my computer wont go to safe mode due to a virus after pressing f8 and selecting safemode my comp just restarts but i can go in normal mode the virus also corupted my avira antivirus cause I get an error the av guard has been deleted or destroyed tried everything i know i even used combofix but still had the problem heres my hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:27 PM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\eBoostr\EBstrSvc.exe
H:\WINDOWS\System32\GEARSec.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\HHVcdV6Sys\VC6SecS.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\HHVcdV6Sys\VC6Play.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
L:\Internet Download Manager\IDMan.exe
H:\Program Files\eBoostr\eBoostrCP.exe
H:\Program Files\MagicDisc\MagicDisc.exe
L:\Internet Download Manager\IEMonitor.exe
H:\Program Files\Virtual CD v6\System\VC6Tray.exe
H:\WINDOWS\explorer.exe
H:\Program Files\SmartBRO\USB Modem.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
H:\DOCUME~1\kyo1.KYO\LOCALS~1\Temp\Rar$EX00.484\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - L:\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] H:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [VC6Player] H:\Program Files\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [AtiTrayTools] "H:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] L:\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = H:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: eBoostr Control Panel.lnk = H:\Program Files\eBoostr\eBoostrCP.exe
O8 - Extra context menu item: Download all links with IDM - L:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - L:\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - L:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{063230F4-62D1-4CD0-96C4-AB41C9AE6A16}: NameServer = 121.1.3.57 203.84.191.216
O17 - HKLM\System\CS18\Services\Tcpip\..\{063230F4-62D1-4CD0-96C4-AB41C9AE6A16}: NameServer = 121.1.3.57 203.84.191.216
O17 - HKLM\System\CS21\Services\Tcpip\..\{063230F4-62D1-4CD0-96C4-AB41C9AE6A16}: NameServer = 121.1.3.57 203.84.191.216
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - Unknown owner - H:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: GEARSecurity - GEAR Software - H:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - H:\Program Files\HHVcdV6Sys\VC6SecS.exe
--
End of file - 6106 bytes
and heres my combofix log
ComboFix 09-02-06.01 - kyo1 2009-02-07 12:35:27.14 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.658 [GMT -8:00]
Running from: L:\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
h:\program files\\setup.exe
h:\windows\system32\dumphive.exe
h:\windows\system32\IEDFix.exe
h:\windows\system32\iifdbYOf.dll
h:\windows\system32\mlJDuuSk.dll
h:\windows\system32\Process.exe
h:\windows\system32\SrchSTS.exe
h:\windows\system32\tmp.reg
h:\windows\system32\VACFix.exe
h:\windows\system32\VCCLSID.exe
h:\windows\system32\WS2Fix.exe
h:\windows\Tasks\tyrtwpjd.job
.
((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.
2009-02-05 23:11 . 2009-02-05 23:11 <DIR> d-------- h:\windows\Sun
2009-02-05 16:50 . 2009-02-05 16:50 <DIR> d-------- h:\program files\FreeFixer
2009-02-03 18:11 . 2009-02-03 18:11 <DIR> d-------- H:\DwnlData
2009-02-03 17:55 . 2009-02-03 17:55 120,286 --a------ h:\documents and settings\All Users.WINDOWS\Application Data\firstlsp.reg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 00:46 --------- d-----w h:\documents and settings\All Users.WINDOWS\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-12-28 00:04 --------- d-----w h:\program files\QuickSolutions
2008-12-27 21:12 --------- d-----w h:\program files\Rar Repair Tool
2008-12-26 03:50 21,904 ----a-w h:\documents and settings\kyo1.KYO\Application Data\GDIPFONTCACHEV1.DAT
2008-12-23 03:57 86,016 ----a-w h:\windows\system32\OpenAL32.dll
2008-12-23 03:57 413,696 ----a-w h:\windows\system32\wrap_oal.dll
2008-12-23 03:57 --------- d-----w h:\program files\OpenAL
2008-12-20 10:23 410,984 ----a-w h:\windows\system32\deploytk.dll
2008-12-20 10:23 --------- d-----w h:\program files\Java
2008-12-20 06:54 --------- d-----w h:\program files\Free M4a to MP3 Converter
2008-12-20 02:40 --------- d-----w h:\program files\the white chamber
2008-12-18 06:42 --------- d-----w h:\program files\ATITool
2008-12-18 06:28 --------- d-----w h:\program files\Ray Adams
2008-12-18 06:28 --------- d-----w h:\documents and settings\kyo1.KYO\Application Data\atitray
2008-12-15 20:28 48,128 ----a-w h:\windows\system32\tuvULETj.dll
2008-12-15 20:27 --------- d-----w h:\program files\Avira
2008-12-15 07:35 127,493 ----a-w H:\trial_setup.exe
2008-12-15 03:58 --------- d-----w h:\program files\SmartBRO
2008-12-12 02:24 --------- d-----w h:\documents and settings\kyo1.KYO\Application Data\ATI
2008-12-11 02:14 --------- d-----w h:\program files\GhostSecuritySuite
2008-12-08 07:20 --------- d-----w h:\program files\WinRescue XP
2008-12-08 01:05 --------- d-----w h:\program files\ATI Technologies(2)
2008-12-01 20:51 318,464 ----a-w h:\windows\system32\OLD6E.tmp
2008-12-01 20:40 143,360 ----a-w h:\windows\system32\OLD6A.tmp
