Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help nasty virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 anito

anito

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 07 February 2009 - 11:48 PM

:thumbup2: :) help virus trouble
my computer wont go to safe mode due to a virus after pressing f8 and selecting safemode my comp just restarts but i can go in normal mode the virus also corupted my avira antivirus cause I get an error the av guard has been deleted or destroyed tried everything i know i even used combofix but still had the problem heres my hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:27 PM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\eBoostr\EBstrSvc.exe
H:\WINDOWS\System32\GEARSec.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\HHVcdV6Sys\VC6SecS.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\HHVcdV6Sys\VC6Play.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
L:\Internet Download Manager\IDMan.exe
H:\Program Files\eBoostr\eBoostrCP.exe
H:\Program Files\MagicDisc\MagicDisc.exe
L:\Internet Download Manager\IEMonitor.exe
H:\Program Files\Virtual CD v6\System\VC6Tray.exe
H:\WINDOWS\explorer.exe
H:\Program Files\SmartBRO\USB Modem.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
H:\DOCUME~1\kyo1.KYO\LOCALS~1\Temp\Rar$EX00.484\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - L:\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] H:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [VC6Player] H:\Program Files\HHVcdV6Sys\VC6Play.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [AtiTrayTools] "H:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] L:\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = H:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: eBoostr Control Panel.lnk = H:\Program Files\eBoostr\eBoostrCP.exe
O8 - Extra context menu item: Download all links with IDM - L:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - L:\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - L:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{063230F4-62D1-4CD0-96C4-AB41C9AE6A16}: NameServer = 121.1.3.57 203.84.191.216
O17 - HKLM\System\CS18\Services\Tcpip\..\{063230F4-62D1-4CD0-96C4-AB41C9AE6A16}: NameServer = 121.1.3.57 203.84.191.216
O17 - HKLM\System\CS21\Services\Tcpip\..\{063230F4-62D1-4CD0-96C4-AB41C9AE6A16}: NameServer = 121.1.3.57 203.84.191.216
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - Unknown owner - H:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: GEARSecurity - GEAR Software - H:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - H:\Program Files\HHVcdV6Sys\VC6SecS.exe

--
End of file - 6106 bytes

and heres my combofix log
ComboFix 09-02-06.01 - kyo1 2009-02-07 12:35:27.14 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.658 [GMT -8:00]
Running from: L:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\program files\\setup.exe
h:\windows\system32\dumphive.exe
h:\windows\system32\IEDFix.exe
h:\windows\system32\iifdbYOf.dll
h:\windows\system32\mlJDuuSk.dll
h:\windows\system32\Process.exe
h:\windows\system32\SrchSTS.exe
h:\windows\system32\tmp.reg
h:\windows\system32\VACFix.exe
h:\windows\system32\VCCLSID.exe
h:\windows\system32\WS2Fix.exe
h:\windows\Tasks\tyrtwpjd.job

