I can t access antivirus websites

[maninneed]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:11 AM, on 12/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft Outlook\Office12\GrooveMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Microsoft Outlook\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Outlook\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Outlook\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RedStar.local
O17 - HKLM\Software\..\Telephony: DomainName = RedStar.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RedStar.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RedStar.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

--
End of file - 6657 bytes

[guestolo]

Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.

• Close all windows and double click on OTL.exe to run it
• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"

[maninneed]

OTL logfile created on: 12/18/2009 2:59:35 PM - Run 1OTL by OldTimer - Version 3.1.18.0     Folder = C:\Documents and Settings\pantovic.s\My Documents\DownloadsWindows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 503.36 Mb Total Physical Memory | 54.57 Mb Available Physical Memory | 10.84% Memory free1.94 Gb Paging File | 1.51 Gb Available in Paging File | 77.72% Paging File freePaging file location(s): Y:\pagefile.sys 1512 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 19.53 Gb Total Space | 4.57 Gb Free Space | 23.39% Space Free | Partition Type: NTFSD: Drive not present or media not loadedDrive E: | 34.41 Gb Total Space | 20.24 Gb Free Space | 58.81% Space Free | Partition Type: NTFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive Y: | 1.95 Gb Total Space | 0.46 Gb Free Space | 23.79% Space Free | Partition Type: NTFS Computer Name: GENSEKRETARCurrent User Name: pantovic.sLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2009/12/18 14:59:20 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pantovic.s\My Documents\Downloads\OTL.exePRC - [2009/12/17 11:06:41 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2009/10/09 02:18:10 | 26,805,255 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exePRC - [2009/07/15 12:07:18 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exePRC - [2008/04/28 05:14:00 | 00,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXEPRC - [2006/10/27 14:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Outlook\Office12\OUTLOOK.EXEPRC - [2006/10/26 23:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Outlook\Office12\GrooveMonitor.exePRC - [2006/06/22 19:28:24 | 02,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exePRC - [2006/06/22 00:03:50 | 02,478,080 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.binPRC - [2006/06/06 09:10:40 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exePRC - [2006/06/06 09:06:44 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exePRC - [2006/03/31 15:01:48 | 00,761,946 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exePRC - [2006/03/02 14:39:42 | 00,131,072 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exePRC - [2006/02/15 15:16:02 | 00,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exePRC - [2006/02/15 15:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exePRC - [2006/02/14 09:49:22 | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exePRC - [2006/01/10 11:23:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exePRC - [2005/12/23 11:44:26 | 00,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exePRC - [2005/12/12 14:00:46 | 00,088,203 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exePRC - [2005/05/20 08:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exePRC - [2002/12/31 14:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe  ========== Modules (SafeList) ========== MOD - [2009/12/18 14:59:20 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pantovic.s\My Documents\Downloads\OTL.exeMOD - [2006/08/25 16:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dllMOD - [2002/12/31 14:00:00 | 02,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll  ========== Win32 Services (SafeList) ========== SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Outlook\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)SRV - [2006/02/15 15:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)SRV - [2006/01/10 11:23:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)  ========== Driver Services (SafeList) ========== DRV - [2006/08/03 19:56:01 | 00,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)DRV - [2006/06/06 09:32:54 | 01,168,860 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)DRV - [2006/04/28 16:12:40 | 00,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)DRV - [2006/03/31 14:41:40 | 00,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)DRV - [2006/02/28 13:36:20 | 00,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)DRV - [2006/02/15 14:59:52 | 00,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)DRV - [2006/02/15 14:56:58 | 01,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)DRV - [2006/02/15 14:54:46 | 00,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)DRV - [2006/02/15 14:54:40 | 00,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)DRV - [2006/02/15 14:54:10 | 00,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)DRV - [2006/02/15 14:51:22 | 00,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)DRV - [2005/12/12 14:00:46 | 01,120,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)DRV - [2005/09/19 12:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)DRV - [2005/09/19 12:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)DRV - [2005/09/19 12:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)DRV - [2005/08/05 10:33:56 | 00,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)DRV - [2005/06/07 13:53:46 | 00,152,960 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService)DRV - [2005/01/07 16:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2002/12/31 14:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)DRV - [2002/12/31 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com"FF - prefs.js..browser.search.defaultenginename: "Ask.com"FF - prefs.js..browser.search.order.1: "Ask.com"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 13:38:44 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 11:06:47 | 00,000,000 | ---D | M] [2009/08/25 13:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\pantovic.s\Application Data\Mozilla\Extensions[2009/12/03 09:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\pantovic.s\Application Data\Mozilla\Firefox\Profiles\tcj1louo.default\extensions[2009/12/02 12:45:19 | 00,002,255 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Application Data\Mozilla\Firefox\Profiles\tcj1louo.default\searchplugins\askcom.xml[2009/12/18 14:04:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1       localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Outlook\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Outlook\Office12\GrooveMonitor.exe (Microsoft Corporation)O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)O4 - Startup: C:\Documents and Settings\pantovic.s\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe ()O4 - Startup: C:\Documents and Settings\pantovic.s\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 1800O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Outlook\Office12\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Outlook\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Outlook\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Outlook\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} https://secure.24x7.rs/MarfinBank/Corporate...etSetPlugIn.cab (NetSeTManager Class)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RedStar.localO18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Outlook\Office12\GrooveSystemServices.