2008-12-01 20:27 4,120,384 ----a-w h:\windows\system32\OLD6C.tmp
2008-12-01 20:11 2,495,360 ----a-w h:\windows\system32\OLD6B.tmp
2008-12-01 19:53 401,408 ----a-w h:\windows\system32\OLD69.tmp
2008-12-01 19:50 286,720 ----a-w h:\windows\system32\OLD68.tmp
2008-12-01 19:45 577,536 ----a-w h:\windows\system32\OLD6D.tmp
2005-09-10 03:55 7,155,864 ----a-w h:\program files\NGhost10.msi
2005-09-10 03:55 37,766,164 ----a-w h:\program files\Data1.cab
2005-09-10 03:55 35 ----a-w h:\program files\SCSSDist.ini
2002-08-30 21:50 35,840 ----a-w h:\program files\drvmgt.dll
2002-08-30 21:50 29,392 ----a-w h:\program files\secdrv.sys
2002-08-15 01:54 358,963 ----a-w h:\program files\binkw32.dll
2002-02-02 10:02 9,039,872 ----a-w h:\program files\Fate-WT.exe
1998-11-21 00:37 6,768 ----a-w h:\documents and settings\kyo1\TMP.EXE
2005-09-16 02:26 41,573 ----a-w h:\program files\mozilla firefox\components\jar50.dll
2005-09-16 02:26 160,871 ----a-w h:\program files\mozilla firefox\components\xpinstal.dll
2005-09-16 02:26 48,223 ----a-w h:\program files\mozilla firefox\components\jsd3250.dll
2005-09-16 02:26 150,912 ----a-w h:\program files\mozilla firefox\components\fullsoft.dll
2005-09-16 02:26 94,208 ----a-w h:\program files\mozilla firefox\components\BrandRes.dll
2005-09-16 02:26 8,813 ----a-w h:\program files\mozilla firefox\components\qfaservices.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-14_19.49.09.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-05-04 02:43:28 69,632 ----a-w h:\windows\ALCMTR.EXE
+ 2005-05-04 02:43:28 131,072 ----a-w h:\windows\ALCMTR.EXE
- 2003-06-14 01:23:06 50,176 ----a-w h:\windows\AppPatch\AppLoc.exe
+ 2003-06-14 01:23:06 111,616 ----a-w h:\windows\AppPatch\AppLoc.exe
- 2008-03-31 13:04:38 249,856 ------w h:\windows\eiunin21.exe
+ 2008-03-31 13:04:38 311,296 ------w h:\windows\eiunin21.exe
+ 2008-12-15 06:14:04 884,736 ----a-w h:\windows\gmer.dll
+ 2008-04-18 05:13:02 811,008 ----a-w h:\windows\gmer.exe
- 2008-01-04 06:40:32 10,134 ----a-r h:\windows\Installer\{E39041F7-6F24-439A-99BC-C2163BB1429B}\ARPPRODUCTICON.exe
+ 2008-12-15 19:09:02 10,134 ----a-r h:\windows\Installer\{E39041F7-6F24-439A-99BC-C2163BB1429B}\ARPPRODUCTICON.exe
- 2000-08-31 16:00:00 28,672 ----a-w h:\windows\NIRCMD.exe
+ 2000-08-31 16:00:00 29,696 ----a-w h:\windows\NIRCMD.exe
- 2008-12-21 03:00:40 290,816 ---ha-w h:\windows\repair\ntuser.dat
+ 2008-12-15 19:00:20 307,200 ---ha-w h:\windows\repair\ntuser.dat
- 2006-07-22 00:14:36 86,016 ----a-w h:\windows\SOUNDMAN.EXE
+ 2006-07-22 00:14:36 217,088 ----a-w h:\windows\SOUNDMAN.EXE
- 2007-06-07 06:45:00 26,112 ----a-w h:\windows\system32\Ati2mdxx.exe
+ 2007-06-07 06:45:00 87,552 ----a-w h:\windows\system32\Ati2mdxx.exe
- 2008-12-21 03:04:32 16,384 ----a-w h:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-15 19:04:06 16,384 ----a-w h:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-15 19:04:28 16,384 ----a-w h:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2008-12-21 03:04:32 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-15 19:04:06 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-15 19:04:06 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008121520081216\index.dat
- 2008-12-21 03:04:32 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-15 19:04:06 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-14 06:04:16 701,440 ----a-w h:\windows\system32\dllcache\ati2mtag.sys
+ 2001-08-23 12:00:00 11,264 ----a-w h:\windows\system32\dllcache\atrace.dll
+ 2008-04-14 03:42:36 774,144 ----a-w h:\windows\system32\dllcache\setup_wm.exe
+ 2008-04-14 03:42:42 73,728 ----a-w h:\windows\system32\dllcache\wmplayer.exe
+ 2008-12-15 06:14:04 85,969 ----a-w h:\windows\system32\drivers\gmer.sys
- 2008-04-14 08:15:40 32,128 ----a-w h:\windows\system32\drivers\usbccgp.sys
+ 2008-04-14 06:15:40 32,128 ----a-w h:\windows\system32\drivers\usbccgp.sys
- 2008-12-21 02:55:56 22,780 ----a-w h:\windows\system32\emptyregdb.dat
+ 2008-12-15 18:57:56 22,780 ----a-w h:\windows\system32\emptyregdb.dat
- 2008-12-22 20:51:24 80,744 ----a-w h:\windows\system32\FNTCACHE.DAT
+ 2008-12-15 19:03:42 102,232 ----a-w h:\windows\system32\FNTCACHE.DAT
- 2007-08-10 21:38:48 166,424 ----a-w h:\windows\system32\hkcmd.exe
+ 2007-08-10 21:38:48 227,864 ----a-w h:\windows\system32\hkcmd.exe
- 2007-08-10 21:38:52 526,872 ----a-w h:\windows\system32\igfxcfg.exe
+ 2007-08-10 21:38:52 588,312 ----a-w h:\windows\system32\igfxcfg.exe
- 2007-08-10 21:38:58 137,752 ----a-w h:\windows\system32\igfxpers.exe
+ 2007-08-10 21:38:58 199,192 ----a-w h:\windows\system32\igfxpers.exe
- 2007-08-10 21:39:02 141,848 ----a-w h:\windows\system32\igfxtray.exe
+ 2007-08-10 21:39:02 203,288 ----a-w h:\windows\system32\igfxtray.exe
- 2008-12-20 10:23:12 144,792 ----a-w h:\windows\system32\java.exe
+ 2008-12-20 10:23:12 206,232 ----a-w h:\windows\system32\java.exe
- 2005-07-21 05:07:00 1,519,616 ----a-w h:\windows\system32\nwiz.exe
+ 2005-07-21 05:07:00 1,581,056 ----a-w h:\windows\system32\nwiz.exe
- 2008-12-21 03:06:26 65,982 ----a-w h:\windows\system32\perfc009.dat
+ 2008-12-15 19:26:20 65,982 ----a-w h:\windows\system32\perfc009.dat
- 2008-12-21 03:06:26 402,040 ----a-w h:\windows\system32\perfh009.dat
