[InActive] Lost Admin rights to comp, getting slower..popups

arok89 · 15th October 2008

So there are other threads like this one, but i think i need to post my own scans of things...anywayas, my computer is getting slower by the day, lost all admin rights, cant get to task manager or anything, asks me to see my admin, theres only 1 account on my comp which is the admin. random popups every 10 mins, and comp is running like a turtle. What could this possibly be? i'm told to re format and dont have a windows os cd, nor the money to buy one. is there a way to just remove this? THANK YOU! in advance

(ps. i dont have hijackthis but i downloaded combofix incase i'd need it.)

**noahdfear** · 16th October 2008

Welcome to WindowsBBS arok89

Lets get a look at your system.

Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool.
At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Please post the contents of log.txt here in your next reply.

arok89 · 16th October 2008

so apparently i downloaded that MBAM thing i saw on the other thread, and ran it, it found 38 infections, deleted them, now i can get back into Ctrl-alt-Delete. Seems to have fixed everything, if i should still do what you said iwill.

what do you think

**noahdfear** · 16th October 2008

Yes, please do. There may be some leftovers.

Also, open MBAM and click the Logs tab, then view the log and post it's contents here.

arok89 · 16th October 2008

I tried to install that program, and almost at the end of the scan a popup thing came up named "Autolt Error" and said Line-1: Error: Variable used without being declared. Heres the Mbam log info below

Malwarebytes' Anti-Malware 1.28
Database version: 1274
Windows 5.1.2600 Service Pack 2

2008-10-15 17:31:04
mbam-log-2008-10-15 (17-31-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 97443
Time elapsed: 3 hour(s), 18 minute(s), 1 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 24
Registry Values Infected: 7
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 39

Memory Processes Infected:
C:\Program Files\Twain\Twain.exe (Adware.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oute rinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oina nalytics (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITO R (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\twain (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drtt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explo rer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explor er\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explor er\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System \DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Twain (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\814810 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\pcom24\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Twain\Twain.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pcom24\Application Data\S?mantec\ntvdm.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\Webtools\_webtools.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0263702.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0263703.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0263704.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0263705.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0263706.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0264817.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0264818.exe (Adware.SpeedRunner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0264820.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0264964.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\faceback.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b103.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\b104.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\b157.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rkaxfza.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_rauz.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Documents and Settings\pcom24\Local Settings\Temp\uninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\pcom24\Local Settings\Temp\61.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\OiUninstaller.exe (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\outerinfo.ico (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics\_OINAnalytics1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore\_Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\pcom24\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\pcom24\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\adsoowf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\b161.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\pcom24\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

**noahdfear** · 16th October 2008

You did save RSIT to your desktop? Please try running it again.

arok89 · 16th October 2008

There we go, here's the info in RSIT. i had jstu did open from the download, not open from desktop.

Logfile of random's system information tool 1.04 (written by random/random)
Run by pcom24 at 2008-10-15 17:49:12
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 22 GB (29%) free of 76 GB
Total RAM: 1023 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49, on 2008-10-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\?ystem32\??chost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\pcom24\APPLIC~1\SMANTE~1\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\pcom24\Desktop\RSIT.exe
C:\Program Files\trend micro\pcom24.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Fdoolnl] "C:\Program Files\Common Files\?ystem32\??chost.exe"
O4 - HKCU\..\Run: [Drtt] "C:\DOCUME~1\pcom24\APPLIC~1\SMANTE~1\ntvdm.exe" -vt yazb
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O22 - SharedTaskScheduler: geosphere - {c0ca766d-060c-48e1-b536-205e321bd174} - (no file)
O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - (no file)
O22 - SharedTaskScheduler: garcea - {eb9f614b-ea44-40d0-8829-542e4f254739} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 5218 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-11-13 62464]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-02-03 335872]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []
"Fdoolnl"=C:\Program Files\Common Files\?ystem32\??chost.exe [2008-09-30 230400]
"Drtt"=C:\DOCUME~1\pcom24\APPLIC~1\SMANTE~1\ntvdm.exe [2008-09-25 68608]

