Problem

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav, evo opet me je komp poceo malo zezati, malo je spor, nekada mi nece da otvori stranicu naprimer odem recimo na serbian cafe i kada kliknem diskusije ili vesti ili bilo sta ne otvori mi se to nego se pokaze reklama tj odvede me na drugi sajt. sta vi mislite imali nesto ili je ovo samo glupa Vista.

Hvala

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:11 PM, on 5/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Winrar Professional\groupmanager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GroupManager] "C:\Program Files\Winrar Professional\groupmanager.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - file:///C:/Users/Owner/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/xplugCam.gadget/en-US/xplug.ocx
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\system32\IoctlSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8429 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Privremeno isključi zaštitni softver (ako znaš kako).


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 11 Maj 2009 0:57

poz, evo ugasio sam norton i firewall i ugasio sma spy sweeper evo ti log od combo fixa

ComboFix 09-05-09.05 - Owner 05/10/2009 18:40.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3062.1888 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\Owner\protect.dll
c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2009-04-10 to 2009-05-10 )))))))))))))))))))))))))))))))
.

2009-05-09 20:19 . 2009-05-09 20:19 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-09 14:58 . 2009-05-09 14:58 -------- d-----w c:\program files\Trend Micro
2009-05-08 01:06 . 2009-05-08 02:03 -------- d-----w c:\program files\Norton Internet Security
2009-05-08 01:04 . 2009-05-08 01:42 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-08 01:04 . 2009-05-08 01:42 -------- d-----w c:\program files\Symantec
2009-05-08 00:49 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-08 00:49 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 00:49 . 2009-05-08 00:49 -------- d-----w c:\users\Owner\AppData\Roaming\Malwarebytes
2009-05-08 00:49 . 2009-05-08 00:49 -------- d-----w c:\programdata\Malwarebytes
2009-05-08 00:49 . 2009-05-08 00:49 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-07 23:24 . 2009-05-07 23:24 -------- d-----w c:\users\Owner\AppData\Local\Google
2009-05-07 00:03 . 2009-05-07 00:03 -------- d-----w C:\tmpDownload
2009-05-06 20:51 . 2009-05-06 20:51 27648 ----a-w c:\users\Owner\AppData\Roaming\svchost_32.exe
2009-05-04 23:16 . 2009-05-04 23:16 -------- d-----w c:\programdata\PCSettings
2009-05-04 23:16 . 2009-05-04 23:16 -------- d-----w c:\users\All Users\PCSettings
2009-05-04 23:16 . 2009-05-05 02:30 -------- d-----w c:\programdata\Norton
2009-05-04 23:16 . 2009-05-05 02:30 -------- d-----w c:\users\All Users\Norton
2009-05-04 23:16 . 2009-05-05 19:43 -------- d-----w c:\program files\NortonInstaller
2009-05-04 23:16 . 2009-05-05 02:30 -------- d-----w c:\programdata\NortonInstaller
2009-05-04 23:16 . 2009-05-05 02:30 -------- d-----w c:\users\All Users\NortonInstaller
2009-05-04 23:12 . 2009-05-04 23:12 -------- d-----w c:\programdata\Symantec Temporary Files
2009-05-04 23:12 . 2009-05-04 23:12 -------- d-----w c:\users\All Users\Symantec Temporary Files
2009-05-03 03:37 . 2009-05-09 01:37 -------- d-----w c:\users\Owner\AppData\Roaming\Paltalk
2009-05-03 02:40 . 2007-07-19 23:55 233888 ----a-w c:\windows\system32\DreamScene.dll
2009-05-03 02:40 . 2009-05-03 02:40 -------- d-----w c:\windows\system32\RTCOM
2009-05-03 02:39 . 2008-07-12 12:18 3851784 ----a-w c:\windows\system32\D3DX9_39.dll
2009-05-03 02:38 . 2009-05-03 02:38 -------- d-----w c:\program files\BitLocker
2009-05-03 02:38 . 2007-02-22 02:26 1171848 ----a-w c:\windows\system32\SecureKeyBackupCPL.dll
2009-05-03 02:29 . 2008-08-17 10:33 678408 ----a-w c:\windows\system32\gpprefcl.dll
2009-05-03 00:44 . 2009-05-03 00:44 -------- d-----w c:\program files\Common Files\xing shared
2009-05-03 00:43 . 2009-05-03 00:43 -------- d-----w c:\program files\Common Files\Real
2009-05-02 03:51 . 2009-05-10 22:28 -------- d-----w c:\users\Owner\Tracing
2009-05-02 03:49 . 2009-05-02 03:49 -------- d-----w c:\windows\Downloaded Installations
2009-05-02 02:52 . 2008-11-10 15:41 32656 ----a-w c:\windows\system32\msonpmon.dll
2009-05-02 02:43 . 2009-05-02 02:43 -------- d-----w c:\users\Owner\AppData\Local\Microsoft Help
2009-05-02 02:42 . 2009-05-07 20:59 -------- d-----w c:\programdata\Microsoft Help
2009-05-02 02:42 . 2009-05-07 20:59 -------- d-----w c:\users\All Users\Microsoft Help
2009-05-02 02:31 . 2009-05-02 02:31 -------- d-----w c:\program files\Nero 9
2009-05-01 23:52 . 2009-05-01 23:52 -------- d-----w c:\program files\NOS
2009-05-01 23:52 . 2009-05-01 23:54 -------- d-----w c:\programdata\NOS
2009-05-01 23:52 . 2009-05-01 23:54 -------- d-----w c:\users\All Users\NOS
2009-05-01 23:37 . 2008-02-28 17:26 1414440 ----a-w c:\windows\system32\ShellManager310E2D762.dll
2009-05-01 23:23 . 2009-05-01 23:23 -------- d-----w c:\users\Owner\AppData\Local\Ahead
2009-05-01 22:58 . 2009-05-01 23:38 -------- d-----w c:\programdata\Nero
2009-05-01 22:58 . 2009-05-01 23:38 -------- d-----w c:\users\All Users\Nero
2009-05-01 22:58 . 2009-05-02 02:32 -------- d-----w c:\program files\Common Files\Nero
2009-05-01 22:38 . 2009-05-02 02:33 -------- d-----w c:\users\Owner\AppData\Roaming\Nero
2009-05-01 22:06 . 2009-05-01 22:06 -------- d-----w C:\PFiles
2009-05-01 22:02 . 2009-05-01 22:02 -------- d-----w c:\programdata\TreeCardGames
2009-05-01 22:02 . 2009-05-01 22:02 -------- d-----w c:\users\All Users\TreeCardGames
2009-05-01 22:02 . 2009-05-10 03:50 -------- d-----w c:\users\Owner\AppData\Roaming\SolSuite
2009-05-01 21:56 . 2009-05-01 21:56 -------- d-----w c:\windows\Winrar Professional
2009-05-01 21:56 . 2009-05-01 21:56 -------- d-----w c:\program files\Winrar Professional
2009-05-01 04:19 . 2009-05-10 04:27 -------- d-----w c:\users\Owner\AppData\Roaming\Maxthon2
2009-05-01 03:58 . 2008-02-14 21:56 118784 ----a-w c:\windows\system32\drivers\Rtlh86.sys
2009-05-01 03:58 . 2009-05-03 02:40 -------- d-----w c:\program files\Realtek
2009-05-01 03:58 . 2009-05-09 20:20 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-01 03:58 . 2009-05-01 03:58 -------- d-----w c:\users\Owner\AppData\Roaming\InstallShield
2009-05-01 03:56 . 2009-05-03 02:00 -------- d-----w c:\users\Owner\AppData\Local\VirtualStore
2009-05-01 03:56 . 2009-05-01 03:11 -------- d-----w c:\windows\Panther
2009-05-01 03:54 . 2009-05-01 03:54 -------- d-----w c:\windows\system32\Lang
2009-05-01 03:54 . 2006-11-10 20:25 319456 ----a-w c:\windows\system32\difxapi.dll
2009-05-01 03:54 . 2009-02-26 23:57 997912 ----a-w c:\windows\system32\igxpun.exe
2009-05-01 03:53 . 2009-05-01 03:53 -------- d-----w c:\users\Owner\AppData\Roaming\WinBatch
2009-05-01 03:45 . 2009-05-10 16:52 -------- d-----w c:\users\Owner\AppData\Roaming\MxBoost
2009-05-01 03:44 . 2009-05-01 03:44 -------- d-----w C:\Windows.old
2009-05-01 03:43 . 2009-05-01 03:43 552 ----a-w c:\users\Owner\AppData\Local\d3d8caps.dat
2009-05-01 03:41 . 2009-05-10 22:14 -------- d-----w c:\users\Owner\AppData\Roaming\uTorrent
2009-05-01 03:40 . 2009-05-01 03:40 -------- d-----r c:\windows\system32\config\systemprofile\Music
2009-05-01 03:35 . 2009-05-07 21:11 -------- d-----w c:\users\Owner\AppData\Local\Microsoft Games