+ 2008-12-15 19:26:20 402,040 ----a-w h:\windows\system32\perfh009.dat
+ 2008-04-14 13:41:50 229,376 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2cqag.dll
+ 2008-04-14 13:41:50 201,728 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2dvag.dll
+ 2007-06-07 06:45:00 42,496 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2edxx.dll
+ 2007-06-07 06:09:00 49,152 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2erec.dll
+ 2007-06-07 06:45:00 118,784 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2evxx.dll
+ 2007-06-07 06:43:00 483,328 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2evxx.exe
+ 2007-06-07 06:45:00 87,552 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\Ati2mdxx.exe
+ 2008-04-14 06:04:16 701,440 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2mtag.sys
+ 2008-04-14 13:41:52 1,888,992 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati3duag.dll
+ 2007-06-07 06:42:00 53,248 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ATIDDC.DLL
+ 2007-06-07 06:53:00 339,968 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ATIDEMGX.dll
+ 2007-04-05 22:15:00 144,357 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atiicdxx.dat
+ 2007-06-07 06:48:00 307,200 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atiiiexx.dll
+ 2007-06-07 06:11:00 262,144 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atikvmag.dll
+ 2007-06-07 07:00:00 8,097,792 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atioglx2.dll
+ 2007-06-07 06:21:00 5,431,296 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atioglxx.dll
+ 2007-06-07 06:30:00 50,176 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atiok3x2.dll
+ 2007-06-07 06:45:00 139,264 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atipdlxx.dll
+ 2007-06-07 06:10:00 17,408 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atitvo32.dll
+ 2001-11-09 19:01:00 24,064 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativcoxx.dll
+ 2007-06-07 06:25:00 3,107,788 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativva5x.dat
+ 2007-06-07 06:25:00 972,072 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativva6x.dat
+ 2007-06-07 06:25:00 3,107,788 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativvaxx.dat
+ 2008-04-14 13:41:52 516,768 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativvaxx.dll
+ 2007-06-07 06:45:00 118,784 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\Oemdspif.dll
+ 2007-06-07 06:04:00 368,640 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2cqag.dll
+ 2007-06-07 06:52:00 268,288 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2dvag.dll
+ 2007-06-07 06:45:00 42,496 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2edxx.dll
+ 2007-06-07 06:09:00 49,152 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2erec.dll
+ 2007-06-07 06:45:00 118,784 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2evxx.dll
+ 2007-06-07 06:43:00 483,328 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2evxx.exe
+ 2007-06-07 06:45:00 26,112 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\Ati2mdxx.exe
+ 2007-06-07 06:52:00 2,155,520 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2mtag.sys
+ 2007-06-07 06:35:00 2,922,208 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati3duag.dll
+ 2007-06-07 06:42:00 53,248 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ATIDDC.DLL
+ 2007-06-07 06:53:00 339,968 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ATIDEMGX.dll
+ 2007-04-05 22:15:00 144,357 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atiicdxx.dat
+ 2007-06-07 06:48:00 307,200 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atiiiexx.dll
+ 2007-06-07 06:11:00 262,144 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atikvmag.dll
+ 2007-06-07 07:00:00 8,097,792 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atioglx2.dll
+ 2007-06-07 06:21:00 5,431,296 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atioglxx.dll
+ 2007-06-07 06:30:00 50,176 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atiok3x2.dll
+ 2007-06-07 06:45:00 139,264 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atipdlxx.dll
+ 2007-06-07 06:10:00 17,408 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atitvo32.dll
+ 2001-11-09 19:01:00 24,064 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativcoxx.dll
+ 2007-06-07 06:25:00 3,107,788 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativva5x.dat
+ 2007-06-07 06:25:00 972,072 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativva6x.dat
+ 2007-06-07 06:25:00 3,107,788 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativvaxx.dat
+ 2007-06-07 06:25:00 1,512,960 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativvaxx.dll
+ 2007-06-07 06:45:00 118,784 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\Oemdspif.dll
+ 2006-01-09 17:36:06 102,400 ----a-w h:\windows\system32\swsc.exe
+ 2009-02-07 20:38:42 16,384 ----a-w h:\windows\temp\Perflib_Perfdata_57c.dat
+ 2009-02-07 20:38:42 16,384 ----a-w h:\windows\temp\Perflib_Perfdata_5a0.dat
