Inactive [InActive] Lost Admin rights to comp, getting slower..popups

So there are other threads like this one, but i think i need to post my own scans of things...anywayas, my computer is getting slower by the day, lost all admin rights, cant get to task manager or anything, asks me to see my admin, theres only 1 account on my comp which is the admin. random popups every 10 mins, and comp is running like a turtle. What could this possibly be? i'm told to re format and dont have a windows os cd, nor the money to buy one. is there a way to just remove this? THANK YOU! in advance (ps. i dont have hijackthis but i downloaded combofix incase i'd need it.)

 

Welcome to WindowsBBS arok89

Lets get a look at your system.

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool.
• At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Please post the contents of log.txt here in your next reply.

 

fixed it?

so apparently i downloaded that MBAM thing i saw on the other thread, and ran it, it found 38 infections, deleted them, now i can get back into Ctrl-alt-Delete. Seems to have fixed everything, if i should still do what you said iwill. what do you think

 

Yes, please do. There may be some leftovers.

Also, open MBAM and click the Logs tab, then view the log and post it's contents here.

 

Error?

I tried to install that program, and almost at the end of the scan a popup thing came up named "Autolt Error" and said Line-1: Error: Variable used without being declared. Heres the Mbam log info below


Malwarebytes' Anti-Malware 1.28
Database version: 1274
Windows 5.1.2600 Service Pack 2

2008-10-15 17:31:04
mbam-log-2008-10-15 (17-31-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 97443
Time elapsed: 3 hour(s), 18 minute(s), 1 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 24
Registry Values Infected: 7
Registry Data Items Infected: 3
Folders Infected: 10
Files Infected: 39

Memory Processes Infected:
C:\Program Files\Twain\Twain.exe (Adware.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oinanalytics (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\twain (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drtt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Twain (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\814810 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\pcom24\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Twain\Twain.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\pcom24\Application Data\S?mantec\ntvdm.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\Webtools\_webtools.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0263702.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0263703.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0263704.dll (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0263705.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0263706.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0264817.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0264818.exe (Adware.SpeedRunner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0264820.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A51E2C1C-4E58-48F4-A925-670C9E333378}\RP776\A0264964.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\faceback.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b103.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\b104.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\b157.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rkaxfza.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_rauz.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Documents and Settings\pcom24\Local Settings\Temp\uninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\pcom24\Local Settings\Temp\61.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\OiUninstaller.exe (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\outerinfo.ico (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics\_OINAnalytics1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore\_Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\pcom24\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\pcom24\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\adsoowf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\b161.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\pcom24\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

 

You did save RSIT to your desktop? Please try running it again.

 

got it that time

There we go, here's the info in RSIT. i had jstu did open from the download, not open from desktop.




Logfile of random's system information tool 1.04 (written by random/random)
Run by pcom24 at 2008-10-15 17:49:12
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 22 GB (29%) free of 76 GB
Total RAM: 1023 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49, on 2008-10-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\?ystem32\??chost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\pcom24\APPLIC~1\SMANTE~1\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\pcom24\Desktop\RSIT.exe
C:\Program Files\trend micro\pcom24.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Fdoolnl] "C:\Program Files\Common Files\?ystem32\??chost.exe "
O4 - HKCU\..\Run: [Drtt] "C:\DOCUME~1\pcom24\APPLIC~1\SMANTE~1\ntvdm.exe" -vt yazb
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: geosphere - {c0ca766d-060c-48e1-b536-205e321bd174} - (no file)
O22 - SharedTaskScheduler: esperantido - {67dc0736-075a-4647-95f5-d5421b838fed} - (no file)
O22 - SharedTaskScheduler: garcea - {eb9f614b-ea44-40d0-8829-542e4f254739} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 5218 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan "=C:\WINDOWS\SOUNDMAN.EXE [2003-11-13 62464]
"ATIPTA "=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-02-03 335872]
"Adobe Photo Downloader "=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe []
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"StartCCC "=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MsnMsgr "=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"BitTorrent "=C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []
"Fdoolnl "=C:\Program Files\Common Files\?ystem32\??chost.exe [2008-09-30 230400]
"Drtt "=C:\DOCUME~1\pcom24\APPLIC~1\SMANTE~1\ntvdm.exe [2008-09-25 68608]