2009-05-01 03:29 . 2009-05-03 02:45 99864 ----a-w c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 03:26 . 2009-05-01 03:26 -------- d-----r c:\windows\system32\config\systemprofile\Contacts
2009-05-01 03:25 . 2009-05-03 03:23 -------- d-----w c:\windows\Debug
2009-05-01 03:21 . 2009-05-01 02:21 4152184 ----a-w c:\windows\system32\wgaer_m.exe
2009-05-01 02:30 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll
2009-05-01 02:09 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-05-01 02:09 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-01 02:09 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-05-01 02:09 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-05-01 02:09 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-05-01 02:08 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-05-01 02:08 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-05-01 02:01 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-05-01 02:00 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-05-01 02:00 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-05-01 02:00 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-05-01 02:00 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-05-01 01:54 . 2008-12-05 04:32 428544 ----a-w c:\windows\system32\EncDec.dll
2009-05-01 01:54 . 2008-12-05 04:32 293376 ----a-w c:\windows\system32\psisdecd.dll
2009-05-01 01:54 . 2008-11-01 03:44 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-05-01 01:54 . 2008-03-08 04:21 1695744 ----a-w c:\windows\system32\gameux.dll
2009-05-01 01:54 . 2008-11-01 01:21 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-01 01:53 . 2008-04-10 05:12 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-05-01 01:53 . 2008-11-27 04:43 268288 ----a-w c:\windows\system32\schannel.dll
2009-05-01 01:53 . 2008-06-26 01:45 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll
2009-05-01 01:53 . 2008-06-26 01:45 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll
2009-05-01 01:52 . 2008-06-26 03:29 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll
2009-05-01 01:49 . 2008-12-16 05:31 7680 ----a-w c:\windows\system32\spwmp.dll
2009-05-01 01:48 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-05-01 01:41 . 2008-09-10 03:40 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-05-01 01:31 . 2009-05-10 21:29 -------- d-----w c:\programdata\Symantec
2009-05-01 01:31 . 2009-05-10 21:29 -------- d-----w c:\users\All Users\Symantec
2009-05-01 01:31 . 2009-05-08 02:03 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-01 01:28 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-05-01 01:28 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-05-01 01:28 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-05-01 01:28 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-05-01 01:28 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll
2009-05-01 01:28 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll
2009-05-01 01:28 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll
2009-05-01 01:28 . 2008-10-16 18:08 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-05-01 01:28 . 2008-10-16 17:56 31232 ----a-w c:\windows\system32\wuapp.exe
2009-05-01 01:26 . 2009-05-08 01:10 -------- d-----w c:\users\Owner\AppData\Roaming\Symantec
2009-05-01 01:19 . 2009-05-01 01:19 -------- d-----w c:\windows\PCHEALTH
2009-05-01 01:18 . 2009-05-01 01:18 -------- d-----w c:\program files\Ask.com
2009-05-01 01:18 . 2009-05-01 01:18 -------- d-----w c:\program files\MSSOAP
2009-05-01 01:18 . 2009-05-10 19:34 -------- d-sh--w c:\windows\Installer
2009-05-01 01:18 . 2009-04-06 17:32 1563008 ----a-w c:\windows\WRSetup.dll
2009-05-01 01:18 . 2009-05-01 01:18 -------- d-----w c:\users\Owner\AppData\Roaming\Webroot
2009-05-01 01:18 . 2009-05-01 01:22 -------- d-----w c:\programdata\Webroot
2009-05-01 01:18 . 2009-05-01 01:22 -------- d-----w c:\users\All Users\Webroot
2009-05-01 01:17 . 2009-05-01 01:17 164 ----a-w c:\windows\install.dat
2009-05-01 01:17 . 2009-05-01 01:17 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-01 01:08 . 2009-05-01 01:08 -------- d-----w c:\users\Owner\AppData\Roaming\vlc
2009-05-01 01:06 . 2009-05-01 01:06 -------- d-----w c:\users\Owner\AppData\Local\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 20:20 . 2009-05-09 20:20 -------- d-----w c:\program files\Logitech
2009-05-09 01:29 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat
2009-05-09 01:29 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-09 01:29 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-08 01:42 . 2009-05-08 01:04 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-05-08 01:42 . 2009-05-08 01:04 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-08 00:49 . 2009-01-10 22:11 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-08 00:42 . 2009-05-08 00:42 43 ----a-w c:\users\Owner\AppData\Roaming\~ygw.tmp
2009-05-04 20:21 . 2008-09-15 22:17 -------- d-----w c:\program files\Image Grabber II
2009-05-03 17:54 . 2009-03-04 22:54 -------- d-----w c:\program files\UrbanTerror
2009-05-03 02:39 . 2006-11-02 12:35 -------- d-----w c:\program files\Microsoft Games
2009-05-02 02:49 . 2006-11-02 12:35 -------- d-----w c:\program files\MSBuild
2009-05-01 22:42 . 2009-04-09 21:09 -------- d-----w c:\program files\MagicISO
2009-05-01 22:00 . 2009-03-27 00:40 -------- d-----w c:\program files\SolSuite
2009-05-01 03:46 . 2009-05-01 03:28 680 ----a-w c:\users\Owner\AppData\Local\d3d9caps.dat
2009-05-01 03:21 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-01 03:20 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-05-01 03:05 . 2009-05-01 03:05 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-01 01:18 . 2008-07-10 00:16 -------- d-----w c:\program files\Webroot
2009-04-30 20:41 . 2009-03-27 01:08 -------- d-----w c:\program files\LogMeIn
2009-04-29 22:00 . 2009-01-18 07:23 -------- d-----w c:\program files\Norton Security Scan
2009-04-28 20:41 . 2008-09-14 02:59 -------- d-----w c:\program files\Google
2009-04-17 21:19 . 2009-01-03 23:46 -------- d-----w c:\program files\WinPcap
2009-04-17 21:15 . 2008-10-04 02:16 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-08 02:01 . 2009-04-08 02:01 -------- d-----w c:\program files\GrabIt
2009-04-05 00:44 . 2008-02-21 16:51 -------- d-----w c:\program files\Yahoo!
2009-04-05 00:32 . 2008-08-01 23:33 -------- d-----w c:\program files\Radmin Viewer 3
2009-04-05 00:24 . 2009-01-03 18:41 -------- d-----w c:\program files\Proxy Switcher Standard
2009-04-05 00:09 . 2009-03-08 06:34 -------- d-----w c:\program files\Invisible IP Map
2009-04-05 00:04 . 2009-01-28 01:54 -------- d-----w c:\program files\FriendBlasterPro
2009-04-04 23:58 . 2009-03-01 05:23 -------- d-----w c:\program files\Valve
2009-04-02 18:30 . 2009-04-02 18:30 176752 ----a-w c:\windows\system32\drivers\ssidrv.sys
2009-04-02 18:30 . 2009-04-02 18:30 23152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-04-02 18:30 . 2009-04-02 18:30 29808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-03-27 01:06 . 2008-02-21 16:42 -------- d-----w c:\program files\Java
2009-03-26 02:51 . 2009-03-26 02:51 -------- d-----w c:\program files\INT=CHAR
2009-03-26 00:56 . 2009-03-05 00:42 -------- d-----w c:\program files\Microsoft