.
((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-02-05 23:11 . 2009-02-05 23:11 <DIR> d-------- h:\windows\Sun
2009-02-05 16:50 . 2009-02-05 16:50 <DIR> d-------- h:\program files\FreeFixer
2009-02-03 18:11 . 2009-02-03 18:11 <DIR> d-------- H:\DwnlData
2009-02-03 17:55 . 2009-02-03 17:55 120,286 --a------ h:\documents and settings\All Users.WINDOWS\Application Data\firstlsp.reg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 00:46 --------- d-----w h:\documents and settings\All Users.WINDOWS\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-12-28 00:04 --------- d-----w h:\program files\QuickSolutions
2008-12-27 21:12 --------- d-----w h:\program files\Rar Repair Tool
2008-12-26 03:50 21,904 ----a-w h:\documents and settings\kyo1.KYO\Application Data\GDIPFONTCACHEV1.DAT
2008-12-23 03:57 86,016 ----a-w h:\windows\system32\OpenAL32.dll
2008-12-23 03:57 413,696 ----a-w h:\windows\system32\wrap_oal.dll
2008-12-23 03:57 --------- d-----w h:\program files\OpenAL
2008-12-20 10:23 410,984 ----a-w h:\windows\system32\deploytk.dll
2008-12-20 10:23 --------- d-----w h:\program files\Java
2008-12-20 06:54 --------- d-----w h:\program files\Free M4a to MP3 Converter
2008-12-20 02:40 --------- d-----w h:\program files\the white chamber
2008-12-18 06:42 --------- d-----w h:\program files\ATITool
2008-12-18 06:28 --------- d-----w h:\program files\Ray Adams
2008-12-18 06:28 --------- d-----w h:\documents and settings\kyo1.KYO\Application Data\atitray
2008-12-15 20:28 48,128 ----a-w h:\windows\system32\tuvULETj.dll
2008-12-15 20:27 --------- d-----w h:\program files\Avira
2008-12-15 07:35 127,493 ----a-w H:\trial_setup.exe
2008-12-15 03:58 --------- d-----w h:\program files\SmartBRO
2008-12-12 02:24 --------- d-----w h:\documents and settings\kyo1.KYO\Application Data\ATI
2008-12-11 02:14 --------- d-----w h:\program files\GhostSecuritySuite
2008-12-08 07:20 --------- d-----w h:\program files\WinRescue XP
2008-12-08 01:05 --------- d-----w h:\program files\ATI Technologies(2)
2008-12-01 20:51 318,464 ----a-w h:\windows\system32\OLD6E.tmp
2008-12-01 20:40 143,360 ----a-w h:\windows\system32\OLD6A.tmp
2008-12-01 20:27 4,120,384 ----a-w h:\windows\system32\OLD6C.tmp
2008-12-01 20:11 2,495,360 ----a-w h:\windows\system32\OLD6B.tmp
2008-12-01 19:53 401,408 ----a-w h:\windows\system32\OLD69.tmp
2008-12-01 19:50 286,720 ----a-w h:\windows\system32\OLD68.tmp
2008-12-01 19:45 577,536 ----a-w h:\windows\system32\OLD6D.tmp
2005-09-10 03:55 7,155,864 ----a-w h:\program files\NGhost10.msi
2005-09-10 03:55 37,766,164 ----a-w h:\program files\Data1.cab
2005-09-10 03:55 35 ----a-w h:\program files\SCSSDist.ini
2002-08-30 21:50 35,840 ----a-w h:\program files\drvmgt.dll
2002-08-30 21:50 29,392 ----a-w h:\program files\secdrv.sys
2002-08-15 01:54 358,963 ----a-w h:\program files\binkw32.dll
2002-02-02 10:02 9,039,872 ----a-w h:\program files\Fate-WT.exe
1998-11-21 00:37 6,768 ----a-w h:\documents and settings\kyo1\TMP.EXE
2005-09-16 02:26 41,573 ----a-w h:\program files\mozilla firefox\components\jar50.dll
2005-09-16 02:26 160,871 ----a-w h:\program files\mozilla firefox\components\xpinstal.dll
2005-09-16 02:26 48,223 ----a-w h:\program files\mozilla firefox\components\jsd3250.dll
2005-09-16 02:26 150,912 ----a-w h:\program files\mozilla firefox\components\fullsoft.dll
2005-09-16 02:26 94,208 ----a-w h:\program files\mozilla firefox\components\BrandRes.dll
2005-09-16 02:26 8,813 ----a-w h:\program files\mozilla firefox\components\qfaservices.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-14_19.49.09.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-05-04 02:43:28 69,632 ----a-w h:\windows\ALCMTR.EXE
+ 2005-05-04 02:43:28 131,072 ----a-w h:\windows\ALCMTR.EXE
- 2003-06-14 01:23:06 50,176 ----a-w h:\windows\AppPatch\AppLoc.exe
+ 2003-06-14 01:23:06 111,616 ----a-w h:\windows\AppPatch\AppLoc.exe
- 2008-03-31 13:04:38 249,856 ------w h:\windows\eiunin21.exe
+ 2008-03-31 13:04:38 311,296 ------w h:\windows\eiunin21.exe
+ 2008-12-15 06:14:04 884,736 ----a-w h:\windows\gmer.dll
+ 2008-04-18 05:13:02 811,008 ----a-w h:\windows\gmer.exe
- 2008-01-04 06:40:32 10,134 ----a-r h:\windows\Installer\{E39041F7-6F24-439A-99BC-C2163BB1429B}\ARPPRODUCTICON.exe
+ 2008-12-15 19:09:02 10,134 ----a-r h:\windows\Installer\{E39041F7-6F24-439A-99BC-C2163BB1429B}\ARPPRODUCTICON.exe
- 2000-08-31 16:00:00 28,672 ----a-w h:\windows\NIRCMD.exe
+ 2000-08-31 16:00:00 29,696 ----a-w h:\windows\NIRCMD.exe
- 2008-12-21 03:00:40 290,816 ---ha-w h:\windows\repair\ntuser.dat
+ 2008-12-15 19:00:20 307,200 ---ha-w h:\windows\repair\ntuser.dat
- 2006-07-22 00:14:36 86,016 ----a-w h:\windows\SOUNDMAN.EXE
+ 2006-07-22 00:14:36 217,088 ----a-w h:\windows\SOUNDMAN.EXE
- 2007-06-07 06:45:00 26,112 ----a-w h:\windows\system32\Ati2mdxx.exe
+ 2007-06-07 06:45:00 87,552 ----a-w h:\windows\system32\Ati2mdxx.exe
- 2008-12-21 03:04:32 16,384 ----a-w h:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-15 19:04:06 16,384 ----a-w h:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-15 19:04:28 16,384 ----a-w h:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2008-12-21 03:04:32 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-15 19:04:06 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-15 19:04:06 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008121520081216\index.dat
- 2008-12-21 03:04:32 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-15 19:04:06 32,768 ----a-w h:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-14 06:04:16 701,440 ----a-w h:\windows\system32\dllcache\ati2mtag.sys
+ 2001-08-23 12:00:00 11,264 ----a-w h:\windows\system32\dllcache\atrace.dll
+ 2008-04-14 03:42:36 774,144 ----a-w h:\windows\system32\dllcache\setup_wm.exe
+ 2008-04-14 03:42:42 73,728 ----a-w h:\windows\system32\dllcache\wmplayer.exe
+ 2008-12-15 06:14:04 85,969 ----a-w h:\windows\system32\drivers\gmer.sys
- 2008-04-14 08:15:40 32,128 ----a-w h:\windows\system32\drivers\usbccgp.sys
+ 2008-04-14 06:15:40 32,128 ----a-w h:\windows\system32\drivers\usbccgp.sys
- 2008-12-21 02:55:56 22,780 ----a-w h:\windows\system32\emptyregdb.dat
+ 2008-12-15 18:57:56 22,780 ----a-w h:\windows\system32\emptyregdb.dat
- 2008-12-22 20:51:24 80,744 ----a-w h:\windows\system32\FNTCACHE.DAT
+ 2008-12-15 19:03:42 102,232 ----a-w h:\windows\system32\FNTCACHE.DAT
- 2007-08-10 21:38:48 166,424 ----a-w h:\windows\system32\hkcmd.exe
+ 2007-08-10 21:38:48 227,864 ----a-w h:\windows\system32\hkcmd.exe
- 2007-08-10 21:38:52 526,872 ----a-w h:\windows\system32\igfxcfg.exe
+ 2007-08-10 21:38:52 588,312 ----a-w h:\windows\system32\igfxcfg.exe
- 2007-08-10 21:38:58 137,752 ----a-w h:\windows\system32\igfxpers.exe