C:\Documents and Settings\pcom24\Start Menu\Programs\Startup
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-20 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
geosphere - {c0ca766d-060c-48e1-b536-205e321bd174}
esperantido - {67dc0736-075a-4647-95f5-d5421b838fed}
garcea - {eb9f614b-ea44-40d0-8829-542e4f254739}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSecCpl "=0
"DisableChangePassword "=0
"DisableLockWorkstation "=0
"NoDispCpl "=0
"NoDispScrSavPage "=0
"NoDispAppearancePage "=0
"NoDispSettingsPage "=0
"NoVisualStyleChoice "=0
"DisableTaskMgr "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=95000000
"NoDesktop "=0
"NoActiveDesktop "=0
"HideClock "=0
"NoStartMenuPinnedList "=0
"NoStartMenuMFUprogramsList "=0
"NoUserNameInStartMenu "=0
"StartmenuLogoff "=0
"NoStartMenuSubFolders "=0
"NoCommonGroups "=0
"NoPrinterTabs "=0
"NoDeletePrinter "=0
"NoAddPrinter "=0
"NoPrinters "=0
"NoFavoritesMenu "=0
"NoFind "=0
"NoClose "=0
"NoSetFolders "=0
"NoViewContextMenu "=0
"NoDrives "=0
"NoToolbarCustomize "=0
"NoRecentDocsNetHood "=0
"NoChangeAnimation "=0
"NoChangeKeyboardNavigationIndicators "=0
"NoThemesTab "=0
"NoFolderOptions "=0
"NoRun "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\FarStone\GameDrivePro\MGR.exe "= "C:\Program Files\FarStone\GameDrivePro\MGR.exe:*:Enabled:VirtualDrive MGR "
"C:\WINDOWS\system32\CafeAgent.EXE "= "C:\WINDOWS\system32\CafeAgent.EXE:*:Enabled:CafeAgent "
"C:\Program Files\World of Warcraft\WoW-1.3.0-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.3.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\LucasArts\Star Wars Battlefront\GameData\Battlefront.exe "= "C:\Program Files\LucasArts\Star Wars Battlefront\GameData\Battlefront.exe:*:Enabled:Battlefront "
"C:\Documents and Settings\pcom24\Desktop\WoW-1.3.1-to-0.4.0-Test-enUS.exe "= "C:\Documents and Settings\pcom24\Desktop\WoW-1.3.1-to-0.4.0-Test-enUS.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Documents and Settings\pcom24\Desktop\wow-ptr-downloader2.exe "= "C:\Documents and Settings\pcom24\Desktop\wow-ptr-downloader2.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\Common Files\AOL\1152577587\ee\aolsoftware.exe "= "C:\Program Files\Common Files\AOL\1152577587\ee\aolsoftware.exe:*:Enabled:AOL Services "
"C:\Program Files\Common Files\AOL\1152577587\ee\aim6.exe "= "C:\Program Files\Common Files\AOL\1152577587\ee\aim6.exe:*:Enabled:AIM "
"C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe "= "C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\WINDOWS\Explorer.EXE "= "C:\WINDOWS\Explorer.EXE:*:Enabled:ENABLE "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

