Google Results Redirect Me to Ads

Hewlett-packard /
December 23, 2009 at 08:44:03
Specs: Windows 7
Recently, whenever I search something in
google and click on a result, it redirects me to
an advertisement completely unrelated to my
initial search. I've ran scans with Norton
Internet Security, CounterSpy, and Spybot
Search and Destroy, but nothing seems to
work. Someone PLEASE help!
I have HijackThis so if you need my log, I'll give it to you.

See More: Google Results Redirect Me to Ads

Report •


#1
December 23, 2009 at 10:29:35
Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Download Gmer.exe from the following link to your desktop.

GMER

1.Restart your computer into safe mode using only the F8 method.
2.When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
3.Select the option for Safe Mode using the arrow keys.
4.Then press enter on your keyboard to boot into Safe Mode.


Next, run GMER from safe mode.
1. Disconnect from the Internet and close all running programs or the computer could crash.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.


Report •

#2
December 23, 2009 at 11:49:22
Whenever I start to run RSIT.exe it says something like "List
files/folders created in the last 1 month" and I click continue,
then it starts to load something up. However about 3/4 through it
stops and a notification pops up saying "Line -1: Error: Variable
used without being declared." and it just closes. Any other way
to do this? Or am I doing something wrong?

By the way I am using Windows 7.


Report •

#3
December 23, 2009 at 11:54:59
Did you click "Run as administrator" once you right clicked RSIT.exe to run it.

Report •

Related Solutions

#4
December 23, 2009 at 11:55:40
Yes I did, it still doesn't work.

Report •

#5
December 23, 2009 at 12:04:41
See if this will run...do you know if you are running 32 or 64 bit.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

* Save both reports to your desktop
* Please include the following logs in your next reply: DDS.txt and Attach.txt


Report •

#6
December 23, 2009 at 12:26:42
Alright.
I am running a 32-bit Operating System.

Here is my DDS.txt:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Nathan at 12:21:11.52 on Wed 12/23/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion:
1.6.0_17
Microsoft Windows 7 Home Premium
6.1.7600.0.1252.1.1033.18.2942.1866 [GMT -8:00]

SP: Spybot - Search and Destroy *disabled* (Updated)
{ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k
LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k
LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k
LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Windows\system32\svchost.exe -k
LocalServiceAndNoImpersonation
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\grasssoft\mouse recorder\MacroService.exe
c:\Program Files\Microsoft SQL
Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Internet
Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Common Files\PC
Tools\sMonitor\StartManSvc.exe
c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe
C:\Program
Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Norton Internet
Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presentation
FontCache.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
c:\program files\grasssoft\mouse
recorder\MacroServiceWnd.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k
NetworkServiceNetworkRestricted
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Hewlett-Packard\HP Health
Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nathan\Documents\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=c
ndt
uStart Page = hxxp://www.ask.com?o=15153&l=dis
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=c
ndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=c
ndt
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-
3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim
toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-
3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim
toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-
fa578c2ebdc3} - c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-
206d7942484f} - c:\program files\spybot - search &
destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-
95dac4dfa408} - c:\program files\norton internet
security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-
aeee-f4628f01010c} - c:\program files\norton internet
security\engine\16.7.2.11\IPSBHO.DLL
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-
61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-
4740-988e-03dc2f38c34f} - c:\program
files\msn\toolbar\3.0.0552.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440}
- c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-
bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-
b9e9-ab4c880c8414} - c:\program
files\msn\toolbar\3.0.0552.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} -
c:\program files\norton internet
security\engine\16.7.2.11\coIEPlg.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} -
c:\program files\aim toolbar\aimtb.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
c:\program files\ask.com\GenericAskToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp
advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [Pando Media Booster] c:\program files\pando
networks\media booster\PMB.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-
US ee://aol/imApp
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search
& destroy\TeaTimer.exe
uRun: [WinLogin]
c:\users\nathan\appdata\roaming\nexon\Engine.exe
mRun: [Adobe ARM] "c:\program files\common
files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program
files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program
files\hewlett-
packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [DVDAgent] "c:\program files\hewlett-
packard\media\dvd\DVDAgent.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-
packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Remote Software] c:\program files\hewlett-
packard\hp remote\HP REMOTE V1.0.5.exe
mRun: [HP Software Update] c:\program files\hp\hp software
update\HPWuSchd2.exe
mRun: [hpsysdrv] c:\program files\hewlett-packard\hp
odometer\hpsysdrv.exe
mRun: [iTunesHelper] "c:\program
files\itunes\iTunesHelper.exe"
mRun: [Macro Manager] c:\program files\grasssoft\mouse
recorder\MacroManager.exe /q
mRun: [Microsoft Default Manager] "c:\program
files\microsoft\search enhancement pack\default
manager\DefMgr.exe" -resume
mRun: [PSR-autorun] c:\program files\personal screen
resolution\Personal Screen Resolution.exe
mRun: [QuickTime Task] "c:\program
files\quicktime\QTTask.exe" -atboottime
mRun: [Screen Resolution Manager] "c:\program
files\bytegems.com\screen resolution
manager\ScreenResolutionManager.exe" /apply
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP
MediaSmart\SmartMenu.exe
mRun: [SunJavaUpdateSched] "c:\program
files\java\jre6\bin\jusched.exe"
mRun: [TSMAgent] "c:\program files\hewlett-
packard\touchsmart\media\TSMAgent.exe"
mRun: [UpdateLBPShortCut] "c:\program
files\cyberlink\labelprint\muitransfer\muistartmenu.exe"
"c:\program files\cyberlink\labelprint" updatewithcreateonce
"software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "c:\program
files\cyberlink\power2go\muitransfer\muistartmenu.exe"
"c:\program files\cyberlink\power2go" updatewithcreateonce
"software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program
files\cyberlink\powerdirector\muitransfer\muistartmenu.exe"
"c:\program files\cyberlink\powerdirector"
updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program
files\cyberlink\cyberlink dvd suite
deluxe\muitransfer\muistartmenu.exe" "c:\program
files\cyberlink\cyberlink dvd suite deluxe"
updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [SSDMonitor] c:\program files\common files\pc
tools\smonitor\SSDMonitor.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program
files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder:
c:\users\nathan\appdata\roaming\micros~1\windows\startm~1
\programs\startup\limewi~1.lnk - c:\program
files\limewire\LimeWire.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0
(0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim
toolbar\ietoolbar\resources\en-us\local\search.html
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-
cc67-4437-a03c-9aaccbd14326} - c:\program files\aim
toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
{53707962-6F74-2D53-2644-206D7942484F} - c:\program
files\spybot - search & destroy\SDHelper.dll
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} -
hxxps://www.hpwindows7upgrade.arvato.com/north_america/
Endcustomer/HPProdDetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-
i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-
i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-
i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-
69640C9732AB} - c:\program files\norton internet
security\engine\16.7.2.11\CoIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath -
c:\users\nathan\appdata\roaming\mozilla\firefox\profiles\n1nk
m876.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-
aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-
aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program
files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla
firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla
firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla
firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media
player\npViewpoint.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant:
{20a82645-c095-46ed-80e3-08825760534b} -
c:\windows\microsoft.net\framework\v3.5\windows
presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference -
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-
0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference -
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-
0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js -
pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS
===============

R0 SymEFA;Symantec Extended File
Attributes;c:\windows\system32\drivers\nis\1007020.00b\Sym
EFA.sys [2009-10-29 310320]
R1 BHDrvx86;Symantec Heuristics
Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx8
6.sys [2009-10-29 259632]
R1 ccHP;Symantec Hash
Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx
86.sys [2009-10-29 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-
0f1d-4f28-aaa2-
85ef591126e7}\norton\definitions\ipsdefs\20091217.002\IDSvix
86.sys [2009-12-18 343088]
R2 Macro Expert;Macro Expert;c:\program
files\grasssoft\mouse recorder\MacroService.exe [2009-9-27
206848]
R2 Norton Internet Security;Norton Internet
Security;c:\program files\norton internet
security\engine\16.7.2.11\ccSvcHst.exe [2009-10-29 117640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown
Monitor service;c:\program files\common files\pc
tools\smonitor\StartManSvc.exe [2009-12-22 583640]
R2 TeamViewer4;TeamViewer 4;c:\program
files\teamviewer\version4\TeamViewer_Service.exe [2009-10-7
185640]
R2 Viewpoint Manager Service;Viewpoint Manager
Service;c:\program
files\viewpoint\common\ViewpointService.exe [2009-12-13
24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program
files\common files\symantec
shared\eengine\EraserUtilRebootDrv.sys [2009-10-28 102448]
R3
MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\d
rivers\mbamswissarmy.sys [2009-12-23 38224]
R3 SYMNDISV;Symantec Network Filter
Driver;c:\windows\system32\drivers\nis\1007020.00b\symndis
v.sys [2009-10-29 48688]
S2 gupdate;Google Update Service (gupdate);c:\program
files\google\update\GoogleUpdate.exe [2009-12-19 133104]
S2 SBSDWSCService;SBSD Security Center
Service;c:\program files\spybot - search &
destroy\SDWinSec.exe [2009-12-18 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS
6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13
229888]
S3 PCDSRVC{4F253FFC-7957E8FC-
06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 -
PCDR Kernel Mode Service Helper Driver;c:\program files\pc-
doctor for windows\pcdsrvc.pkms [2009-2-2 20848]
S4 MSSQLServerADHelper100;SQL Active Directory Helper
Service;c:\program files\microsoft sql
server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102
Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10
242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent
(SQLEXPRESS);c:\program files\microsoft sql
server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE
[2008-7-10 369688]