+ 2007-08-10 21:38:58 199,192 ----a-w h:\windows\system32\igfxpers.exe
- 2007-08-10 21:39:02 141,848 ----a-w h:\windows\system32\igfxtray.exe
+ 2007-08-10 21:39:02 203,288 ----a-w h:\windows\system32\igfxtray.exe
- 2008-12-20 10:23:12 144,792 ----a-w h:\windows\system32\java.exe
+ 2008-12-20 10:23:12 206,232 ----a-w h:\windows\system32\java.exe
- 2005-07-21 05:07:00 1,519,616 ----a-w h:\windows\system32\nwiz.exe
+ 2005-07-21 05:07:00 1,581,056 ----a-w h:\windows\system32\nwiz.exe
- 2008-12-21 03:06:26 65,982 ----a-w h:\windows\system32\perfc009.dat
+ 2008-12-15 19:26:20 65,982 ----a-w h:\windows\system32\perfc009.dat
- 2008-12-21 03:06:26 402,040 ----a-w h:\windows\system32\perfh009.dat
+ 2008-12-15 19:26:20 402,040 ----a-w h:\windows\system32\perfh009.dat
+ 2008-04-14 13:41:50 229,376 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2cqag.dll
+ 2008-04-14 13:41:50 201,728 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2dvag.dll
+ 2007-06-07 06:45:00 42,496 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2edxx.dll
+ 2007-06-07 06:09:00 49,152 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2erec.dll
+ 2007-06-07 06:45:00 118,784 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2evxx.dll
+ 2007-06-07 06:43:00 483,328 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2evxx.exe
+ 2007-06-07 06:45:00 87,552 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\Ati2mdxx.exe
+ 2008-04-14 06:04:16 701,440 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati2mtag.sys
+ 2008-04-14 13:41:52 1,888,992 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ati3duag.dll
+ 2007-06-07 06:42:00 53,248 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ATIDDC.DLL
+ 2007-06-07 06:53:00 339,968 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ATIDEMGX.dll
+ 2007-04-05 22:15:00 144,357 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atiicdxx.dat
+ 2007-06-07 06:48:00 307,200 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atiiiexx.dll
+ 2007-06-07 06:11:00 262,144 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atikvmag.dll
+ 2007-06-07 07:00:00 8,097,792 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atioglx2.dll
+ 2007-06-07 06:21:00 5,431,296 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atioglxx.dll
+ 2007-06-07 06:30:00 50,176 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atiok3x2.dll
+ 2007-06-07 06:45:00 139,264 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atipdlxx.dll
+ 2007-06-07 06:10:00 17,408 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\atitvo32.dll
+ 2001-11-09 19:01:00 24,064 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativcoxx.dll
+ 2007-06-07 06:25:00 3,107,788 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativva5x.dat
+ 2007-06-07 06:25:00 972,072 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativva6x.dat
+ 2007-06-07 06:25:00 3,107,788 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativvaxx.dat
+ 2008-04-14 13:41:52 516,768 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\ativvaxx.dll
+ 2007-06-07 06:45:00 118,784 ----a-w h:\windows\system32\ReinstallBackups\0006\DriverFiles\Oemdspif.dll
+ 2007-06-07 06:04:00 368,640 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2cqag.dll
+ 2007-06-07 06:52:00 268,288 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2dvag.dll
+ 2007-06-07 06:45:00 42,496 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2edxx.dll
+ 2007-06-07 06:09:00 49,152 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2erec.dll
+ 2007-06-07 06:45:00 118,784 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2evxx.dll
+ 2007-06-07 06:43:00 483,328 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2evxx.exe
+ 2007-06-07 06:45:00 26,112 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\Ati2mdxx.exe
+ 2007-06-07 06:52:00 2,155,520 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati2mtag.sys
+ 2007-06-07 06:35:00 2,922,208 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ati3duag.dll
+ 2007-06-07 06:42:00 53,248 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ATIDDC.DLL
+ 2007-06-07 06:53:00 339,968 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ATIDEMGX.dll
+ 2007-04-05 22:15:00 144,357 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atiicdxx.dat
+ 2007-06-07 06:48:00 307,200 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atiiiexx.dll
+ 2007-06-07 06:11:00 262,144 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atikvmag.dll
+ 2007-06-07 07:00:00 8,097,792 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atioglx2.dll
+ 2007-06-07 06:21:00 5,431,296 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atioglxx.dll
+ 2007-06-07 06:30:00 50,176 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atiok3x2.dll
+ 2007-06-07 06:45:00 139,264 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atipdlxx.dll
+ 2007-06-07 06:10:00 17,408 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\atitvo32.dll
+ 2001-11-09 19:01:00 24,064 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativcoxx.dll
+ 2007-06-07 06:25:00 3,107,788 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativva5x.dat
+ 2007-06-07 06:25:00 972,072 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativva6x.dat
+ 2007-06-07 06:25:00 3,107,788 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativvaxx.dat
+ 2007-06-07 06:25:00 1,512,960 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\ativvaxx.dll
+ 2007-06-07 06:45:00 118,784 ----a-w h:\windows\system32\ReinstallBackups\0007\DriverFiles\Oemdspif.dll
+ 2006-01-09 17:36:06 102,400 ----a-w h:\windows\system32\swsc.exe
+ 2009-02-07 20:38:42 16,384 ----a-w h:\windows\temp\Perflib_Perfdata_57c.dat
+ 2009-02-07 20:38:42 16,384 ----a-w h:\windows\temp\Perflib_Perfdata_5a0.dat
+ 2001-08-23 12:00:00 921,088 ----a-w h:\windows\WinSxS\InstallTemp\112373\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtiTrayTools"="h:\program files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 521128]
"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IDMan"="l:\internet download manager\IDMan.exe" [2008-12-26 2651568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="h:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"IMEKRMIG6.1"="h:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]
"VC6Player"="h:\program files\HHVcdV6Sys\VC6Play.exe" [2004-06-15 245760]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 198040]
"Ptipbmf"="ptipbmf.dll" [2003-06-19 h:\windows\system32\ptipbmf.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 h:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="h:\windows\system32\tscupgrd.exe" [BU]