2009-03-26 00:56 . 2009-03-26 00:56 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-26 00:55 . 2008-07-10 19:02 -------- d-----w c:\program files\Windows Live
2009-03-25 18:16 . 2008-08-11 16:27 -------- d-----w c:\program files\Rockstar Games
2009-03-17 03:38 . 2009-05-01 01:48 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-05-01 01:48 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-14 23:10 . 2008-07-11 22:05 -------- d-----w c:\program files\Paltalk Messenger
2009-03-08 11:34 . 2009-05-01 20:15 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-01 20:16 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-01 20:16 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-01 20:15 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-01 20:15 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-01 20:15 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-01 20:15 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-01 20:15 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-01 20:15 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-01 20:15 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-01 20:16 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-01 20:16 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-01 20:16 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-01 20:15 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-01 20:16 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-01 20:16 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-01 20:15 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-01 20:16 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-05-01 01:49 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:46 . 2009-05-01 01:49 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:39 . 2009-05-01 01:49 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-05-01 01:49 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-05-01 01:49 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-05-01 01:49 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-05-01 01:49 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-05-01 01:49 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-05-01 01:49 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-05-01 01:49 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-26 23:57 . 2009-02-26 23:57 8198680 ----a-w c:\windows\system32\TVWSetup.exe
2009-02-26 23:57 . 2009-02-26 23:57 141848 ----a-w c:\windows\system32\igfxtray.exe
2009-02-26 23:57 . 2007-11-26 22:12 252952 ----a-w c:\windows\system32\igfxsrvc.exe
2009-02-26 23:57 . 2007-11-26 22:12 150552 ----a-w c:\windows\system32\igfxpers.exe
2009-02-26 23:57 . 2009-02-26 23:57 668696 ----a-w c:\windows\system32\igfxcfg.exe
2009-02-26 23:57 . 2009-02-26 23:57 173080 ----a-w c:\windows\system32\igfxext.exe
2009-02-26 23:57 . 2007-11-26 22:12 173592 ----a-w c:\windows\system32\hkcmd.exe
2009-02-26 23:49 . 2009-02-26 23:49 151552 ----a-w c:\windows\system32\igfxCoIn_v1666.dll
2009-02-26 23:39 . 2009-02-26 23:39 4569088 ----a-w c:\windows\system32\drivers\igdkmd32.sys
2009-02-26 23:39 . 2007-10-31 16:47 3821568 ----a-w c:\windows\system32\igdumd32.dll
2009-02-26 23:34 . 2009-02-26 23:34 536576 ----a-w c:\windows\system32\igdumdx32.dll
2009-02-26 23:16 . 2009-02-26 23:16 2674688 ----a-w c:\windows\system32\ig4dev32.dll
2009-02-26 23:16 . 2009-02-26 23:16 4112384 ----a-w c:\windows\system32\ig4icd32.dll
2009-02-26 23:05 . 2007-10-31 16:34 257536 ----a-w c:\windows\system32\igfxTMM.dll
2009-02-26 23:05 . 2009-02-26 23:05 59392 ----a-w c:\windows\system32\oemdspif.dll
2009-02-26 23:04 . 2007-10-31 16:33 200192 ----a-w c:\windows\system32\igfxpph.dll
2009-02-26 23:04 . 2009-02-26 23:04 23552 ----a-w c:\windows\system32\igfxexps.dll
2009-02-26 23:04 . 2007-10-31 16:33 51712 ----a-w c:\windows\system32\igfxsrvc.dll
2009-02-26 23:04 . 2009-02-26 23:04 130048 ----a-w c:\windows\system32\igfxdo.dll
2009-02-26 23:03 . 2007-10-31 16:32 94208 ----a-w c:\windows\system32\hccutils.dll
2009-02-26 23:03 . 2007-10-31 16:32 210432 ----a-w c:\windows\system32\igfxdev.dll
2009-02-26 23:03 . 2007-10-31 16:32 5702656 ----a-w c:\windows\system32\igfxress.dll
2009-02-19 17:31 . 2009-02-19 17:31 24112 ----a-w c:\windows\system32\drivers\SymIMV.sys
2009-02-19 17:31 . 2009-02-19 17:31 41008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 17:31 . 2009-02-19 17:31 96560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 17:31 . 2009-02-19 17:31 38576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 17:31 . 2009-02-19 17:31 22320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 17:31 . 2009-02-19 17:31 184496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 17:31 . 2009-02-19 17:31 13616 ----a-w c:\windows\system32\drivers\symdns.sys
2007-08-24 13:52 . 2008-07-11 19:28 300400 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 19:06 764296 ----a-w c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-04-06 17:26 238968 ----a-w c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GroupManager"="c:\program files\Winrar Professional\groupmanager.exe" [2009-04-13 32256]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-03 198160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UACDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{414346ED-EF12-4109-8722-E087B2B2B3D8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{3AFF4858-B339-496F-81BB-CB3800D637F0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{DF8357D1-E952-4C73-A0FD-37AA21F47CC0}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3503C61E-CD67-46D8-BE81-149568DFA6FF}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{C0758995-F988-4BA1-826F-36A7BCF55254}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{8DB3A536-7FFB-4045-9D77-C833DDC7D046}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{30CBAED8-E249-4610-B9F0-2C8F02444781}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{865AEB08-AFFB-4D64-BE7F-0D47DB680875}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0BA9ADA6-BF8C-4D13-91B3-234886066729}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{28D59233-78A6-4897-BC10-81276B6D0217}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8507C513-7B36-4E20-A3BC-4B19232C3CB4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{B01172AA-7E24-48AB-8EFE-CC66FA587B90}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= UDP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta
"UDP Query User{68C7F455-2828-4E7B-AC6C-23E1431C764F}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= TCP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [4/2/2009 2:30 PM 29808]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090506.001\IDSvix86.sys [5/8/2009 2:38 PM 272432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/25/2007 1:07 AM 149352]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [4/30/2009 9:18 PM 1181040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/7/2009 9:43 PM 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 1:31 PM 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [5/29/2007 4:55 PM 23888]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/1/2009 7:52 PM 33176]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [1/20/2008 10:21 PM 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [1/20/2008 10:21 PM 251904]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-05-05 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]