=============== Created Last 30 ================

2009-12-23 20:10:07 0 d-----w-
c:\users\nathan\appdata\roaming\Malwarebytes
2009-12-23 20:10:01 38224 ----a-w-
c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-23 20:09:59 19160 ----a-w-
c:\windows\system32\drivers\mbam.sys
2009-12-23 20:09:59 0 d-----w-
c:\programdata\Malwarebytes
2009-12-23 20:09:58 0 d-----w- c:\program
files\Malwarebytes' Anti-Malware
2009-12-22 17:48:48 0 d-----w- c:\program files\Free
Window Registry Repair
2009-12-22 17:48:15 0 d-----w-
c:\users\nathan\appdata\roaming\Registry Mechanic
2009-12-22 17:42:51 880640 ----a-w-
c:\windows\system32\UniBox10.ocx
2009-12-22 17:42:51 212992 ----a-w-
c:\windows\system32\UniBoxVB12.ocx
2009-12-22 17:42:51 1101824 ----a-w-
c:\windows\system32\UniBox210.ocx
2009-12-22 17:42:50 506368 ----a-w-
c:\windows\system32\msxml.dll
2009-12-22 17:42:50 1081616 ----a-w-
c:\windows\system32\MSCOMCTL.OCX
2009-12-22 17:42:48 0 d-----w- c:\program
files\common files\PC Tools
2009-12-22 17:38:17 0 d-----w-
c:\users\nathan\appdata\roaming\Uniblue
2009-12-22 17:38:02 0 d-----w- c:\program
files\Uniblue
2009-12-22 17:10:37 0 dc----w-
c:\programdata\{BC9FCCF7-E686-494B-8C9B-
55C9A39A7CA9}
2009-12-19 18:48:14 195456 ------w-
c:\windows\system32\MpSigStub.exe
2009-12-19 01:06:39 0 d-----w- c:\program files\Trend
Micro
2009-12-19 00:28:21 0 d-----w-
c:\programdata\Sunbelt
2009-12-18 23:24:50 0 d-----w- c:\programdata\Spybot
- Search & Destroy
2009-12-18 23:24:50 0 d-----w- c:\program files\Spybot
- Search & Destroy
2009-12-18 23:09:22 855 ----a-w-
c:\users\nathan\.recently-used.xbel
2009-12-18 22:56:14 0 d-----w-
c:\users\nathan\.thumbnails
2009-12-18 22:54:09 0 d-----w- c:\users\nathan\.gimp-
2.6
2009-12-18 22:52:54 0 d-----w- c:\program files\GIMP-
2.0
2009-12-18 01:11:54 0 d-----w- c:\program
files\VideoLAN
2009-12-15 02:16:38 0 d-----w- c:\program
files\Ask.com
2009-12-15 02:16:14 0 d-----w- c:\program
files\uTorrent
2009-12-15 02:15:54 0 d-----w-
c:\users\nathan\appdata\roaming\uTorrent
2009-12-14 03:21:24 0 d-----w- c:\program files\AIM
Music Link
2009-12-14 03:18:14 0 d-----w- c:\program files\AIM
Toolbar
2009-12-14 03:17:49 0 d-----w-
c:\programdata\acccore
2009-12-14 03:17:08 0 d-----w- c:\program files\AIM6
2009-12-14 03:08:07 0 d-----w-
c:\programdata\Viewpoint
2009-12-14 03:08:06 0 d-----w- c:\program
files\Viewpoint
2009-12-14 03:07:45 0 d-----w- c:\programdata\AOL
OCP
2009-12-14 03:07:45 0 d-----w- c:\programdata\AOL
2009-12-12 02:05:28 0 d-----w-
c:\windows\system32\drivers\NSS
2009-12-12 02:05:27 0 d-----w- c:\program files\Norton
Security Scan
2009-12-10 02:41:49 257024 ----a-w-
c:\windows\system32\msv1_0.dll
2009-12-10 02:40:32 2048 ----a-w-
c:\windows\system32\tzres.dll
2009-12-10 02:26:57 3485098 ----a-w-
c:\windows\system32\PerfStringBackup.INI
2009-12-10 02:26:48 20 --sh--w-
c:\users\nathan\ntuser.ini
2009-12-10 02:25:39 0 d-sh--w- C:\Recovery
2009-12-10 02:25:15 0 d-----w-
c:\windows\system32\wbem\Performance
2009-12-10 02:07:59 21316 ----a-w-
c:\windows\system32\emptyregdb.dat
2009-12-10 01:31:29 0 d-----w- c:\program files\LSI
SoftModem
2009-12-10 01:31:24 0 d-----w-
c:\windows\system32\RTCOM
2009-12-10 01:31:24 0 d-----w- c:\program
files\Realtek
2009-12-10 01:31:22 0 ---ha-w-
c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.W
df
2009-12-10 01:31:07 10880 ---ha-w-
c:\windows\system32\7B296FB0-376B-497e-B012-
9C450E1B7327-5P-1.C7483456-A289-439d-8115-
601632D005A0
2009-12-10 01:31:07 10880 ---ha-w-
c:\windows\system32\7B296FB0-376B-497e-B012-
9C450E1B7327-5P-0.C7483456-A289-439d-8115-
601632D005A0
2009-12-10 01:30:59 457248 ----a-w-
c:\windows\system32\nvuninst.exe
2009-12-10 01:27:18 0 d-----w- c:\windows\Panther
2009-12-10 01:16:27 0 d--h--w- C:\$WINDOWS.~Q
2009-12-10 01:06:04 0 d--h--w- C:\$INPLACE.~TR
2009-12-10 00:16:30 1890 ----a-w-
c:\windows\diagwrn.xml
2009-12-10 00:16:30 1890 ----a-w- c:\windows\diagerr.xml
2009-12-10 00:14:26 0 d-----w- C:\i386
2009-12-10 00:13:22 0 d-----w- C:\blocks
2009-12-10 00:12:56 0 d-----w- C:\$HPW7UA$
2009-12-09 23:28:09 0 d-----w- c:\program
files\Microsoft Windows 7 Upgrade Advisor
2009-12-09 03:57:17 221184 ----a-w-
c:\users\nathan\Hackhhound.exe
2009-12-06 20:16:04 0 d-----w- c:\program
files\common files\Software Update Utility
2009-12-06 17:39:12 49 ----a-w- C:\[XCS]Settings.ini
2009-12-05 22:16:15 0 d-----w-
c:\users\nathan\appdata\roaming\Grasssoft
2009-12-05 22:15:08 0 d-----w-
c:\programdata\Grasssoft
2009-12-05 22:15:06 0 d-----w- c:\program
files\GrassSoft
2009-12-03 06:34:44 0 d-----w- c:\program
files\GameGain
2009-12-03 02:46:01 0 d-----w-
c:\users\nathan\appdata\roaming\Dev-Cpp
2009-12-03 02:45:19 0 d-----w- C:\Dev-Cpp
2009-12-03 00:00:48 50200 ----a-w-
c:\windows\system32\perf-SQLAgent$SQLEXPRESS-
sqlagtctr10.0.1600.22.dll
2009-12-03 00:00:39 79896 ----a-w-
c:\windows\system32\perf-MSSQL$SQLEXPRESS-
sqlctr10.0.1600.22.dll
2009-12-02 23:59:46 0 d-----w-
c:\windows\system32\RsFx
2009-12-02 23:58:26 0 d-----w-
c:\windows\system32\1033
2009-12-02 23:54:32 0 d-----w- c:\program
files\Microsoft SQL Server
2009-12-02 23:50:07 0 d-----w- c:\program
files\common files\Merge Modules
2009-12-02 23:50:06 0 d-----w-
c:\programdata\Microsoft Help
2009-12-02 02:07:00 0 d-----w-
c:\users\nathan\appdata\roaming\UDC Profiles
2009-12-02 02:06:47 34680 ----a-w-
c:\windows\system32\udcpm.dll
2009-12-02 02:06:40 0 d-----w- c:\program
files\Universal Document Converter
2009-12-02 02:01:11 0 d-----w- c:\program files\FyTek
2009-12-02 00:12:17 0 d-sh--r-
c:\users\nathan\appdata\roaming\Nexon
2009-12-01 22:28:25 69 ----a-w-
c:\users\nathan\jagex_runescape_preferences2.dat
2009-12-01 22:27:33 39 ----a-w-
c:\users\nathan\jagex_runescape_preferences.dat
2009-12-01 22:27:23 0 d-----w- C:\.jagex_cache_32
2009-12-01 02:17:51 0 d-----w-
c:\users\nathan\appdata\roaming\codeblocks
2009-12-01 02:17:29 0 d-----w- c:\program
files\CodeBlocks
2009-11-30 03:56:34 0 d-----w-
c:\users\nathan\appdata\roaming\TeamViewer
2009-11-30 03:56:04 0 d-----w- c:\program
files\TeamViewer
2009-11-30 03:55:42 0 d-----w- c:\users\nathan\temp
2009-11-30 00:11:20 66052 ----a-w-
c:\windows\system32\AFKBG.png
2009-11-25 01:26:31 135168 ---ha-w-
c:\windows\system32\hX6D5eB9.dll
2009-11-24 04:46:56 135168 ---ha-w-
c:\windows\system32\TUm2evLMRb.dll
2009-11-24 04:46:42 135168 ---ha-w-
c:\windows\system32\dWj6S9EMvUC.dll
2009-11-24 04:39:44 135168 ---ha-w-
c:\windows\system32\85vbjLO96sjK.dll
2009-11-24 04:34:31 135168 ---ha-w-
c:\windows\system32\eKJ5h11.dll
2009-11-24 04:27:30 135168 ---ha-w-
c:\windows\system32\P86TJeOQDybd.dll