======List of files/folders created in the last 3 months======

2008-10-15 17:43:27 ----D---- C:\Program Files\trend micro
2008-10-15 17:43:26 ----D---- C:\rsit
2008-10-15 14:11:15 ----D---- C:\Documents and Settings\pcom24\Application Data\Malwarebytes
2008-10-15 14:11:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-15 14:11:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-15 13:35:23 ----A---- C:\WINDOWS\zip.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\VFIND.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\SWSC.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\SWREG.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\sed.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\grep.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\fdsv.exe
2008-10-15 13:35:18 ----D---- C:\WINDOWS\ERDNT
2008-10-15 13:35:18 ----D---- C:\Qoobox
2008-10-15 13:35:18 ----D---- C:\ComboFix
2008-10-15 13:35:17 ----A---- C:\WINDOWS\system32\CF3997.exe
2008-10-15 13:02:16 ----D---- C:\Program Files\Common Files\?ystem32
2008-10-15 13:00:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 12:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 12:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 12:59:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 12:59:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 12:58:21 ----A---- C:\WINDOWS\system32\MRT.INI
2008-10-15 10:54:31 ----N---- C:\WINDOWS\system32\jaaoni.exe
2008-10-03 19:08:52 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-10-03 19:04:39 ----D---- C:\Program Files\ATI
2008-10-02 17:15:23 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-02 12:31:56 ----D---- C:\Program Files\Electronic Arts
2008-10-02 11:26:04 ----A---- C:\DelUS.bat
2008-09-27 17:58:03 ----D---- C:\Program Files\CCleaner
2008-09-25 12:16:02 ----D---- C:\Documents and Settings\pcom24\Application Data\S?mantec
2008-09-25 12:10:58 ----SHD---- C:\WINDOWS\cGMyNA
2008-09-25 12:06:05 ----D---- C:\WINDOWS\wiou
2008-09-25 12:06:05 ----D---- C:\Program Files\Common Files\wiou
2008-09-16 23:17:13 ----D---- C:\Program Files\World of Warcraft Public Test
2008-09-16 23:16:45 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-09-10 03:09:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-08-20 18:18:16 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2008-08-18 23:35:09 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-14 19:57:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 19:57:05 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 19:56:58 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 19:56:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 19:55:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 19:55:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 19:55:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-05 14:14:13 ----A---- C:\WINDOWS\system32\ATIBRTMON.EXE
2008-07-25 10:56:45 ----D---- C:\Program Files\Bethesda Softworks
2008-07-23 22:01:23 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-07-23 22:01:18 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition

======List of files/folders modified in the last 3 months======

2008-10-15 17:43:27 ----AD---- C:\Program Files
2008-10-15 17:33:59 ----D---- C:\WINDOWS
2008-10-15 17:33:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-15 17:33:09 ----D---- C:\WINDOWS\system32\drivers
2008-10-15 17:33:09 ----D---- C:\WINDOWS\system32
2008-10-15 17:22:42 ----D---- C:\WINDOWS\Temp
2008-10-15 15:09:28 ----HD---- C:\WINDOWS\inf
2008-10-15 14:28:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 14:27:50 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-15 13:35:23 ----D---- C:\WINDOWS\Prefetch
2008-10-15 13:02:16 ----D---- C:\Program Files\Common Files
2008-10-15 13:00:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-15 12:59:59 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 10:57:45 ----A---- C:\WINDOWS\ModemLog_Standard 300 bps Modem.txt
2008-10-14 13:48:05 ----D---- C:\Program Files\World of Warcraft
2008-10-07 12:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-04 17:22:23 ----D---- C:\Documents and Settings\pcom24\Application Data\LimeWire
2008-10-04 13:25:19 ----D---- C:\Program Files\LimeWire
2008-10-04 10:05:47 ----SHD---- C:\WINDOWS\Installer
2008-10-03 19:04:27 ----RSD---- C:\WINDOWS\assembly
2008-10-03 19:04:04 ----D---- C:\Program Files\ATI Technologies
2008-10-03 09:36:27 ----D---- C:\WINDOWS\system32\Macromed
2008-10-03 02:28:08 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-03 01:13:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-02 14:27:07 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-02 11:44:12 ----SD---- C:\Documents and Settings\pcom24\Application Data\Microsoft
2008-10-02 11:43:30 ----D---- C:\Program Files\Common Files\Adobe
2008-10-02 11:43:03 ----D---- C:\WINDOWS\WinSxS
2008-10-02 11:39:30 ----D---- C:\Program Files\MySpace
2008-10-02 11:38:04 ----D---- C:\Documents and Settings\All Users\Application Data\Firefly Studios
2008-10-02 11:37:40 ----D---- C:\UnrealGold
2008-10-02 11:36:40 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-02 11:34:46 ----D---- C:\Program Files\Windows Live
2008-10-02 11:33:45 ----D---- C:\Program Files\HighGrow
2008-10-02 11:25:41 ----D---- C:\Program Files\Microsoft Games
2008-10-02 11:23:51 ----RSD---- C:\WINDOWS\Fonts
2008-09-27 17:04:48 ----D---- C:\Program Files\Windows Live Toolbar
2008-09-27 17:04:28 ----SD---- C:\WINDOWS\Tasks
2008-09-26 13:27:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-09-26 12:56:12 ----D---- C:\WINDOWS\network diagnostic
2008-09-23 18:05:30 ----A---- C:\WINDOWS\system.ini
2008-09-04 14:06:36 ----D---- C:\WINDOWS\Help
2008-08-20 21:05:00 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-08-20 19:19:26 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-20 19:18:07 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-08-20 19:08:14 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2008-08-20 19:08:02 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2008-08-20 19:07:54 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-20 19:07:45 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2008-08-20 19:07:28 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2008-08-20 19:05:57 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2008-08-20 19:04:38 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2008-08-20 19:01:09 ----A---- C:\WINDOWS\system32\atioglxx.dll
2008-08-20 18:55:23 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-08-20 18:50:05 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2008-08-20 18:38:24 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-08-20 18:23:32 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2008-08-20 18:19:36 ----A---- C:\WINDOWS\system32\atikvmag.dll
2008-08-20 18:18:06 ----A---- C:\WINDOWS\system32\atitvo32.dll
2008-08-20 18:17:29 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2008-08-20 18:11:43 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-08-18 23:35:09 ----D---- C:\WINDOWS\Debug
2008-08-15 15:18:28 ----D---- C:\Program Files\Internet Explorer
2008-08-14 19:57:07 ----D---- C:\Program Files\Messenger
2008-08-14 03:00:45 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 02:22:13 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-10 22:26:20 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 21:17:27 ----D---- C:\Program Files\Windows Media Player
2008-07-24 23:23:50 ----D---- C:\WINDOWS\system32\DirectX
2008-07-23 22:02:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-18 22:07:34 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-07-18 22:07:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-11-13 391680]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-11-13 481596]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-20 3299840]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 Passthru;Service; C:\WINDOWS\system32\DRIVERS\ndisio.sys [2008-10-15 102272]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 dump_wmimmc;dump_wmimmc; \??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 ms6823;IEEE802.11b Wireless USB Adapter; C:\WINDOWS\system32\DRIVERS\ms6823.sys [2004-06-10 55168]
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINDOWS\system32\DRIVERS\NetMotCM.sys [2004-09-29 15360]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-10-11 18944]
S3 XDva098;XDva098; \??\C:\WINDOWS\system32\XDva098.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-20 573440]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-02-26 307200]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-10-11 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

 

uh oh

Now i tried posting the info twice, and nothing shows? it said has to wait untill a moderator approves or something... But i did get it to work.

 

There should be a log at C:\ComboFix.txt
Please post it here.

 

hm

i never ran the combofix, should i? i cant find a text log in the C:/ folder, i'm assuming its cuz i never scanned with it

 

These files in your log tell me that you did.

2008-10-15 13:35:23 ----A---- C:\WINDOWS\zip.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\VFIND.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\SWSC.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\SWREG.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\sed.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\grep.exe
2008-10-15 13:35:23 ----A---- C:\WINDOWS\fdsv.exe
2008-10-15 13:35:18 ----D---- C:\WINDOWS\ERDNT
2008-10-15 13:35:18 ----D---- C:\Qoobox
2008-10-15 13:35:18 ----D---- C:\ComboFix
2008-10-15 13:35:17 ----A---- C:\WINDOWS\system32\CF3997.exe

None of those files would be present on your system if you hadn't run it.