2009-05-08 c:\windows\Tasks\wrSpySweeper_LF415C599FC654815BF9AE76FF54751CA.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-05-01 17:32]

2009-05-08 c:\windows\Tasks\wrSpySweeper_LF415C599FC654815BF9AE76FF54751CA.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-05-01 17:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} - file:///C:/Users/Owner/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/xplugCam.gadget/en-US/xplug.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-05-10 18:46
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-10 18:47
ComboFix-quarantined-files.txt 2009-05-10 22:47

Pre-Run: 231,722,299,392 bytes free
Post-Run: 232,736,796,672 bytes free

380 --- E O F --- 2009-05-10 19:22

Dopuna: 11 Maj 2009 0:58

a evo i novi log od hijackthis. ako treba

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:06 PM, on 5/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Winrar Professional\groupmanager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [GroupManager] "C:\Program Files\Winrar Professional\groupmanager.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} (Gif89 Class) - file:///C:/Users/Owner/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/xplugCam.gadget/en-US/xplug.ocx
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\system32\IoctlSvc.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7365 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uploaduj file: C:\Program Files\Winrar Professional\groupmanager.exe

Upload link: http://www.mycity.rs/ambulanta-upload.php




Otvoriti Notepad i iskopirati sledeci tekst:


File::
c:\users\Owner\AppData\Roaming\svchost_32.exe



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ok uoloadovao sam ovaj groupmanager.exe fil na ovaj link gore. a i uraido sma scan sa onim napisanim sto sam ubacio u Combofix evo log