==================== Find3M
====================

2009-12-17 05:59:46 2088 ----a-w-
c:\users\nathan\appdata\roaming\wklnhst.dat
2009-12-11 22:57:35 758198 ----a-w-
c:\windows\system32\perfh00C.dat
2009-12-11 22:57:35 757244 ----a-w-
c:\windows\system32\perfh00A.dat
2009-12-11 22:57:35 727714 ----a-w-
c:\windows\system32\prfh0416.dat
2009-12-11 22:57:35 158034 ----a-w-
c:\windows\system32\perfc00A.dat
2009-12-11 22:57:35 151400 ----a-w-
c:\windows\system32\perfc00C.dat
2009-12-11 22:57:35 149252 ----a-w-
c:\windows\system32\prfc0416.dat
2009-11-22 19:29:33 135168 ---ha-w-
c:\windows\system32\NMDK1KDlE.dll
2009-11-22 19:20:43 135168 ---ha-w-
c:\windows\system32\64iZyQDfmWWk.dll
2009-11-21 03:00:32 135168 ---ha-w-
c:\windows\system32\2XCjdntS.dll
2009-11-21 02:56:25 135168 ---ha-w-
c:\windows\system32\brrThbTq.dll
2009-11-21 02:55:25 135168 ---ha-w-
c:\windows\system32\o5QHfur.dll
2009-11-21 02:52:14 135168 ---ha-w-
c:\windows\system32\WjCb422T.dll
2009-11-21 01:31:34 135168 ---ha-w-
c:\windows\system32\xJ3jl5eUi.dll
2009-11-21 00:31:32 135168 ---ha-w-
c:\windows\system32\sbGkk8pSN.dll
2009-11-18 00:13:34 0 ---ha-w-
c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.W
df
2009-11-17 00:07:47 135168 ---ha-w-
c:\windows\system32\FXJarcq9.dll
2009-11-16 21:49:40 135168 ---ha-w-
c:\windows\system32\RSUF33I5.dll
2009-11-16 21:46:38 135168 ---ha-w-
c:\windows\system32\cmJ4RfnLo.dll
2009-11-16 01:54:29 135168 ---ha-w-
c:\windows\system32\CXfHWxmLYiXU.dll
2009-11-16 01:49:56 135168 ---ha-w-
c:\windows\system32\WT44VpO3.dll
2009-11-16 00:33:13 135168 ---ha-w-
c:\windows\system32\yDWJ3Yx8.dll
2009-11-16 00:25:14 135168 ---ha-w-
c:\windows\system32\AxMD4qb.dll
2009-11-15 22:07:46 135168 ---ha-w-
c:\windows\system32\7D9cLuk.dll
2009-11-15 19:56:33 135168 ---ha-w-
c:\windows\system32\pfO5iISX.dll
2009-11-15 00:27:50 135168 ---ha-w-
c:\windows\system32\IwnQeK3hGAcXM.dll
2009-11-14 23:35:23 135168 ---ha-w-
c:\windows\system32\AJTJVPEsInb3.dll
2009-11-14 20:41:07 135168 ---ha-w-
c:\windows\system32\27wtw9w2J57k.dll
2009-11-14 17:47:08 135168 ---ha-w-
c:\windows\system32\H9J99HJleGIV.dll
2009-11-14 17:45:47 135168 ---ha-w-
c:\windows\system32\wXqkr8P1betE9.dll
2009-11-14 15:52:43 135168 ---ha-w-
c:\windows\system32\L6yDfmxUb.dll
2009-11-14 04:51:20 135168 ---ha-w-
c:\windows\system32\8LO76guhd.dll
2009-11-14 02:15:44 135168 ---ha-w-
c:\windows\system32\Np74DubMljc.dll
2009-11-14 02:11:01 135168 ---ha-w-
c:\windows\system32\srO33NrIu.dll
2009-11-14 02:10:36 135168 ---ha-w-
c:\windows\system32\vx6TxubJTY.dll
2009-11-13 04:25:26 135168 ---ha-w-
c:\windows\system32\7QqOL2eMDL.dll
2009-11-13 04:17:55 135168 ---ha-w-
c:\windows\system32\R7L7k3J7.dll
2009-11-13 04:04:09 135168 ---ha-w-
c:\windows\system32\IR9aky2gmtD.dll
2009-11-13 04:03:50 135168 ---ha-w-
c:\windows\system32\vjErWJE.dll
2009-11-13 04:03:30 135168 ---ha-w-
c:\windows\system32\IwTHsQC4K3Qe9.dll
2009-11-13 04:02:34 135168 ---ha-w-
c:\windows\system32\2c7Y3B98RA.dll
2009-11-13 03:54:36 135168 ---ha-w-
c:\windows\system32\5lVcs85GSZYt.dll
2009-11-13 03:54:08 135168 ---ha-w-
c:\windows\system32\UwYFAh24y.dll
2009-11-13 03:53:48 135168 ---ha-w-
c:\windows\system32\mPmMihg.dll
2009-11-13 03:51:05 135168 ---ha-w-
c:\windows\system32\uJrlaVwZ.dll
2009-11-13 03:50:36 135168 ---ha-w-
c:\windows\system32\fMfky5k4j.dll
2009-11-13 03:48:19 135168 ---ha-w-
c:\windows\system32\IfGqLVdQVh1h.dll
2009-11-13 03:46:11 135168 ---ha-w-
c:\windows\system32\SfrSrrbirTov.dll
2009-11-13 03:35:40 135168 ---ha-w-
c:\windows\system32\83NA6MWt.dll
2009-11-13 00:55:20 135168 ---ha-w-
c:\windows\system32\kKJswlB.dll
2009-11-12 22:51:45 135168 ---ha-w-
c:\windows\system32\Z9i577KOopbD.dll
2009-11-12 22:50:02 135168 ---ha-w-
c:\windows\system32\6xPqsy96s.dll
2009-11-12 22:48:05 135168 ---ha-w-
c:\windows\system32\FkhoUX9.dll
2009-11-12 00:34:38 135168 ---ha-w-
c:\windows\system32\wiSI4Q7i9pZm.dll
2009-11-11 23:47:27 135168 ---ha-w-
c:\windows\system32\mtQrCJlrcPlcE.dll
2009-11-11 22:44:17 135168 ---ha-w-
c:\windows\system32\LQoRCsoZMe3vp.dll
2009-11-11 20:08:47 135168 ---ha-w-
c:\windows\system32\H79gtkG8VX.dll
2009-11-11 20:07:33 135168 ---ha-w-
c:\windows\system32\a77iwxvbupL.dll
2009-11-11 20:01:57 135168 ---ha-w-
c:\windows\system32\TniMj5fDg.dll
2009-11-11 17:05:26 135168 ---ha-w-
c:\windows\system32\pAwWt4JavZPY.dll
2009-11-11 16:37:42 135168 ---ha-w-
c:\windows\system32\eDexfMUx.dll
2009-11-11 07:15:32 135168 ---ha-w-
c:\windows\system32\QaAmmCc.dll
2009-11-11 03:07:23 135168 ---ha-w-
c:\windows\system32\M5dDhbnN.dll
2009-11-11 01:54:31 135168 ---ha-w-
c:\windows\system32\GvKokyPxKk.dll
2009-11-11 01:51:27 135168 ---ha-w-
c:\windows\system32\v9rRpGVDCPhL.dll
2009-11-11 01:02:48 135168 ---ha-w-
c:\windows\system32\XuueFB9c2CDOx.dll
2009-11-07 22:25:36 86016 ----a-w-
c:\windows\system32\frapsvid.dll
2009-11-02 00:42:09 16384 ----a-w-
c:\windows\system32\a09sdfhasd89fhas.exe
2009-11-01 00:26:16 3728384 ----a-w- C:\d3dx9_35.dll
2009-10-30 04:16:11 49664 ---ha-w-
c:\windows\system32\acSKjsNnoDsSE.dll
2009-10-30 04:14:31 49664 ---ha-w-
c:\windows\system32\8YnCtGrxp.dll
2009-10-30 01:00:58 806 ----a-w-
c:\windows\system32\drivers\SYMEVENT.INF
2009-10-30 01:00:58 7456 ----a-w-
c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-30 01:00:58 124976 ----a-w-
c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-11 12:17:27 411368 ----a-w-
c:\windows\system32\deploytk.dll
2009-07-27 04:47:22 38536 ----a-w-
c:\windows\inf\perflib\0416\perfd.dat
2009-07-27 04:47:22 38536 ----a-w-
c:\windows\inf\perflib\0416\perfc.dat
2009-07-27 04:47:22 323154 ----a-w-
c:\windows\inf\perflib\0416\perfi.dat
2009-07-27 04:47:22 323154 ----a-w-
c:\windows\inf\perflib\0416\perfh.dat
2009-07-27 04:40:39 38160 ----a-w-
c:\windows\inf\perflib\040c\perfd.dat
2009-07-27 04:40:39 38160 ----a-w-
c:\windows\inf\perflib\040c\perfc.dat
2009-07-27 04:40:39 344522 ----a-w-
c:\windows\inf\perflib\040c\perfi.dat
2009-07-27 04:40:39 344522 ----a-w-
c:\windows\inf\perflib\040c\perfh.dat
2009-07-27 04:33:07 41390 ----a-w-
c:\windows\inf\perflib\0c0a\perfd.dat
2009-07-27 04:33:07 41390 ----a-w-
c:\windows\inf\perflib\0c0a\perfc.dat
2009-07-27 04:33:07 341432 ----a-w-
c:\windows\inf\perflib\0c0a\perfi.dat
2009-07-27 04:33:07 341432 ----a-w-
c:\windows\inf\perflib\0c0a\perfh.dat
2009-07-14 04:56:42 31548 ----a-w-
c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w-
c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w-
c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w-
c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program
files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w-
c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w-
c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w-
c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w-
c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r-
c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w-
c:\windows\winsxs\x86_microsoft-windows-mail-
app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108
c86c\WinMail.exe