C:\Documents and Settings\pcom24\Start Menu\Programs\Startup
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-20 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Share dTaskScheduler]
geosphere - {c0ca766d-060c-48e1-b536-205e321bd174}
esperantido - {67dc0736-075a-4647-95f5-d5421b838fed}
garcea - {eb9f614b-ea44-40d0-8829-542e4f254739}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXES VC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXES VC]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSecCpl"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0
"NoDispCpl"=0
"NoDispScrSavPage"=0
"NoDispAppearancePage"=0
"NoDispSettingsPage"=0
"NoVisualStyleChoice"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]
"NoDriveTypeAutoRun"=95000000
"NoDesktop"=0
"NoActiveDesktop"=0
"HideClock"=0
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"StartmenuLogoff"=0
"NoStartMenuSubFolders"=0
"NoCommonGroups"=0
"NoPrinterTabs"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinters"=0
"NoFavoritesMenu"=0
"NoFind"=0
"NoClose"=0
"NoSetFolders"=0
"NoViewContextMenu"=0
"NoDrives"=0
"NoToolbarCustomize"=0
"NoRecentDocsNetHood"=0
"NoChangeAnimation"=0
"NoChangeKeyboardNavigationIndicators"=0
"NoThemesTab"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explo rer]
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\FarStone\GameDrivePro\MGR.exe"="C:\Program Files\FarStone\GameDrivePro\MGR.exe:*:Enabled:VirtualDrive MGR"
"C:\WINDOWS\system32\CafeAgent.EXE"="C:\WINDOWS\system32\CafeAgent.EXE:*:En abled:CafeAgent"
"C:\Program Files\World of Warcraft\WoW-1.3.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\LucasArts\Star Wars Battlefront\GameData\Battlefront.exe"="C:\Program Files\LucasArts\Star Wars Battlefront\GameData\Battlefront.exe:*:Enabled:Battlefront"
"C:\Documents and Settings\pcom24\Desktop\WoW-1.3.1-to-0.4.0-Test-enUS.exe"="C:\Documents and Settings\pcom24\Desktop\WoW-1.3.1-to-0.4.0-Test-enUS.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\pcom24\Desktop\wow-ptr-downloader2.exe"="C:\Documents and Settings\pcom24\Desktop\wow-ptr-downloader2.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1152577587\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1152577587\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1152577587\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1152577587\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2008-10-15 17:43:27 ----D---- C:\Program Files\trend micro
2008-10-15 17:43:26 ----D---- C:\rsit
2008-10-15 14:11:15 ----D---- C:\Documents and Settings\pcom24\Application Data\Malwarebytes
2008-10-15 14:11:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-15 14:11:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-15 13:35:23 ----A---- C:\WINDOWS\zip.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\VFIND.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\SWSC.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\SWREG.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\sed.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\grep.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\fdsv.exe
2008-10-15 13:35:18 ----D---- C:\WINDOWS\ERDNT
2008-10-15 13:35:18 ----D---- C:\Qoobox
2008-10-15 13:35:18 ----D---- C:\ComboFix
2008-10-15 13:35:17 ----A---- C:\WINDOWS\system32\CF3997.exe
2008-10-15 13:02:16 ----D---- C:\Program Files\Common Files\?ystem32
2008-10-15 13:00:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 12:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 12:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 12:59:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 12:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 12:58:21 ----A---- C:\WINDOWS\system32\MRT.INI
2008-10-15 10:54:31 ----N---- C:\WINDOWS\system32\jaaoni.exe
2008-10-03 19:08:52 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-10-03 19:04:39 ----D---- C:\Program Files\ATI
2008-10-02 17:15:23 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-02 12:31:56 ----D---- C:\Program Files\Electronic Arts
2008-10-02 11:26:04 ----A---- C:\DelUS.bat
2008-09-27 17:58:03 ----D---- C:\Program Files\CCleaner
2008-09-25 12:16:02 ----D---- C:\Documents and Settings\pcom24\Application Data\S?mantec
2008-09-25 12:10:58 ----SHD---- C:\WINDOWS\cGMyNA
2008-09-25 12:06:05 ----D---- C:\WINDOWS\wiou
2008-09-25 12:06:05 ----D---- C:\Program Files\Common Files\wiou
2008-09-16 23:17:13 ----D---- C:\Program Files\World of Warcraft Public Test
2008-09-16 23:16:45 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-09-10 03:09:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-08-20 18:18:16 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2008-08-18 23:35:09 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-14 19:57:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 19:57:05 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 19:56:58 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 19:56:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 19:55:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 19:55:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 19:55:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-05 14:14:13 ----A---- C:\WINDOWS\system32\ATIBRTMON.EXE
2008-07-25 10:56:45 ----D---- C:\Program Files\Bethesda Softworks
2008-07-23 22:01:23 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-07-23 22:01:18 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition

======List of files/folders modified in the last 3 months======

2008-10-15 17:43:27 ----AD---- C:\Program Files
2008-10-15 17:33:59 ----D---- C:\WINDOWS
2008-10-15 17:33:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-15 17:33:09 ----D---- C:\WINDOWS\system32\drivers
2008-10-15 17:33:09 ----D---- C:\WINDOWS\system32
2008-10-15 17:22:42 ----D---- C:\WINDOWS\Temp
2008-10-15 15:09:28 ----HD---- C:\WINDOWS\inf
2008-10-15 14:28:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 14:27:50 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-15 13:35:23 ----D---- C:\WINDOWS\Prefetch
2008-10-15 13:02:16 ----D---- C:\Program Files\Common Files
2008-10-15 13:00:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-15 12:59:59 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 10:57:45 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem.txt
2008-10-14 13:48:05 ----D---- C:\Program Files\World of Warcraft
2008-10-07 12:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-04 17:22:23 ----D---- C:\Documents and Settings\pcom24\Application Data\LimeWire
2008-10-04 13:25:19 ----D---- C:\Program Files\LimeWire
2008-10-04 10:05:47 ----SHD---- C:\WINDOWS\Installer
2008-10-03 19:04:27 ----RSD---- C:\WINDOWS\assembly
2008-10-03 19:04:04 ----D---- C:\Program Files\ATI Technologies
2008-10-03 09:36:27 ----D---- C:\WINDOWS\system32\Macromed
2008-10-03 02:28:08 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-03 01:13:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-02 14:27:07 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-02 11:44:12 ----SD---- C:\Documents and Settings\pcom24\Application Data\Microsoft
2008-10-02 11:43:30 ----D---- C:\Program Files\Common Files\Adobe
2008-10-02 11:43:03 ----D---- C:\WINDOWS\WinSxS
2008-10-02 11:39:30 ----D---- C:\Program Files\MySpace
2008-10-02 11:38:04 ----D---- C:\Documents and Settings\All Users\Application Data\Firefly Studios
2008-10-02 11:37:40 ----D---- C:\UnrealGold
2008-10-02 11:36:40 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-02 11:34:46 ----D---- C:\Program Files\Windows Live
2008-10-02 11:33:45 ----D---- C:\Program Files\HighGrow
2008-10-02 11:25:41 ----D---- C:\Program Files\Microsoft Games
2008-10-02 11:23:51 ----RSD---- C:\WINDOWS\Fonts
2008-09-27 17:04:48 ----D---- C:\Program Files\Windows Live Toolbar
2008-09-27 17:04:28 ----SD---- C:\WINDOWS\Tasks
2008-09-26 13:27:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-26 12:56:12 ----D---- C:\WINDOWS\network diagnostic
2008-09-23 18:05:30 ----A---- C:\WINDOWS\system.ini
2008-09-04 14:06:36 ----D---- C:\WINDOWS\Help
2008-08-20 21:05:00 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-08-20 19:19:26 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-20 19:18:07 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-08-20 19:08:14 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2008-08-20 19:08:02 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2008-08-20 19:07:54 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-20 19:07:45 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2008-08-20 19:07:28 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2008-08-20 19:05:57 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2008-08-20 19:04:38 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2008-08-20 19:01:09 ----A---- C:\WINDOWS\system32\atioglxx.dll
2008-08-20 18:55:23 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-08-20 18:50:05 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2008-08-20 18:38:24 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-08-20 18:23:32 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2008-08-20 18:19:36 ----A---- C:\WINDOWS\system32\atikvmag.dll
2008-08-20 18:18:06 ----A---- C:\WINDOWS\system32\atitvo32.dll
2008-08-20 18:17:29 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2008-08-20 18:11:43 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-08-18 23:35:09 ----D---- C:\WINDOWS\Debug
2008-08-15 15:18:28 ----D---- C:\Program Files\Internet Explorer
2008-08-14 19:57:07 ----D---- C:\Program Files\Messenger
2008-08-14 03:00:45 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 02:22:13 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-10 22:26:20 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 21:17:27 ----D---- C:\Program Files\Windows Media Player
2008-07-24 23:23:50 ----D---- C:\WINDOWS\system32\DirectX
2008-07-23 22:02:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-11-13 391680]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-11-13 481596]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-20 3299840]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 Passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys [2008-10-15 102272]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 dump_wmimmc;dump_wmimmc; \??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 ms6823;IEEE802.11b Wireless USB Adapter; C:\WINDOWS\system32\DRIVERS\ms6823.sys [2004-06-10 55168]
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINDOWS\system32\DRIVERS\NetMotCM.sys [2004-09-29 15360]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-10-11 18944]
S3 XDva098;XDva098; \??\C:\WINDOWS\system32\XDva098.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-20 573440]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-02-26 307200]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-10-11 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