ComboFix 09-05-11.01 - Owner 05/11/2009 18:57.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3062.1062 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-09 20:19 . 2009-05-09 20:19 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-09 14:58 . 2009-05-09 14:58 -------- d-----w c:\program files\Trend Micro
2009-05-08 01:06 . 2009-05-08 02:03 -------- d-----w c:\program files\Norton Internet Security
2009-05-08 01:04 . 2009-05-08 01:42 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-08 01:04 . 2009-05-08 01:42 -------- d-----w c:\program files\Symantec
2009-05-08 00:49 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-08 00:49 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 00:49 . 2009-05-08 00:49 -------- d-----w c:\users\Owner\AppData\Roaming\Malwarebytes
2009-05-08 00:49 . 2009-05-08 00:49 -------- d-----w c:\programdata\Malwarebytes
2009-05-08 00:49 . 2009-05-08 00:49 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-07 23:24 . 2009-05-07 23:24 -------- d-----w c:\users\Owner\AppData\Local\Google
2009-05-07 00:03 . 2009-05-07 00:03 -------- d-----w C:\tmpDownload
2009-05-06 20:51 . 2009-05-06 20:51 27648 ----a-w c:\users\Owner\AppData\Roaming\svchost_32.exe
2009-05-04 23:16 . 2009-05-04 23:16 -------- d-----w c:\programdata\PCSettings
2009-05-04 23:16 . 2009-05-04 23:16 -------- d-----w c:\users\All Users\PCSettings
2009-05-04 23:16 . 2009-05-05 02:30 -------- d-----w c:\programdata\Norton
2009-05-04 23:16 . 2009-05-05 02:30 -------- d-----w c:\users\All Users\Norton
2009-05-04 23:16 . 2009-05-05 19:43 -------- d-----w c:\program files\NortonInstaller
2009-05-04 23:16 . 2009-05-05 02:30 -------- d-----w c:\programdata\NortonInstaller
2009-05-04 23:16 . 2009-05-05 02:30 -------- d-----w c:\users\All Users\NortonInstaller
2009-05-04 23:12 . 2009-05-04 23:12 -------- d-----w c:\programdata\Symantec Temporary Files
2009-05-04 23:12 . 2009-05-04 23:12 -------- d-----w c:\users\All Users\Symantec Temporary Files
2009-05-03 03:37 . 2009-05-09 01:37 -------- d-----w c:\users\Owner\AppData\Roaming\Paltalk
2009-05-03 02:40 . 2007-07-19 23:55 233888 ----a-w c:\windows\system32\DreamScene.dll
2009-05-03 02:40 . 2009-05-03 02:40 -------- d-----w c:\windows\system32\RTCOM
2009-05-03 02:39 . 2008-07-12 12:18 3851784 ----a-w c:\windows\system32\D3DX9_39.dll
2009-05-03 02:38 . 2009-05-03 02:38 -------- d-----w c:\program files\BitLocker
2009-05-03 02:38 . 2007-02-22 02:26 1171848 ----a-w c:\windows\system32\SecureKeyBackupCPL.dll
2009-05-03 02:29 . 2008-08-17 10:33 678408 ----a-w c:\windows\system32\gpprefcl.dll
2009-05-03 00:44 . 2009-05-03 00:44 -------- d-----w c:\program files\Common Files\xing shared
2009-05-03 00:43 . 2009-05-03 00:43 -------- d-----w c:\program files\Common Files\Real
2009-05-02 03:51 . 2009-05-10 22:28 -------- d-----w c:\users\Owner\Tracing
2009-05-02 03:49 . 2009-05-02 03:49 -------- d-----w c:\windows\Downloaded Installations
2009-05-02 02:52 . 2008-11-10 15:41 32656 ----a-w c:\windows\system32\msonpmon.dll
2009-05-02 02:43 . 2009-05-02 02:43 -------- d-----w c:\users\Owner\AppData\Local\Microsoft Help
2009-05-02 02:42 . 2009-05-07 20:59 -------- d-----w c:\programdata\Microsoft Help
2009-05-02 02:42 . 2009-05-07 20:59 -------- d-----w c:\users\All Users\Microsoft Help
2009-05-02 02:31 . 2009-05-02 02:31 -------- d-----w c:\program files\Nero 9
2009-05-01 23:52 . 2009-05-01 23:52 -------- d-----w c:\program files\NOS
2009-05-01 23:52 . 2009-05-01 23:54 -------- d-----w c:\programdata\NOS
2009-05-01 23:52 . 2009-05-01 23:54 -------- d-----w c:\users\All Users\NOS
2009-05-01 23:37 . 2008-02-28 17:26 1414440 ----a-w c:\windows\system32\ShellManager310E2D762.dll
2009-05-01 23:23 . 2009-05-01 23:23 -------- d-----w c:\users\Owner\AppData\Local\Ahead
2009-05-01 22:58 . 2009-05-01 23:38 -------- d-----w c:\programdata\Nero
2009-05-01 22:58 . 2009-05-01 23:38 -------- d-----w c:\users\All Users\Nero
2009-05-01 22:58 . 2009-05-02 02:32 -------- d-----w c:\program files\Common Files\Nero
2009-05-01 22:38 . 2009-05-02 02:33 -------- d-----w c:\users\Owner\AppData\Roaming\Nero
2009-05-01 22:06 . 2009-05-01 22:06 -------- d-----w C:\PFiles
2009-05-01 22:02 . 2009-05-01 22:02 -------- d-----w c:\programdata\TreeCardGames
2009-05-01 22:02 . 2009-05-01 22:02 -------- d-----w c:\users\All Users\TreeCardGames
2009-05-01 22:02 . 2009-05-10 03:50 -------- d-----w c:\users\Owner\AppData\Roaming\SolSuite
2009-05-01 21:56 . 2009-05-01 21:56 -------- d-----w c:\windows\Winrar Professional
2009-05-01 21:56 . 2009-05-01 21:56 -------- d-----w c:\program files\Winrar Professional
2009-05-01 04:19 . 2009-05-10 04:27 -------- d-----w c:\users\Owner\AppData\Roaming\Maxthon2
2009-05-01 03:58 . 2008-02-14 21:56 118784 ----a-w c:\windows\system32\drivers\Rtlh86.sys
2009-05-01 03:58 . 2009-05-03 02:40 -------- d-----w c:\program files\Realtek
2009-05-01 03:58 . 2009-05-09 20:20 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-01 03:58 . 2009-05-01 03:58 -------- d-----w c:\users\Owner\AppData\Roaming\InstallShield
2009-05-01 03:56 . 2009-05-03 02:00 -------- d-----w c:\users\Owner\AppData\Local\VirtualStore
2009-05-01 03:56 . 2009-05-01 03:11 -------- d-----w c:\windows\Panther
2009-05-01 03:54 . 2009-05-01 03:54 -------- d-----w c:\windows\system32\Lang
2009-05-01 03:54 . 2006-11-10 20:25 319456 ----a-w c:\windows\system32\difxapi.dll
2009-05-01 03:54 . 2009-02-26 23:57 997912 ----a-w c:\windows\system32\igxpun.exe
2009-05-01 03:53 . 2009-05-01 03:53 -------- d-----w c:\users\Owner\AppData\Roaming\WinBatch
2009-05-01 03:45 . 2009-05-11 22:53 -------- d-----w c:\users\Owner\AppData\Roaming\MxBoost
2009-05-01 03:44 . 2009-05-01 03:44 -------- d-----w C:\Windows.old
2009-05-01 03:43 . 2009-05-01 03:43 552 ----a-w c:\users\Owner\AppData\Local\d3d8caps.dat
2009-05-01 03:41 . 2009-05-11 22:52 -------- d-----w c:\users\Owner\AppData\Roaming\uTorrent
2009-05-01 03:40 . 2009-05-01 03:40 -------- d-----r c:\windows\system32\config\systemprofile\Music
2009-05-01 03:35 . 2009-05-07 21:11 -------- d-----w c:\users\Owner\AppData\Local\Microsoft Games
2009-05-01 03:29 . 2009-05-03 02:45 99864 ----a-w c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 03:26 . 2009-05-01 03:26 -------- d-----r c:\windows\system32\config\systemprofile\Contacts
2009-05-01 03:25 . 2009-05-03 03:23 -------- d-----w c:\windows\Debug
2009-05-01 03:21 . 2009-05-01 02:21 4152184 ----a-w c:\windows\system32\wgaer_m.exe
2009-05-01 02:30 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll
2009-05-01 02:09 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-05-01 02:09 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-01 02:09 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-05-01 02:09 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-05-01 02:09 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-05-01 02:08 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-05-01 02:08 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-05-01 02:01 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-05-01 02:00 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-05-01 02:00 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-05-01 02:00 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-05-01 02:00 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-05-01 01:54 . 2008-12-05 04:32 428544 ----a-w c:\windows\system32\EncDec.dll