============= FINISH: 12:26:01.05 ===============


And here is my Attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST
THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/9/2009 6:25:41 PM
System Uptime: 12/23/2009 9:11:10 AM (3 hours ago)

Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Sempron(tm) Processor LE-1250 | Socket
AM2 | 990/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 286 GiB total, 192.633 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.7 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE

==== System Restore Points ===================


==== Installed Programs ======================

µTorrent
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Advanced Key and Mouse Recorder
Agere Systems PCI-SV92EX Soft Modem
AIM 6
AIM 7
AIM MusicLink 4.0.0.0
AIM Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Bonjour
Cheat Engine 5.5
CodeBlocks
Combat Arms
Compatibility Pack for the 2007 Office system
CopyTrans Suite Remove Only
CyberLink DVD Suite Deluxe
Default Manager
Dev-C++ 5 beta 9 release (4.9.9.2)
DirectX for Managed Code Update (Summer 2004)
DiskAid 3.1
Download Updater (AOL LLC)
Fraps (remove only)
Free Window Registry Repair
FyTek's PDF Secured Optimizer 2.0
Game Booster
GameGain
GIMP 2.6.7
Google Chrome
Google Update Helper
Hardware Diagnostic Tools
HijackThis 2.0.2
Hotfix for Microsoft Visual C++ 2008 Express Edition with
SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with
SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with
SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with
SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with
SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with
SP1 - ENU (KB948127)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Remote Software
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
iTunes
Java(TM) 6 Update 17
LabelPrint
Left 4 Dead
Left 4 Dead 2 Demo
LightScribe System Software
LimeWire 5.3.6
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86
8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86
9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows SDK for Visual Studio 2008 Headers and
Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express
Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express
Tools for Win32
Microsoft Works
Mozilla Firefox (3.5.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Norton Security Scan
NVIDIA Drivers
Pando Media Booster
Personal Screen Resolution
Power2Go
PowerDirector
Python 2.6 pywin32-212
Python 2.6.1
QuickTime
Realtek High Definition Audio Driver
Registry Mechanic 9.0
Screen Resolution Manager 5.0
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Steam
System Requirements Lab
TeamViewer 4
Uniblue RegistryBooster 2010
Universal Document Converter (Demo)
Viewpoint Media Player
VLC media player 1.0.3
Windows 7 Upgrade Advisor
WinRAR archiver

==== End Of File ===========================


Report •

#7
December 23, 2009 at 13:07:37
Did you install hackhound.exe and when you boot into safe mode to run Gmer use only the F8 method as other method will lock the computer.

Report •

#8
December 23, 2009 at 13:11:20
I never installed Hackhound.exe
And what exactly should I be doing?
Thanks for the reply by the way.

Report •

#9
December 23, 2009 at 13:16:37
The second part of response # 1. GMER rootkit scan

Report •

#10
December 23, 2009 at 13:55:28
Here is my gmer.log file:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-23 13:51:36
Windows 6.1.7600
Running: y7kj5911.exe; Driver:
C:\Users\Nathan\AppData\Local\Temp\ugryqpow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware
Abstraction Layer DLL/Microsoft Corporation) 82222AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware
Abstraction Layer DLL/Microsoft Corporation) 82222104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware
Abstraction Layer DLL/Microsoft Corporation) 822223F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware
Abstraction Layer DLL/Microsoft Corporation) 8220A634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware
Abstraction Layer DLL/Microsoft Corporation) 8220A898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware
Abstraction Layer DLL/Microsoft Corporation) 822221DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware
Abstraction Layer DLL/Microsoft Corporation) 82222958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware
Abstraction Layer DLL/Microsoft Corporation) 822226F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware
Abstraction Layer DLL/Microsoft Corporation) 82222F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware
Abstraction Layer DLL/Microsoft Corporation) 822231A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD
82282579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2
822A6F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...]
{LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR
AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1
fvevol.sys (BitLocker Drive Encryption Driver/Microsoft
Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1
rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2
fvevol.sys (BitLocker Drive Encryption Driver/Microsoft
Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2
rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3
fvevol.sys (BitLocker Drive Encryption Driver/Microsoft
Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3
rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004d
halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft
Corporation)
Device -> \Driver\nvstor32 \Device\Harddisk0\DR0
853AE618

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\nvstor32.sys
suspicious modification

---- EOF - GMER 1.0.15 ----


Report •

#11
December 23, 2009 at 20:05:53
I recommend that you uninstall these programs as they are known to harbor spyware:


Ask Toolbar
utorrent
LimeWire
Viewpoint Media Player

Please download ComboFix with internet explorer instead of Mozilla FireFox .

Remember..your Nortons antivirus, Windows Defender, Spybot's TeaTimer must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#12
December 24, 2009 at 13:51:56
Okay, I disabled my antivirus until computer restart and ran
the scan. It detected something like "rootkit" and it required
me to restart my computer. After it restarted, it continued the
scan. However, SINCE it restarted, my antivirus program
began to run again while it continued scanning. So once it
was done, I decided to run the scan again while changing my
antivirus settings to reactivate manually. But during this scan,
I had NO rootkit warnings or any need to restart my computer.

I then googled some random links and clicked on about 30
results and NONE of them led me to an advertisement!
THANK YOU SO MUCH! I've been wanting to fix this annoying
problem FOREVER. THANK YOU SO MUCH FOR YOUR
HELP!!
Here is my log that I received the second time when no
"rootkit" was found:

ComboFix 09-12-24.02 - Nathan 12/24/2009 13:33:11.2.1 -
x86
Microsoft Windows 7 Home Premium
6.1.7600.0.1252.1.1033.18.2942.2184 [GMT -8:00]
Running from: c:\users\Nathan\Downloads\Combo-Fix.exe
.

((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-
24 )))))))))))))))))))))))))))))))
.