h:\documents and settings\kyo1\Start Menu\Programs\Startup\
MagicDisc.lnk - h:\program files\MagicDisc\MagicDisc.exe [5/8/2008 7:45:57 PM 608256]

h:\documents and settings\kyo1.KYO\Start Menu\Programs\Startup\
MagicDisc.lnk - h:\program files\MagicDisc\MagicDisc.exe [5/8/2008 7:45:57 PM 608256]

h:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - h:\program files\eBoostr\eBoostrCP.exe [12/25/2007 10:19:14 AM 695944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)
"MaxRecentDocs"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 h:\progra~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-03 03:03 176128 h:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain

[HKLM\~\startupfolder\H:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=h:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=h:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\H:^Documents and Settings^kyo1.KYO^Start Menu^Programs^Startup^MagicDisc.lnk]
path=h:\documents and settings\kyo1.KYO\Start Menu\Programs\Startup\MagicDisc.lnk
backup=h:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
\ [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-12-13 15:30 58992 h:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:42 15360 h:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 03:48 219032 h:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 06:08 197576 h:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
--a------ 2007-04-08 09:44 303104 h:\program files\Essentials Codec Pack\update.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-07-28 22:35 156165 h:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
--a------ 2005-09-09 19:09 1537648 h:\program files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-07-20 21:07 86016 h:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-01-20 00:05 217088 h:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--ahs---- 2008-07-28 18:04 2097664 h:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 131072 h:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2003-03-19 22:21 1855488 h:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-07-20 21:07 1581056 h:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
-ra------ 2003-06-19 23:06 118784 h:\windows\system32\ptipbmf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RawOs]
--a------ 2008-04-14 03:42 155648 h:\windows\system32\wscript.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-09-12 16:58 16264192 h:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-07-21 16:14 217088 h:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 17:56 24576 h:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"CiSvc"=3 (0x3)
"srservice"=2 (0x2)
"Schedule"=2 (0x2)
"wuauserv"=2 (0x2)
"ewido anti-spyware 4.0 guard"=2 (0x2)
"UPS"=3 (0x3)
"WZCSVC"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"ImapiService"=3 (0x3)
"NVSvc"=2 (0x2)
"aspnet_state"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"AntiVirMailService"=2 (0x2)
"AVEService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"f:\\Medal of Honor Pacific Assault\\mohpa.exe"=
"h:\\WINDOWS\\system32\\wscntfy.exe"=
"h:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"t:\\NOOB_KILLER_JUC.SOH.FUST.KG.Leerz.u\\NOOB.KILLER.leerz.exe"=
"h:\\WINDOWS\\system32\\taskmgr.exe"=
"h:\\Program Files\\Ray Adams\\ATI Tray Tools\\atitray.exe"=
"l:\\Internet Download Manager\\IEMonitor.exe"=
"l:\\Internet Download Manager\\IDMan.exe"=
"h:\\Program Files\\Virtual CD v6\\System\\VC6Tray.exe"=
"h:\\Program Files\\Stardock\\Object Desktop\\WindowBlinds\\wbload.exe"=
"h:\\Program Files\\eBoostr\\eBoostrCP.exe"=
"h:\\Program Files\\HHVcdV6Sys\\VC6Play.exe"=
"h:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"l:\\KOEI\\Dynasty Warriors 6\\DW6_WIN..exe"=
"h:\\WINDOWS\\SOUNDMAN.EXE"=
"h:\\PROGRA~1\\MAGICD~1\\MAGICD~1.EXE"=
"h:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 eBoost;eBoostr caching filter driver;h:\windows\system32\drivers\EBoost.sys [12/25/2007 10:19:18 AM 72840]
R1 atitray;atitray;h:\program files\Ray Adams\ATI Tray Tools\atitray.sys [5/22/2007 1:04:54 AM 18088]
R2 EBOOSTRSVC;eBoostr Service;h:\program files\eBoostr\EBstrSvc.exe [12/25/2007 10:19:18 AM 814728]
R3 aic32p;aic32p;\??\h:\windows\system32\drivers\lnmmqn.sys --> h:\windows\system32\drivers\lnmmqn.sys [?]
R3 padenum;Enumerador de dispositivos de NTPAD;h:\windows\system32\drivers\padenum.sys [2/21/2000 11:07:27 AM 10624]
R3 PsxPortEnumerator;Psx Port Enumerator;h:\windows\system32\drivers\psxenum.sys [8/26/2008 8:13:41 PM 16896]
R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;h:\windows\system32\drivers\cmusbser.sys [12/26/2008 5:15:55 PM 97408]
S3 avfwim;AvFw Packet Filter Miniport;h:\windows\system32\DRIVERS\avfwim.sys --> h:\windows\system32\DRIVERS\avfwim.sys [?]
S3 PSXGamepadEnabler;Psx Hid to Gamepad Port Enabler;h:\windows\system32\drivers\psxpad.sys [8/26/2008 8:13:41 PM 12160]
S3 VendorJoystickEnabler;Driver para joystick paralelo de consola;h:\windows\system32\drivers\NTPAD.sys [2/21/2000 11:07:27 AM 20992]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATI_HOTKEY_POLLER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4a1689c-d3b3-11dd-a001-d601c0b82d16}]
\Shell\AutoRun\command - p:\.\ShowModem.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-23 h:\windows\Tasks\XoftSpySE.job
- h:\program files\XoftSpySE\XoftSpy.exe []