+ 2001-08-23 12:00:00 921,088 ----a-w h:\windows\WinSxS\InstallTemp\112373\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="h:\program files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 521128]
"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="l:\internet download manager\IDMan.exe" [2008-12-26 2651568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="h:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"IMEKRMIG6.1"="h:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"VC6Player"="h:\program files\HHVcdV6Sys\VC6Play.exe" [2004-06-15 245760]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 198040]
"Ptipbmf"="ptipbmf.dll" [2003-06-19 h:\windows\system32\ptipbmf.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 h:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="h:\windows\system32\tscupgrd.exe" [BU]
h:\documents and settings\kyo1\Start Menu\Programs\Startup\
MagicDisc.lnk - h:\program files\MagicDisc\MagicDisc.exe [5/8/2008 7:45:57 PM 608256]
h:\documents and settings\kyo1.KYO\Start Menu\Programs\Startup\
MagicDisc.lnk - h:\program files\MagicDisc\MagicDisc.exe [5/8/2008 7:45:57 PM 608256]
h:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - h:\program files\eBoostr\eBoostrCP.exe [12/25/2007 10:19:14 AM 695944]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
"MaxRecentDocs"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 h:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-03 03:03 176128 h:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain
[HKLM\~\startupfolder\H:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=h:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=h:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\H:^Documents and Settings^kyo1.KYO^Start Menu^Programs^Startup^MagicDisc.lnk]
path=h:\documents and settings\kyo1.KYO\Start Menu\Programs\Startup\MagicDisc.lnk
backup=h:\windows\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
\ [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-12-13 15:30 58992 h:\program files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:42 15360 h:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 03:48 219032 h:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 06:08 197576 h:\program files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
--a------ 2007-04-08 09:44 303104 h:\program files\Essentials Codec Pack\update.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-07-28 22:35 156165 h:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
--a------ 2005-09-09 19:09 1537648 h:\program files\Norton Ghost\Agent\GhostTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-07-20 21:07 86016 h:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 00:05 217088 h:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--ahs---- 2008-07-28 18:04 2097664 h:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 131072 h:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2003-03-19 22:21 1855488 h:\windows\mixer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-07-20 21:07 1581056 h:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
-ra------ 2003-06-19 23:06 118784 h:\windows\system32\ptipbmf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RawOs]
--a------ 2008-04-14 03:42 155648 h:\windows\system32\wscript.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-09-12 16:58 16264192 h:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-07-21 16:14 217088 h:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 17:56 24576 h:\windows\system32\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"CiSvc"=3 (0x3)
"srservice"=2 (0x2)
"Schedule"=2 (0x2)
"wuauserv"=2 (0x2)
"ewido anti-spyware 4.0 guard"=2 (0x2)
"UPS"=3 (0x3)
"WZCSVC"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"ImapiService"=3 (0x3)
"NVSvc"=2 (0x2)
"aspnet_state"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"AntiVirMailService"=2 (0x2)
"AVEService"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Medal of Honor Pacific Assault\\mohpa.exe"=
"h:\\WINDOWS\\system32\\wscntfy.exe"=
"h:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"t:\\NOOB_KILLER_JUC.SOH.FUST.KG.Leerz.u\\NOOB.KILLER.leerz.exe"=
"h:\\WINDOWS\\system32\\taskmgr.exe"=
"h:\\Program Files\\Ray Adams\\ATI Tray Tools\\atitray.exe"=
"l:\\Internet Download Manager\\IEMonitor.exe"=
"l:\\Internet Download Manager\\IDMan.exe"=
"h:\\Program Files\\Virtual CD v6\\System\\VC6Tray.exe"=
"h:\\Program Files\\Stardock\\Object Desktop\\WindowBlinds\\wbload.exe"=
"h:\\Program Files\\eBoostr\\eBoostrCP.exe"=
"h:\\Program Files\\HHVcdV6Sys\\VC6Play.exe"=
"h:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"l:\\KOEI\\Dynasty Warriors 6\\DW6_WIN..exe"=
"h:\\WINDOWS\\SOUNDMAN.EXE"=
"h:\\PROGRA~1\\MAGICD~1\\MAGICD~1.EXE"=
"h:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 eBoost;eBoostr caching filter driver;h:\windows\system32\drivers\EBoost.sys [12/25/2007 10:19:18 AM 72840]
R1 atitray;atitray;h:\program files\Ray Adams\ATI Tray Tools\atitray.sys [5/22/2007 1:04:54 AM 18088]
R2 EBOOSTRSVC;eBoostr Service;h:\program files\eBoostr\EBstrSvc.exe [12/25/2007 10:19:18 AM 814728]
R3 aic32p;aic32p;\??\h:\windows\system32\drivers\lnmmqn.sys --> h:\windows\system32\drivers\lnmmqn.sys [?]
