41% Space Free | Partition Type: FAT32
Drive D: | 9.77 Gb Total Space | 0.24 Gb Free Space | 2.44% Space Free | Partition Type: FAT32
Drive E: | 17.56 Gb Total Space | 2.04 Gb Free Space | 11.63% Space Free | Partition Type: FAT32
Drive F: | 39.36 Gb Total Space | 0.34 Gb Free Space | 0.85% Space Free | Partition Type: FAT32
Drive G: | 9.76 Gb Total Space | 0.25 Gb Free Space | 2.56% Space Free | Partition Type: FAT32
Drive H: | 17.69 Gb Total Space | 1.45 Gb Free Space | 8.20% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive J: | 27.49 Gb Total Space | 0.17 Gb Free Space | 0.62% Space Free | Partition Type: NTFS
Drive L: | 37.28 Gb Total Space | 21.05 Gb Free Space | 56.47% Space Free | Partition Type: NTFS
Drive N: | 9.77 Gb Total Space | 0.31 Gb Free Space | 3.18% Space Free | Partition Type: NTFS
Drive R: | 1.92 Gb Total Space | 0.68 Gb Free Space | 35.32% Space Free | Partition Type: FAT32
Drive T: | 3.84 Gb Total Space | 1.89 Gb Free Space | 49.31% Space Free | Partition Type: FAT32

Computer Name: KYO
Current User Name: kyo1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