arok89 · 16th October 2008

Now i tried posting the info twice, and nothing shows? it said has to wait untill a moderator approves or something... But i did get it to work.

**noahdfear** · 16th October 2008

There should be a log at C:\ComboFix.txt
Please post it here.

arok89 · 16th October 2008

i never ran the combofix, should i? i cant find a text log in the C:/ folder, i'm assuming its cuz i never scanned with it

**noahdfear** · 16th October 2008

These files in your log tell me that you did.

2008-10-15 13:35:23 ----A---- C:\WINDOWS\zip.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\VFIND.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\SWSC.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\SWREG.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\sed.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\grep.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\fdsv.exe
2008-10-15 13:35:18 ----D---- C:\WINDOWS\ERDNT
2008-10-15 13:35:18 ----D---- C:\Qoobox
2008-10-15 13:35:18 ----D---- C:\ComboFix
2008-10-15 13:35:17 ----A---- C:\WINDOWS\system32\CF3997.exe

None of those files would be present on your system if you hadn't run it.

arok89 · 16th October 2008

ah okay, well i tried to scan it before, and it said i didnt have some recovery thing, that it would be in my best interest to download it, and i just exited out, but just now i did it again, and went through it, and after it tried to updatye and failed, continued normally, etc etc, and now is done. i exited. i'll look again for a log in c:/

arok89 · 16th October 2008

okay i see in C:/ theres a Combofix folder sorry about the confusion, lead me from here

thanks

**noahdfear** · 16th October 2008

If ComboFix ran to conclusion, there will be a txt file named ComboFix.txt in C: as well. If it's not present, open the C:\Qoobox folder and see if there is a log named ComboFix-quarantined-files.txt and post it.

arok89 · 16th October 2008

neither are present, i may have done something wrong, anyways to re scan? if not, what can i do from here? Thanks for your patience