R3 padenum;Enumerador de dispositivos de NTPAD;h:\windows\system32\drivers\padenum.sys [2/21/2000 11:07:27 AM 10624]
R3 PsxPortEnumerator;Psx Port Enumerator;h:\windows\system32\drivers\psxenum.sys [8/26/2008 8:13:41 PM 16896]
R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;h:\windows\system32\drivers\cmusbser.sys [12/26/2008 5:15:55 PM 97408]
S3 avfwim;AvFw Packet Filter Miniport;h:\windows\system32\DRIVERS\avfwim.sys --> h:\windows\system32\DRIVERS\avfwim.sys [?]
S3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;h:\windows\system32\drivers\psxpad.sys [8/26/2008 8:13:41 PM 12160]
S3 VendorJoystickEnabler;Driver para joystick paralelo de consola;h:\windows\system32\drivers\NTPAD.sys [2/21/2000 11:07:27 AM 20992]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ATI_HOTKEY_POLLER
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4a1689c-d3b3-11dd-a001-d601c0b82d16}]
\Shell\AutoRun\command - p:\.\ShowModem.exe
.
Contents of the 'Scheduled Tasks' folder
2008-09-23 h:\windows\Tasks\XoftSpySE.job
- h:\program files\XoftSpySE\XoftSpy.exe []
2009-02-07 h:\windows\Tasks\XoftSpySE 2.job
- h:\program files\XoftSpySE\XoftSpy.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Download all links with IDM - l:\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - l:\internet download manager\IEGetVL.htm
IE: Download with IDM - l:\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{85e1f530-48f4-11d9-9629-08ff2ffc9f67}
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 12:39:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3929224f-24c8-4a83-8013-9dc820bec416}]
@Denied: (Full) (Everyone)
"Model"=dword:00000169
"Therad"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6b,9c,25,27,e4,dd,db,ab,e1,2a,14,a0,86,ab,f4,8a,30,56,53,b7,a1,
83,97,54,fe,fb,31,2d,94,ea,98,9f,70,95,2f,08,9c,16,b4,54,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):14,81,58,da,bb,2b,62,36,ea,b3,e6,7d,64,33,bb,e3,68,b1,0c,a6,c2,
57,d8,7a,6e,30,cf,e6,27,79,23,fa,15,62,0a,87,a1,f3,20,0b,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{95add45d-3634-4363-9fc7-cd22b378c88b}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015d
"Therad"=dword:00000016
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
h:\windows\system32\Ati2evxx.dll
h:\progra~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
h:\progra~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
.
------------------------ Other Running Processes ------------------------
.
h:\windows\SYSTEM32\SAVEDUMP.EXE
h:\windows\SYSTEM32\GEARSEC.EXE
h:\program files\JAVA\JRE6\BIN\JQS.EXE
h:\program files\HHVCDV6SYS\VC6SECS.EXE
h:\windows\SYSTEM32\WSCNTFY.EXE
l:\internet download manager\IEMonitor.exe
h:\program files\Virtual CD v6\System\VC6Tray.exe
.
**************************************************************************
.
Completion time: 2009-02-07 12:41:11 - machine was rebooted
ComboFix4.txt 2008-12-13 05:13:04
ComboFix-quarantined-files.txt 2009-02-07 20:41:10
ComboFix3.txt 2008-12-15 03:49:34
ComboFix2.txt 2008-12-15 02:43:42
Pre-Run: 2,564,517,888 bytes free
Post-Run: 1,523,736,576 bytes free
406
i even tried OTScanit heres the log
[code=auto:0]OTScanIt2 logfile created on: 2/7/2009 12:48:30 PM - Run 3
OTScanIt2 by OldTimer - Version 1.0.7.1 Folder = L:\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy
1022.09 Mb Total Physical Memory | 601.47 Mb Available Physical Memory | 58.85% Memory free
2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.07% Paging File free
Paging file location(s): h:\pagefile.sys 1536 2971;
%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive C: | 17.57 Gb Total Space | 0.07 Gb Free Space | 0.41% Space Free | Partition Type: FAT32
Drive D: | 9.77 Gb Total Space | 0.24 Gb Free Space | 2.44% Space Free | Partition Type: FAT32
Drive E: | 17.56 Gb Total Space | 2.04 Gb Free Space | 11.63% Space Free | Partition Type: FAT32
Drive F: | 39.36 Gb Total Space | 0.34 Gb Free Space | 0.85% Space Free | Partition Type: FAT32
Drive G: | 9.76 Gb Total Space | 0.25 Gb Free Space | 2.56% Space Free | Partition Type: FAT32