2009-02-07 h:\windows\Tasks\XoftSpySE 2.job
- h:\program files\XoftSpySE\XoftSpy.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Download all links with IDM - l:\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - l:\internet download manager\IEGetVL.htm
IE: Download with IDM - l:\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{85e1f530-48f4-11d9-9629-08ff2ffc9f67}
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 12:39:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3929224f-24c8-4a83-8013-9dc820bec416}]
@Denied: (Full) (Everyone)
"Model"=dword:00000169
"Therad"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):6b,9c,25,27,e4,dd,db,ab,e1,2a,14,a0,86,ab,f4,8a,30,56,53,b7,a1,
83,97,54,fe,fb,31,2d,94,ea,98,9f,70,95,2f,08,9c,16,b4,54,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):14,81,58,da,bb,2b,62,36,ea,b3,e6,7d,64,33,bb,e3,68,b1,0c,a6,c2,
57,d8,7a,6e,30,cf,e6,27,79,23,fa,15,62,0a,87,a1,f3,20,0b,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{95add45d-3634-4363-9fc7-cd22b378c88b}]
@Denied: (Full) (Everyone)
"Model"=dword:0000015d
"Therad"=dword:00000016
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
h:\windows\system32\Ati2evxx.dll
h:\progra~1\STARDOCK\OBJECT~1\WINDOW~1\fastload.dll
h:\progra~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
.
------------------------ Other Running Processes ------------------------
.
h:\windows\SYSTEM32\SAVEDUMP.EXE
h:\windows\SYSTEM32\GEARSEC.EXE
h:\program files\JAVA\JRE6\BIN\JQS.EXE
h:\program files\HHVCDV6SYS\VC6SECS.EXE
h:\windows\SYSTEM32\WSCNTFY.EXE
l:\internet download manager\IEMonitor.exe
h:\program files\Virtual CD v6\System\VC6Tray.exe
.
**************************************************************************
.
Completion time: 2009-02-07 12:41:11 - machine was rebooted
ComboFix4.txt 2008-12-13 05:13:04
ComboFix-quarantined-files.txt 2009-02-07 20:41:10
ComboFix3.txt 2008-12-15 03:49:34
ComboFix2.txt 2008-12-15 02:43:42

Pre-Run: 2,564,517,888 bytes free
Post-Run: 1,523,736,576 bytes free

406

i even tried OTScanit heres the log

CODE
OTScanIt2 logfile created on: 2/7/2009 12:48:30 PM - Run 3
OTScanIt2 by OldTimer - Version 1.0.7.1 Folder = L:\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 601.47 Mb Available Physical Memory | 58.85% Memory free
2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.07% Paging File free
Paging file location(s): h:\pagefile.sys 1536 2971;

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive C: | 17.57 Gb Total Space | 0.07 Gb Free Space | 0.41% Space Free | Partition Type: FAT32
Drive D: | 9.77 Gb Total Space | 0.24 Gb Free Space | 2.44% Space Free | Partition Type: FAT32
Drive E: | 17.56 Gb Total Space | 2.04 Gb Free Space | 11.63% Space Free | Partition Type: FAT32
Drive F: | 39.36 Gb Total Space | 0.34 Gb Free Space | 0.85% Space Free | Partition Type: FAT32
Drive G: | 9.76 Gb Total Space | 0.25 Gb Free Space | 2.56% Space Free | Partition Type: FAT32
Drive H: | 17.69 Gb Total Space | 1.45 Gb Free Space | 8.20% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive J: | 27.49 Gb Total Space | 0.17 Gb Free Space | 0.62% Space Free | Partition Type: NTFS
Drive L: | 37.28 Gb Total Space | 21.05 Gb Free Space | 56.47% Space Free | Partition Type: NTFS
Drive N: | 9.77 Gb Total Space | 0.31 Gb Free Space | 3.18% Space Free | Partition Type: NTFS
Drive R: | 1.92 Gb Total Space | 0.68 Gb Free Space | 35.32% Space Free | Partition Type: FAT32
Drive T: | 3.84 Gb Total Space | 1.89 Gb Free Space | 49.31% Space Free | Partition Type: FAT32

Computer Name: KYO
Current User Name: kyo1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