[Processes - All]
atitray.exe -> %ProgramFiles%\Ray Adams\ATI Tray Tools\atitray.exe -> [2007/05/22 01:04:58 | 00,521,128 | ---- | M | MD5 = C88C118F98EDA0E891796BA07545AB58] (Ray Adams)
csrss.exe -> %SystemRoot%\system32\csrss.exe -> [2008/04/14 03:42:16 | 00,006,144 | ---- | M | MD5 = 44F275C64738EA2056E3D9580C23B60F] (Microsoft Corporation)
ctfmon.exe -> %SystemRoot%\system32\ctfmon.exe -> [2008/04/14 03:42:18 | 00,015,360 | ---- | M | MD5 = 5F1D5F88303D4A4DBC8E5F97BA967CC3] (Microsoft Corporation)
eboostrcp.exe -> %ProgramFiles%\eBoostr\eBoostrCP.exe -> [2007/12/30 04:23:26 | 00,695,944 | ---- | M | MD5 = 968A693FF98B992C87E0854B30F4F148] (eBoostr.com)
ebstrsvc.exe -> %ProgramFiles%\eBoostr\EBstrSvc.exe -> [2007/12/30 03:59:14 | 00,814,728 | ---- | M | MD5 = 8FA2F1AD7A05961B4F507EC4AACA162B] ()
explorer.exe -> %SystemRoot%\explorer.exe -> [2008/04/14 03:42:20 | 01,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/07/28 23:13:08 | 06,772,741 | ---- | M | MD5 = 001621459C0351D99462B82DCB0A9010] (Mozilla)
gearsec.exe -> %SystemRoot%\System32\GEARSec.exe -> [2005/09/09 19:09:10 | 00,053,248 | ---- | M | MD5 = B6E01969246FCB67470E87E6957EE147] (GEAR Software)
idman.exe -> L:\Internet Download Manager\IDMan.exe -> [2008/12/26 18:39:07 | 02,651,568 | ---- | M | MD5 = C441FE748ED3AD73BCC96FC3BFF34B84] (Tonec Inc.)
iemonitor.exe -> L:\Internet Download Manager\IEMonitor.exe -> [2007/02/19 06:53:54 | 00,251,576 | ---- | M | MD5 = E732348FE3A96496D1215A215173577A] (Tonec Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/20 02:23:12 | 00,152,984 | ---- | M | MD5 = 32192B4EBE8720ED8D49A455C962CB91] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/20 02:23:12 | 00,198,040 | ---- | M | MD5 = 42B35369616EBB5DF58268675CFC09EF] (Sun Microsystems, Inc.)
lsass.exe -> %SystemRoot%\system32\lsass.exe -> [2008/04/14 03:42:26 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
magicdisc.exe -> %ProgramFiles%\MagicDisc\MagicDisc.exe -> [2008/02/18 17:32:32 | 00,608,256 | ---- | M | MD5 = 425B5F31BDD604888505393D93F4F6DD] (MagicISO, Inc.)
otscanit2.exe -> L:\OTScanIt2\OTScanIt2.exe -> [2009/01/26 12:13:22 | 00,485,376 | ---- | M | MD5 = 3D02CF885C7951FABCA124D35041CB92] (OldTimer Tools)
rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> [2006/09/12 16:58:14 | 16,264,192 | ---- | M | MD5 = 692733BE9E923044CEBC96CF882CCEBE] (Realtek Semiconductor Corp.)
services.exe -> %SystemRoot%\system32\services.exe -> [2008/04/14 03:42:36 | 00,108,544 | ---- | M | MD5 = 0E776ED5F7CC9F94299E70461B7B8185] (Microsoft Corporation)
smss.exe -> %SystemRoot%\System32\smss.exe -> [2008/04/14 03:42:38 | 00,050,688 | ---- | M | MD5 = 5F816C1F539266D2D4C78694239DA0B5] (Microsoft Corporation)
spoolsv.exe -> %SystemRoot%\system32\spoolsv.exe -> [2008/04/14 03:42:38 | 00,057,856 | ---- | M | MD5 = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\rpcss.dll [DcomLaunch] -> [2008/04/14 03:42:06 | 00,399,360 | ---- | M | MD5 = 2589FE6015A316C0F5D5112B4DA7B509] (Microsoft Corporation)
-> %SystemRoot%\System32\termsrv.dll [TermService] -> [2008/04/14 05:42:08 | 00,295,424 | ---- | M | MD5 = FF3477C03BE7201C294C35F684B3479F] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
-> %SystemRoot%\System32\ipnathlp.dll [SharedAccess] -> [2008/04/14 03:41:56 | 00,331,264 | ---- | M | MD5 = 83F41D0D89645D7235C051AB1D9523AC] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\System32\rpcss.dll [RpcSs] -> [2008/04/14 03:42:06 | 00,399,360 | ---- | M | MD5 = 2589FE6015A316C0F5D5112B4DA7B509] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
svchost.exe -> %SystemRoot%\system32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\alrsvc.dll [Alerter] -> [2008/04/14 03:41:50 | 00,017,408 | ---- | M | MD5 = A9A3DAA780CA6C9671A19D52456705B4] (Microsoft Corporation)
-> %SystemRoot%\System32\lmhsvc.dll [LmHosts] -> [2008/04/14 03:41:58 | 00,013,824 | ---- | M | MD5 = A7DB739AE99A796D91580147E919CC59] (Microsoft Corporation)
-> %SystemRoot%\system32\regsvc.dll [RemoteRegistry] -> [2008/04/14 03:42:06 | 00,059,904 | ---- | M | MD5 = 5B19B557B0C188210A56A6B699D90B8F] (Microsoft Corporation)