Drive H: | 17.69 Gb Total Space | 1.45 Gb Free Space | 8.20% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive J: | 27.49 Gb Total Space | 0.17 Gb Free Space | 0.62% Space Free | Partition Type: NTFS
Drive L: | 37.28 Gb Total Space | 21.05 Gb Free Space | 56.47% Space Free | Partition Type: NTFS
Drive N: | 9.77 Gb Total Space | 0.31 Gb Free Space | 3.18% Space Free | Partition Type: NTFS
Drive R: | 1.92 Gb Total Space | 0.68 Gb Free Space | 35.32% Space Free | Partition Type: FAT32
Drive T: | 3.84 Gb Total Space | 1.89 Gb Free Space | 49.31% Space Free | Partition Type: FAT32
Computer Name: KYO
Current User Name: kyo1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days
[Processes - All]
atitray.exe -> %ProgramFiles%\Ray Adams\ATI Tray Tools\atitray.exe -> [2007/05/22 01:04:58 | 00,521,128 | ---- | M | MD5 = C88C118F98EDA0E891796BA07545AB58] (Ray Adams)
csrss.exe -> %SystemRoot%\system32\csrss.exe -> [2008/04/14 03:42:16 | 00,006,144 | ---- | M | MD5 = 44F275C64738EA2056E3D9580C23B60F] (Microsoft Corporation)
ctfmon.exe -> %SystemRoot%\system32\ctfmon.exe -> [2008/04/14 03:42:18 | 00,015,360 | ---- | M | MD5 = 5F1D5F88303D4A4DBC8E5F97BA967CC3] (Microsoft Corporation)
eboostrcp.exe -> %ProgramFiles%\eBoostr\eBoostrCP.exe -> [2007/12/30 04:23:26 | 00,695,944 | ---- | M | MD5 = 968A693FF98B992C87E0854B30F4F148] (eBoostr.com)
ebstrsvc.exe -> %ProgramFiles%\eBoostr\EBstrSvc.exe -> [2007/12/30 03:59:14 | 00,814,728 | ---- | M | MD5 = 8FA2F1AD7A05961B4F507EC4AACA162B] ()
explorer.exe -> %SystemRoot%\explorer.exe -> [2008/04/14 03:42:20 | 01,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/07/28 23:13:08 | 06,772,741 | ---- | M | MD5 = 001621459C0351D99462B82DCB0A9010] (Mozilla)
gearsec.exe -> %SystemRoot%\System32\GEARSec.exe -> [2005/09/09 19:09:10 | 00,053,248 | ---- | M | MD5 = B6E01969246FCB67470E87E6957EE147] (GEAR Software)
idman.exe -> L:\Internet Download Manager\IDMan.exe -> [2008/12/26 18:39:07 | 02,651,568 | ---- | M | MD5 = C441FE748ED3AD73BCC96FC3BFF34B84] (Tonec Inc.)
iemonitor.exe -> L:\Internet Download Manager\IEMonitor.exe -> [2007/02/19 06:53:54 | 00,251,576 | ---- | M | MD5 = E732348FE3A96496D1215A215173577A] (Tonec Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/20 02:23:12 | 00,152,984 | ---- | M | MD5 = 32192B4EBE8720ED8D49A455C962CB91] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/20 02:23:12 | 00,198,040 | ---- | M | MD5 = 42B35369616EBB5DF58268675CFC09EF] (Sun Microsystems, Inc.)
lsass.exe -> %SystemRoot%\system32\lsass.exe -> [2008/04/14 03:42:26 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
magicdisc.exe -> %ProgramFiles%\MagicDisc\MagicDisc.exe -> [2008/02/18 17:32:32 | 00,608,256 | ---- | M | MD5 = 425B5F31BDD604888505393D93F4F6DD] (MagicISO, Inc.)
otscanit2.exe -> L:\OTScanIt2\OTScanIt2.exe -> [2009/01/26 12:13:22 | 00,485,376 | ---- | M | MD5 = 3D02CF885C7951FABCA124D35041CB92] (OldTimer Tools)
rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> [2006/09/12 16:58:14 | 16,264,192 | ---- | M | MD5 = 692733BE9E923044CEBC96CF882CCEBE] (Realtek Semiconductor Corp.)
services.exe -> %SystemRoot%\system32\services.exe -> [2008/04/14 03:42:36 | 00,108,544 | ---- | M | MD5 = 0E776ED5F7CC9F94299E70461B7B8185] (Microsoft Corporation)
smss.exe -> %SystemRoot%\System32\smss.exe -> [2008/04/14 03:42:38 | 00,050,688 | ---- | M | MD5 = 5F816C1F539266D2D4C78694239DA0B5] (Microsoft Corporation)
spoolsv.exe -> %SystemRoot%\system32\spoolsv.exe -> [2008/04/14 03:42:38 | 00,057,856 | ---- | M | MD5 = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\rpcss.dll [DcomLaunch] -> [2008/04/14 03:42:06 | 00,399,360 | ---- | M | MD5 = 2589FE6015A316C0F5D5112B4DA7B509] (Microsoft Corporation)
-> %SystemRoot%\System32\termsrv.dll [TermService] -> [2008/04/14 05:42:08 | 00,295,424 | ---- | M | MD5 = FF3477C03BE7201C294C35F684B3479F] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
-> %SystemRoot%\System32\ipnathlp.dll [SharedAccess] -> [2008/04/14 03:41:56 | 00,331,264 | ---- | M | MD5 = 83F41D0D89645D7235C051AB1D9523AC] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\System32\rpcss.dll [RpcSs] -> [2008/04/14 03:42:06 | 00,399,360 | ---- | M | MD5 = 2589FE6015A316C0F5D5112B4DA7B509] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