2009-05-01 01:54 . 2008-12-05 04:32 293376 ----a-w c:\windows\system32\psisdecd.dll
2009-05-01 01:54 . 2008-11-01 03:44 28672 ----a-w c:\windows\system32\Apphlpdm.dll
2009-05-01 01:54 . 2008-03-08 04:21 1695744 ----a-w c:\windows\system32\gameux.dll
2009-05-01 01:54 . 2008-11-01 01:21 4240384 ----a-w c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-01 01:53 . 2008-04-10 05:12 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-05-01 01:53 . 2008-11-27 04:43 268288 ----a-w c:\windows\system32\schannel.dll
2009-05-01 01:53 . 2008-06-26 01:45 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll
2009-05-01 01:53 . 2008-06-26 01:45 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll
2009-05-01 01:52 . 2008-06-26 03:29 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll
2009-05-01 01:49 . 2008-12-16 05:31 7680 ----a-w c:\windows\system32\spwmp.dll
2009-05-01 01:48 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-05-01 01:41 . 2008-09-10 03:40 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-05-01 01:31 . 2009-05-11 21:25 -------- d-----w c:\programdata\Symantec
2009-05-01 01:31 . 2009-05-11 21:25 -------- d-----w c:\users\All Users\Symantec
2009-05-01 01:31 . 2009-05-08 02:03 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-01 01:28 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-05-01 01:28 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-05-01 01:28 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-05-01 01:28 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-05-01 01:28 . 2008-10-16 21:08 34328 ----a-w c:\windows\system32\wups.dll
2009-05-01 01:28 . 2008-10-16 20:55 83456 ----a-w c:\windows\system32\wudriver.dll
2009-05-01 01:28 . 2008-10-16 21:12 561688 ----a-w c:\windows\system32\wuapi.dll
2009-05-01 01:28 . 2008-10-16 18:08 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-05-01 01:28 . 2008-10-16 17:56 31232 ----a-w c:\windows\system32\wuapp.exe
2009-05-01 01:26 . 2009-05-08 01:10 -------- d-----w c:\users\Owner\AppData\Roaming\Symantec
2009-05-01 01:19 . 2009-05-01 01:19 -------- d-----w c:\windows\PCHEALTH
2009-05-01 01:18 . 2009-05-01 01:18 -------- d-----w c:\program files\Ask.com
2009-05-01 01:18 . 2009-05-01 01:18 -------- d-----w c:\program files\MSSOAP
2009-05-01 01:18 . 2009-05-10 19:34 -------- d-sh--w c:\windows\Installer
2009-05-01 01:18 . 2009-04-06 17:32 1563008 ----a-w c:\windows\WRSetup.dll
2009-05-01 01:18 . 2009-05-01 01:18 -------- d-----w c:\users\Owner\AppData\Roaming\Webroot
2009-05-01 01:18 . 2009-05-01 01:22 -------- d-----w c:\programdata\Webroot
2009-05-01 01:18 . 2009-05-01 01:22 -------- d-----w c:\users\All Users\Webroot
2009-05-01 01:17 . 2009-05-01 01:17 164 ----a-w c:\windows\install.dat
2009-05-01 01:17 . 2009-05-01 01:17 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-01 01:08 . 2009-05-01 01:08 -------- d-----w c:\users\Owner\AppData\Roaming\vlc
2009-05-01 01:06 . 2009-05-01 01:06 -------- d-----w c:\users\Owner\AppData\Local\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 20:20 . 2009-05-09 20:20 -------- d-----w c:\program files\Logitech
2009-05-09 01:29 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat
2009-05-09 01:29 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-09 01:29 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-08 01:42 . 2009-05-08 01:04 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-05-08 01:42 . 2009-05-08 01:04 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-08 00:49 . 2009-01-10 22:11 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-08 00:42 . 2009-05-08 00:42 43 ----a-w c:\users\Owner\AppData\Roaming\~ygw.tmp
2009-05-04 20:21 . 2008-09-15 22:17 -------- d-----w c:\program files\Image Grabber II
2009-05-03 17:54 . 2009-03-04 22:54 -------- d-----w c:\program files\UrbanTerror
2009-05-03 02:39 . 2006-11-02 12:35 -------- d-----w c:\program files\Microsoft Games
2009-05-02 02:49 . 2006-11-02 12:35 -------- d-----w c:\program files\MSBuild
2009-05-01 22:42 . 2009-04-09 21:09 -------- d-----w c:\program files\MagicISO
2009-05-01 22:00 . 2009-03-27 00:40 -------- d-----w c:\program files\SolSuite
2009-05-01 03:46 . 2009-05-01 03:28 680 ----a-w c:\users\Owner\AppData\Local\d3d9caps.dat
2009-05-01 03:21 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-01 03:20 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-05-01 03:05 . 2009-05-01 03:05 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-01 01:18 . 2008-07-10 00:16 -------- d-----w c:\program files\Webroot
2009-04-30 20:41 . 2009-03-27 01:08 -------- d-----w c:\program files\LogMeIn
2009-04-29 22:00 . 2009-01-18 07:23 -------- d-----w c:\program files\Norton Security Scan
2009-04-28 20:41 . 2008-09-14 02:59 -------- d-----w c:\program files\Google
2009-04-17 21:19 . 2009-01-03 23:46 -------- d-----w c:\program files\WinPcap
2009-04-17 21:15 . 2008-10-04 02:16 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-08 02:01 . 2009-04-08 02:01 -------- d-----w c:\program files\GrabIt
2009-04-05 00:44 . 2008-02-21 16:51 -------- d-----w c:\program files\Yahoo!
2009-04-05 00:32 . 2008-08-01 23:33 -------- d-----w c:\program files\Radmin Viewer 3
2009-04-05 00:24 . 2009-01-03 18:41 -------- d-----w c:\program files\Proxy Switcher Standard
2009-04-05 00:09 . 2009-03-08 06:34 -------- d-----w c:\program files\Invisible IP Map
2009-04-05 00:04 . 2009-01-28 01:54 -------- d-----w c:\program files\FriendBlasterPro
2009-04-04 23:58 . 2009-03-01 05:23 -------- d-----w c:\program files\Valve
2009-04-02 18:30 . 2009-04-02 18:30 176752 ----a-w c:\windows\system32\drivers\ssidrv.sys
2009-04-02 18:30 . 2009-04-02 18:30 23152 ----a-w c:\windows\system32\drivers\sshrmd.sys
2009-04-02 18:30 . 2009-04-02 18:30 29808 ----a-w c:\windows\system32\drivers\ssfs0bbc.sys
2009-03-27 01:06 . 2008-02-21 16:42 -------- d-----w c:\program files\Java
2009-03-26 02:51 . 2009-03-26 02:51 -------- d-----w c:\program files\INT=CHAR
2009-03-26 00:56 . 2009-03-05 00:42 -------- d-----w c:\program files\Microsoft
2009-03-26 00:56 . 2009-03-26 00:56 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-26 00:55 . 2008-07-10 19:02 -------- d-----w c:\program files\Windows Live
2009-03-25 18:16 . 2008-08-11 16:27 -------- d-----w c:\program files\Rockstar Games
2009-03-17 03:38 . 2009-05-01 01:48 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-05-01 01:48 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-14 23:10 . 2008-07-11 22:05 -------- d-----w c:\program files\Paltalk Messenger
2009-03-08 11:34 . 2009-05-01 20:15 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-01 20:16 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-01 20:16 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-01 20:15 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-01 20:15 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-01 20:15 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-01 20:15 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-01 20:15 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-01 20:15 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-01 20:15 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-01 20:16 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-01 20:16 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-01 20:16 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-01 20:15 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-01 20:16 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-01 20:16 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-01 20:15 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-01 20:16 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-05-01 01:49 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:46 . 2009-05-01 01:49 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:39 . 2009-05-01 01:49 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-05-01 01:49 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-05-01 01:49 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-05-01 01:49 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-05-01 01:49 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-05-01 01:49 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-05-01 01:49 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-05-01 01:49 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-26 23:57 . 2009-02-26 23:57 8198680 ----a-w c:\windows\system32\TVWSetup.exe
2009-02-26 23:57 . 2009-02-26 23:57 141848 ----a-w c:\windows\system32\igfxtray.exe
2009-02-26 23:57 . 2007-11-26 22:12 252952 ----a-w c:\windows\system32\igfxsrvc.exe
2009-02-26 23:57 . 2007-11-26 22:12 150552 ----a-w c:\windows\system32\igfxpers.exe
2009-02-26 23:57 . 2009-02-26 23:57 668696 ----a-w c:\windows\system32\igfxcfg.exe
2009-02-26 23:57 . 2009-02-26 23:57 173080 ----a-w c:\windows\system32\igfxext.exe
2009-02-26 23:57 . 2007-11-26 22:12 173592 ----a-w c:\windows\system32\hkcmd.exe
2009-02-26 23:49 . 2009-02-26 23:49 151552 ----a-w c:\windows\system32\igfxCoIn_v1666.dll
2009-02-26 23:39 . 2009-02-26 23:39 4569088 ----a-w c:\windows\system32\drivers\igdkmd32.sys
2009-02-26 23:39 . 2007-10-31 16:47 3821568 ----a-w c:\windows\system32\igdumd32.dll
2009-02-26 23:34 . 2009-02-26 23:34 536576 ----a-w c:\windows\system32\igdumdx32.dll
2009-02-26 23:16 . 2009-02-26 23:16 2674688 ----a-w c:\windows\system32\ig4dev32.dll
2009-02-26 23:16 . 2009-02-26 23:16 4112384 ----a-w c:\windows\system32\ig4icd32.dll
2009-02-26 23:05 . 2007-10-31 16:34 257536 ----a-w c:\windows\system32\igfxTMM.dll
2009-02-26 23:05 . 2009-02-26 23:05 59392 ----a-w c:\windows\system32\oemdspif.dll
2009-02-26 23:04 . 2007-10-31 16:33 200192 ----a-w c:\windows\system32\igfxpph.dll
2009-02-26 23:04 . 2009-02-26 23:04 23552 ----a-w c:\windows\system32\igfxexps.dll
2009-02-26 23:04 . 2007-10-31 16:33 51712 ----a-w c:\windows\system32\igfxsrvc.dll
2009-02-26 23:04 . 2009-02-26 23:04 130048 ----a-w c:\windows\system32\igfxdo.dll
2009-02-26 23:03 . 2007-10-31 16:32 94208 ----a-w c:\windows\system32\hccutils.dll
2009-02-26 23:03 . 2007-10-31 16:32 210432 ----a-w c:\windows\system32\igfxdev.dll
2009-02-26 23:03 . 2007-10-31 16:32 5702656 ----a-w c:\windows\system32\igfxress.dll
2009-02-19 17:31 . 2009-02-19 17:31 24112 ----a-w c:\windows\system32\drivers\SymIMV.sys
2009-02-19 17:31 . 2009-02-19 17:31 41008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 17:31 . 2009-02-19 17:31 96560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 17:31 . 2009-02-19 17:31 38576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 17:31 . 2009-02-19 17:31 22320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 17:31 . 2009-02-19 17:31 184496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 17:31 . 2009-02-19 17:31 13616 ----a-w c:\windows\system32\drivers\symdns.sys
2007-08-24 13:52 . 2008-07-11 19:28 300400 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-10_22.46.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-05-01 03:28 . 2009-05-10 21:29 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-01 03:28 . 2009-05-11 22:20 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-01 03:28 . 2009-05-11 22:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-01 03:28 . 2009-05-10 21:29 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-01 03:28 . 2009-05-11 22:20 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-01 03:28 . 2009-05-10 21:29 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 19:06 764296 ----a-w c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-04-06 17:26 238968 ----a-w c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GroupManager"="c:\program files\Winrar Professional\groupmanager.exe" [2009-04-13 32256]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-03 198160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-04-06 6345840]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UACDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="1"
"UpdatesDisableNotify"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{414346ED-EF12-4109-8722-E087B2B2B3D8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{3AFF4858-B339-496F-81BB-CB3800D637F0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{DF8357D1-E952-4C73-A0FD-37AA21F47CC0}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3503C61E-CD67-46D8-BE81-149568DFA6FF}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{C0758995-F988-4BA1-826F-36A7BCF55254}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{8DB3A536-7FFB-4045-9D77-C833DDC7D046}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{30CBAED8-E249-4610-B9F0-2C8F02444781}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{865AEB08-AFFB-4D64-BE7F-0D47DB680875}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0BA9ADA6-BF8C-4D13-91B3-234886066729}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{28D59233-78A6-4897-BC10-81276B6D0217}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8507C513-7B36-4E20-A3BC-4B19232C3CB4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{B01172AA-7E24-48AB-8EFE-CC66FA587B90}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= UDP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta
"UDP Query User{68C7F455-2828-4E7B-AC6C-23E1431C764F}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= TCP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [4/2/2009 2:30 PM 29808]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090506.001\IDSvix86.sys [5/8/2009 2:38 PM 272432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/25/2007 1:07 AM 149352]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [4/30/2009 9:18 PM 1181040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/7/2009 9:43 PM 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2/19/2009 1:31 PM 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [5/29/2007 4:55 PM 23888]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/1/2009 7:52 PM 33176]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [1/20/2008 10:21 PM 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [1/20/2008 10:21 PM 251904]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-05-05 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]