[Processes - All]
atitray.exe -> %ProgramFiles%\Ray Adams\ATI Tray Tools\atitray.exe -> [2007/05/22 01:04:58 | 00,521,128 | ---- | M | MD5 = C88C118F98EDA0E891796BA07545AB58] (Ray Adams)
csrss.exe -> %SystemRoot%\system32\csrss.exe -> [2008/04/14 03:42:16 | 00,006,144 | ---- | M | MD5 = 44F275C64738EA2056E3D9580C23B60F] (Microsoft Corporation)
ctfmon.exe -> %SystemRoot%\system32\ctfmon.exe -> [2008/04/14 03:42:18 | 00,015,360 | ---- | M | MD5 = 5F1D5F88303D4A4DBC8E5F97BA967CC3] (Microsoft Corporation)
eboostrcp.exe -> %ProgramFiles%\eBoostr\eBoostrCP.exe -> [2007/12/30 04:23:26 | 00,695,944 | ---- | M | MD5 = 968A693FF98B992C87E0854B30F4F148] (eBoostr.com)
ebstrsvc.exe -> %ProgramFiles%\eBoostr\EBstrSvc.exe -> [2007/12/30 03:59:14 | 00,814,728 | ---- | M | MD5 = 8FA2F1AD7A05961B4F507EC4AACA162B] ()
explorer.exe -> %SystemRoot%\explorer.exe -> [2008/04/14 03:42:20 | 01,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2008/07/28 23:13:08 | 06,772,741 | ---- | M | MD5 = 001621459C0351D99462B82DCB0A9010] (Mozilla)
gearsec.exe -> %SystemRoot%\System32\GEARSec.exe -> [2005/09/09 19:09:10 | 00,053,248 | ---- | M | MD5 = B6E01969246FCB67470E87E6957EE147] (GEAR Software)
idman.exe -> L:\Internet Download Manager\IDMan.exe -> [2008/12/26 18:39:07 | 02,651,568 | ---- | M | MD5 = C441FE748ED3AD73BCC96FC3BFF34B84] (Tonec Inc.)
iemonitor.exe -> L:\Internet Download Manager\IEMonitor.exe -> [2007/02/19 06:53:54 | 00,251,576 | ---- | M | MD5 = E732348FE3A96496D1215A215173577A] (Tonec Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/20 02:23:12 | 00,152,984 | ---- | M | MD5 = 32192B4EBE8720ED8D49A455C962CB91] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/20 02:23:12 | 00,198,040 | ---- | M | MD5 = 42B35369616EBB5DF58268675CFC09EF] (Sun Microsystems, Inc.)
lsass.exe -> %SystemRoot%\system32\lsass.exe -> [2008/04/14 03:42:26 | 00,013,312 | ---- | M | MD5 = BF2466B3E18E970D8A976FB95FC1CA85] (Microsoft Corporation)
magicdisc.exe -> %ProgramFiles%\MagicDisc\MagicDisc.exe -> [2008/02/18 17:32:32 | 00,608,256 | ---- | M | MD5 = 425B5F31BDD604888505393D93F4F6DD] (MagicISO, Inc.)
otscanit2.exe -> L:\OTScanIt2\OTScanIt2.exe -> [2009/01/26 12:13:22 | 00,485,376 | ---- | M | MD5 = 3D02CF885C7951FABCA124D35041CB92] (OldTimer Tools)
rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> [2006/09/12 16:58:14 | 16,264,192 | ---- | M | MD5 = 692733BE9E923044CEBC96CF882CCEBE] (Realtek Semiconductor Corp.)
services.exe -> %SystemRoot%\system32\services.exe -> [2008/04/14 03:42:36 | 00,108,544 | ---- | M | MD5 = 0E776ED5F7CC9F94299E70461B7B8185] (Microsoft Corporation)
smss.exe -> %SystemRoot%\System32\smss.exe -> [2008/04/14 03:42:38 | 00,050,688 | ---- | M | MD5 = 5F816C1F539266D2D4C78694239DA0B5] (Microsoft Corporation)
spoolsv.exe -> %SystemRoot%\system32\spoolsv.exe -> [2008/04/14 03:42:38 | 00,057,856 | ---- | M | MD5 = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\rpcss.dll [DcomLaunch] -> [2008/04/14 03:42:06 | 00,399,360 | ---- | M | MD5 = 2589FE6015A316C0F5D5112B4DA7B509] (Microsoft Corporation)
-> %SystemRoot%\System32\termsrv.dll [TermService] -> [2008/04/14 05:42:08 | 00,295,424 | ---- | M | MD5 = FF3477C03BE7201C294C35F684B3479F] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
-> %SystemRoot%\System32\ipnathlp.dll [SharedAccess] -> [2008/04/14 03:41:56 | 00,331,264 | ---- | M | MD5 = 83F41D0D89645D7235C051AB1D9523AC] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\System32\rpcss.dll [RpcSs] -> [2008/04/14 03:42:06 | 00,399,360 | ---- | M | MD5 = 2589FE6015A316C0F5D5112B4DA7B509] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
svchost.exe -> %SystemRoot%\system32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\system32\alrsvc.dll [Alerter] -> [2008/04/14 03:41:50 | 00,017,408 | ---- | M | MD5 = A9A3DAA780CA6C9671A19D52456705B4] (Microsoft Corporation)
-> %SystemRoot%\System32\lmhsvc.dll [LmHosts] -> [2008/04/14 03:41:58 | 00,013,824 | ---- | M | MD5 = A7DB739AE99A796D91580147E919CC59] (Microsoft Corporation)
-> %SystemRoot%\system32\regsvc.dll [RemoteRegistry] -> [2008/04/14 03:42:06 | 00,059,904 | ---- | M | MD5 = 5B19B557B0C188210A56A6B699D90B8F] (Microsoft Corporation)