-> %SystemRoot%\System32\ssdpsrv.dll [SSDPSRV] -> [2008/04/14 03:42:08 | 00,071,680 | ---- | M | MD5 = 0A5679B3714EDAB99E357057EE88FCA6] (Microsoft Corporation)
-> %SystemRoot%\System32\upnphost.dll [upnphost] -> [2008/04/14 03:42:10 | 00,185,856 | ---- | M | MD5 = 1EBAFEB9A3FBDC41B8D9C7F0F687AD91] (Microsoft Corporation)
-> %SystemRoot%\System32\webclnt.dll [WebClient] -> [2008/04/14 03:42:10 | 00,068,096 | ---- | M | MD5 = 77A354E28153AD2D5E120A5A8687BC06] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
svchost.exe -> %SystemRoot%\System32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\System32\appmgmts.dll [AppMgmt] -> [2008/04/14 03:41:50 | 00,167,936 | ---- | M | MD5 = D8849F77C0B66226335A59D26CB4EDC6] (Microsoft Corporation)
-> %SystemRoot%\System32\audiosrv.dll [AudioSrv] -> [2008/04/14 03:41:52 | 00,042,496 | ---- | M | MD5 = DEF7A7882BEC100FE0B2CE2549188F9D] (Microsoft Corporation)
-> %SystemRoot%\system32\qmgr.dll [BITS] -> [2008/04/14 05:42:04 | 00,409,088 | ---- | M | MD5 = 574738F61FCA2935F5265DC4E5691314] (Microsoft Corporation)
-> %SystemRoot%\System32\browser.dll [Browser] -> [2008/04/14 03:41:52 | 00,077,824 | ---- | M | MD5 = A06CE3399D16DB864F55FAEB1F1927A9] (Microsoft Corporation)
-> %SystemRoot%\System32\cryptsvc.dll [CryptSvc] -> [2008/04/14 03:41:52 | 00,062,464 | ---- | M | MD5 = 3D4E199942E29207970E04315D02AD3B] (Microsoft Corporation)
-> %SystemRoot%\System32\dhcpcsvc.dll [Dhcp] -> [2008/04/14 03:41:52 | 00,126,976 | ---- | M | MD5 = 5E38D7684A49CACFB752B046357E0589] (Microsoft Corporation)
-> %SystemRoot%\System32\dmserver.dll [dmserver] -> [2008/04/14 03:41:54 | 00,023,552 | ---- | M | MD5 = 57EDEC2E5F59F0335E92F35184BC8631] (Microsoft Corp.)
-> %SystemRoot%\System32\ersvc.dll [ERSvc] -> [2008/04/14 03:41:54 | 00,023,040 | ---- | M | MD5 = BC93B4A066477954555966D77FEC9ECB] (Microsoft Corporation)
-> %SystemRoot%\system32\es.dll [EventSystem] -> [2008/04/14 03:41:54 | 00,246,272 | ---- | M | MD5 = 19A799805B24990867B00C120D300C3A] (Microsoft Corporation)
-> %SystemRoot%\System32\shsvcs.dll [FastUserSwitchingCompatibility] -> [2008/04/14 03:42:06 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> [2008/04/14 05:42:04 | 00,038,400 | ---- | M | MD5 = 4FCCA060DFE0C51A09DD5C3843888BCD] (Microsoft Corporation)
-> %SystemRoot%\System32\hidserv.dll [HidServ] -> File not found
-> %SystemRoot%\System32\kmsvc.dll [hkmsvc] -> [2008/04/14 03:41:58 | 00,061,440 | ---- | M | MD5 = 8878BD685E490239777BFE51320B88E9] (Microsoft Corporation)
-> %SystemRoot%\System32\irmon.dll [Irmon] -> [2008/04/14 05:41:56 | 00,028,160 | ---- | M | MD5 = 49CC4533CE897CB2E93C1E84A818FDE5] (Microsoft Corporation)
-> %SystemRoot%\System32\srvsvc.dll [LanmanServer] -> [2008/04/14 03:42:08 | 00,096,768 | ---- | M | MD5 = F385F4B02C535BFFE1D70CAB80838123] (Microsoft Corporation)
-> %SystemRoot%\System32\wkssvc.dll [lanmanworkstation] -> [2008/04/14 03:42:10 | 00,132,096 | ---- | M | MD5 = 1B67B632786FEF1C1BBAEF46C2F3F2E6] (Microsoft Corporation)
-> %SystemRoot%\System32\msgsvc.dll [Messenger] -> [2008/04/14 03:42:00 | 00,033,792 | ---- | M | MD5 = 986B1FF5814366D71E0AC5755C88F2D3] (Microsoft Corporation)
-> %SystemRoot%\System32\qagentrt.dll [napagent] -> [2008/04/14 03:42:04 | 00,291,328 | ---- | M | MD5 = 0102140028FAD045756796E1C685D695] (Microsoft Corporation)
-> %SystemRoot%\System32\netman.dll [Netman] -> [2008/04/14 03:42:02 | 00,198,144 | ---- | M | MD5 = 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE] (Microsoft Corporation)
-> %SystemRoot%\System32\mswsock.dll [Nla] -> [2008/04/14 03:42:02 | 00,245,248 | ---- | M | MD5 = B4138E99236F0F57D4CF49BAE98A0746] (Microsoft Corporation)
-> %SystemRoot%\system32\ntmssvc.dll [NtmsSvc] -> [2008/04/14 03:42:04 | 00,435,200 | ---- | M | MD5 = 156F64A3345BD23C600655FB4D10BC08] (Microsoft Corporation)
-> %SystemRoot%\System32\rasauto.dll [RasAuto] -> [2008/04/14 03:42:04 | 00,088,576 | ---- | M | MD5 = AD188BE7BDF94E8DF4CA0A55C00A5073] (Microsoft Corporation)