 

oopsies

ah okay, well i tried to scan it before, and it said i didnt have some recovery thing, that it would be in my best interest to download it, and i just exited out, but just now i did it again, and went through it, and after it tried to updatye and failed, continued normally, etc etc, and now is done. i exited. i'll look again for a log in c:/

 

okay i see in C:/ theres a Combofix folder sorry about the confusion, lead me from here thanks

 

If ComboFix ran to conclusion, there will be a txt file named ComboFix.txt in C: as well. If it's not present, open the C:\Qoobox folder and see if there is a log named ComboFix-quarantined-files.txt and post it.

 

hm

neither are present, i may have done something wrong, anyways to re scan? if not, what can i do from here? Thanks for your patience

 

If the file ComboFix.exe is not on your desktop, do the following, else just run it as described below.

Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Ok it did the scann and after said "Preparing Log Report" please do not run any programs till this is finished. and was at that screen for a while, seemed to have locked up or froze, so i rebooted, now what? i looked again, no .txt file found, assumingly because it didnt do the log report, shall i try again? and i'm editing the post now, and just noticed it said dont mouseclick...oops. try it again then?

 

It does take a while for the log to be created. Please be patient.

 

Ok, finally. here's the log info. also, i dont have hijackthis, unless its included in MBAM or RSIT >.<


ComboFix 08-10-15.05 - pcom24 2008-10-15 18:47:04.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.731 [GMT -7:00]
Running from: C:\Documents and Settings\pcom24\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\pcom24\Application Data\SMANTE~1
C:\Documents and Settings\pcom24\Application Data\SMANTE~1\ntvdm.exe
C:\Documents and Settings\pcom24\Application Data\SMANTE~1\S?mantec\
C:\Documents and Settings\pcom24\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\pcom24\Local Settings\Temporary Internet Files\CPV.stt
C:\Program Files\Common Files\ystem3~1
C:\Program Files\Common Files\ystem3~1\??chost.exe
C:\Program Files\INSTALL.LOG
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.