-> %SystemRoot%\System32\ssdpsrv.dll [SSDPSRV] -> [2008/04/14 03:42:08 | 00,071,680 | ---- | M | MD5 = 0A5679B3714EDAB99E357057EE88FCA6] (Microsoft Corporation)
-> %SystemRoot%\System32\upnphost.dll [upnphost] -> [2008/04/14 03:42:10 | 00,185,856 | ---- | M | MD5 = 1EBAFEB9A3FBDC41B8D9C7F0F687AD91] (Microsoft Corporation)
-> %SystemRoot%\System32\webclnt.dll [WebClient] -> [2008/04/14 03:42:10 | 00,068,096 | ---- | M | MD5 = 77A354E28153AD2D5E120A5A8687BC06] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
svchost.exe -> %SystemRoot%\System32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\System32\appmgmts.dll [AppMgmt] -> [2008/04/14 03:41:50 | 00,167,936 | ---- | M | MD5 = D8849F77C0B66226335A59D26CB4EDC6] (Microsoft Corporation)
-> %SystemRoot%\System32\audiosrv.dll [AudioSrv] -> [2008/04/14 03:41:52 | 00,042,496 | ---- | M | MD5 = DEF7A7882BEC100FE0B2CE2549188F9D] (Microsoft Corporation)
-> %SystemRoot%\system32\qmgr.dll [BITS] -> [2008/04/14 05:42:04 | 00,409,088 | ---- | M | MD5 = 574738F61FCA2935F5265DC4E5691314] (Microsoft Corporation)
-> %SystemRoot%\System32\browser.dll [Browser] -> [2008/04/14 03:41:52 | 00,077,824 | ---- | M | MD5 = A06CE3399D16DB864F55FAEB1F1927A9] (Microsoft Corporation)
-> %SystemRoot%\System32\cryptsvc.dll [CryptSvc] -> [2008/04/14 03:41:52 | 00,062,464 | ---- | M | MD5 = 3D4E199942E29207970E04315D02AD3B] (Microsoft Corporation)
-> %SystemRoot%\System32\dhcpcsvc.dll [Dhcp] -> [2008/04/14 03:41:52 | 00,126,976 | ---- | M | MD5 = 5E38D7684A49CACFB752B046357E0589] (Microsoft Corporation)
-> %SystemRoot%\System32\dmserver.dll [dmserver] -> [2008/04/14 03:41:54 | 00,023,552 | ---- | M | MD5 = 57EDEC2E5F59F0335E92F35184BC8631] (Microsoft Corp.)
-> %SystemRoot%\System32\ersvc.dll [ERSvc] -> [2008/04/14 03:41:54 | 00,023,040 | ---- | M | MD5 = BC93B4A066477954555966D77FEC9ECB] (Microsoft Corporation)
-> %SystemRoot%\system32\es.dll [EventSystem] -> [2008/04/14 03:41:54 | 00,246,272 | ---- | M | MD5 = 19A799805B24990867B00C120D300C3A] (Microsoft Corporation)
-> %SystemRoot%\System32\shsvcs.dll [FastUserSwitchingCompatibility] -> [2008/04/14 03:42:06 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> [2008/04/14 05:42:04 | 00,038,400 | ---- | M | MD5 = 4FCCA060DFE0C51A09DD5C3843888BCD] (Microsoft Corporation)
-> %SystemRoot%\System32\hidserv.dll [HidServ] -> File not found
-> %SystemRoot%\System32\kmsvc.dll [hkmsvc] -> [2008/04/14 03:41:58 | 00,061,440 | ---- | M | MD5 = 8878BD685E490239777BFE51320B88E9] (Microsoft Corporation)
-> %SystemRoot%\System32\irmon.dll [Irmon] -> [2008/04/14 05:41:56 | 00,028,160 | ---- | M | MD5 = 49CC4533CE897CB2E93C1E84A818FDE5] (Microsoft Corporation)
-> %SystemRoot%\System32\srvsvc.dll [LanmanServer] -> [2008/04/14 03:42:08 | 00,096,768 | ---- | M | MD5 = F385F4B02C535BFFE1D70CAB80838123] (Microsoft Corporation)
-> %SystemRoot%\System32\wkssvc.dll [lanmanworkstation] -> [2008/04/14 03:42:10 | 00,132,096 | ---- | M | MD5 = 1B67B632786FEF1C1BBAEF46C2F3F2E6] (Microsoft Corporation)
-> %SystemRoot%\System32\msgsvc.dll [Messenger] -> [2008/04/14 03:42:00 | 00,033,792 | ---- | M | MD5 = 986B1FF5814366D71E0AC5755C88F2D3] (Microsoft Corporation)
-> %SystemRoot%\System32\qagentrt.dll [napagent] -> [2008/04/14 03:42:04 | 00,291,328 | ---- | M | MD5 = 0102140028FAD045756796E1C685D695] (Microsoft Corporation)
-> %SystemRoot%\System32\netman.dll [Netman] -> [2008/04/14 03:42:02 | 00,198,144 | ---- | M | MD5 = 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE] (Microsoft Corporation)
-> %SystemRoot%\System32\mswsock.dll [Nla] -> [2008/04/14 03:42:02 | 00,245,248 | ---- | M | MD5 = B4138E99236F0F57D4CF49BAE98A0746] (Microsoft Corporation)
-> %SystemRoot%\system32\ntmssvc.dll [NtmsSvc] -> [2008/04/14 03:42:04 | 00,435,200 | ---- | M | MD5 = 156F64A3345BD23C600655FB4D10BC08] (Microsoft Corporation)
-> %SystemRoot%\System32\rasauto.dll [RasAuto] -> [2008/04/14 03:42:04 | 00,088,576 | ---- | M | MD5 = AD188BE7BDF94E8DF4CA0A55C00A5073] (Microsoft Corporation)