svchost.exe -> %SystemRoot%\system32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\alrsvc.dll [Alerter] -> [2008/04/14 03:41:50 | 00,017,408 | ---- | M | MD5 = A9A3DAA780CA6C9671A19D52456705B4] (Microsoft Corporation)
-> %SystemRoot%\System32\lmhsvc.dll [LmHosts] -> [2008/04/14 03:41:58 | 00,013,824 | ---- | M | MD5 = A7DB739AE99A796D91580147E919CC59] (Microsoft Corporation)
-> %SystemRoot%\system32\regsvc.dll [RemoteRegistry] -> [2008/04/14 03:42:06 | 00,059,904 | ---- | M | MD5 = 5B19B557B0C188210A56A6B699D90B8F] (Microsoft Corporation)
-> %SystemRoot%\System32\ssdpsrv.dll [SSDPSRV] -> [2008/04/14 03:42:08 | 00,071,680 | ---- | M | MD5 = 0A5679B3714EDAB99E357057EE88FCA6] (Microsoft Corporation)
-> %SystemRoot%\System32\upnphost.dll [upnphost] -> [2008/04/14 03:42:10 | 00,185,856 | ---- | M | MD5 = 1EBAFEB9A3FBDC41B8D9C7F0F687AD91] (Microsoft Corporation)
-> %SystemRoot%\System32\webclnt.dll [WebClient] -> [2008/04/14 03:42:10 | 00,068,096 | ---- | M | MD5 = 77A354E28153AD2D5E120A5A8687BC06] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
svchost.exe -> %SystemRoot%\System32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\System32\appmgmts.dll [AppMgmt] -> [2008/04/14 03:41:50 | 00,167,936 | ---- | M | MD5 = D8849F77C0B66226335A59D26CB4EDC6] (Microsoft Corporation)
-> %SystemRoot%\System32\audiosrv.dll [AudioSrv] -> [2008/04/14 03:41:52 | 00,042,496 | ---- | M | MD5 = DEF7A7882BEC100FE0B2CE2549188F9D] (Microsoft Corporation)
-> %SystemRoot%\system32\qmgr.dll [BITS] -> [2008/04/14 05:42:04 | 00,409,088 | ---- | M | MD5 = 574738F61FCA2935F5265DC4E5691314] (Microsoft Corporation)
-> %SystemRoot%\System32\browser.dll [Browser] -> [2008/04/14 03:41:52 | 00,077,824 | ---- | M | MD5 = A06CE3399D16DB864F55FAEB1F1927A9] (Microsoft Corporation)
-> %SystemRoot%\System32\cryptsvc.dll [CryptSvc] -> [2008/04/14 03:41:52 | 00,062,464 | ---- | M | MD5 = 3D4E199942E29207970E04315D02AD3B] (Microsoft Corporation)
-> %SystemRoot%\System32\dhcpcsvc.dll [Dhcp] -> [2008/04/14 03:41:52 | 00,126,976 | ---- | M | MD5 = 5E38D7684A49CACFB752B046357E0589] (Microsoft Corporation)
-> %SystemRoot%\System32\dmserver.dll [dmserver] -> [2008/04/14 03:41:54 | 00,023,552 | ---- | M | MD5 = 57EDEC2E5F59F0335E92F35184BC8631] (Microsoft Corp.)
-> %SystemRoot%\System32\ersvc.dll [ERSvc] -> [2008/04/14 03:41:54 | 00,023,040 | ---- | M | MD5 = BC93B4A066477954555966D77FEC9ECB] (Microsoft Corporation)
-> %SystemRoot%\system32\es.dll [EventSystem] -> [2008/04/14 03:41:54 | 00,246,272 | ---- | M | MD5 = 19A799805B24990867B00C120D300C3A] (Microsoft Corporation)
-> %SystemRoot%\System32\shsvcs.dll [FastUserSwitchingCompatibility] -> [2008/04/14 03:42:06 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> [2008/04/14 05:42:04 | 00,038,400 | ---- | M | MD5 = 4FCCA060DFE0C51A09DD5C3843888BCD] (Microsoft Corporation)
-> %SystemRoot%\System32\hidserv.dll [HidServ] -> File not found
-> %SystemRoot%\System32\kmsvc.dll [hkmsvc] -> [2008/04/14 03:41:58 | 00,061,440 | ---- | M | MD5 = 8878BD685E490239777BFE51320B88E9] (Microsoft Corporation)
-> %SystemRoot%\System32\irmon.dll [Irmon] -> [2008/04/14 05:41:56 | 00,028,160 | ---- | M | MD5 = 49CC4533CE897CB2E93C1E84A818FDE5] (Microsoft Corporation)
-> %SystemRoot%\System32\srvsvc.dll [LanmanServer] -> [2008/04/14 03:42:08 | 00,096,768 | ---- | M | MD5 = F385F4B02C535BFFE1D70CAB80838123] (Microsoft Corporation)
-> %SystemRoot%\System32\wkssvc.dll [lanmanworkstation] -> [2008/04/14 03:42:10 | 00,132,096 | ---- | M | MD5 = 1B67B632786FEF1C1BBAEF46C2F3F2E6] (Microsoft Corporation)
-> %SystemRoot%\System32\msgsvc.dll [Messenger] -> [2008/04/14 03:42:00 | 00,033,792 | ---- | M | MD5 = 986B1FF5814366D71E0AC5755C88F2D3] (Microsoft Corporation)
-> %SystemRoot%\System32\qagentrt.dll [napagent] -> [2008/04/14 03:42:04 | 00,291,328 | ---- | M | MD5 = 0102140028FAD045756796E1C685D695] (Microsoft Corporation)
-> %SystemRoot%\System32\netman.dll [Netman] -> [2008/04/14 03:42:02 | 00,198,144 | ---- | M | MD5 = 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE] (Microsoft Corporation)