2008-10-15 17:43 . 2008-10-15 17:43 <DIR> d-------- C:\rsit
2008-10-15 17:43 . 2008-10-15 17:49 <DIR> d-------- C:\Program Files\trend micro
2008-10-15 14:11 . 2008-10-15 14:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-15 14:11 . 2008-10-15 14:11 <DIR> d-------- C:\Documents and Settings\pcom24\Application Data\Malwarebytes
2008-10-15 14:11 . 2008-10-15 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-15 14:11 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-15 14:11 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-15 12:58 . 2008-10-15 12:58 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-10-15 10:57 . 2008-10-15 10:57 44,288 --a------ C:\WINDOWS\system32\drivers\imvpvlho.sys
2008-10-15 10:54 . 2008-10-15 15:19 102,272 --a------ C:\WINDOWS\system32\drivers\ndisio.sys
2008-10-15 10:54 . 2008-10-15 10:54 33,280 --------- C:\WINDOWS\system32\jaaoni.exe
2008-10-15 10:54 . 2008-10-15 10:54 33,280 --------- C:\Documents and Settings\pcom24\tjfb.exe
2008-10-15 10:54 . 2008-10-15 10:54 33,280 ---h----- C:\Documents and Settings\pcom24\cjh.exe
2008-10-03 19:08 . 2008-10-03 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-10-03 19:04 . 2008-10-04 10:05 <DIR> d-------- C:\Program Files\ATI
2008-10-02 12:31 . 2008-10-02 12:31 <DIR> d-------- C:\Program Files\Electronic Arts
2008-10-02 11:26 . 2008-10-02 11:26 480 --a------ C:\DelUS.bat
2008-09-27 17:58 . 2008-09-27 17:58 <DIR> d-------- C:\Program Files\CCleaner
2008-09-25 12:10 . 2008-09-26 11:42 <DIR> d--hs---- C:\WINDOWS\cGMyNA
2008-09-25 12:06 . 2008-09-25 12:06 <DIR> d-------- C:\WINDOWS\wiou
2008-09-25 12:06 . 2008-09-25 14:14 <DIR> d-------- C:\Program Files\Common Files\wiou
2008-09-16 23:17 . 2008-10-02 11:34 <DIR> d-------- C:\Program Files\World of Warcraft Public Test
2008-09-16 23:16 . 2008-09-16 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Blizzard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 20:48 --------- d-----w C:\Program Files\World of Warcraft
2008-10-05 00:22 --------- d-----w C:\Documents and Settings\pcom24\Application Data\LimeWire
2008-10-04 20:25 --------- d-----w C:\Program Files\LimeWire
2008-10-04 02:04 --------- d-----w C:\Program Files\ATI Technologies
2008-10-02 21:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-02 18:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-02 18:39 --------- d-----w C:\Program Files\MySpace
2008-10-02 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Firefly Studios
2008-10-02 18:36 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-10-02 18:34 --------- d-----w C:\Program Files\Windows Live
2008-10-02 18:33 --------- d-----w C:\Program Files\HighGrow
2008-10-02 18:25 --------- d-----w C:\Program Files\Microsoft Games
2008-09-28 00:04 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-21 04:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-21 04:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-08-21 02:19 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-21 02:18 314,880 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-21 02:08 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-21 02:08 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-21 02:07 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-21 02:07 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-21 02:07 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-21 02:05 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-21 02:04 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-21 02:01 10,084,352 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-21 01:55 4,094,560 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-21 01:50 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-21 01:38 2,377,856 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-21 01:23 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-21 01:19 380,928 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-21 01:18 37,376 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-21 01:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-21 01:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-21 01:17 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-21 01:11 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-11 04:53 0 ----a-w C:\Program Files\temp01
2008-08-05 21:14 90,112 ----a-w C:\WINDOWS\system32\ATIBRTMON.EXE
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2005-07-29 23:24 472 --sha-r C:\WINDOWS\cGMyNA\w3gVhE.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fdoolnl "= "C:\Program Files\Common Files\?ystem32\??chost.exe" [?]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-02-03 335872]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"StartCCC "= "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"SoundMan "= "SOUNDMAN.EXE" [2003-11-13 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl "= 0 (0x0)
"DisableChangePassword "= 0 (0x0)
"DisableLockWorkstation "= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL "= 1 (0x1)
"NoConfigPage "= 1 (0x1)
"NoFileSysPage "= 1 (0x1)
"NoDevMgrPage "= 1 (0x1)
"NoVirtMemPage "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList "= 0 (0x0)
"NoStartMenuMFUprogramsList "= 0 (0x0)
"NoUserNameInStartMenu "= 0 (0x0)
"NoStartMenuSubFolders "= 0 (0x0)
"NoCommonGroups "= 0 (0x0)
"NoPrinterTabs "= 0 (0x0)
"NoDeletePrinter "= 0 (0x0)
"NoAddPrinter "= 0 (0x0)
"NoPrinters "= 0 (0x0)
"NoFavoritesMenu "= 0 (0x0)
"NoRecentDocsNetHood "= 0 (0x0)
"NoChangeAnimation "= 0 (0x0)
"NoChangeKeyboardNavigationIndicators "= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoAddPrinter "= 1 (0x1)
"NoDeletePrinter "= 1 (0x1)
"NoWinKeys "= 0 (0x0)
"NoStartMenuSubFolders "= 1 (0x1)
"NoCommonGroups "= 0 (0x0)
"NoSetFolders "= 1 (0x1)
"NoSetTaskbar "= 1 (0x1)
"NoStartMenuMorePrograms "= 0 (0x0)
"NoStartMenuMFUprogramsList "= 0 (0x0)
"NoStartMenuPinnedList "= 0 (0x0)
"NoFavoritesMenu "= 1 (0x1)
"NoLogOff "= 1 (0x1)
"StartMenuLogoff "= 1 (0x1)
"NoChangeStartMenu "= 1 (0x1)
"NoSMMyPictures "= 1 (0x1)
"NoStartMenuMyMusic "= 1 (0x1)
"NoSMHelp "= 1 (0x1)
"NoSMMyDocs "= 1 (0x1)
"NoStartMenuNetworkPlaces "= 1 (0x1)
"NoNetworkConnections "= 1 (0x1)
"NoViewOnDrive "= 4 (0x4)
"noactivedesktopchanges "= 1 (0x1)
"nosetactivedesktop "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41 "= IR41_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-1.3.0-enUS-downloader.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-1.3.1.4297-to-1.4.0-enUS-downloader.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-1.4.2.4375-to-1.5.0-enUS-downloader.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-1.5.1.4449-to-1.6.0-enUS-downloader.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-1.6.0.4500-to-1.6.1-enUS-downloader.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-1.6.1.4544-to-1.7.0-enUS-downloader.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-1.7.1.4695-to-1.8.0-enUS-downloader.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-1.8.3.4807-to-1.8.4.4878-enUS-downloader.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-1.8.4.4878-to-1.9.0.4937-enUS-downloader.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.2.4996-to-1.9.3.5059-enUS-downloader.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-enUS-downloader.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\LimeWire\\LimeWire.exe "=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe "=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP "= 3724:TCP:blizzard downloader
"6112:TCP "= 6112:TCP:blizzard downloader
"6881:TCP "= 6881:TCP:blizzard downloader
"6882:TCP "= 6882:TCP:blizzard downloader
"6883:TCP "= 6883:TCP:blizzard downloader
"6884:TCP "= 6884:TCP:blizzard downloader
"6885:TCP "= 6885:TCP:bl
"6886:TCP "= 6886:TCP:bl
"6887:TCP "= 6887:TCP:bl
"6888:TCP "= 6888:TCP:bl
"6889:TCP "= 6889:TCP:bl
"6890:TCP "= 6890:TCP:bl
"6891:TCP "= 6891:TCP:bl
"6892:TCP "= 6892:TCP:bl
"6893:TCP "= 6893:TCP:bl
"6894:TCP "= 6894:TCP:bl
"6895:TCP "= 6895:TCP:bl
"6896:TCP "= 6896:TCP:bl
"6897:TCP "= 6897:TCP:bl
"6898:TCP "= 6898:TCP:bl
"6899:TCP "= 6899:TCP:bl

R0 imvpvlho;imvpvlho;C:\WINDOWS\system32\Drivers\imvpvlho.sys [2008-10-15 44288]
S0 gdxwdm;GDXWDM;C:\WINDOWS\system32\DRIVERS\GDXWDM.sys [ ]
S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys [2007-01-05 111227]
S3 ms6823;IEEE802.11b Wireless USB Adapter;C:\WINDOWS\system32\DRIVERS\ms6823.sys [2004-06-10 55168]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys [ ]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.search.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 18:48:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-15 18:51:20
ComboFix-quarantined-files.txt 2008-10-16 01:51:10

Pre-Run: 24,140,267,520 bytes free
Post-Run: 24,126,091,264 bytes free

238 --- E O F --- 2008-10-15 20:00:07

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\WINDOWS\system32\drivers\imvpvlho.sys
C:\WINDOWS\system32\drivers\ndisio.sys
C:\WINDOWS\system32\jaaoni.exe
C:\Documents and Settings\pcom24\tjfb.exe
C:\Documents and Settings\pcom24\cjh.exe
Folder::
C:\WINDOWS\cGMyNA
C:\WINDOWS\wiou
C:\Program Files\Common Files\wiou
Driver::
imvpvlho
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Fdoolnl "=-

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Please run RSIT again and post it's log as well, after the ComboFix scan.