-> %SystemRoot%\System32\rasmans.dll [RasMan] -> [2008/04/14 03:42:04 | 00,186,368 | ---- | M | MD5 = 76A9A3CBEADD68CC57CDA5E1D7448235] (Microsoft Corporation)
-> %SystemRoot%\System32\mprdim.dll [RemoteAccess] -> [2008/04/14 03:41:58 | 00,053,248 | ---- | M | MD5 = 7E699FF5F59B5D9DE5390E3C34C67CF5] (Microsoft Corporation)
-> %SystemRoot%\system32\schedsvc.dll [Schedule] -> [2008/04/14 05:42:06 | 00,192,512 | ---- | M | MD5 = 0A9A7365A1CA4319AA7C1D6CD8E4EAFA] (Microsoft Corporation)
-> %SystemRoot%\System32\seclogon.dll [seclogon] -> [2008/04/14 03:42:06 | 00,018,944 | ---- | M | MD5 = CBE612E2BB6A10E3563336191EDA1250] (Microsoft Corporation)
-> %SystemRoot%\system32\sens.dll [SENS] -> [2008/04/14 03:42:06 | 00,039,424 | ---- | M | MD5 = 7FDD5D0684ECA8C1F68B4D99D124DCD0] (Microsoft Corporation)
-> %SystemRoot%\System32\ipnathlp.dll [SharedAccess] -> [2008/04/14 03:41:56 | 00,331,264 | ---- | M | MD5 = 83F41D0D89645D7235C051AB1D9523AC] (Microsoft Corporation)
-> %SystemRoot%\System32\shsvcs.dll [ShellHWDetection] -> [2008/04/14 03:42:06 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\system32\srsvc.dll [srservice] -> [2008/04/14 05:42:08 | 00,171,008 | ---- | M | MD5 = 3805DF0AC4296A34BA4BF93B346CC378] (Microsoft Corporation)
-> %SystemRoot%\System32\tapisrv.dll [TapiSrv] -> [2008/04/14 03:42:08 | 00,249,856 | ---- | M | MD5 = 3CB78C17BB664637787C9A1C98F79C38] (Microsoft Corporation)
-> %SystemRoot%\System32\shsvcs.dll [Themes] -> [2008/04/14 03:42:06 | 00,135,168 | ---- | M | MD5 = 1926899BF9FFE2602B63074971700412] (Microsoft Corporation)
-> %SystemRoot%\system32\trkwks.dll [TrkWks] -> [2008/04/14 03:42:08 | 00,090,112 | ---- | M | MD5 = 55BCA12F7F523D35CA3CB833C725F54E] (Microsoft Corporation)
-> %SystemRoot%\system32\w32time.dll [W32Time] -> [2008/04/14 03:42:10 | 00,175,104 | ---- | M | MD5 = 54AF4B1D5459500EF0937F6D33B1914F] (Microsoft Corporation)
-> %SystemRoot%\system32\wbem\WMIsvc.dll [winmgmt] -> [2008/04/14 05:42:10 | 00,144,896 | ---- | M | MD5 = 2D0E4ED081963804CCC196A0929275B5] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
-> %SystemRoot%\System32\advapi32.dll [Wmi] -> [2008/04/14 03:41:50 | 00,617,472 | ---- | M | Unable to obtain MD5] (Microsoft Corporation)
-> %SystemRoot%\system32\wscsvc.dll [wscsvc] -> [2008/04/14 03:42:12 | 00,080,896 | ---- | M | MD5 = 7C278E6408D1DCE642230C0585A854D5] (Microsoft Corporation)
-> %SystemRoot%\system32\wuauserv.dll [wuauserv] -> [2008/04/14 05:42:12 | 00,006,656 | ---- | M | MD5 = 35321FB577CDC98CE3EB3A3EB9E4610A] (Microsoft Corporation)
-> %SystemRoot%\System32\wzcsvc.dll [WZCSVC] -> [2008/04/14 03:51:44 | 00,483,840 | ---- | M | MD5 = 81DC3F549F44B1C1FFF022DEC9ECF30B] (Microsoft Corporation)
-> %SystemRoot%\System32\xmlprov.dll [xmlprov] -> [2008/04/14 03:42:12 | 00,129,024 | ---- | M | MD5 = 295D21F14C335B53CB8154E5B1F892B9] (Microsoft Corporation)
svchost.exe -> %SystemRoot%\system32\svchost.exe [H:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> [2008/04/14 03:42:38 | 00,014,336 | ---- | M | MD5 = 27C6D03BCDB8CFEB96B716F3D8BE3E18] (Microsoft Corporation)
-> %SystemRoot%\System32\dnsrslvr.dll [Dnscache] -> [2008/04/14 03:41:54 | 00,045,568 | ---- | M | MD5 = 474B4DC3983173E4B4C9740B0DAC98A6] (Microsoft Corporation)
-> [WmdmPmSp] -> File not found
usb modem.exe -> %ProgramFiles%\SmartBRO\USB Modem.exe -> [2008/07/07 13:00:26 | 03,686,400 | ---- | M | MD5 = 9421D28B7D552EC3A2A46FD42FF6F229] ()
vc6play.exe -> %ProgramFiles%\HHVcdV6Sys\VC6Play.exe -> [2004/06/15 09:24:06 | 00,245,760 | ---- | M | MD5 = D68348D15B0608CEE165876F17190ACC] (H+H Software GmbH)
vc6secs.exe -> %ProgramFiles%\HHVcdV6Sys\VC6SecS.exe -> [2004/05/07 11:38:00 | 00,098,304 | ---- | M | MD5 = 585C78B6B118699DCC8F31791C562500] (H+H Software GmbH)
vc6tray.exe -> %ProgramFiles%\Virtual CD v6\System\VC6Tray.exe -> [2004/06/10 17:00:18 | 00,258,048 | ---- | M | MD5 = 6D104E1A95F45383D02DEE88ABB5E857] (H+H Software GmbH)

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:55 AM

Posted 19 February 2009 - 01:31 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:55 AM

Posted 23 February 2009 - 11:52 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users