-> %SystemRoot%\System32\mswsock.dll [Nla] -> [2008/04/14 03:42:02 | 00,245,248 | ---- | M | MD5 = B4138E99236F0F57D4CF49BAE98A0746] (Microsoft Corporation)
-> %SystemRoot%\system32\ntmssvc.dll [NtmsSvc] -> [2008/04/14 03:42:04 | 00,435,200 | ---- | M | MD5 = 156F64A3345BD23C600655FB4D10BC08] (Microsoft Corporation)
-> %SystemRoot%\System32\rasauto.dll [RasAuto] -> [2008/04/14 03:42:04 | 00,088,576 | ---- | M | MD5 = AD188BE7BDF94E8DF4CA0A55C00A5073] (Microsoft Corporation)
-> %SystemRoot%\System32\rasmans.dll [RasMan] -> [2008/04/14 03:42:04 | 00,186,368 | ---- | M | MD5 = 76A9A3CBEADD68CC57CDA5E1D7448235] (Microsoft Corporation)
-> %SystemRoot%\System32\mprdim.dll [RemoteAccess] -> [2008/04/14 03:41:58 | 00,053,248 | ---- | M | MD5 = 7E699FF5F59B5D9DE5390E3C34C67CF5] (Microsoft Corporation)
-> %SystemRoot%\system32\schedsvc.dll [Schedule] -> [2008/04/14 05:42:06 | 00,192,512 | ---- | M | MD5 = 0A9A7365A1CA4319AA7C1D6CD8E4EAFA] (Microsoft Corporation)
-> %SystemRoot%\System32\seclogon.dll [seclogon] -> [2008/04/14 03:42:06 | 00,018,944 | ---- | M | MD5 = CBE612E2BB6A10E3563336191EDA1250] (Microsoft Corporation)
-> %SystemRoot%\system32\sens.dll [SENS] -> [2008/04/14 03:42:06 | 00,039,424 | ---- | M | MD5 = 7FDD5D0684ECA8C1F68B4D99D124DCD0] (Microsoft Corporation)
-> %SystemRoot%\System32\ipnathlp.dll [SharedAccess] -> [2008/04/14 03:41:56 | 00,331,264 | ---- | M | MD5 = 83F41D0D89645D7235C051AB1D9523AC] (Microsoft Corporation)
-> %SystemRoot%\System32\shsvcs.dll [ShellHWDetection] -> [2008/04/14 03:42:06 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\system32\srsvc.dll [srservice] -> [2008/04/14 05:42:08 | 00,171,008 | ---- | M | MD5 = 3805DF0AC4296A34BA4BF93B346CC378] (Microsoft Corporation)
-> %SystemRoot%\System32\tapisrv.dll [TapiSrv] -> [2008/04/14 03:42:08 | 00,249,856 | ---- | M | MD5 = 3CB78C17BB664637787C9A1C98F79C38] (Microsoft Corporation)
-> %SystemRoot%\System32\shsvcs.dll [Themes] -> [2008/04/14 03:42:06 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\system32\trkwks.dll [TrkWks] -> [2008/04/14 03:42:08 | 00,090,112 | ---- | M | MD5 = 55BCA12F7F523D35CA3CB833C725F54E] (Microsoft Corporation)
-> %SystemRoot%\system32\w32time.dll [W32Time] -> [2008/04/14 03:42:10 | 00,175,104 | ---- | M | MD5 = 54AF4B1D5459500EF0937F6D33B1914F] (Microsoft Corporation)
-> %SystemRoot%\system32\wbem\WMIsvc.dll [winmgmt] -> [2008/04/14 05:42:10 | 00,144,896 | ---- | M | MD5 = 2D0E4ED081963804CCC196A0929275B5] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
-> %SystemRoot%\System32\advapi32.dll [Wmi] -> [2008/04/14 03:41:50 | 00,617,472 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
-> %SystemRoot%\system32\wscsvc.dll [wscsvc] -> [2008/04/14 03:42:12 | 00,080,896 | ---- | M | MD5 = 7C278E6408D1DCE642230C0585A854D5] (Microsoft Corporation)
-> %SystemRoot%\system32\wuauserv.dll [wuauserv] -> [2008/04/14 05:42:12 | 00,006,656 | ---- | M | MD5 = 35321FB577CDC98CE3EB3A3EB9E4610A] (Microsoft Corporation)
-> %SystemRoot%\System32\wzcsvc.dll [WZCSVC] -> [2008/04/14 03:51:44 | 00,483,840 | ---- | M | MD5 = 81DC3F549F44B1C1FFF022DEC9ECF30B] (Microsoft Corporation)
-> %SystemRoot%\System32\xmlprov.dll [xmlprov] -> [2008/04/14 03:42:12 | 00,129,024 | ---- | M | MD5 = 295D21F14C335B53CB8154E5B1F892B9] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\System32\dnsrslvr.dll [Dnscache] -> [2008/04/14 03:41:54 | 00,045,568 | ---- | M | MD5 = 474B4DC3983173E4B4C9740B0DAC98A6] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
usb modem.exe -> %ProgramFiles%\SmartBRO\USB Modem.exe -> [2008/07/07 13:00:26 | 03,686,400 | ---- | M | MD5 = 9421D28B7D552EC3A2A46FD42FF6F229] ()
vc6play.exe -> %ProgramFiles%\HHVcdV6Sys\VC6Play.exe -> [2004/06/15 09:24:06 | 00,245,760 | ---- | M | MD5 = D68348D15B0608CEE165876F17190ACC] (H+H Software GmbH)
vc6secs.exe -> %ProgramFiles%\HHVcdV6Sys\VC6SecS.exe -> [2004/05/07 11:38:00 | 00,098,304 | ---- | M | MD5 = 585C78B6B118699DCC8F31791C562500] (H+H Software GmbH)
vc6tray.exe -> %ProgramFiles%\Virtual CD v6\System\VC6Tray.exe -> [2004/06/10 17:00:18 | 00,258,048 | ---- | M | MD5 = 6D104E1A95F45383D02DEE88ABB5E857] (H+H Software GmbH)