2009-12-24 21:45 . 2009-12-24 21:45 -------- d-----w-
c:\users\Public\AppData\Local\temp
2009-12-24 21:45 . 2009-12-24 21:45 -------- d-----w-
c:\users\Default\AppData\Local\temp
2009-12-24 21:45 . 2009-12-24 21:45 -------- d-----w-
c:\users\Administrator\AppData\Local\temp
2009-12-24 21:32 . 2009-12-24 21:32 -------- d-----w-
C:\32788R22FWJFW
2009-12-24 21:28 . 2009-08-26 00:09 165240 ----a-r-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-12-24 21:13 . 2009-12-24 21:45 -------- d-----w-
c:\users\Nathan\AppData\Local\temp
2009-12-24 20:47 . 2009-12-24 20:47 -------- d-----w-
c:\program files\Ask.com
2009-12-24 17:54 . 2009-10-28 12:00 1647984 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\VirusDefs\20091224.002\N
AVEX32A.DLL
2009-12-24 17:54 . 2009-10-28 12:00 84912 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\VirusDefs\20091224.002\N
AVENG.SYS
2009-12-24 17:54 . 2009-10-28 12:00 177520 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\VirusDefs\20091224.002\N
AVENG32.DLL
2009-12-24 17:54 . 2009-10-28 12:00 1323568 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\VirusDefs\20091224.002\N
AVEX15.SYS
2009-12-24 17:54 . 2009-10-28 12:00 102448 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\VirusDefs\20091224.002\E
RASER.SYS
2009-12-24 17:54 . 2009-12-09 09:00 2747440 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\VirusDefs\20091224.002\C
CERASER.DLL
2009-12-24 17:54 . 2009-10-28 12:00 371248 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\VirusDefs\20091224.002\E
ECTRL.SYS
2009-12-24 17:54 . 2009-10-28 12:00 259440 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\VirusDefs\20091224.002\E
CMSVR32.DLL
2009-12-23 20:10 . 2009-12-23 20:10 -------- d-----w-
c:\users\Nathan\AppData\Roaming\Malwarebytes
2009-12-23 20:10 . 2009-12-04 00:14 38224 ----a-w-
c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-23 20:09 . 2009-12-23 20:09 -------- d-----w-
c:\programdata\Malwarebytes
2009-12-23 20:09 . 2009-12-04 00:13 19160 ----a-w-
c:\windows\system32\drivers\mbam.sys
2009-12-23 20:09 . 2009-12-23 20:10 -------- d-----w-
c:\program files\Malwarebytes' Anti-Malware
2009-12-23 19:48 . 2009-12-23 19:48 -------- d-----w-
C:\rsit
2009-12-22 17:48 . 2009-12-22 17:52 -------- d-----w-
c:\program files\Free Window Registry Repair
2009-12-22 17:48 . 2009-12-22 17:48 -------- d-----w-
c:\users\Nathan\AppData\Roaming\Registry Mechanic
2009-12-22 17:42 . 2004-08-04 16:00 506368 ----a-w-
c:\windows\system32\msxml.dll
2009-12-22 17:42 . 2009-12-22 17:42 -------- d-----w-
c:\program files\Common Files\PC Tools
2009-12-22 17:38 . 2009-12-22 17:38 -------- d-----w-
c:\users\Nathan\AppData\Roaming\Uniblue
2009-12-22 17:38 . 2009-12-22 17:38 -------- d-----w-
c:\program files\Uniblue
2009-12-22 17:10 . 2009-12-22 17:10 -------- dc----w-
c:\programdata\{BC9FCCF7-E686-494B-8C9B-
55C9A39A7CA9}
2009-12-19 18:48 . 2009-11-03 04:42 195456 ------w-
c:\windows\system32\MpSigStub.exe
2009-12-19 18:31 . 2009-12-19 18:31 -------- d-----w-
c:\users\Nathan\AppData\Local\WinUI
2009-12-19 16:36 . 2009-12-19 16:38 -------- d-----w-
c:\users\Nathan\AppData\Local\Google
2009-12-19 16:36 . 2009-12-19 16:38 -------- d-----w-
c:\program files\Google
2009-12-19 16:36 . 2009-12-19 16:36 -------- d-----w-
c:\program files\Alwil Software
2009-12-19 02:27 . 2009-10-28 22:37 811896 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\Sc
xpx86.dll
2009-12-19 02:27 . 2009-10-28 22:37 343088 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\ID
Svix86.sys
2009-12-19 02:27 . 2009-10-28 22:37 329592 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\ID
SXpx86.sys
2009-12-19 02:27 . 2009-10-28 22:37 488312 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\ID
Sxpx86.dll
2009-12-19 02:26 . 2009-10-28 22:37 466992 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\ID
SviA64.sys
2009-12-19 01:06 . 2009-12-19 01:06 -------- d-----w-
c:\program files\Trend Micro
2009-12-19 00:46 . 2009-12-19 00:46 -------- d-----w-
c:\users\Nathan\AppData\Local\AIM Toolbar
2009-12-19 00:28 . 2009-12-19 00:28 -------- d-----w-
c:\programdata\Sunbelt
2009-12-18 23:24 . 2009-12-24 21:28 -------- d-----w-
c:\program files\Spybot - Search & Destroy
2009-12-18 23:24 . 2009-12-24 21:27 -------- d-----w-
c:\programdata\Spybot - Search & Destroy
2009-12-18 22:56 . 2009-12-18 23:09 -------- d-----w-
c:\users\Nathan\AppData\Roaming\gtk-2.0
2009-12-18 22:56 . 2009-12-18 22:56 -------- d-----w-
c:\users\Nathan\.thumbnails
2009-12-18 22:54 . 2009-12-18 22:57 -------- d-----w-
c:\users\Nathan\.gimp-2.6
2009-12-18 22:52 . 2009-12-18 22:53 -------- d-----w-
c:\program files\GIMP-2.0
2009-12-18 01:12 . 2009-12-18 01:20 -------- d-----w-
c:\users\Nathan\AppData\Roaming\vlc
2009-12-18 01:11 . 2009-12-18 01:11 -------- d-----w-
c:\program files\VideoLAN
2009-12-17 22:50 . 2009-10-28 22:37 811896 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\IPSDefs\20091216.001\Sc
xpx86.dll
2009-12-17 22:50 . 2009-10-28 22:37 329592 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\IPSDefs\20091216.001\ID
SXpx86.sys
2009-12-17 22:50 . 2009-10-28 22:37 343088 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\IPSDefs\20091216.001\ID
Svix86.sys
2009-12-17 22:50 . 2009-10-28 22:37 488312 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\IPSDefs\20091216.001\ID
Sxpx86.dll
2009-12-17 22:50 . 2009-10-28 22:37 466992 ----a-w-
c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\IPSDefs\20091216.001\ID
SviA64.sys
2009-12-15 21:39 . 2009-12-15 21:39 -------- d-----w-
c:\users\Nathan\AppData\Local\ElevatedDiagnostics
2009-12-15 03:27 . 2009-12-15 03:27 -------- d-----w-
c:\users\Nathan\AppData\Local\CyberLink
2009-12-15 03:27 . 2009-12-15 03:27 -------- d-----w-
c:\users\Nathan\AppData\Local\PowerCinema
2009-12-15 02:15 . 2009-12-24 20:47 -------- d-----w-
c:\users\Nathan\AppData\Roaming\uTorrent
2009-12-14 03:21 . 2009-12-14 03:21 -------- d-----w-
c:\program files\AIM Music Link
2009-12-14 03:18 . 2009-12-14 03:18 -------- d-----w-
c:\program files\AIM Toolbar
2009-12-14 03:17 . 2009-12-14 03:17 -------- d-----w-
c:\programdata\acccore
2009-12-14 03:17 . 2009-12-14 03:18 -------- d-----w-
c:\program files\AIM6
2009-12-14 03:08 . 2009-12-14 03:08 -------- d-----w-
c:\users\Nathan\AppData\Local\AOL OCP
2009-12-14 03:08 . 2009-12-24 20:48 -------- d-----w-
c:\programdata\Viewpoint
2009-12-14 03:07 . 2009-12-14 03:09 -------- d-----w-
c:\programdata\AOL OCP
2009-12-14 03:07 . 2009-12-14 03:07 -------- d-----w-
c:\programdata\AOL
2009-12-12 02:05 . 2009-12-12 02:05 -------- d-----w-
c:\windows\system32\drivers\NSS
2009-12-12 02:05 . 2009-12-12 02:05 -------- d-----w-
c:\program files\Norton Security Scan
2009-12-12 00:52 . 2009-12-12 00:52 -------- d-----w-
c:\users\Nathan\AppData\Local\Diagnostics
2009-12-11 02:03 . 2009-12-15 03:27 -------- d-----w-
c:\users\Nathan\AppData\Roaming\CyberLink
2009-12-10 04:46 . 2009-12-10 04:46 -------- d-----w-
c:\users\Nathan\AppData\Local\freedompeace
2009-12-10 04:46 . 2009-12-10 04:46 -------- d-----w-
c:\users\Nathan\AppData\Local\Xenocode
2009-12-10 02:41 . 2009-09-10 05:52 257024 ----a-w-
c:\windows\system32\msv1_0.dll
2009-12-10 02:40 . 2009-10-29 07:22 2048 ----a-w-
c:\windows\system32\tzres.dll
2009-12-10 02:30 . 2009-12-10 02:30 81640 ----a-w-
c:\users\Nathan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-10 02:25 . 2009-12-10 02:25 -------- d-----w-
C:\Recovery
2009-12-10 02:25 . 2009-12-11 22:57 -------- d-----w-
c:\windows\system32\wbem\Performance
2009-12-10 02:07 . 2009-12-10 02:07 21316 ----a-w-
c:\windows\system32\emptyregdb.dat
2009-12-10 01:31 . 2009-12-10 01:31 -------- d-----w-
c:\program files\LSI SoftModem
2009-12-10 01:31 . 2009-12-10 01:31 -------- d-----w-
c:\windows\system32\RTCOM
2009-12-10 01:31 . 2009-12-10 01:31 -------- d-----w-
c:\program files\Realtek
2009-12-10 01:30 . 2009-06-08 05:36 457248 ----a-w-
c:\windows\system32\nvuninst.exe
2009-12-10 01:27 . 2009-12-10 02:25 -------- d-----w-
c:\windows\Panther
2009-12-10 01:16 . 2009-12-10 02:08 -------- d-----w-
C:\$WINDOWS.~Q
2009-12-10 01:06 . 2009-12-10 01:12 -------- d-----w-
C:\$INPLACE.~TR
2009-12-10 00:14 . 2009-12-10 00:14 -------- d-----w-
C:\i386
2009-12-10 00:13 . 2009-12-10 00:13 -------- d-----w-
C:\blocks
2009-12-10 00:12 . 2009-12-10 02:54 -------- d-----w-
C:\$HPW7UA$
2009-12-09 23:28 . 2009-12-10 02:00 -------- d-----w-
c:\users\Nathan\AppData\Local\Microsoft Corporation
2009-12-09 23:28 . 2009-12-10 01:40 -------- d-----w-
c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-12-06 20:16 . 2009-12-10 01:36 -------- d-----w-
c:\program files\Common Files\Software Update Utility
2009-12-05 22:16 . 2009-12-10 02:00 -------- d-----w-
c:\users\Nathan\AppData\Roaming\Grasssoft
2009-12-05 22:15 . 2009-12-10 01:49 -------- d-----w-
c:\programdata\Grasssoft
2009-12-05 22:15 . 2009-12-10 01:37 -------- d-----w-
c:\program files\GrassSoft
2009-12-03 06:34 . 2009-12-10 01:37 -------- d-----w-
c:\program files\GameGain
2009-12-03 02:46 . 2009-12-10 02:00 -------- d-----w-
c:\users\Nathan\AppData\Roaming\Dev-Cpp
2009-12-03 02:45 . 2009-12-07 23:28 -------- d-----w-
C:\Dev-Cpp
2009-12-03 00:00 . 2008-07-11 00:28 50200 ----a-w-
c:\windows\system32\perf-SQLAgent$SQLEXPRESS-
sqlagtctr10.0.1600.22.dll
2009-12-03 00:00 . 2008-07-11 00:28 79896 ----a-w-
c:\windows\system32\perf-MSSQL$SQLEXPRESS-
sqlctr10.0.1600.22.dll
2009-12-02 23:59 . 2009-12-02 23:59 -------- d-----w-
c:\windows\system32\RsFx
2009-12-02 23:58 . 2009-12-10 01:51 -------- d-----w-
c:\windows\system32\1033
2009-12-02 23:54 . 2009-12-10 01:40 -------- d-----w-
c:\program files\Microsoft SQL Server
2009-12-02 23:54 . 2009-12-02 23:54 64000 ----a-w-
c:\programdata\Microsoft\VCExpress\9.0\1033\ResourceCach
e.dll
2009-12-02 23:53 . 2009-12-02 23:53 416 ----a-w-
c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-12-02 23:53 . 2009-12-10 02:00 -------- d-----w-
c:\users\Nathan\AppData\Local\Microsoft Help
2009-12-02 23:50 . 2009-12-10 01:41 -------- d-----w-
c:\program files\Microsoft.NET
2009-12-02 23:50 . 2009-12-10 01:40 -------- d-----w-
c:\program files\Microsoft Visual Studio 9.0
2009-12-02 23:50 . 2009-12-10 01:36 -------- d-----w-
c:\program files\Common Files\Merge Modules
2009-12-02 23:50 . 2009-12-10 01:49 -------- d-----w-
c:\programdata\Microsoft Help
2009-12-02 23:49 . 2009-12-10 01:40 -------- d-----w-
c:\program files\Microsoft SDKs
2009-12-02 02:07 . 2009-12-10 02:00 -------- d-----w-
c:\users\Nathan\AppData\Roaming\UDC Profiles
2009-12-02 02:06 . 2009-09-04 23:09 34680 ----a-w-
c:\windows\system32\udcpm.dll
2009-12-02 02:06 . 2009-12-10 01:49 -------- d-----w-
c:\program files\Universal Document Converter
2009-12-02 02:01 . 2009-12-10 01:37 -------- d-----w-
c:\program files\FyTek
2009-12-02 00:12 . 2009-12-12 19:03 -------- d-sh--r-
c:\users\Nathan\AppData\Roaming\Nexon
2009-12-01 22:28 . 2009-12-15 23:11 69 ----a-w-
c:\users\Nathan\jagex_runescape_preferences2.dat
2009-12-01 22:27 . 2009-12-15 23:07 39 ----a-w-
c:\users\Nathan\jagex_runescape_preferences.dat
2009-12-01 22:27 . 2009-12-01 22:27 -------- d-----w-
C:\.jagex_cache_32
2009-12-01 02:17 . 2009-12-10 02:00 -------- d-----w-
c:\users\Nathan\AppData\Roaming\codeblocks
2009-12-01 02:17 . 2009-12-10 01:36 -------- d-----w-
c:\program files\CodeBlocks
2009-11-30 03:56 . 2009-12-10 03:19 -------- d-----w-
c:\users\Nathan\AppData\Roaming\TeamViewer
2009-11-30 03:56 . 2009-12-10 01:49 -------- d-----w-
c:\program files\TeamViewer
2009-11-30 03:55 . 2009-12-10 02:01 -------- d-----w-
c:\users\Nathan\temp
2009-11-25 01:26 . 2009-11-25 01:26 135168 ---ha-w-
c:\windows\system32\hX6D5eB9.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 21:28 . 2009-11-15 02:27 -------- d-----w-
c:\program files\Steam
2009-12-23 16:32 . 2009-11-08 04:17 -------- d-----w-
c:\users\Nathan\AppData\Roaming\LimeWire