-> %SystemRoot%\System32\rasmans.dll [RasMan] -> [2008/04/14 03:42:04 | 00,186,368 | ---- | M | MD5 = 76A9A3CBEADD68CC57CDA5E1D7448235] (Microsoft Corporation)
-> %SystemRoot%\System32\mprdim.dll [RemoteAccess] -> [2008/04/14 03:41:58 | 00,053,248 | ---- | M | MD5 = 7E699FF5F59B5D9DE5390E3C34C67CF5] (Microsoft Corporation)
-> %SystemRoot%\system32\schedsvc.dll [Schedule] -> [2008/04/14 05:42:06 | 00,192,512 | ---- | M | MD5 = 0A9A7365A1CA4319AA7C1D6CD8E4EAFA] (Microsoft Corporation)
-> %SystemRoot%\System32\seclogon.dll [seclogon] -> [2008/04/14 03:42:06 | 00,018,944 | ---- | M | MD5 = CBE612E2BB6A10E3563336191EDA1250] (Microsoft Corporation)
-> %SystemRoot%\system32\sens.dll [SENS] -> [2008/04/14 03:42:06 | 00,039,424 | ---- | M | MD5 = 7FDD5D0684ECA8C1F68B4D99D124DCD0] (Microsoft Corporation)
-> %SystemRoot%\System32\ipnathlp.dll [SharedAccess] -> [2008/04/14 03:41:56 | 00,331,264 | ---- | M | MD5 = 83F41D0D89645D7235C051AB1D9523AC] (Microsoft Corporation)
-> %SystemRoot%\System32\shsvcs.dll [ShellHWDetection] -> [2008/04/14 03:42:06 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\system32\srsvc.dll [srservice] -> [2008/04/14 05:42:08 | 00,171,008 | ---- | M | MD5 = 3805DF0AC4296A34BA4BF93B346CC378] (Microsoft Corporation)
-> %SystemRoot%\System32\tapisrv.dll [TapiSrv] -> [2008/04/14 03:42:08 | 00,249,856 | ---- | M | MD5 = 3CB78C17BB664637787C9A1C98F79C38] (Microsoft Corporation)
-> %SystemRoot%\System32\shsvcs.dll [Themes] -> [2008/04/14 03:42:06 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\system32\trkwks.dll [TrkWks] -> [2008/04/14 03:42:08 | 00,090,112 | ---- | M | MD5 = 55BCA12F7F523D35CA3CB833C725F54E] (Microsoft Corporation)
-> %SystemRoot%\system32\w32time.dll [W32Time] -> [2008/04/14 03:42:10 | 00,175,104 | ---- | M | MD5 = 54AF4B1D5459500EF0937F6D33B1914F] (Microsoft Corporation)
-> %SystemRoot%\system32\wbem\WMIsvc.dll [winmgmt] -> [2008/04/14 05:42:10 | 00,144,896 | ---- | M | MD5 = 2D0E4ED081963804CCC196A0929275B5] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
-> %SystemRoot%\System32\advapi32.dll [Wmi] -> [2008/04/14 03:41:50 | 00,617,472 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
-> %SystemRoot%\system32\wscsvc.dll [wscsvc] -> [2008/04/14 03:42:12 | 00,080,896 | ---- | M | MD5 = 7C278E6408D1DCE642230C0585A854D5] (Microsoft Corporation)
-> %SystemRoot%\system32\wuauserv.dll [wuauserv] -> [2008/04/14 05:42:12 | 00,006,656 | ---- | M | MD5 = 35321FB577CDC98CE3EB3A3EB9E4610A] (Microsoft Corporation)
-> %SystemRoot%\System32\wzcsvc.dll [WZCSVC] -> [2008/04/14 03:51:44 | 00,483,840 | ---- | M | MD5 = 81DC3F549F44B1C1FFF022DEC9ECF30B] (Microsoft Corporation)
-> %SystemRoot%\System32\xmlprov.dll [xmlprov] -> [2008/04/14 03:42:12 | 00,129,024 | ---- | M | MD5 = 295D21F14C335B53CB8154E5B1F892B9] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\System32\dnsrslvr.dll [Dnscache] -> [2008/04/14 03:41:54 | 00,045,568 | ---- | M | MD5 = 474B4DC3983173E4B4C9740B0DAC98A6] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
usb modem.exe -> %ProgramFiles%\SmartBRO\USB Modem.exe -> [2008/07/07 13:00:26 | 03,686,400 | ---- | M | MD5 = 9421D28B7D552EC3A2A46FD42FF6F229] ()
vc6play.exe -> %ProgramFiles%\HHVcdV6Sys\VC6Play.exe -> [2004/06/15 09:24:06 | 00,245,760 | ---- | M | MD5 = D68348D15B0608CEE165876F17190ACC] (H+H Software GmbH)
vc6secs.exe -> %ProgramFiles%\HHVcdV6Sys\VC6SecS.exe -> [2004/05/07 11:38:00 | 00,098,304 | ---- | M | MD5 = 585C78B6B118699DCC8F31791C562500] (H+H Software GmbH)
vc6tray.exe -> %ProgramFiles%\Virtual CD v6\System\VC6Tray.exe -> [2004/06/10 17:00:18 | 00,258,048 | ---- | M | MD5 = 6D104E1A95F45383D02DEE88ABB5E857] (H+H Software GmbH)
  • 0

Advertisements


#2
Blade81

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi

You've got a Sality infection there. Unfortunately, that means only way to get rid of it is to do system reformat. Also, since the infection spreads thru usb removable drives, you have to reformat all those usb storages that has been used with this infected system.
  • 0

#3
Blade81

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP