Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - maninneed

Pages: [1] 2 3 ... 5
1
Tech Clinic / very slow computer (for the nth time)
« on: June 07, 2010, 04:04:50 AM »
[quote name='guestolo' date='03 June 2010 - 03:31 AM' timestamp='1275528698' post='469760']
So how is it running?
[/quote]

Sorry for the late reply...It s running much better than it used too.

Thanks a lot. (if this is it)

2
Tech Clinic / very slow computer (for the nth time)
« on: June 02, 2010, 05:51:14 AM »
ComboFix 10-06-01.01 - pantovic.s 06/02/2010  11:21:13.13.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1250.381.1033.18.503.202 [GMT 2:00]
Running from: c:\documents and settings\pantovic.s\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\pantovic.s\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
 * Created a new restore point

FILE ::
"c:\windows\system32\kthib.dll"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://sbs:8530
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IDS00026
-------\Legacy_IDS00118
-------\Legacy_IDS0014F
-------\Legacy_ZJTQSJ
-------\Service_ids00026
-------\Service_ids00118
-------\Service_ids0014f
-------\Service_zjtqsj


(((((((((((((((((((((((((   Files Created from 2010-05-02 to 2010-06-02  )))))))))))))))))))))))))))))))
.

2010-05-28 10:18 . 2010-05-28 10:18   --------   d-----w-   c:\program files\Common Files\Java
2010-05-28 10:18 . 2010-05-28 10:18   503808   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-342d25f8-n\msvcp71.dll
2010-05-28 10:18 . 2010-05-28 10:18   499712   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-342d25f8-n\jmc.dll
2010-05-28 10:18 . 2010-05-28 10:18   12800   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-344778f6-n\decora-d3d.dll
2010-05-28 10:18 . 2010-05-28 10:18   61440   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-344778f6-n\decora-sse.dll
2010-05-28 10:18 . 2010-05-28 10:18   348160   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-342d25f8-n\msvcr71.dll
2010-05-28 10:18 . 2010-04-12 15:29   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-05-28 10:11 . 2010-05-28 10:11   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Avira
2010-05-28 10:03 . 2010-03-01 08:05   124784   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-05-28 10:03 . 2010-02-16 12:24   60936   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-05-28 10:03 . 2009-05-11 10:49   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2010-05-28 10:03 . 2009-05-11 10:49   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2010-05-28 10:02 . 2010-05-28 10:02   --------   d-----w-   c:\program files\Avira
2010-05-28 10:02 . 2010-05-28 10:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2010-05-28 09:52 . 2010-05-28 09:52   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
2010-05-28 09:43 . 2010-05-28 09:43   --------   d-sh--w-   c:\documents and settings\pantovic.s\PrivacIE
2010-05-28 09:41 . 2010-05-28 09:41   --------   d-sh--w-   c:\documents and settings\pantovic.s\IETldCache
2010-05-28 09:37 . 2010-05-28 09:37   --------   dc-h--w-   c:\windows\ie8
2010-05-18 15:16 . 2010-04-29 13:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 15:16 . 2010-04-29 13:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-05-18 15:16 . 2010-05-18 15:16   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-12 11:22 . 2010-05-12 11:30   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 09:31 . 2009-11-10 13:01   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Dropbox
2010-05-28 10:18 . 2009-12-24 09:35   --------   d-----w-   c:\program files\Java
2010-05-28 09:30 . 2009-12-23 12:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2010-05-27 14:31 . 2009-12-18 10:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-27 12:00 . 2009-12-03 09:08   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\vlc
2010-05-26 14:47 . 2009-08-28 09:44   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Skype
2010-05-26 14:03 . 2009-08-28 09:53   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\skypePM
2010-05-24 07:40 . 2010-02-05 11:34   256   ----a-w-   c:\windows\system32\pool.bin
2010-05-18 15:56 . 2009-09-07 13:34   --------   d-----w-   c:\program files\PokerStars
2010-05-18 07:19 . 2009-08-25 12:47   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\OpenOffice.org2
2010-05-07 10:34 . 2009-09-08 12:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-30 08:02 . 2010-03-22 16:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-26 09:35 . 2010-04-26 08:39   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\PC Suite
2010-04-26 08:45 . 2010-04-26 08:34   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Nokia
2010-04-26 08:43 . 2010-04-26 08:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Suite
2010-04-26 08:43 . 2010-04-26 08:43   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-26 08:43 . 2010-04-26 08:43   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-04-26 08:33 . 2010-04-26 08:33   --------   d-----w-   c:\program files\Common Files\Nokia
2010-04-26 08:33 . 2010-04-26 08:33   --------   d-----w-   c:\program files\Common Files\PCSuite
2010-04-26 08:33 . 2010-04-26 08:31   --------   d-----w-   c:\program files\Nokia
2010-04-26 08:32 . 2010-04-26 08:32   --------   d-----w-   c:\program files\DIFX
2010-04-26 08:32 . 2010-04-26 08:32   --------   d-----w-   c:\program files\PC Connectivity Solution
2010-04-26 08:30 . 2010-04-26 08:30   8192   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-26 08:30 . 2010-04-26 08:30   61440   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-26 08:30 . 2010-04-26 08:30   10240   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-26 08:26 . 2010-04-26 08:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\Installations
2010-04-09 08:57 . 2010-03-22 11:43   --------   d-----w-   c:\program files\PP
2010-03-25 12:44 . 2009-09-09 08:32   72064   -c--a-w-   c:\documents and settings\pantovic.s\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-18 10:45 . 2010-02-12 08:43   256   ----a-w-   c:\documents and settings\pantovic.s\pool.bin
.

------- Sigcheck -------

[-] 2006-08-03 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((   SnapShot_2010-05-31_07.55.42   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-02 09:28 . 2010-06-02 09:28   16384              c:\windows\temp\Perflib_Perfdata_29c.dat
+ 2010-05-31 07:46 . 2010-05-31 08:29   16892              c:\windows\SoftwareDistribution\EventCache\{3531AC47-3559-4E97-8724-6C8400539696}.bin
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Octoshape Streaming Services"="c:\documents and settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88203]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2002-12-31 143360]
"GrooveMonitor"="c:\program files\Microsoft Outlook\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2009-03-08 128512]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-12-31 44544]

c:\documents and settings\pantovic.s\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 1800 (0x708)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Microsoft Outlook\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7593:TCP"= 7593:TCP:ocbwn

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/22/2010 11:02 AM 691696]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [12/11/2009 12:04 AM 814344]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/28/2010 12:03 PM 135336]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\pantovic.s\Application Data\Mozilla\Firefox\Profiles\tcj1louo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\pantovic.s\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-02 11:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys sphz.sys >>UNKNOWN [0x827CC938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf866afc3
\Driver\ACPI -> ACPI.sys @ 0xf83d2cb8
\Driver\atapi -> 0x827891f8
\Driver\iaStor -> iaStor.sys @ 0xf82ab7b0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
 ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
 ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
NDIS: Broadcom 802.11b/g WLAN -> SendCompleteHandler -> NDIS.sys @ 0xf8169ba0
 PacketIndicateHandler -> NDIS.sys @ 0xf8158a0b
 SendHandler -> NDIS.sys @ 0xf816cb31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'lsass.exe'(948)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(3456)
c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\AGRSMMSG.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-06-02  11:38:18 - machine was rebooted
ComboFix-quarantined-files.txt  2010-06-02 09:38
ComboFix2.txt  2010-05-31 08:05
ComboFix3.txt  2010-05-28 08:51
ComboFix4.txt  2010-04-22 12:27
ComboFix5.txt  2010-06-02 09:19

Pre-Run: 1,808,044,032 bytes free
Post-Run: 1,794,060,288 bytes free

- - End Of File - - ED47B170706F3E258BFE442DD8A1E2D8

3
Tech Clinic / very slow computer (for the nth time)
« on: May 31, 2010, 03:20:36 AM »
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4157

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/31/2010 10:19:27 AM
mbam-log-2010-05-31 (10-19-27).txt

Scan type: Quick scan
Objects scanned: 174281
Time elapsed: 8 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4
Tech Clinic / very slow computer (for the nth time)
« on: May 31, 2010, 03:07:46 AM »
I ve installed avira and uninstalled kaspersky


ComboFix 10-05-30.04 - pantovic.s 05/31/2010   9:48.12.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1250.381.1033.18.503.202 [GMT 2:00]
Running from: c:\documents and settings\pantovic.s\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\pantovic.s\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
 * Created a new restore point

FILE ::
"c:\windows\system32\kthib.dll"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
(((((((((((((((((((((((((   Files Created from 2010-04-28 to 2010-05-31  )))))))))))))))))))))))))))))))
.

2010-05-28 10:18 . 2010-05-28 10:18   --------   d-----w-   c:\program files\Common Files\Java
2010-05-28 10:18 . 2010-05-28 10:18   503808   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-342d25f8-n\msvcp71.dll
2010-05-28 10:18 . 2010-05-28 10:18   499712   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-342d25f8-n\jmc.dll
2010-05-28 10:18 . 2010-05-28 10:18   12800   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-344778f6-n\decora-d3d.dll
2010-05-28 10:18 . 2010-05-28 10:18   61440   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-344778f6-n\decora-sse.dll
2010-05-28 10:18 . 2010-05-28 10:18   348160   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-342d25f8-n\msvcr71.dll
2010-05-28 10:18 . 2010-04-12 15:29   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-05-28 10:11 . 2010-05-28 10:11   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Avira
2010-05-28 10:03 . 2010-03-01 08:05   124784   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-05-28 10:03 . 2010-02-16 12:24   60936   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-05-28 10:03 . 2009-05-11 10:49   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2010-05-28 10:03 . 2009-05-11 10:49   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2010-05-28 10:02 . 2010-05-28 10:02   --------   d-----w-   c:\program files\Avira
2010-05-28 10:02 . 2010-05-28 10:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2010-05-28 09:52 . 2010-05-28 09:52   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
2010-05-28 09:43 . 2010-05-28 09:43   --------   d-sh--w-   c:\documents and settings\pantovic.s\PrivacIE
2010-05-28 09:41 . 2010-05-28 09:41   --------   d-sh--w-   c:\documents and settings\pantovic.s\IETldCache
2010-05-28 09:37 . 2010-05-28 09:37   --------   dc-h--w-   c:\windows\ie8
2010-05-18 15:16 . 2010-04-29 13:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 15:16 . 2010-04-29 13:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-05-18 15:16 . 2010-05-18 15:16   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-12 11:22 . 2010-05-12 11:30   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-31 07:35 . 2009-11-10 13:01   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Dropbox
2010-05-28 10:18 . 2009-12-24 09:35   --------   d-----w-   c:\program files\Java
2010-05-28 09:30 . 2009-12-23 12:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2010-05-27 14:31 . 2009-12-18 10:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-27 12:00 . 2009-12-03 09:08   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\vlc
2010-05-26 14:47 . 2009-08-28 09:44   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Skype
2010-05-26 14:03 . 2009-08-28 09:53   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\skypePM
2010-05-24 07:40 . 2010-02-05 11:34   256   ----a-w-   c:\windows\system32\pool.bin
2010-05-18 15:56 . 2009-09-07 13:34   --------   d-----w-   c:\program files\PokerStars
2010-05-18 07:19 . 2009-08-25 12:47   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\OpenOffice.org2
2010-05-07 10:34 . 2009-09-08 12:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-30 08:02 . 2010-03-22 16:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-26 09:35 . 2010-04-26 08:39   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\PC Suite
2010-04-26 08:45 . 2010-04-26 08:34   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Nokia
2010-04-26 08:43 . 2010-04-26 08:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Suite
2010-04-26 08:43 . 2010-04-26 08:43   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-26 08:43 . 2010-04-26 08:43   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-04-26 08:33 . 2010-04-26 08:33   --------   d-----w-   c:\program files\Common Files\Nokia
2010-04-26 08:33 . 2010-04-26 08:33   --------   d-----w-   c:\program files\Common Files\PCSuite
2010-04-26 08:33 . 2010-04-26 08:31   --------   d-----w-   c:\program files\Nokia
2010-04-26 08:32 . 2010-04-26 08:32   --------   d-----w-   c:\program files\DIFX
2010-04-26 08:32 . 2010-04-26 08:32   --------   d-----w-   c:\program files\PC Connectivity Solution
2010-04-26 08:30 . 2010-04-26 08:30   8192   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-26 08:30 . 2010-04-26 08:30   61440   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-26 08:30 . 2010-04-26 08:30   10240   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-26 08:26 . 2010-04-26 08:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\Installations
2010-04-09 08:57 . 2010-03-22 11:43   --------   d-----w-   c:\program files\PP
2010-03-25 12:44 . 2009-09-09 08:32   72064   -c--a-w-   c:\documents and settings\pantovic.s\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-18 10:45 . 2010-02-12 08:43   256   ----a-w-   c:\documents and settings\pantovic.s\pool.bin
2010-03-03 12:44 . 2010-03-03 11:02   71960   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Mozilla\Plugins\npoctoshape.dll
.

------- Sigcheck -------

[-] 2006-08-03 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((   SnapShot_2010-05-28_08.47.50   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02   51008              c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   59728              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   42832              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   43344              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   61264              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   62800              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   61760              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   61776              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   53568              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   63296              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   36688              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   35648              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05   59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2006-12-01 22:46 . 2006-12-01 22:46   65536              c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2010-05-31 07:54 . 2010-05-31 07:54   16384              c:\windows\temp\Perflib_Perfdata_2a8.dat
+ 2006-05-09 08:50 . 2009-08-06 17:24   44768              c:\windows\system32\wups2.dll
+ 2006-09-21 12:58 . 2009-08-06 17:24   35552              c:\windows\system32\wups.dll
+ 2006-09-21 12:58 . 2009-08-06 17:24   53472              c:\windows\system32\wuauclt.exe
+ 2006-09-21 13:20 . 2009-01-07 16:21   26144              c:\windows\system32\spupdsvc.exe
+ 2007-08-10 16:15 . 2009-01-07 16:20   16928              c:\windows\system32\spmsg.dll
+ 2010-05-28 09:46 . 2009-08-06 17:24   44768              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-05-28 09:46 . 2009-08-06 17:24   35552              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2002-12-31 13:00 . 2009-03-08 02:31   46592              c:\windows\system32\pngfilt.dll
+ 2009-01-07 16:20 . 2009-01-07 16:20   23552              c:\windows\system32\normaliz.dll
+ 2009-01-07 16:20 . 2009-01-07 16:20   24576              c:\windows\system32\nlsdl.dll
+ 2002-12-31 13:00 . 2009-03-08 02:31   48128              c:\windows\system32\mshtmler.dll
+ 2002-12-31 13:00 . 2009-03-08 02:31   66560              c:\windows\system32\mshtmled.dll
+ 2002-12-31 13:00 . 2009-03-08 02:31   45568              c:\windows\system32\mshta.exe
+ 2009-03-08 02:31 . 2009-03-08 02:31   13312              c:\windows\system32\msfeedssync.exe
+ 2009-03-08 02:31 . 2009-03-08 02:31   55296              c:\windows\system32\msfeedsbs.dll
+ 2002-12-31 13:00 . 2009-03-08 02:34   43008              c:\windows\system32\licmgr10.dll
+ 2002-12-31 13:00 . 2009-03-08 02:33   25600              c:\windows\system32\jsproxy.dll
+ 2002-12-31 13:00 . 2009-03-08 02:32   94720              c:\windows\system32\inseng.dll
+ 2002-12-31 13:00 . 2009-03-08 02:31   34816              c:\windows\system32\imgutil.dll
+ 2009-03-08 02:32 . 2009-03-08 02:32   36864              c:\windows\system32\ieudinit.exe
+ 2002-12-31 13:00 . 2009-03-08 02:32   71680              c:\windows\system32\iesetup.dll
+ 2002-12-31 13:00 . 2009-03-08 02:32   55808              c:\windows\system32\iernonce.dll
+ 2009-01-07 16:20 . 2009-01-07 16:20   26112              c:\windows\system32\idndl.dll
+ 2009-03-08 02:31 . 2009-03-08 02:31   59904              c:\windows\system32\icardie.dll
+ 2010-05-28 10:03 . 2009-05-11 08:12   28520              c:\windows\system32\drivers\ssmdrv.sys
+ 2006-09-21 12:58 . 2009-08-06 17:24   35552              c:\windows\system32\dllcache\wups.dll
+ 2006-09-21 12:58 . 2009-08-06 17:24   53472              c:\windows\system32\dllcache\wuauclt.exe
+ 2002-12-31 13:00 . 2009-03-08 02:31   46592              c:\windows\system32\dllcache\pngfilt.dll
+ 2002-12-31 13:00 . 2009-03-08 02:31   48128              c:\windows\system32\dllcache\mshtmler.dll
+ 2002-12-31 13:00 . 2009-03-08 02:31   66560              c:\windows\system32\dllcache\mshtmled.dll
+ 2002-12-31 13:00 . 2009-03-08 02:31   45568              c:\windows\system32\dllcache\mshta.exe
+ 2002-12-31 13:00 . 2009-03-08 02:34   43008              c:\windows\system32\dllcache\licmgr10.dll
+ 2002-12-31 13:00 . 2009-03-08 02:33   25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2002-12-31 13:00 . 2009-03-08 02:32   94720              c:\windows\system32\dllcache\inseng.dll
+ 2002-12-31 13:00 . 2009-03-08 02:31   34816              c:\windows\system32\dllcache\imgutil.dll
+ 2002-12-31 13:00 . 2009-03-08 02:32   71680              c:\windows\system32\dllcache\iesetup.dll
+ 2002-12-31 13:00 . 2009-03-08 02:32   55808              c:\windows\system32\dllcache\iernonce.dll
+ 2006-09-21 12:57 . 2009-03-08 02:24   68608              c:\windows\system32\dllcache\hmmapi.dll
+ 2002-12-31 13:00 . 2009-03-08 02:33   18944              c:\windows\system32\dllcache\corpol.dll
+ 2002-12-31 13:00 . 2009-08-06 17:24   96480              c:\windows\system32\dllcache\cdm.dll
+ 2002-12-31 13:00 . 2009-03-08 02:32   72704              c:\windows\system32\dllcache\admparse.dll
+ 2002-12-31 13:00 . 2009-03-08 02:33   18944              c:\windows\system32\corpol.dll
+ 2002-12-31 13:00 . 2009-08-06 17:24   96480              c:\windows\system32\cdm.dll
+ 2002-12-31 13:00 . 2009-03-08 02:32   72704              c:\windows\system32\admparse.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   37888              c:\windows\ie8\url.dll
+ 2010-05-28 09:37 . 2009-03-08 12:23   58464              c:\windows\ie8\spuninst\iecustom.dll
+ 2010-05-28 09:37 . 2007-04-18 12:46   39424              c:\windows\ie8\pngfilt.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   96256              c:\windows\ie8\occache.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   56832              c:\windows\ie8\mshtmler.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   29184              c:\windows\ie8\mshta.exe
+ 2010-05-28 09:37 . 2002-12-31 13:00   22016              c:\windows\ie8\licmgr10.dll
+ 2010-05-28 09:37 . 2007-04-18 12:46   16384              c:\windows\ie8\jsproxy.dll
+ 2010-05-28 09:37 . 2007-04-18 12:46   96256              c:\windows\ie8\inseng.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   35840              c:\windows\ie8\imgutil.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   93184              c:\windows\ie8\iexplore.exe
+ 2010-05-28 09:37 . 2002-12-31 13:00   62976              c:\windows\ie8\iesetup.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   48640              c:\windows\ie8\iernonce.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   81920              c:\windows\ie8\ieencode.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   34304              c:\windows\ie8\ie4uinit.exe
+ 2010-05-28 09:37 . 2002-12-31 13:00   38912              c:\windows\ie8\hmmapi.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   35328              c:\windows\ie8\corpol.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   99840              c:\windows\ie8\advpack.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   61440              c:\windows\ie8\admparse.dll
+ 2010-05-28 09:41 . 2010-05-28 09:42   7698              c:\windows\SoftwareDistribution\EventCache\{BD69FA1D-6730-4E5D-922A-59D7E9B9152C}.bin
+ 2009-07-11 22:02 . 2009-07-11 22:02   653120              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   569664              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05   225280              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   159032              c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-01-07 16:21 . 2009-01-07 16:21   121856              c:\windows\system32\xmllite.dll
+ 2006-09-21 12:58 . 2009-08-06 17:23   209624              c:\windows\system32\wuweb.dll
+ 2006-09-21 12:58 . 2009-08-06 17:24   327896              c:\windows\system32\wucltui.dll
+ 2006-09-21 12:58 . 2009-08-06 17:23   575704              c:\windows\system32\wuapi.dll
+ 2002-12-31 13:00 . 2009-03-08 02:34   914944              c:\windows\system32\wininet.dll
+ 2009-03-08 02:34 . 2009-03-08 02:34   208384              c:\windows\system32\WinFXDocObj.exe
+ 2002-12-31 13:00 . 2009-03-08 02:34   236544              c:\windows\system32\webcheck.dll
+ 2002-12-31 13:00 . 2009-03-08 02:33   420352              c:\windows\system32\vbscript.dll
+ 2002-12-31 13:00 . 2009-03-08 02:34   105984              c:\windows\system32\url.dll
+ 2010-05-28 09:46 . 2009-08-06 17:23   575704              c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.4.7600.226\wuapi.dll
+ 2002-12-31 13:00 . 2009-03-08 02:34   109568              c:\windows\system32\occache.dll
+ 2009-08-06 17:23 . 2009-08-06 17:23   215904              c:\windows\system32\muweb.dll
+ 2002-12-31 13:00 . 2009-03-08 02:32   611840              c:\windows\system32\mstime.dll
+ 2002-12-31 13:00 . 2009-03-08 02:34   193536              c:\windows\system32\msrating.dll
+ 2002-12-31 13:00 . 2009-03-08 02:22   156160              c:\windows\system32\msls31.dll
+ 2009-03-08 02:32 . 2009-03-08 02:32   594432              c:\windows\system32\msfeeds.dll
+ 2009-01-07 16:20 . 2009-01-07 16:20   265720              c:\windows\system32\msdbg2.dll
+ 2002-12-31 13:00 . 2009-03-08 02:33   726528              c:\windows\system32\jscript.dll
+ 2010-05-28 10:18 . 2010-04-12 15:29   153376              c:\windows\system32\javaws.exe
+ 2010-05-28 10:18 . 2010-04-12 15:29   145184              c:\windows\system32\javaw.exe
- 2009-12-24 09:35 . 2009-12-24 09:35   145184              c:\windows\system32\javaw.exe
+ 2010-05-28 10:18 . 2010-04-12 15:29   145184              c:\windows\system32\java.exe
- 2009-12-24 09:35 . 2009-12-24 09:35   145184              c:\windows\system32\java.exe
+ 2009-03-08 02:22 . 2009-03-08 02:22   164352              c:\windows\system32\ieui.dll
+ 2002-12-31 13:00 . 2009-03-08 02:31   183808              c:\windows\system32\iepeers.dll
+ 2002-12-31 13:00 . 2009-03-08 12:09   391536              c:\windows\system32\iedkcs32.dll
+ 2009-03-08 02:11 . 2009-03-08 02:11   445952              c:\windows\system32\ieapfltr.dll
+ 2002-12-31 13:00 . 2009-03-08 02:32   163840              c:\windows\system32\ieakui.dll
+ 2002-12-31 13:00 . 2009-03-08 02:33   229376              c:\windows\system32\ieaksie.dll
+ 2002-12-31 13:00 . 2009-03-08 02:33   125952              c:\windows\system32\ieakeng.dll
+ 2002-12-31 13:00 . 2009-03-08 02:32   173056              c:\windows\system32\ie4uinit.exe
+ 2002-12-31 13:00 . 2009-03-08 02:31   216064              c:\windows\system32\dxtrans.dll
+ 2002-12-31 13:00 . 2009-03-08 02:31   348160              c:\windows\system32\dxtmsft.dll
+ 2006-09-21 12:58 . 2009-08-06 17:23   209624              c:\windows\system32\dllcache\wuweb.dll
+ 2006-09-21 12:58 . 2009-08-06 17:24   327896              c:\windows\system32\dllcache\wucltui.dll
+ 2006-09-21 12:58 . 2009-08-06 17:23   575704              c:\windows\system32\dllcache\wuapi.dll
+ 2002-12-31 13:00 . 2009-03-08 02:34   914944              c:\windows\system32\dllcache\wininet.dll
+ 2002-12-31 13:00 . 2009-03-08 02:34   236544              c:\windows\system32\dllcache\webcheck.dll
+ 2006-09-21 12:58 . 2009-03-08 02:33   759296              c:\windows\system32\dllcache\VGX.dll
+ 2002-12-31 13:00 . 2009-03-08 02:33   420352              c:\windows\system32\dllcache\vbscript.dll
+ 2002-12-31 13:00 . 2009-03-08 02:34   105984              c:\windows\system32\dllcache\url.dll
+ 2009-01-07 16:20 . 2009-01-07 16:20   134144              c:\windows\system32\dllcache\sqmapi.dll
+ 2002-12-31 13:00 . 2009-03-08 02:34   109568              c:\windows\system32\dllcache\occache.dll
+ 2002-12-31 13:00 . 2009-03-08 02:32   611840              c:\windows\system32\dllcache\mstime.dll
+ 2002-12-31 13:00 . 2009-03-08 02:34   193536              c:\windows\system32\dllcache\msrating.dll
+ 2002-12-31 13:00 . 2009-03-08 02:22   156160              c:\windows\system32\dllcache\msls31.dll
+ 2002-12-31 13:00 . 2009-03-08 02:33   726528              c:\windows\system32\dllcache\jscript.dll
+ 2006-09-21 12:57 . 2009-03-08 12:09   638816              c:\windows\system32\dllcache\iexplore.exe
+ 2002-12-31 13:00 . 2009-03-08 02:31   183808              c:\windows\system32\dllcache\iepeers.dll
+ 2002-12-31 13:00 . 2009-03-08 12:09   391536              c:\windows\system32\dllcache\iedkcs32.dll
+ 2002-12-31 13:00 . 2009-03-08 02:32   163840              c:\windows\system32\dllcache\ieakui.dll
+ 2002-12-31 13:00 . 2009-03-08 02:33   229376              c:\windows\system32\dllcache\ieaksie.dll
+ 2002-12-31 13:00 . 2009-03-08 02:33   125952              c:\windows\system32\dllcache\ieakeng.dll
+ 2002-12-31 13:00 . 2009-03-08 02:32   173056              c:\windows\system32\dllcache\ie4uinit.exe
+ 2002-12-31 13:00 . 2009-03-08 02:31   216064              c:\windows\system32\dllcache\dxtrans.dll
+ 2002-12-31 13:00 . 2009-03-08 02:31   348160              c:\windows\system32\dllcache\dxtmsft.dll
+ 2002-12-31 13:00 . 2009-03-08 02:32   128512              c:\windows\system32\dllcache\advpack.dll
+ 2010-05-28 10:18 . 2010-05-28 10:18   262144              c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2002-12-31 13:00 . 2009-03-08 02:32   128512              c:\windows\system32\advpack.dll
+ 2010-05-28 09:34 . 2010-05-28 09:34   331264              c:\windows\Installer\576dad.msi
+ 2010-05-28 10:18 . 2010-05-28 10:18   180224              c:\windows\Installer\235f3c.msi
+ 2010-05-28 10:02 . 2010-05-28 10:02   219648              c:\windows\Installer\1529a0.msi
+ 2010-05-28 09:37 . 2007-04-18 12:46   665600              c:\windows\ie8\wininet.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   276480              c:\windows\ie8\webcheck.dll
+ 2010-05-28 09:37 . 2006-12-19 18:08   852480              c:\windows\ie8\vgx.dll
+ 2010-05-28 09:37 . 2004-08-09 19:27   438272              c:\windows\ie8\vbscript.dll
+ 2010-05-28 09:37 . 2007-04-18 12:46   616960              c:\windows\ie8\urlmon.dll
+ 2010-05-28 09:37 . 2009-01-07 16:21   382496              c:\windows\ie8\spuninst\updspapi.dll
+ 2010-05-28 09:37 . 2009-01-07 16:20   231456              c:\windows\ie8\spuninst\spuninst.exe
+ 2010-05-28 09:37 . 2007-04-18 12:46   532480              c:\windows\ie8\mstime.dll
+ 2010-05-28 09:37 . 2007-04-18 12:46   146432              c:\windows\ie8\msrating.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   146432              c:\windows\ie8\msls31.dll
+ 2010-05-28 09:37 . 2007-04-18 12:46   449024              c:\windows\ie8\mshtmled.dll
+ 2010-05-28 09:37 . 2006-05-18 05:24   450560              c:\windows\ie8\jscript.dll
+ 2010-05-28 09:37 . 2007-04-18 12:46   251904              c:\windows\ie8\iepeers.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   323584              c:\windows\ie8\iedkcs32.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   221184              c:\windows\ie8\ieakui.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   216576              c:\windows\ie8\ieaksie.dll
+ 2010-05-28 09:37 . 2002-12-31 13:00   139264              c:\windows\ie8\ieakeng.dll
+ 2010-05-28 09:37 . 2007-04-18 12:46   205312              c:\windows\ie8\dxtrans.dll
+ 2010-05-28 09:37 . 2007-04-18 12:46   357888              c:\windows\ie8\dxtmsft.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   3780424              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02   3765048              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2006-09-21 12:58 . 2009-08-06 17:23   1929952              c:\windows\system32\wuaueng.dll
+ 2002-12-31 13:00 . 2009-03-08 02:34   1206784              c:\windows\system32\urlmon.dll
+ 2002-12-31 13:00 . 2009-03-08 02:41   5937152              c:\windows\system32\mshtml.dll
+ 2008-03-20 16:06 . 2008-03-20 16:06   1480232              c:\windows\system32\LegitCheckControl.dll
+ 2009-03-08 02:32 . 2009-03-08 02:32   1985024              c:\windows\system32\iertutil.dll
+ 2009-02-06 19:07 . 2009-02-06 19:07   3698584              c:\windows\system32\ieapfltr.dat
+ 2006-09-21 12:58 . 2009-08-06 17:23   1929952              c:\windows\system32\dllcache\wuaueng.dll
+ 2002-12-31 13:00 . 2009-03-08 02:34   1206784              c:\windows\system32\dllcache\urlmon.dll
+ 2002-12-31 13:00 . 2009-03-08 02:41   5937152              c:\windows\system32\dllcache\mshtml.dll
+ 2010-05-28 09:37 . 2007-05-04 12:59   3064320              c:\windows\ie8\mshtml.dll
+ 2009-03-08 02:39 . 2009-03-08 02:39   11063808              c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Octoshape Streaming Services"="c:\documents and settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88203]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2002-12-31 143360]
"GrooveMonitor"="c:\program files\Microsoft Outlook\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2009-03-08 128512]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-12-31 44544]

c:\documents and settings\pantovic.s\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 1800 (0x708)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Microsoft Outlook\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7593:TCP"= 7593:TCP:ocbwn

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/22/2010 11:02 AM 691696]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [12/11/2009 12:04 AM 814344]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/28/2010 12:03 PM 135336]
S2 zjtqsj;guxpm;c:\windows\system32\svchost.exe -k netsvcs [12/31/2002 3:00 PM 14336]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 ids00026;ids00026;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [?]
S3 ids00118;ids00118;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys [?]
S3 ids0014f;ids0014f;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
zjtqsj
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\pantovic.s\Application Data\Mozilla\Firefox\Profiles\tcj1louo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\pantovic.s\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-31 09:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spln.sys >>UNKNOWN [0x829CC938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8516fc3
\Driver\ACPI -> ACPI.sys @ 0xf827ecb8
\Driver\atapi -> 0x829891f8
\Driver\iaStor -> iaStor.sys @ 0xf81577b0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
 ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
 ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
NDIS: Broadcom 802.11b/g WLAN -> SendCompleteHandler -> NDIS.sys @ 0xf8015ba0
 PacketIndicateHandler -> NDIS.sys @ 0xf8004a0b
 SendHandler -> NDIS.sys @ 0xf8018b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zjtqsj]
"ServiceDll"="c:\windows\system32\kthib.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'lsass.exe'(956)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(2560)
c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\AGRSMMSG.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-05-31  10:05:52 - machine was rebooted
ComboFix-quarantined-files.txt  2010-05-31 08:05
ComboFix2.txt  2010-05-28 08:51
ComboFix3.txt  2010-04-22 12:27
ComboFix4.txt  2010-04-22 08:49
ComboFix5.txt  2010-05-28 11:21

Pre-Run: 1,884,454,912 bytes free
Post-Run: 1,860,820,992 bytes free

- - End Of File - - 711990FC8054BD86CF100080F2438FBB

5
Tech Clinic / very slow computer (for the nth time)
« on: May 28, 2010, 09:00:19 AM »
I cannot enable the firewall now....

6
Tech Clinic / very slow computer (for the nth time)
« on: May 28, 2010, 08:54:42 AM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:47 PM, on 5/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft Outlook\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Documents and Settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Outlook\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PP\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PP\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275039943250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275039912280
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RedStar.local
O17 - HKLM\Software\..\Telephony: DomainName = RedStar.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RedStar.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RedStar.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 12078 bytes

7
Tech Clinic / very slow computer (for the nth time)
« on: May 28, 2010, 08:53:14 AM »
ComboFix 10-05-27.03 - pantovic.s 05/28/2010  13:23:22.11.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1250.381.1033.18.503.250 [GMT 2:00]
Running from: c:\documents and settings\pantovic.s\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://sbs:8530
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
(((((((((((((((((((((((((   Files Created from 2010-04-28 to 2010-05-28  )))))))))))))))))))))))))))))))
.

2010-05-28 10:18 . 2010-05-28 10:18   --------   d-----w-   c:\program files\Common Files\Java
2010-05-28 10:18 . 2010-05-28 10:18   503808   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-342d25f8-n\msvcp71.dll
2010-05-28 10:18 . 2010-05-28 10:18   499712   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-342d25f8-n\jmc.dll
2010-05-28 10:18 . 2010-05-28 10:18   12800   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-344778f6-n\decora-d3d.dll
2010-05-28 10:18 . 2010-05-28 10:18   61440   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-344778f6-n\decora-sse.dll
2010-05-28 10:18 . 2010-05-28 10:18   348160   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-342d25f8-n\msvcr71.dll
2010-05-28 10:18 . 2010-04-12 15:29   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-05-28 10:11 . 2010-05-28 10:11   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Avira
2010-05-28 10:03 . 2010-03-01 08:05   124784   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-05-28 10:03 . 2010-02-16 12:24   60936   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-05-28 10:03 . 2009-05-11 10:49   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2010-05-28 10:03 . 2009-05-11 10:49   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2010-05-28 10:02 . 2010-05-28 10:02   --------   d-----w-   c:\program files\Avira
2010-05-28 10:02 . 2010-05-28 10:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2010-05-28 09:52 . 2010-05-28 09:52   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
2010-05-28 09:43 . 2010-05-28 09:43   --------   d-sh--w-   c:\documents and settings\pantovic.s\PrivacIE
2010-05-28 09:41 . 2010-05-28 09:41   --------   d-sh--w-   c:\documents and settings\pantovic.s\IETldCache
2010-05-28 09:37 . 2010-05-28 09:37   --------   dc-h--w-   c:\windows\ie8
2010-05-18 15:16 . 2010-04-29 13:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 15:16 . 2010-04-29 13:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-05-18 15:16 . 2010-05-18 15:16   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-12 11:22 . 2010-05-12 11:30   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 12:24 . 2009-11-10 13:01   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Dropbox
2010-05-28 10:18 . 2009-12-24 09:35   --------   d-----w-   c:\program files\Java
2010-05-28 09:30 . 2009-12-23 12:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2010-05-27 14:31 . 2009-12-18 10:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-27 12:00 . 2009-12-03 09:08   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\vlc
2010-05-26 14:47 . 2009-08-28 09:44   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Skype
2010-05-26 14:03 . 2009-08-28 09:53   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\skypePM
2010-05-24 07:40 . 2010-02-05 11:34   256   ----a-w-   c:\windows\system32\pool.bin
2010-05-18 15:56 . 2009-09-07 13:34   --------   d-----w-   c:\program files\PokerStars
2010-05-18 07:19 . 2009-08-25 12:47   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\OpenOffice.org2
2010-05-07 10:34 . 2009-09-08 12:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-30 08:02 . 2010-03-22 16:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-26 09:35 . 2010-04-26 08:39   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\PC Suite
2010-04-26 08:45 . 2010-04-26 08:34   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Nokia
2010-04-26 08:43 . 2010-04-26 08:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Suite
2010-04-26 08:43 . 2010-04-26 08:43   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-26 08:43 . 2010-04-26 08:43   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-04-26 08:33 . 2010-04-26 08:33   --------   d-----w-   c:\program files\Common Files\Nokia
2010-04-26 08:33 . 2010-04-26 08:33   --------   d-----w-   c:\program files\Common Files\PCSuite
2010-04-26 08:33 . 2010-04-26 08:31   --------   d-----w-   c:\program files\Nokia
2010-04-26 08:32 . 2010-04-26 08:32   --------   d-----w-   c:\program files\DIFX
2010-04-26 08:32 . 2010-04-26 08:32   --------   d-----w-   c:\program files\PC Connectivity Solution
2010-04-26 08:30 . 2010-04-26 08:30   8192   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-26 08:30 . 2010-04-26 08:30   61440   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-26 08:30 . 2010-04-26 08:30   10240   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-26 08:26 . 2010-04-26 08:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\Installations
2010-04-09 08:57 . 2010-03-22 11:43   --------   d-----w-   c:\program files\PP
2010-03-25 12:44 . 2009-09-09 08:32   72064   -c--a-w-   c:\documents and settings\pantovic.s\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-18 10:45 . 2010-02-12 08:43   256   ----a-w-   c:\documents and settings\pantovic.s\pool.bin
2010-03-03 12:44 . 2010-03-03 11:02   71960   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Mozilla\Plugins\npoctoshape.dll
2007-04-16 15:52 . 2002-12-31 13:00   162133   --sha-r-   c:\windows\system32\kthib.dll
.

------- Sigcheck -------

[-] 2006-08-03 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Octoshape Streaming Services"="c:\documents and settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88203]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2002-12-31 143360]
"GrooveMonitor"="c:\program files\Microsoft Outlook\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2009-03-08 128512]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-12-31 44544]

c:\documents and settings\pantovic.s\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 1800 (0x708)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Microsoft Outlook\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7593:TCP"= 7593:TCP:ocbwn

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/22/2010 11:02 AM 691696]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [12/11/2009 12:04 AM 814344]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/28/2010 12:03 PM 135336]
S2 zjtqsj;guxpm;c:\windows\system32\svchost.exe -k netsvcs [12/31/2002 3:00 PM 14336]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 ids00026;ids00026;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [?]
S3 ids00118;ids00118;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys [?]
S3 ids0014f;ids0014f;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
zjtqsj
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\pantovic.s\Application Data\Mozilla\Firefox\Profiles\tcj1louo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\pantovic.s\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 14:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spff.sys >>UNKNOWN [0x829CC938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8516fc3
\Driver\ACPI -> ACPI.sys @ 0xf827ecb8
\Driver\atapi -> 0x829891f8
\Driver\iaStor -> iaStor.sys @ 0xf81577b0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
 ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
 ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
NDIS: Broadcom 802.11b/g WLAN -> SendCompleteHandler -> NDIS.sys @ 0xf8015ba0
 PacketIndicateHandler -> NDIS.sys @ 0xf8004a0b
 SendHandler -> NDIS.sys @ 0xf8018b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zjtqsj]
"ServiceDll"="c:\windows\system32\kthib.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'lsass.exe'(948)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(3512)
c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\AGRSMMSG.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2010-05-28  14:29:58 - machine was rebooted
ComboFix-quarantined-files.txt  2010-05-28 12:29
ComboFix2.txt  2010-05-28 08:51
ComboFix3.txt  2010-04-22 12:27
ComboFix4.txt  2010-04-22 08:49
ComboFix5.txt  2010-05-28 11:21

Pre-Run: 1,849,905,152 bytes free
Post-Run: 1,957,036,032 bytes free

- - End Of File - - F154589916A56615C7E165CE3B424FD3

8
Tech Clinic / very slow computer (for the nth time)
« on: May 28, 2010, 08:51:56 AM »
ComboFix 10-05-27.03 - pantovic.s 05/28/2010  13:23:22.11.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1250.381.1033.18.503.250 [GMT 2:00]
Running from: c:\documents and settings\pantovic.s\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://sbs:8530
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
(((((((((((((((((((((((((   Files Created from 2010-04-28 to 2010-05-28  )))))))))))))))))))))))))))))))
.

2010-05-28 10:18 . 2010-05-28 10:18   --------   d-----w-   c:\program files\Common Files\Java
2010-05-28 10:18 . 2010-05-28 10:18   503808   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-342d25f8-n\msvcp71.dll
2010-05-28 10:18 . 2010-05-28 10:18   499712   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-342d25f8-n\jmc.dll
2010-05-28 10:18 . 2010-05-28 10:18   12800   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-344778f6-n\decora-d3d.dll
2010-05-28 10:18 . 2010-05-28 10:18   61440   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-344778f6-n\decora-sse.dll
2010-05-28 10:18 . 2010-05-28 10:18   348160   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-342d25f8-n\msvcr71.dll
2010-05-28 10:18 . 2010-04-12 15:29   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-05-28 10:11 . 2010-05-28 10:11   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Avira
2010-05-28 10:03 . 2010-03-01 08:05   124784   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-05-28 10:03 . 2010-02-16 12:24   60936   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-05-28 10:03 . 2009-05-11 10:49   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2010-05-28 10:03 . 2009-05-11 10:49   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2010-05-28 10:02 . 2010-05-28 10:02   --------   d-----w-   c:\program files\Avira
2010-05-28 10:02 . 2010-05-28 10:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2010-05-28 09:52 . 2010-05-28 09:52   --------   d-sh--w-   c:\documents and settings\NetworkService\IETldCache
2010-05-28 09:43 . 2010-05-28 09:43   --------   d-sh--w-   c:\documents and settings\pantovic.s\PrivacIE
2010-05-28 09:41 . 2010-05-28 09:41   --------   d-sh--w-   c:\documents and settings\pantovic.s\IETldCache
2010-05-28 09:37 . 2010-05-28 09:37   --------   dc-h--w-   c:\windows\ie8
2010-05-18 15:16 . 2010-04-29 13:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 15:16 . 2010-04-29 13:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-05-18 15:16 . 2010-05-18 15:16   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-12 11:22 . 2010-05-12 11:30   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 12:24 . 2009-11-10 13:01   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Dropbox
2010-05-28 10:18 . 2009-12-24 09:35   --------   d-----w-   c:\program files\Java
2010-05-28 09:30 . 2009-12-23 12:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2010-05-27 14:31 . 2009-12-18 10:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-27 12:00 . 2009-12-03 09:08   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\vlc
2010-05-26 14:47 . 2009-08-28 09:44   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Skype
2010-05-26 14:03 . 2009-08-28 09:53   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\skypePM
2010-05-24 07:40 . 2010-02-05 11:34   256   ----a-w-   c:\windows\system32\pool.bin
2010-05-18 15:56 . 2009-09-07 13:34   --------   d-----w-   c:\program files\PokerStars
2010-05-18 07:19 . 2009-08-25 12:47   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\OpenOffice.org2
2010-05-07 10:34 . 2009-09-08 12:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-30 08:02 . 2010-03-22 16:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-26 09:35 . 2010-04-26 08:39   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\PC Suite
2010-04-26 08:45 . 2010-04-26 08:34   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Nokia
2010-04-26 08:43 . 2010-04-26 08:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Suite
2010-04-26 08:43 . 2010-04-26 08:43   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-26 08:43 . 2010-04-26 08:43   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-04-26 08:33 . 2010-04-26 08:33   --------   d-----w-   c:\program files\Common Files\Nokia
2010-04-26 08:33 . 2010-04-26 08:33   --------   d-----w-   c:\program files\Common Files\PCSuite
2010-04-26 08:33 . 2010-04-26 08:31   --------   d-----w-   c:\program files\Nokia
2010-04-26 08:32 . 2010-04-26 08:32   --------   d-----w-   c:\program files\DIFX
2010-04-26 08:32 . 2010-04-26 08:32   --------   d-----w-   c:\program files\PC Connectivity Solution
2010-04-26 08:30 . 2010-04-26 08:30   8192   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-26 08:30 . 2010-04-26 08:30   61440   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-26 08:30 . 2010-04-26 08:30   10240   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-26 08:26 . 2010-04-26 08:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\Installations
2010-04-09 08:57 . 2010-03-22 11:43   --------   d-----w-   c:\program files\PP
2010-03-25 12:44 . 2009-09-09 08:32   72064   -c--a-w-   c:\documents and settings\pantovic.s\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-18 10:45 . 2010-02-12 08:43   256   ----a-w-   c:\documents and settings\pantovic.s\pool.bin
2010-03-03 12:44 . 2010-03-03 11:02   71960   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Mozilla\Plugins\npoctoshape.dll
2007-04-16 15:52 . 2002-12-31 13:00   162133   --sha-r-   c:\windows\system32\kthib.dll
.

------- Sigcheck -------

[-] 2006-08-03 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Octoshape Streaming Services"="c:\documents and settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88203]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2002-12-31 143360]
"GrooveMonitor"="c:\program files\Microsoft Outlook\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2009-03-08 128512]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-12-31 44544]

c:\documents and settings\pantovic.s\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 1800 (0x708)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Microsoft Outlook\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7593:TCP"= 7593:TCP:ocbwn

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/22/2010 11:02 AM 691696]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [12/11/2009 12:04 AM 814344]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/28/2010 12:03 PM 135336]
S2 zjtqsj;guxpm;c:\windows\system32\svchost.exe -k netsvcs [12/31/2002 3:00 PM 14336]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 ids00026;ids00026;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [?]
S3 ids00118;ids00118;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys [?]
S3 ids0014f;ids0014f;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
zjtqsj
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\pantovic.s\Application Data\Mozilla\Firefox\Profiles\tcj1louo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\pantovic.s\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 14:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spff.sys >>UNKNOWN [0x829CC938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8516fc3
\Driver\ACPI -> ACPI.sys @ 0xf827ecb8
\Driver\atapi -> 0x829891f8
\Driver\iaStor -> iaStor.sys @ 0xf81577b0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
 ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
 ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
NDIS: Broadcom 802.11b/g WLAN -> SendCompleteHandler -> NDIS.sys @ 0xf8015ba0
 PacketIndicateHandler -> NDIS.sys @ 0xf8004a0b
 SendHandler -> NDIS.sys @ 0xf8018b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zjtqsj]
"ServiceDll"="c:\windows\system32\kthib.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'lsass.exe'(948)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(3512)
c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\AGRSMMSG.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2010-05-28  14:29:58 - machine was rebooted
ComboFix-quarantined-files.txt  2010-05-28 12:29
ComboFix2.txt  2010-05-28 08:51
ComboFix3.txt  2010-04-22 12:27
ComboFix4.txt  2010-04-22 08:49
ComboFix5.txt  2010-05-28 11:21

Pre-Run: 1,849,905,152 bytes free
Post-Run: 1,957,036,032 bytes free

- - End Of File - - F154589916A56615C7E165CE3B424FD3

9
Tech Clinic / very slow computer (for the nth time)
« on: May 28, 2010, 05:26:39 AM »
After combofix I was able to access microsoft website for a while...after that, I installed avira and upgraded internet explorer...now I cannot access microsoft website again and my automatic updates are disabled and I cannot enable them...I will post new hi jack, mbam and combofix logs now

10
Tech Clinic / very slow computer (for the nth time)
« on: May 28, 2010, 03:55:46 AM »
ComboFix 10-05-27.02 - pantovic.s 05/28/2010   9:53.10.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1250.381.1033.18.503.260 [GMT 2:00]
Running from: c:\documents and settings\pantovic.s\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\WINSPOOL.DRV
c:\windows\system32\kthib.dll

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HISVFFSZB
-------\Legacy_WRVAE
-------\Service_hisvffszb
-------\Service_wrvae


(((((((((((((((((((((((((   Files Created from 2010-04-28 to 2010-05-28  )))))))))))))))))))))))))))))))
.

2010-05-18 15:16 . 2010-04-29 13:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 15:16 . 2010-04-29 13:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-05-18 15:16 . 2010-05-18 15:16   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-12 11:22 . 2010-05-12 11:30   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 08:48 . 2009-11-10 13:01   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Dropbox
2010-05-27 14:31 . 2009-12-18 10:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-27 12:00 . 2009-12-03 09:08   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\vlc
2010-05-26 14:47 . 2009-08-28 09:44   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Skype
2010-05-26 14:03 . 2009-08-28 09:53   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\skypePM
2010-05-24 07:40 . 2010-02-05 11:34   256   ----a-w-   c:\windows\system32\pool.bin
2010-05-18 15:56 . 2009-09-07 13:34   --------   d-----w-   c:\program files\PokerStars
2010-05-18 07:19 . 2009-08-25 12:47   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\OpenOffice.org2
2010-05-07 10:34 . 2009-09-08 12:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-30 08:02 . 2010-03-22 16:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\FLEXnet
2010-04-26 09:35 . 2010-04-26 08:39   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\PC Suite
2010-04-26 08:45 . 2010-04-26 08:34   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Nokia
2010-04-26 08:43 . 2010-04-26 08:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Suite
2010-04-26 08:43 . 2010-04-26 08:43   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-26 08:43 . 2010-04-26 08:43   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-04-26 08:33 . 2010-04-26 08:33   --------   d-----w-   c:\program files\Common Files\Nokia
2010-04-26 08:33 . 2010-04-26 08:33   --------   d-----w-   c:\program files\Common Files\PCSuite
2010-04-26 08:33 . 2010-04-26 08:31   --------   d-----w-   c:\program files\Nokia
2010-04-26 08:32 . 2010-04-26 08:32   --------   d-----w-   c:\program files\DIFX
2010-04-26 08:32 . 2010-04-26 08:32   --------   d-----w-   c:\program files\PC Connectivity Solution
2010-04-26 08:30 . 2010-04-26 08:30   8192   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstCCD.exe
2010-04-26 08:30 . 2010-04-26 08:30   61440   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-04-26 08:30 . 2010-04-26 08:30   10240   ----a-w-   c:\documents and settings\All Users\Application Data\Installations\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\Installer\CommonCustomActions\UninstPCS.exe
2010-04-26 08:26 . 2010-04-26 08:26   --------   d-----w-   c:\documents and settings\All Users\Application Data\Installations
2010-04-09 08:57 . 2010-03-22 11:43   --------   d-----w-   c:\program files\PP
2010-03-25 12:44 . 2009-09-09 08:32   72064   -c--a-w-   c:\documents and settings\pantovic.s\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-18 10:45 . 2010-02-12 08:43   256   ----a-w-   c:\documents and settings\pantovic.s\pool.bin
2010-03-03 12:44 . 2010-03-03 11:02   71960   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Mozilla\Plugins\npoctoshape.dll
.

------- Sigcheck -------

[-] 2006-08-03 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((   SnapShot_2010-04-22_08.44.46   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-28 07:59 . 2010-05-28 07:59   16384              c:\windows\temp\Perflib_Perfdata_258.dat
+ 2006-09-28 16:56 . 2006-09-15 21:30   55296              c:\windows\system32\WudfSvc.dll
+ 2006-09-28 18:13 . 2006-09-15 21:30   87040              c:\windows\system32\WUDFCoinstaller.dll
- 2006-09-21 13:20 . 2006-10-16 14:10   23856              c:\windows\system32\spupdsvc.exe
+ 2006-09-21 13:20 . 2006-10-08 19:51   23856              c:\windows\system32\spupdsvc.exe
+ 2007-08-10 16:15 . 2006-10-08 19:51   14640              c:\windows\system32\spmsg.dll
- 2007-08-10 16:15 . 2006-09-25 15:58   14640              c:\windows\system32\spmsg.dll
- 2002-12-31 13:00 . 2010-04-22 08:46   71302              c:\windows\system32\perfc009.dat
+ 2002-12-31 13:00 . 2010-04-23 12:43   71302              c:\windows\system32\perfc009.dat
+ 2010-04-26 08:31 . 2007-11-29 08:39   95744              c:\windows\system32\nmwcdcocls.dll
+ 2010-04-26 08:31 . 2007-11-29 08:32   48128              c:\windows\system32\nmwcdcls.dll
+ 2010-04-26 08:32 . 2007-09-17 13:53   21632              c:\windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.sys
+ 2010-04-26 08:31 . 2007-11-29 08:39   19328              c:\windows\system32\DRVSTORE\ccdcmbo_B642931F7B28F01BE617200298CCA42B44AAC343\ccdcmbo.sys
+ 2010-04-26 08:31 . 2007-11-29 08:39   95744              c:\windows\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\nmwcdcocls.dll
+ 2010-04-26 08:31 . 2007-11-29 08:32   48128              c:\windows\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\nmwcdcls.dll
+ 2010-04-26 08:31 . 2007-11-29 08:39   16896              c:\windows\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\ccdcmb.sys
+ 2006-09-28 17:00 . 2006-09-15 20:30   82688              c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-28 16:55 . 2006-09-15 20:29   76544              c:\windows\system32\drivers\WudfPf.sys
+ 2006-11-02 05:22 . 2006-11-02 05:22   32224              c:\windows\system32\drivers\wdfldr.sys
+ 2010-04-26 08:43 . 2004-08-03 21:08   25600              c:\windows\system32\drivers\usbser.sys
+ 2010-04-26 08:32 . 2007-09-17 13:53   21632              c:\windows\system32\drivers\pccsmcfd.sys
+ 2010-04-26 08:31 . 2007-11-29 08:39   19328              c:\windows\system32\drivers\ccdcmbo.sys
+ 2010-04-26 08:31 . 2007-11-29 08:39   16896              c:\windows\system32\drivers\ccdcmb.sys
+ 2010-04-26 08:43 . 2004-08-03 21:08   25600              c:\windows\system32\dllcache\usbser.sys
+ 2010-04-26 08:32 . 2010-04-26 08:32   10134              c:\windows\Installer\{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}\ARPPRODUCTICON.exe
+ 2010-04-26 08:34 . 2010-04-26 08:34   15086              c:\windows\Installer\{5AFEABF5-7411-4C29-9FA9-71ABE880662D}\ARPPRODUCTICON.exe
+ 2010-04-26 08:44 . 2006-09-28 16:56   55808              c:\windows\$NtUninstallWudf01005$\wudfsvc.dll
+ 2010-04-26 08:44 . 2006-09-28 17:00   82944              c:\windows\$NtUninstallWudf01005$\wudfrd.sys
+ 2010-04-26 08:44 . 2006-09-28 16:55   77568              c:\windows\$NtUninstallWudf01005$\wudfpf.sys
+ 2010-04-26 08:44 . 2006-09-28 18:13   95344              c:\windows\$NtUninstallWudf01005$\wudfcoinstaller.dll
+ 2010-04-26 08:44 . 2006-09-15 20:30   70656              c:\windows\$NtUninstallWudf01005$\spuninst\WudfCustom.dll
+ 2010-04-26 08:43 . 2006-11-02 05:22   51680              c:\windows\$NtUninstallWdf01005$\spuninst\Kmdfcustom.dll
+ 2010-04-26 08:31 . 2007-11-29 08:39   8064              c:\windows\system32\DRVSTORE\ccdcmbm_B642931F7B28F01BE617200298CCA42B44AAC343\usbser_lowerflt.sys
+ 2010-04-26 08:31 . 2007-11-29 08:39   8064              c:\windows\system32\DRVSTORE\ccdcmbcj_B642931F7B28F01BE617200298CCA42B44AAC343\usbser_lowerfltj.sys
+ 2010-04-26 08:31 . 2007-11-29 08:39   8064              c:\windows\system32\drivers\usbser_lowerfltj.sys
+ 2010-04-26 08:31 . 2007-11-29 08:39   8064              c:\windows\system32\drivers\usbser_lowerflt.sys
+ 2010-04-26 08:31 . 2010-04-26 08:31   3262              c:\windows\Installer\{4F1DCA42-2030-437C-A94E-736692A499C1}\ARPPRODUCTICON.exe
+ 2010-04-22 08:51 . 2010-04-22 11:36   6880              c:\windows\CIDD_P\70616E746F7669632E73\sys.dll
+ 2006-09-28 16:56 . 2006-09-15 21:30   308224              c:\windows\system32\WUDFx.dll
+ 2008-03-06 09:14 . 2008-03-06 09:14   831048              c:\windows\system32\WudfUpdate_01005.dll
+ 2006-09-28 16:56 . 2006-09-15 20:29   163840              c:\windows\system32\WudfPlatform.dll
+ 2006-09-28 16:56 . 2006-09-15 21:30   142848              c:\windows\system32\WudfHost.exe
- 2002-12-31 13:00 . 2010-04-22 08:46   439598              c:\windows\system32\perfh009.dat
+ 2002-12-31 13:00 . 2010-04-23 12:43   439598              c:\windows\system32\perfh009.dat
+ 2010-04-26 08:32 . 2008-03-06 09:14   831048              c:\windows\system32\DRVSTORE\pccswpddri_CAEB6BB34654D5A4CAB32D7967078BA417F01F05\WudfUpdate_01005.dll
+ 2010-04-26 08:32 . 2008-03-06 09:19   534016              c:\windows\system32\DRVSTORE\pccswpddri_CAEB6BB34654D5A4CAB32D7967078BA417F01F05\PCCSWpdDriver.dll
+ 2006-11-02 05:22 . 2006-11-02 05:22   492000              c:\windows\system32\drivers\wdf01000.sys
+ 2008-03-06 09:19 . 2008-03-06 09:19   534016              c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
+ 2007-03-29 21:00 . 2007-03-29 21:00   203264              c:\windows\system32\CddbCdda.dll
+ 2010-04-26 08:32 . 2010-04-26 08:32   460800              c:\windows\Installer\35bd86.msi
+ 2010-04-26 08:31 . 2010-04-26 08:31   358912              c:\windows\Installer\35bd7f.msi
+ 2010-04-26 08:31 . 2010-04-26 08:31   163840              c:\windows\Installer\35bd78.msi
+ 2010-04-26 08:44 . 2006-09-28 16:56   316416              c:\windows\$NtUninstallWudf01005$\wudfx.dll
+ 2010-04-26 08:44 . 2006-09-28 16:56   165376              c:\windows\$NtUninstallWudf01005$\wudfplatform.dll
+ 2010-04-26 08:44 . 2006-09-28 16:56   146432              c:\windows\$NtUninstallWudf01005$\wudfhost.exe
+ 2010-04-26 08:44 . 2006-09-16 01:02   379184              c:\windows\$NtUninstallWudf01005$\spuninst\updspapi.dll
+ 2010-04-26 08:44 . 2006-09-16 01:02   221488              c:\windows\$NtUninstallWudf01005$\spuninst\spuninst.exe
+ 2010-04-26 08:43 . 2006-10-08 19:51   379184              c:\windows\$NtUninstallWdf01005$\spuninst\updspapi.dll
+ 2010-04-26 08:43 . 2006-10-08 19:51   221488              c:\windows\$NtUninstallWdf01005$\spuninst\spuninst.exe
+ 2010-04-26 08:31 . 2007-11-29 08:33   1419232              c:\windows\system32\wdfcoinstaller01005.dll
+ 2010-04-26 08:31 . 2007-11-29 08:33   1419232              c:\windows\system32\DRVSTORE\ccdcmb_B642931F7B28F01BE617200298CCA42B44AAC343\wdfcoinstaller01005.dll
+ 2010-04-26 08:34 . 2010-04-26 08:34   2428416              c:\windows\Installer\35bd8e.msi
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19   94208   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Octoshape Streaming Services"="c:\documents and settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88203]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2002-12-31 143360]
"GrooveMonitor"="c:\program files\Microsoft Outlook\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-24 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-19 623960]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2002-12-31 99840]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-12-31 44544]

c:\documents and settings\pantovic.s\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 1800 (0x708)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Microsoft Outlook\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7593:TCP"= 7593:TCP:ocbwn

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/22/2010 11:02 AM 691696]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [12/11/2009 12:04 AM 814344]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 ids00026;ids00026;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [?]
S3 ids00118;ids00118;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys [?]
S3 ids0014f;ids0014f;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\pantovic.s\Application Data\Mozilla\Firefox\Profiles\tcj1louo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\pantovic.s\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 10:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spsu.sys >>UNKNOWN [0x827CD938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf866afc3
\Driver\ACPI -> ACPI.sys @ 0xf83d2cb8
\Driver\atapi -> 0x827891f8
\Driver\iaStor -> iaStor.sys @ 0xf82ab7b0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
 ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577ffe
 ParseProcedure -> ntkrnlpa.exe @ 0x80576c60
NDIS: Broadcom 802.11b/g WLAN -> SendCompleteHandler -> NDIS.sys @ 0xf8169ba0
 PacketIndicateHandler -> NDIS.sys @ 0xf8158a0b
 SendHandler -> NDIS.sys @ 0xf816cb31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'lsass.exe'(948)
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(2968)
c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2010-05-28  10:51:46 - machine was rebooted
ComboFix-quarantined-files.txt  2010-05-28 08:51
ComboFix2.txt  2010-04-22 12:27
ComboFix3.txt  2010-04-22 08:49
ComboFix4.txt  2009-12-31 09:48
ComboFix5.txt  2010-05-28 07:52

Pre-Run: 1,346,297,856 bytes free
Post-Run: 1,342,099,456 bytes free

- - End Of File - - 26FE6B4E932E811AF7C38C4E68B8C2C6

11
Tech Clinic / very slow computer (for the nth time)
« on: May 26, 2010, 03:07:33 AM »
it s still more than average slow...I cannot access any Microsoft site as well or any anti virus site

12
Tech Clinic / very slow computer (for the nth time)
« on: May 18, 2010, 10:40:12 AM »
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4112

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/18/2010 5:28:02 PM
mbam-log-2010-05-18 (17-28-02).txt

Scan type: Quick scan
Objects scanned: 171692
Time elapsed: 9 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:36:43 PM, on 5/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft Outlook\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Outlook\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PP\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PP\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RedStar.local
O17 - HKLM\Software\..\Telephony: DomainName = RedStar.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RedStar.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RedStar.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 11358 bytes

13
Tech Clinic / very slow computer (for the nth time)
« on: May 18, 2010, 04:42:12 AM »
OTL Extras logfile created on: 12/18/2009 2:59:35 PM - Run 1
OTL by OldTimer - Version 3.1.18.0     Folder = C:\Documents and Settings\pantovic.s\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
503.36 Mb Total Physical Memory | 54.57 Mb Available Physical Memory | 10.84% Memory free
1.94 Gb Paging File | 1.51 Gb Available in Paging File | 77.72% Paging File free
Paging file location(s): Y:\pagefile.sys 1512 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 4.57 Gb Free Space | 23.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 34.41 Gb Total Space | 20.24 Gb Free Space | 58.81% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 1.95 Gb Total Space | 0.46 Gb Free Space | 23.79% Space Free | Partition Type: NTFS
 
Computer Name: GENSEKRETAR
Current User Name: pantovic.s
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Outlook\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"7593:TCP" = 7593:TCP:*:Enabled:ocbwn
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"7593:TCP" = 7593:TCP:*:Enabled:ocbwn
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Outlook\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Outlook\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Outlook\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Outlook\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Outlook\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Outlook\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"C:\Documents and Settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- File not found
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype  -- (Skype Technologies S.A.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 D2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{686BB230-DE5B-44F4-8DB0-4F9BEE7310F7}" = OpenOffice.org 2.0
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AC76BA86-7AD7-5676-5A64-E98530000001}" = Extended Language Support Fonts Package
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"BitLord" = BitLord 1.1
"Burn4Free" = Burn4Free CD and DVD
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"PokerStars" = PokerStars
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12/18/2009 9:54:37 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:54:37 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:54:39 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:54:39 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:54:39 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:54:39 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:54:39 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:54:39 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:55:04 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The server name or address could not be resolved  
 
Error - 12/18/2009 9:55:18 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The server name or address could not be resolved  
 
[ System Events ]
Error - 12/11/2009 4:41:58 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
Error - 12/14/2009 4:37:58 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
Error - 12/15/2009 4:53:16 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
Error - 12/16/2009 4:43:46 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
Error - 12/16/2009 5:01:25 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
Error - 12/17/2009 5:05:48 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
Error - 12/17/2009 5:05:48 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7018
Description = Detected circular dependencies auto-starting services.
 
Error - 12/17/2009 11:51:59 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
Error - 12/17/2009 11:52:52 AM | Computer Name = GENSEKRETAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
 arguments ""  in order to run the server:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 12/18/2009 4:34:32 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
 
< End of report >

14
Tech Clinic / very slow computer (for the nth time)
« on: May 18, 2010, 04:40:18 AM »
OTL logfile created on: 5/18/2010 11:27:01 AM - Run 5
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\pantovic.s\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
503.00 Mb Total Physical Memory | 96.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): Y:\pagefile.sys 1512 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 0.36 Gb Free Space | 1.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 34.41 Gb Total Space | 21.41 Gb Free Space | 62.21% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 1.95 Gb Total Space | 0.46 Gb Free Space | 23.29% Space Free | Partition Type: NTFS
 
Computer Name: GENSEKRETAR
Current User Name: pantovic.s
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010/05/18 11:26:27 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pantovic.s\Desktop\OTL.exe
PRC - [2010/04/05 12:39:57 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/22 18:59:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/02/26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/01/14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009/12/11 00:04:22 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2009/11/19 23:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/10/30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/01/08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/04/29 10:04:58 | 000,572,928 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/04/29 10:03:58 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/04/28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/02/22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2007/05/10 23:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/10/27 15:16:48 | 012,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Outlook\Office12\OUTLOOK.EXE
PRC - [2006/10/27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Outlook\Office12\GrooveMonitor.exe
PRC - [2006/06/22 20:28:24 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006/06/22 01:03:50 | 002,478,080 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2005/12/23 12:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe
PRC - [2005/05/20 09:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2002/12/31 15:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/05/18 11:26:27 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pantovic.s\Desktop\OTL.exe
MOD - [2010/01/14 16:08:22 | 000,460,048 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll
MOD - [2006/08/25 17:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2002/12/31 15:00:00 | 002,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll
MOD - [2002/12/31 15:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010/03/22 18:59:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/12/11 00:04:22 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2008/04/29 10:04:58 | 000,572,928 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Outlook\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/01/22 11:02:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/01/14 16:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/14 16:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/01/14 16:08:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/08/03 20:56:01 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/04/28 17:12:40 | 000,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/03/31 15:41:40 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/02/28 14:36:20 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/02/15 15:59:52 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/02/15 15:56:58 | 001,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/02/15 15:54:46 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/02/15 15:54:40 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/02/15 15:54:10 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/02/15 15:51:22 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/12/12 15:00:46 | 001,120,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/09/19 13:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 13:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 13:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/05 11:33:56 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 14:21:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/05 12:40:04 | 000,000,000 | ---D | M]
 
[2009/08/25 14:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pantovic.s\Application Data\Mozilla\Extensions
[2009/12/03 10:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pantovic.s\Application Data\Mozilla\Firefox\Profiles\tcj1louo.default\extensions
[2009/12/02 13:45:19 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Application Data\Mozilla\Firefox\Profiles\tcj1louo.default\searchplugins\askcom.xml
[2010/05/18 09:21:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2010/04/22 14:21:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Outlook\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Bonus.SSR.FR10] E:\abby\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [configuration] C:\WINDOWS\configuration\configuration.exe File not found
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Outlook\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\pantovic.s\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\pantovic.s\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 1800
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Outlook\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Outlook\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Outlook\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Outlook\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PP\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PP\PartyPoker\RunApp.exe ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RedStar.local
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Outlook\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\pantovic.s\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\pantovic.s\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Outlook\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/21 15:00:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/29 11:26:31 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/10/29 11:26:31 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/10/29 11:26:31 | 000,000,000 | R--D | M] - Y:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{147df182-e89b-11de-ad53-0014a5afaf09}\Shell - "" = AutoRun
O33 - MountPoints2\{147df182-e89b-11de-ad53-0014a5afaf09}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{147df182-e89b-11de-ad53-0014a5afaf09}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{147df183-e89b-11de-ad53-0014a5afaf09}\Shell - "" = AutoRun
O33 - MountPoints2\{147df183-e89b-11de-ad53-0014a5afaf09}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6619ecd1-510e-11df-ade7-0014a5afaf09}\Shell - "" = AutoRun
O33 - MountPoints2\{6619ecd1-510e-11df-ade7-0014a5afaf09}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fc02a4a6-e3d9-11de-ad4b-0014a5afaf09}\Shell - "" = AutoRun
O33 - MountPoints2\{fc02a4a6-e3d9-11de-ad4b-0014a5afaf09}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/05/18 11:26:19 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pantovic.s\Desktop\OTL.exe
[2010/05/14 10:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\My Documents\AA prez
[2010/05/13 12:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Desktop\SP
[2010/05/12 13:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/05/12 13:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/10 17:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Desktop\FINANSIJE
[2010/05/10 17:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Desktop\JA
[2010/04/30 16:29:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/27 10:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Desktop\King Sturge
[2010/04/27 10:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Desktop\UEFA        2010 2011
[2010/04/26 10:43:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2010/04/26 10:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Application Data\PC Suite
[2010/04/26 10:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/26 10:34:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Application Data\Nokia
[2010/04/26 10:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010/04/26 10:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010/04/26 10:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/04/26 10:32:29 | 000,021,632 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010/04/26 10:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010/04/26 10:31:57 | 000,008,064 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010/04/26 10:31:55 | 000,008,064 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010/04/26 10:31:54 | 000,019,328 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010/04/26 10:31:45 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01005.dll
[2010/04/26 10:31:45 | 000,095,744 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010/04/26 10:31:45 | 000,016,896 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010/04/26 10:31:38 | 000,048,128 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010/04/26 10:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010/04/26 10:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/04/22 14:32:36 | 000,059,664 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/04/22 14:32:36 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/04/22 14:32:36 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/04/22 14:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2010/04/22 14:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/22 14:19:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/22 10:12:42 | 000,000,000 | RHSD | C] -- C:\WINDOWS\configuration
[2010/04/22 10:12:41 | 000,000,000 | RHSD | C] -- C:\WINDOWS\CIDD_P
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\pantovic.s\My Documents\*.tmp files -> C:\Documents and Settings\pantovic.s\My Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/05/18 11:34:32 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\archive.pst
[2010/05/18 11:26:27 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pantovic.s\Desktop\OTL.exe
[2010/05/18 09:17:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/18 09:17:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/18 09:17:13 | 527,880,192 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/17 15:30:23 | 000,954,794 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\Organizaciona struktura.pdf
[2010/05/17 15:27:15 | 019,344,384 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\Organizaciona struktura.doc
[2010/05/17 10:34:13 | 000,001,738 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\HijackThis.lnk
[2010/05/17 10:12:03 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\pantovic.s\NTUSER.DAT
[2010/05/17 10:09:50 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\fkcz.doc
[2010/05/17 09:48:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/14 15:52:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\pantovic.s\ntuser.ini
[2010/05/14 12:12:22 | 001,542,991 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\20100505 Prezentacija FK Crvena zvezda.ppsx
[2010/05/14 11:34:58 | 001,543,015 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\20100505 Prezentacija FK Crvena zvezda.pptx
[2010/05/13 11:37:05 | 000,007,280 | ---- | M] () -- C:\bar.emf
[2010/05/12 16:49:54 | 000,176,128 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\07052010 Izveštaj.xls
[2010/05/12 16:33:10 | 000,005,355 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\agrobanka.jpg
[2010/05/12 16:32:57 | 000,033,429 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\k037.jpg
[2010/05/12 16:28:53 | 000,003,350 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\imgres.htm
[2010/05/12 14:01:21 | 000,011,564 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\lavkuptrofej-129634-1-2.jpg
[2010/05/12 13:14:02 | 000,370,729 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\pozadina-800x600-prezentacija.jpg
[2010/05/12 12:50:37 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/12 11:28:37 | 000,011,552 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Prez.XLSX
[2010/05/12 11:18:56 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\prezentacija.xls
[2010/05/10 12:53:54 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\Edi.bmp
[2010/05/05 15:15:59 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\Plate mart.xls
[2010/05/05 11:46:54 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\budzet.xls
[2010/05/04 08:49:26 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\~$Presek.doc
[2010/05/03 12:56:53 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\Presek pitanja.doc
[2010/04/26 10:45:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010/04/26 10:45:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_05_00.Wdf
[2010/04/26 10:43:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/04/26 10:43:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2010/04/26 10:43:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/26 10:33:29 | 000,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/04/23 14:43:29 | 000,439,598 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/23 14:43:28 | 000,071,302 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/23 14:43:27 | 000,520,014 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/23 14:38:41 | 000,013,254 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/22 14:22:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/22 14:21:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/21 12:57:42 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/20 14:42:52 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\20100420 Request for the grounds.doc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\pantovic.s\My Documents\*.tmp files -> C:\Documents and Settings\pantovic.s\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/05/17 15:30:18 | 000,954,794 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\Organizaciona struktura.pdf
[2010/05/17 15:23:55 | 019,344,384 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\Organizaciona struktura.doc
[2010/05/17 10:34:13 | 000,001,738 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\HijackThis.lnk
[2010/05/17 10:09:47 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\fkcz.doc
[2010/05/14 14:27:42 | 001,542,991 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\20100505 Prezentacija FK Crvena zvezda.ppsx
[2010/05/14 12:11:51 | 001,543,015 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\20100505 Prezentacija FK Crvena zvezda.pptx
[2010/05/12 16:33:08 | 000,005,355 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\agrobanka.jpg
[2010/05/12 16:32:51 | 000,033,429 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\k037.jpg
[2010/05/12 16:28:44 | 000,003,350 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\imgres.htm
[2010/05/12 14:01:15 | 000,011,564 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\lavkuptrofej-129634-1-2.jpg
[2010/05/12 13:14:02 | 000,370,729 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\pozadina-800x600-prezentacija.jpg
[2010/05/12 11:28:35 | 000,011,552 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Prez.XLSX
[2010/05/12 11:18:55 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\prezentacija.xls
[2010/05/10 12:53:54 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\Edi.bmp
[2010/05/07 13:31:33 | 000,176,128 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\07052010 Izveštaj.xls
[2010/05/05 15:15:56 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\Plate mart.xls
[2010/05/04 13:10:09 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\budzet.xls
[2010/05/04 08:49:26 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\~$Presek.doc
[2010/05/03 12:56:50 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\Presek pitanja.doc
[2010/04/26 10:43:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/04/26 10:43:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
[2010/04/26 10:43:33 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/26 10:33:29 | 000,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2010/04/22 14:48:18 | 527,880,192 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/20 13:52:43 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\20100420 Request for the grounds.doc
[2010/01/22 11:02:10 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/11/13 12:02:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/07 10:26:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/10/12 16:09:10 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/22 10:17:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/15 16:04:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/03/03 05:06:00 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2002/12/31 15:00:00 | 000,162,133 | RHS- | C] () -- C:\WINDOWS\System32\kthib.dll
[2002/12/31 15:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2002/12/31 15:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/05/15 22:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2002/05/03 15:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/11/23 17:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
 
========== Files - Unicode (All) ==========
[2010/02/02 11:34:20 | 000,110,592 | ---- | M] ()(C:\Documents and Settings\pantovic.s\My Documents\?????.doc) -- C:\Documents and Settings\pantovic.s\My Documents\ПОПИС.doc
[2010/02/02 11:31:03 | 000,022,528 | ---- | M] ()(C:\Documents and Settings\pantovic.s\My Documents\????? ??????.xls) -- C:\Documents and Settings\pantovic.s\My Documents\попис табела.xls
[2010/01/15 13:17:58 | 000,020,480 | ---- | M] ()(C:\Documents and Settings\pantovic.s\My Documents\?????? ??????????.xls) -- C:\Documents and Settings\pantovic.s\My Documents\данило кузмановић.xls
[2009/12/23 14:31:36 | 000,022,528 | ---- | C] ()(C:\Documents and Settings\pantovic.s\My Documents\????? ??????.xls) -- C:\Documents and Settings\pantovic.s\My Documents\попис табела.xls
[2009/12/23 14:15:43 | 000,110,592 | ---- | C] ()(C:\Documents and Settings\pantovic.s\My Documents\?????.doc) -- C:\Documents and Settings\pantovic.s\My Documents\ПОПИС.doc
[2009/12/08 16:20:57 | 011,868,160 | ---- | M] ()(C:\Documents and Settings\pantovic.s\My Documents\?? ?????? ?????? - ???????????? ?? ????????.ppt) -- C:\Documents and Settings\pantovic.s\My Documents\ФК Црвена звезда - презентација за спонзоре.ppt
[2009/12/08 11:49:19 | 000,082,944 | ---- | M] ()(C:\Documents and Settings\pantovic.s\My Documents\?????? ????????.doc) -- C:\Documents and Settings\pantovic.s\My Documents\РАНЂЕЛ ПЕТРОВИЋ.doc
[2009/12/07 13:37:58 | 000,020,480 | ---- | C] ()(C:\Documents and Settings\pantovic.s\My Documents\?????? ??????????.xls) -- C:\Documents and Settings\pantovic.s\My Documents\данило кузмановић.xls
[2009/12/07 11:33:55 | 000,082,944 | ---- | C] ()(C:\Documents and Settings\pantovic.s\My Documents\?????? ????????.doc) -- C:\Documents and Settings\pantovic.s\My Documents\РАНЂЕЛ ПЕТРОВИЋ.doc
[2009/11/23 17:37:29 | 011,868,160 | ---- | C] ()(C:\Documents and Settings\pantovic.s\My Documents\?? ?????? ?????? - ???????????? ?? ????????.ppt) -- C:\Documents and Settings\pantovic.s\My Documents\ФК Црвена звезда - презентација за спонзоре.ppt
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\zipfldr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\XpsSvcs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\XPSSHHDR.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp2res.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp1res.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpob2res.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcsapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcdlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wups2.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wups.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauserv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaucpl.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshtcpip.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshom.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshcon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscui.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscript.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscntfy.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdshextres.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WpdShext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wow32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVDECOD.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpps.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpmde.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmploc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMPhoto.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpeffects.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpcore.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpcd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winrnr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winlogon.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winipsec.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WindowsCodecsExt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WindowsCodecs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\win32spl.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wiashext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\webcheck.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wdmaud.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\watchdog.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w32time.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vssvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vssapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\verclsid.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vdmdbg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vbscript.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vbajet32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\userinit.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usbmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\url.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ups.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\upnp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\untfs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uniplat.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unimdmat.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unimdm.tsp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\umpnpmgr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ulib.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tzchange.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\txflog.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\twext.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsgqec.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsddd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsbyuv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\trkwks.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tourstart.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tlntsvr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timedate.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\themeui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\termsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcpmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapisrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sysdm.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynTPAPI.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynCOM.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\storprop.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stobject.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sti_ci.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sti.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole2.tlb:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sstext3d.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssstars.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sspipes.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssmyst.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssmypics.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssmarque.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssflwbox.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssdpsrv.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssbezier.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ss3dfo.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srvsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srrstr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spoolsv.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spoolss.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spider.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sorttbls.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smss.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smlogsvc.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smlogcfg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slayerxp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sl_anet.acm:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shmgrate.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shgina.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shdoclc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfcfiles.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc_os.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sessmgr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\services.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sens.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\seclogon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sdhcinst.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scrobj.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scrnsave.scr:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\schedsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scardsvr.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rtutils.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rshx32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsaenh.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rpcss.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\riched20.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rhttpaa.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\remotepg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regsvr32.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rdpdd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rastls.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rastapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasppp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasman.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\raschap.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\racpldlg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\quartz.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qmgr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pstorsvc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pstorec.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psbase.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\progman.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prntvpt.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\printui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\powercfg.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PostProc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceWMDRM.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceTypes.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceClassExtension.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceApi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pjlmon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\photometadatahandler.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfctrs.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pdh.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olepro32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olecnv32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olecli32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oleaccrc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ole32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcint.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbccp32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcbcp.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\occache.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwc.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nusrmgr.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntvdm.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntshrui.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmsmgr.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmarta.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntlsapi.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntkrnlpa.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdll.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\notepad.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\newdev.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netsetup.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netman.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netlogon.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\

15
Tech Clinic / very slow computer (for the nth time)
« on: May 17, 2010, 03:35:47 AM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:50 AM, on 5/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft Outlook\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Outlook\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [Bonus.SSR.FR10] "E:\abby\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [configuration] C:\WINDOWS\configuration\configuration.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PP\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PP\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RedStar.local
O17 - HKLM\Software\..\Telephony: DomainName = RedStar.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RedStar.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RedStar.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 12256 bytes

16
Tech Clinic / I can t access antivirus websites
« on: January 11, 2010, 01:26:07 AM »
sorry for mine late reply,,everything is fine as always after your advice.

thanks a lot

17
Tech Clinic / I can t access antivirus websites
« on: January 05, 2010, 08:04:26 AM »
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=68746f21ae732c44be7a8d6f9dc86271
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-05 12:01:30
# local_time=2010-01-05 01:01:31 (+0100, Central Europe Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 2760754 2760754 0 0
# compatibility_mode=1029 16777189 100 91 442473 1122472 0 0
# compatibility_mode=8192 67108863 100 0 81875 81875 0 0
# scanned=54633
# found=0
# cleaned=0
# scan_time=1465

18
Tech Clinic / I can t access antivirus websites
« on: December 31, 2009, 05:02:19 AM »
http://www.virustotal.com/analisis/82de903...469a-1252585853

19
Tech Clinic / I can t access antivirus websites
« on: December 31, 2009, 04:59:01 AM »
2009-12-31 09:40:17 . 2009-12-31 09:40:17            2,966 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_hajwnjal.reg.dat
2009-12-31 09:40:17 . 2009-12-31 09:40:17            1,050 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Legacy_HAJWNJAL.reg.dat
2009-12-30 08:47:52 . 2009-12-30 08:48:57            4,232 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir
2009-12-30 08:47:52 . 2009-12-30 08:48:57            5,343 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir
2009-12-04 15:28:12 . 2009-12-04 15:28:12            1,676 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Broadcom 802.11b Network Adapter.reg.dat
2009-10-29 09:13:01 . 2009-12-31 09:36:27                0 ----a-w-  C:\Qoobox\Quarantine\catchme.txt
2009-10-29 09:02:33 . 2009-10-29 09:02:34           52,892 ----a-w-  C:\Qoobox\Quarantine\C\log.txt.vir
2009-10-29 09:00:34 . 2009-10-29 09:00:34              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}.reg.dat
2009-09-18 11:41:28 . 2009-09-18 11:41:28              635 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.vir
2009-09-01 08:38:59 . 2009-12-31 09:40:11            9,779 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-09-01 08:35:27 . 2009-12-31 09:35:02              357 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2006-09-21 13:13:42 . 2001-08-08 16:31:50           12,627 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\readme.txt.vir
2002-12-31 13:00:00 . 2002-12-31 13:00:00           33,792 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\msgsvc.dll.vir

20
Tech Clinic / I can t access antivirus websites
« on: December 31, 2009, 04:56:16 AM »
ComboFix 09-12-30.01 - pantovic.s 12/31/2009  10:36:37.7.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.503.203 [GMT 1:00]
Running from: c:\documents and settings\pantovic.s\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\pantovic.s\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\kthib.dll"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://sbs:8530
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HAJWNJAL
-------\Service_hajwnjal


(((((((((((((((((((((((((   Files Created from 2009-11-28 to 2009-12-31  )))))))))))))))))))))))))))))))
.

2009-12-31 08:56 . 2009-12-29 08:26   3966744   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-31 08:51 . 2009-12-31 09:01   0   ----a-w-   c:\documents and settings\pantovic.s\Local Settings\Application Data\prvlcl.dat
2009-12-29 08:27 . 2009-12-23 12:49   360584   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-12-29 08:27 . 2009-12-23 12:49   502040   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsx.exe
2009-12-29 08:27 . 2009-12-23 12:49   12464   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsstx.dll
2009-12-29 08:27 . 2009-12-23 12:49   28424   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2009-12-29 08:24 . 2009-12-23 12:49   877848   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-12-29 08:24 . 2009-12-23 12:49   1657112   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-12-29 08:24 . 2009-12-23 12:49   798488   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2009-12-29 08:24 . 2009-12-23 12:49   610072   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-12-24 09:35 . 2009-12-24 09:35   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-24 09:35 . 2009-12-24 09:35   --------   d-----w-   c:\program files\Java
2009-12-24 09:34 . 2009-12-24 09:34   152576   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-24 09:34 . 2009-12-24 09:34   79488   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-23 12:50 . 2009-12-23 13:11   --------   d-----w-   C:\$AVG
2009-12-23 12:49 . 2009-12-29 08:26   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-12-23 12:49 . 2009-12-23 12:49   161800   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
2009-12-23 12:49 . 2009-12-29 08:26   360584   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-12-23 12:49 . 2009-12-23 12:49   333192   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-12-23 12:49 . 2009-12-29 08:26   28424   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-12-23 12:49 . 2009-12-30 09:39   --------   d-----w-   c:\windows\system32\drivers\Avg
2009-12-23 12:49 . 2009-12-23 12:49   --------   d-----w-   c:\program files\AVG
2009-12-23 12:49 . 2009-12-30 08:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2009-12-23 12:43 . 2009-12-23 12:43   --------   d-----w-   c:\documents and settings\pantovic.s\Contacts
2009-12-18 10:23 . 2009-12-18 11:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-18 10:23 . 2009-12-18 10:25   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-12-14 13:16 . 2009-12-14 13:16   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\U3
2009-12-09 13:11 . 2009-12-17 15:54   --------   d-----w-   c:\program files\Telenor Internet
2009-12-04 13:44 . 2009-12-04 13:44   --------   d-----w-   c:\program files\Trend Micro
2009-12-03 11:42 . 2009-12-03 11:42   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Malwarebytes
2009-12-03 11:42 . 2009-09-10 13:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 11:42 . 2009-12-03 11:42   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-12-03 11:42 . 2009-12-03 11:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-03 11:42 . 2009-09-10 13:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-12-03 09:08 . 2009-12-15 08:56   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\vlc
2009-12-03 09:07 . 2009-12-03 09:07   --------   d-----w-   c:\program files\VideoLAN
2009-12-03 08:56 . 2009-12-03 08:56   --------   d-----w-   c:\program files\CCleaner
2009-12-03 08:27 . 2009-12-03 08:27   --------   d-----w-   c:\documents and settings\suka.lj\Local Settings\Application Data\Mozilla

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 09:45 . 2009-11-10 13:01   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Dropbox
2009-12-31 09:44 . 2009-08-25 12:47   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\OpenOffice.org2
2009-12-29 11:36 . 2009-08-28 09:44   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Skype
2009-12-29 11:28 . 2009-08-28 09:53   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\skypePM
2009-12-23 12:42 . 2006-09-21 14:22   --------   d-----w-   c:\program files\MSN Messenger
2009-12-04 13:46 . 2009-09-07 13:34   --------   d-----w-   c:\program files\PokerStars
2009-12-03 12:49 . 2009-09-28 13:33   --------   d-----w-   c:\program files\BitLord
2009-11-17 10:26 . 2009-09-08 12:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-13 09:59 . 2009-11-13 09:59   --------   d-----w-   c:\program files\Ahead
2009-11-13 09:59 . 2009-11-13 09:59   --------   d-----w-   c:\program files\Common Files\Ahead
2009-11-11 14:49 . 2009-10-14 07:57   --------   d-----w-   c:\program files\Burn4Free
2009-11-10 13:02 . 2009-11-10 13:02   89962   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\Uninstall.exe
2009-11-09 12:33 . 2009-11-09 12:33   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Octoshape
2009-10-22 09:18 . 2009-10-22 09:18   15240   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2009-10-13 11:47 . 2009-10-13 11:47   71208   ----a-w-   c:\documents and settings\filipovic.n\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-09 01:18 . 2009-10-09 01:18   26805255   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe
2009-10-08 21:18 . 2009-10-08 21:18   499712   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\msvcp71.dll
2009-10-08 21:18 . 2009-10-08 21:18   348160   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\msvcr71.dll
2009-10-08 21:18 . 2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll
.

------- Sigcheck -------

[-] 2006-08-03 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((   SnapShot_2009-12-30_08.45.15   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-31 09:42 . 2009-12-31 09:42   16384              c:\windows\temp\Perflib_Perfdata_69c.dat
+ 2002-12-31 13:00 . 2009-12-31 08:54   71370              c:\windows\system32\perfc009.dat
- 2002-12-31 13:00 . 2009-12-30 08:38   71370              c:\windows\system32\perfc009.dat
+ 2009-12-30 08:48 . 2009-12-30 08:49   9052              c:\windows\SoftwareDistribution\EventCache\{0432F98F-3282-4AEA-A64A-5D1FFC695473}.bin
+ 2002-12-31 13:00 . 2009-12-31 08:54   439832              c:\windows\system32\perfh009.dat
- 2002-12-31 13:00 . 2009-12-30 08:38   439832              c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88203]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2002-12-31 143360]
"GrooveMonitor"="c:\program files\Microsoft Outlook\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-29 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-24 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2002-12-31 99840]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-12-31 44544]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]

c:\documents and settings\pantovic.s\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe [2009-10-9 26805255]
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-1-25 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 1800 (0x708)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-29 08:26   12464   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7593:TCP"= 7593:TCP:ocbwn

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/23/2009 1:49 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/23/2009 1:49 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/23/2009 1:49 PM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/29/2009 9:26 AM 285392]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 ids00026;ids00026;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [?]
S3 ids00118;ids00118;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys [?]
S3 ids0014f;ids0014f;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys [?]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.24x7.rs/MarfinBank/Corporate/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab
FF - ProfilePath - c:\documents and settings\pantovic.s\Application Data\Mozilla\Firefox\Profiles\tcj1louo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 10:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3008)
c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\msiexec.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.BIN
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2009-12-31  10:48:01 - machine was rebooted
ComboFix-quarantined-files.txt  2009-12-31 09:47
ComboFix2.txt  2009-12-30 08:50
ComboFix3.txt  2009-12-04 15:28
ComboFix4.txt  2009-10-29 09:26
ComboFix5.txt  2009-12-31 09:35

Pre-Run: 6,902,173,696 bytes free
Post-Run: 6,804,750,336 bytes free

- - End Of File - - DCA92C9ACBF7683214BA0CD41ACF6515

Pages: [1] 2 3 ... 5