2009-12-18 05:28 . 2009-11-02 03:53 -------- d-----w-
c:\program files\Cheat Engine
2009-12-17 05:59 . 2009-10-29 03:42 2088 ----a-w-
c:\users\Nathan\AppData\Roaming\wklnhst.dat
2009-12-14 03:17 . 2009-10-28 23:00 -------- d-----w-
c:\program files\Common Files\AOL
2009-12-12 06:52 . 2009-11-15 02:27 -------- d-----w-
c:\program files\Common Files\Steam
2009-12-12 02:05 . 2009-09-04 03:25 -------- d-----w-
c:\programdata\Norton
2009-12-12 02:05 . 2009-09-04 03:25 -------- d-----w-
c:\programdata\NortonInstaller
2009-12-11 22:57 . 2009-07-27 04:47 727714 ----a-w-
c:\windows\system32\prfh0416.dat
2009-12-11 22:57 . 2009-07-27 04:47 149252 ----a-w-
c:\windows\system32\prfc0416.dat
2009-12-11 22:57 . 2009-07-27 04:41 758198 ----a-w-
c:\windows\system32\perfh00C.dat
2009-12-11 22:57 . 2009-07-27 04:41 151400 ----a-w-
c:\windows\system32\perfc00C.dat
2009-12-11 22:57 . 2009-07-27 04:33 757244 ----a-w-
c:\windows\system32\perfh00A.dat
2009-12-11 22:57 . 2009-07-27 04:33 158034 ----a-w-
c:\windows\system32\perfc00A.dat
2009-12-10 02:00 . 2009-11-05 03:08 -------- d-----w-
c:\users\Nathan\AppData\Roaming\WindSolutions
2009-12-10 02:00 . 2009-10-28 22:52 -------- d-----w-
c:\users\Nathan\AppData\Roaming\WinBatch
2009-12-10 02:00 . 2009-11-16 02:31 -------- d-----w-
c:\users\Nathan\AppData\Roaming\SystemRequirementsLab
2009-12-10 02:00 . 2009-10-29 03:42 -------- d-----w-
c:\users\Nathan\AppData\Roaming\Template
2009-12-10 02:00 . 2009-11-05 03:47 -------- d-----w-
c:\users\Nathan\AppData\Roaming\Apple Computer
2009-12-10 02:00 . 2009-11-05 03:16 -------- d-----w-
c:\users\Nathan\AppData\Roaming\DiskAid
2009-12-10 02:00 . 2009-10-28 22:46 -------- d-----w-
c:\users\Nathan\AppData\Roaming\Hewlett-Packard
2009-12-10 02:00 . 2009-10-28 22:35 -------- d-----w-
c:\users\Nathan\AppData\Roaming\HP TCS
2009-12-10 02:00 . 2009-10-28 23:01 -------- d-----w-
c:\users\Nathan\AppData\Roaming\acccore
2009-12-10 01:50 . 2009-10-28 22:58 -------- d-----w-
c:\users\Administrator\AppData\Roaming\Hewlett-Packard
2009-12-10 01:50 . 2009-11-05 03:45 -------- d-----w-
c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-10 01:50 . 2009-11-05 03:08 -------- d-----w-
c:\programdata\WindSolutions
2009-12-10 01:50 . 2009-10-30 00:52 -------- d-----w-
c:\programdata\NOS
2009-12-10 01:50 . 2009-10-28 23:51 -------- d-----w-
c:\programdata\PMB Files
2009-12-10 01:50 . 2009-09-04 03:25 -------- d-----w-
c:\programdata\Symantec
2009-12-10 01:50 . 2009-09-04 03:16 -------- d-----w-
c:\programdata\WildTangent
2009-12-10 01:50 . 2009-09-04 02:56 -------- d-----w-
c:\programdata\PC-Doctor for Windows
2009-12-10 01:50 . 2009-09-04 02:56 -------- d-----w-
c:\programdata\NVIDIA
2009-12-10 01:42 . 2009-09-04 03:26 -------- d-----w-
c:\program files\SMINST
2009-12-10 01:42 . 2009-11-05 03:43 -------- d-----w-
c:\program files\QuickTime
2009-12-10 01:42 . 2009-09-04 02:38 -------- d-----w-
c:\program files\Python
2009-12-10 01:42 . 2009-11-23 01:34 -------- d-----w-
c:\program files\Personal Screen Resolution
2009-12-10 01:42 . 2009-09-04 02:56 -------- d-----w-
c:\program files\PC-Doctor for Windows
2009-12-10 01:41 . 2009-10-28 23:51 -------- d-----w-
c:\program files\Pando Networks
2009-12-10 01:41 . 2009-09-04 03:25 -------- d-----w-
c:\program files\NortonInstaller
2009-12-10 01:41 . 2009-09-04 03:25 -------- d-----w-
c:\program files\Norton Internet Security
2009-12-10 01:41 . 2009-09-04 03:24 -------- d-----w-
c:\program files\NetZeroPreloader
2009-12-10 01:41 . 2009-09-04 17:46 -------- d-----w-
c:\program files\Microsoft Works
2009-12-10 01:40 . 2009-09-04 03:24 -------- d-----w-
c:\program files\Microsoft Silverlight
2009-12-10 01:40 . 2009-09-04 03:24 -------- d-----w-
c:\program files\Microsoft
2009-12-10 01:40 . 2009-09-04 03:24 -------- d-----w-
c:\program files\JunoPreloader
2009-12-10 01:40 . 2009-07-14 04:52 -------- d-----w-
c:\program files\Microsoft Games
2009-12-10 01:40 . 2009-11-08 04:15 -------- d-----w-
c:\program files\Java
2009-12-10 01:40 . 2009-11-05 03:45 -------- d-----w-
c:\program files\iTunes
2009-12-10 01:40 . 2009-11-05 03:45 -------- d-----w-
c:\program files\iPod
2009-12-10 01:40 . 2009-10-29 01:54 -------- d-----w-
c:\program files\IObit
2009-12-10 01:40 . 2009-09-04 02:54 -------- d--h--w-
c:\program files\InstallShield Installation Information
2009-12-10 01:39 . 2009-09-04 03:16 -------- d-----w-
c:\program files\HP Games
2009-12-10 01:39 . 2009-09-04 03:09 -------- d-----w-
c:\program files\HP
2009-12-10 01:38 . 2009-09-04 02:41 -------- d-----w-
c:\program files\Hewlett-Packard
2009-12-10 01:37 . 2009-11-05 03:16 -------- d-----w-
c:\program files\DigiDNA
2009-12-10 01:37 . 2009-09-04 02:58 -------- d-----w-
c:\program files\Cyberlink
2009-12-10 01:36 . 2009-10-28 22:55 -------- d-----w-
c:\program files\Common Files\Symantec Shared
2009-12-10 01:36 . 2009-09-04 03:08 -------- d---a-w-
c:\program files\Common Files\LS Getting Started
2009-12-10 01:36 . 2009-09-04 03:08 -------- d---a-w-
c:\program files\Common Files\LightScribe
2009-12-10 01:36 . 2009-09-04 02:54 -------- d-----w-
c:\program files\Common Files\InstallShield
2009-12-10 01:36 . 2009-11-05 03:40 -------- d-----w-
c:\program files\Common Files\Apple
2009-12-10 01:36 . 2009-10-30 00:55 -------- d-----w-
c:\program files\Common Files\Adobe
2009-12-10 01:36 . 2009-10-30 00:52 -------- d-----w-
c:\program files\Common Files\Adobe AIR
2009-12-10 01:35 . 2009-11-23 01:24 -------- d-----w-
c:\program files\ByteGems.com
2009-12-10 01:35 . 2009-11-05 03:44 -------- d-----w-
c:\program files\Bonjour
2009-12-10 01:35 . 2009-11-05 03:43 -------- d-----w-
c:\program files\Apple Software Update
2009-12-10 01:35 . 2009-10-28 23:01 -------- d-----w-
c:\program files\AIM
2009-12-10 01:31 . 2009-12-10 01:31 0 ---ha-w-
c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.W
df
2009-12-09 23:52 . 2009-09-04 03:07 36864 ----a-w-
c:\programdata\Temp\{DCCAD079-F92C-44DA-B258-
624FC6517A5A}\PostBuild.exe
2009-11-24 04:46 . 2009-11-24 04:46 135168 ---ha-w-
c:\windows\system32\TUm2evLMRb.dll
2009-11-24 04:46 . 2009-11-24 04:46 135168 ---ha-w-
c:\windows\system32\dWj6S9EMvUC.dll
2009-11-24 04:34 . 2009-11-24 04:34 135168 ---ha-w-
c:\windows\system32\eKJ5h11.dll
2009-11-24 04:27 . 2009-11-24 04:27 135168 ---ha-w-
c:\windows\system32\P86TJeOQDybd.dll
2009-11-22 19:29 . 2009-11-22 19:29 135168 ---ha-w-
c:\windows\system32\NMDK1KDlE.dll
2009-11-21 02:56 . 2009-11-21 02:56 135168 ---ha-w-
c:\windows\system32\brrThbTq.dll
2009-11-21 02:55 . 2009-11-21 02:55 135168 ---ha-w-
c:\windows\system32\o5QHfur.dll
2009-11-21 02:52 . 2009-11-21 02:52 135168 ---ha-w-
c:\windows\system32\WjCb422T.dll
2009-11-21 01:31 . 2009-11-21 01:31 135168 ---ha-w-
c:\windows\system32\xJ3jl5eUi.dll
2009-11-21 00:31 . 2009-11-21 00:31 135168 ---ha-w-
c:\windows\system32\sbGkk8pSN.dll
2009-11-18 00:13 . 2009-11-18 00:13 0 ---ha-w-
c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.W
df
2009-11-17 00:07 . 2009-11-17 00:07 135168 ---ha-w-
c:\windows\system32\FXJarcq9.dll
2009-11-16 21:49 . 2009-11-16 21:49 135168 ---ha-w-
c:\windows\system32\RSUF33I5.dll
2009-11-16 21:46 . 2009-11-16 21:46 135168 ---ha-w-
c:\windows\system32\cmJ4RfnLo.dll
2009-11-16 02:31 . 2009-11-16 02:31 138240 ----a-w-
c:\users\Nathan\AppData\Roaming\SystemRequirementsLab\
SRLProxy_srl_4_1_14_0_d.dll
2009-11-16 02:31 . 2009-11-16 02:31 138240 ----a-w-
c:\users\Nathan\AppData\Roaming\SystemRequirementsLab\
SRLProxy_srl_4_1_14_0_c.dll
2009-11-16 02:31 . 2009-11-16 02:31 138240 ----a-w-
c:\users\Nathan\AppData\Roaming\SystemRequirementsLab\
SRLProxy_srl_4_1_14_0_b.dll
2009-11-16 02:31 . 2009-11-16 02:31 138240 ----a-w-
c:\users\Nathan\AppData\Roaming\SystemRequirementsLab\
SRLProxy_srl_4_1_14_0_a.dll
2009-11-16 01:54 . 2009-11-16 01:54 135168 ---ha-w-
c:\windows\system32\CXfHWxmLYiXU.dll
2009-11-16 01:49 . 2009-11-16 01:49 135168 ---ha-w-
c:\windows\system32\WT44VpO3.dll
2009-11-16 00:33 . 2009-11-16 00:33 135168 ---ha-w-
c:\windows\system32\yDWJ3Yx8.dll
2009-11-16 00:25 . 2009-11-16 00:25 135168 ---ha-w-
c:\windows\system32\AxMD4qb.dll
2009-11-15 19:56 . 2009-11-15 19:56 135168 ---ha-w-
c:\windows\system32\pfO5iISX.dll
2009-11-15 00:27 . 2009-11-15 00:27 135168 ---ha-w-
c:\windows\system32\IwnQeK3hGAcXM.dll
2009-11-14 23:35 . 2009-11-14 23:35 135168 ---ha-w-
c:\windows\system32\AJTJVPEsInb3.dll
2009-11-14 17:47 . 2009-11-14 17:47 135168 ---ha-w-
c:\windows\system32\H9J99HJleGIV.dll
2009-11-14 17:45 . 2009-11-14 17:45 135168 ---ha-w-
c:\windows\system32\wXqkr8P1betE9.dll
2009-11-14 15:52 . 2009-11-14 15:52 135168 ---ha-w-
c:\windows\system32\L6yDfmxUb.dll
2009-11-14 02:15 . 2009-11-14 02:15 135168 ---ha-w-
c:\windows\system32\Np74DubMljc.dll
2009-11-14 02:11 . 2009-11-14 02:11 135168 ---ha-w-
c:\windows\system32\srO33NrIu.dll
2009-11-14 02:10 . 2009-11-14 02:10 135168 ---ha-w-
c:\windows\system32\vx6TxubJTY.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r-
c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w-
c:\windows\winsxs\x86_microsoft-windows-mail-
app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108
c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\C
urrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP
Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"Pando Media Booster"="c:\program files\Pando
Networks\Media Booster\PMB.exe" [2009-10-28 2923192]
"Steam"="c:\program files\Steam\Steam.exe" [2009-11-15
1217808]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"WinLogin"="c:\users\Nathan\AppData\Roaming\Nexon\Engin
e.exe" [2006-07-27 626688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common
Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program
files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03
35696]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-
Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
[2009-04-10 185640]
"DVDAgent"="c:\program files\Hewlett-
Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"HP Health Check Scheduler"="c:\program files\Hewlett-
Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04
75016]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP
Remote\HP REMOTE V1.0.5.exe" [2009-02-06 143360]
"HP Software Update"="c:\program files\HP\HP Software
Update\HPWuSchd2.exe" [2008-12-08 54576]
"hpsysdrv"="c:\program files\hewlett-packard\HP
odometer\hpsysdrv.exe" [2008-11-20 62768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
[2009-10-29 141600]
"Macro Manager"="c:\program files\GrassSoft\Mouse
Recorder\MacroManager.exe" [2009-12-05 2471936]
"Microsoft Default Manager"="c:\program
files\Microsoft\Search Enhancement Pack\Default
Manager\DefMgr.exe" [2009-02-06 224616]
"PSR-autorun"="c:\program files\Personal Screen
Resolution\Personal Screen Resolution.exe" [2006-08-16
276020]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe"
[2009-09-05 417792]
"Screen Resolution Manager"="c:\program
files\ByteGems.com\Screen Resolution
Manager\ScreenResolutionManager.exe" [2008-02-16 510976]
"SmartMenu"="c:\program files\Hewlett-Packard\HP
MediaSmart\SmartMenu.exe" [2009-03-06 915512]
"SunJavaUpdateSched"="c:\program
files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TSMAgent"="c:\program files\Hewlett-
Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10
1328424]
"UpdateLBPShortCut"="c:\program
files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe"
[2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program
files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe"
[2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program
files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink
DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-
02 210216]
"SSDMonitor"="c:\program files\Common Files\PC
Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curren
tversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\drivers32]
"aux"=wdmaud.drv