2009-05-08 c:\windows\Tasks\wrSpySweeper_LF415C599FC654815BF9AE76FF54751CA.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-05-01 17:32]

2009-05-08 c:\windows\Tasks\wrSpySweeper_LF415C599FC654815BF9AE76FF54751CA.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-05-01 17:32]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {31150A86-0BBA-409F-BEB4-F3922D10BF34} - file:///C:/Users/Owner/AppData/Local/Microsoft/Windows%20Sidebar/Gadgets/xplugCam.gadget/en-US/xplug.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-05-11 19:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1564)
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
.
Completion time: 2009-05-11 19:03
ComboFix-quarantined-files.txt 2009-05-11 23:03
ComboFix2.txt 2009-05-10 22:47

Pre-Run: 225,934,868,480 bytes free
Post-Run: 224,878,231,552 bytes free

388 --- E O F --- 2009-05-10 19:22

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obriši ovaj file:

c:\users\Owner\AppData\Roaming\svchost_32.exe


Kakvo je sad stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

obrisao sam ovo. ja mislim da je bolje nije ono ni bilo toliko lose ali dobor je sada ne pokaziva mi one advertisements. i ovaj file sto sam obrisao je bio u windows.old folderu pa sam izbrisao i taj celi folder videcu jos za par dana za sada je sve ok. Hvala ti puno na pomocu

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradi još samo ovo:

Klikni START a zatim RUN (ili kucaj u Start Search).

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.

To je sve.