R0 SymEFA;Symantec Extended File
Attributes;c:\windows\System32\drivers\NIS\1007020.00B\Sy
mEFA.sys [10/29/2009 5:00 PM 310320]
R1 BHDrvx86;Symantec Heuristics
Driver;c:\windows\System32\drivers\NIS\1007020.00B\BHDrvx
86.sys [10/29/2009 5:00 PM 259632]
R1 ccHP;Symantec Hash
Provider;c:\windows\System32\drivers\NIS\1007020.00B\cchp
x86.sys [10/29/2009 5:00 PM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-
0F1D-4F28-AAA2-
85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\ID
Svix86.sys [12/18/2009 6:27 PM 343088]
R2 Macro Expert;Macro Expert;c:\program
files\GrassSoft\Mouse Recorder\MacroService.exe [9/27/2009
5:40 AM 206848]
R2 Norton Internet Security;Norton Internet
Security;c:\program files\Norton Internet
Security\Engine\16.7.2.11\ccSvcHst.exe [10/29/2009 5:00 PM
117640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown
Monitor service;c:\program files\Common Files\PC
Tools\sMonitor\StartManSvc.exe [12/22/2009 9:42 AM
583640]
R2 TeamViewer4;TeamViewer 4;c:\program
files\TeamViewer\Version4\TeamViewer_Service.exe
[10/7/2009 4:50 AM 185640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program
files\Common Files\Symantec
Shared\EENGINE\EraserUtilRebootDrv.sys [10/28/2009 7:31
PM 102448]
R3 SYMNDISV;Symantec Network Filter
Driver;c:\windows\System32\drivers\NIS\1007020.00B\symndi
sv.sys [10/29/2009 5:00 PM 48688]
S2 gupdate;Google Update Service (gupdate);c:\program
files\Google\Update\GoogleUpdate.exe [12/19/2009 8:37 AM
133104]
S3 PCDSRVC{4F253FFC-7957E8FC-
06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 -
PCDR Kernel Mode Service Helper Driver;c:\program files\PC-
Doctor for Windows\pcdsrvc.pkms [2/2/2009 10:59 AM 20848]
S4 MSSQLServerADHelper100;SQL Active Directory Helper
Service;c:\program files\Microsoft SQL
Server\100\Shared\sqladhlp.exe [7/10/2008 4:28 PM 47128]
S4 RsFx0102;RsFx0102
Driver;c:\windows\System32\drivers\RsFx0102.sys [7/10/2008
2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent
(SQLEXPRESS);c:\program files\Microsoft SQL
Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.E
XE [7/10/2008 4:28 PM 369688]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15153&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cn
dt
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\programdata\AIM
Toolbar\ieToolbar\resources\en-US\local\search.html
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} -
hxxps://www.hpwindows7upgrade.arvato.com/north_america/
Endcustomer/HPProdDetect.cab
FF - ProfilePath -
c:\users\Nathan\AppData\Roaming\Mozilla\Firefox\Profiles\n1
nkm876.default\
FF - component: c:\programdata\Norton\{0C55C096-0F1D-
4F28-AAA2-
85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-
4F28-AAA2-
85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant:
{20a82645-c095-46ed-80e3-08825760534b} -
c:\windows\Microsoft.NET\Framework\v3.5\Windows
Presentation Foundation\DotNetAssistantExtension\
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\
Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet
Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet
Security\" /m \"c:\program files\Norton Internet
Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\
PCDSRVC{4F253FFC-7957E8FC-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for
windows\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-914156934-2794549932-
1219203665-1000\Software\Norton\{0C55C096-0F1D-4F28-
AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)

[HKEY_USERS\S-1-5-21-914156934-2794549932-
1219203665-1000\Software\Norton\{0C55C096-0F1D-4F28-
AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{57590AC0-9B1B-4B27-9965-BF25FBE92C2D}"=""
"{039F965C-5CC1-4CD1-903D-C31BBC700B8E}"=""
"{E4FC590A-09CB-4E25-A051-D654F9E2C738}"=""
"{F3C99C9B-BAB5-4345-85B2-B655D38FFFFB}"=""
"{CDFE6635-418E-41A2-9FB8-543AEE625695}"=""
"{FF80EC0B-C2C2-4F92-8609-DBB85B7DBF8C}"=""
"{371E9CC7-0B19-4A4A-9AFC-ADEFC8F76675}"=""
"{EB300233-7319-4D3E-ADB9-3731DD6D053D}"=""
"{1F0490E1-8801-480B-A749-786BCCECCDF2}"=""
"{D0B2FBBF-EC1A-4254-B0BB-2D8129DFB7F7}"=""
"{AA607931-01E3-46CE-9096-D545154FF0D5}"=""
"{0B2FA872-6976-4151-AA67-D9181CF7BB59}"=""
"{7C21BC86-7F45-4537-B58C-9354DDAA2BFA}"=""
"{9CCD5E60-6B50-4BB1-8445-32D8796689AF}"=""
"{BDE21645-AD68-467A-8619-60C6D30B99E8}"=""
"{7151C4BD-F994-4AB6-93E6-3AAA46419884}"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\C
lass\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\P
CW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2009-12-24 13:49:09
ComboFix-quarantined-files.txt 2009-12-24 21:49
ComboFix2.txt 2009-12-24 21:24

Pre-Run: 215,269,416,960 bytes free
Post-Run: 215,180,292,096 bytes free

- - End Of File - - 91E842A78AB5D17E4C95ABD798F0F302


Report •


Ask Question