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Outlook\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/21 14:00:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2009/10/29 10:26:31 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009/10/29 10:26:31 | 00,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009/10/29 10:26:31 | 00,000,000 | R--D | M] - Y:\autorun.inf -- [ NTFS ]O33 - MountPoints2\{0f68332c-e4a1-11de-ad4c-0014a5afaf09}\Shell - "" = AutoRunO33 - MountPoints2\{0f68332c-e4a1-11de-ad4c-0014a5afaf09}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{0f68332c-e4a1-11de-ad4c-0014a5afaf09}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not foundO33 - MountPoints2\{147df181-e89b-11de-ad53-0014a5afaf09}\Shell - "" = AutoRunO33 - MountPoints2\{147df181-e89b-11de-ad53-0014a5afaf09}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{147df182-e89b-11de-ad53-0014a5afaf09}\Shell - "" = AutoRunO33 - MountPoints2\{147df182-e89b-11de-ad53-0014a5afaf09}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{147df182-e89b-11de-ad53-0014a5afaf09}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not foundO33 - MountPoints2\{4f8ee151-a43d-11de-acef-0014a5afaf09}\Shell - "" = AutoRunO33 - MountPoints2\{4f8ee151-a43d-11de-acef-0014a5afaf09}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{fc02a4a6-e3d9-11de-ad4b-0014a5afaf09}\Shell - "" = AutoRunO33 - MountPoints2\{fc02a4a6-e3d9-11de-ad4b-0014a5afaf09}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\F\Shell - "" = AutoRunO33 - MountPoints2\F\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not foundO34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/18 11:23:45 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy[2009/12/18 11:23:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy[2009/12/14 14:16:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Application Data\U3[2009/12/14 12:17:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Desktop\MARAKANA[2009/12/14 11:31:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Desktop\GINGER[2009/12/09 15:48:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\My Documents\TICKETING[2009/12/09 14:11:13 | 00,000,000 | ---D | C] -- C:\Program Files\Telenor Internet[2009/12/08 15:16:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Desktop\SLIKE PORTUGALCI[2009/12/04 16:35:16 | 00,000,000 | -HSD | C] -- C:\RECYCLER[2009/12/04 16:28:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp[2009/12/04 14:44:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2009/12/03 14:52:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\My Documents\Konferencije za Å¡tampu[2009/12/03 12:42:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Application Data\Malwarebytes[2009/12/03 12:42:44 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009/12/03 12:42:43 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009/12/03 12:42:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009/12/03 12:42:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2009/12/03 10:08:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Application Data\vlc[2009/12/03 10:07:03 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN[2009/12/03 09:59:56 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\pantovic.s\Recent[2009/12/03 09:56:51 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner[2009/11/18 16:30:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\My Documents\PRIPREME[2009/09/28 22:47:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft[2007/06/09 17:01:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft[2006/09/21 14:04:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft[2006/09/21 14:00:23 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/18 15:02:29 | 00,271,360 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\archive.pst[2009/12/18 15:01:12 | 03,145,728 | -H-- | M] () -- C:\Documents and Settings\pantovic.s\NTUSER.DAT[2009/12/18 14:47:11 | 00,412,989 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\English.zip[2009/12/18 14:29:15 | 00,120,832 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\EXPRESS MAIL ugovor.doc[2009/12/18 14:26:39 | 00,089,600 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\Aneks ugovora express mail.doc[2009/12/18 12:09:25 | 00,077,824 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\PUNOMOCJE.doc[2009/12/18 10:54:18 | 00,081,920 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\Za komisiju.doc[2009/12/18 09:37:10 | 00,520,014 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2009/12/18 09:37:10 | 00,439,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2009/12/18 09:37:10 | 00,071,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2009/12/18 09:32:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009/12/18 09:32:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009/12/18 09:32:54 | 52,788,0192 | -HS- | M] () -- C:\hiberfil.sys[2009/12/17 17:29:35 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\pantovic.s\ntuser.ini[2009/12/17 17:21:53 | 00,579,584 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\RED STAR - JV agreement 16-10-2009-1-redigovano.doc[2009/12/17 16:39:58 | 04,835,420 | -H-- | M] () -- C:\Documents and Settings\pantovic.s\Local Settings\Application Data\IconCache.db[2009/12/17 16:25:45 | 01,691,620 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Visit- Portugalci.rar[2009/12/17 14:06:51 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Ardian Đokaj.doc[2009/12/17 14:01:59 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Vladimir Stojković.doc[2009/12/17 10:04:20 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009/12/16 16:05:04 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\menadzerske komisije od maja.xls[2009/12/15 13:30:41 | 00,734,148 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Majica brendiranje Crvena Zvezda preview.jpg[2009/12/15 11:14:32 | 00,076,288 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\press konf.doc[2009/12/15 09:55:42 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2009/12/15 09:55:40 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/12/11 11:43:02 | 00,084,992 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Turnir 23.12.2009. FK Crvena zvezda.doc[2009/12/11 11:26:37 | 00,069,632 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\VMA.doc[2009/12/11 10:19:40 | 00,076,800 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\HERTHA.doc[2009/12/11 10:13:11 | 00,216,576 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Pravna komisija Denkovic Stefan.doc[2009/12/07 13:34:37 | 00,082,944 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\DANILO KUZMANOVIC.doc[2009/12/07 12:18:11 | 00,082,944 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\DANILO KUZMANOVIC----engleski.doc[2009/12/04 16:26:57 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2009/12/03 10:00:31 | 00,091,318 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\cc_20091203_100019.reg[2009/12/03 09:50:06 | 00,450,518 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Slika 156.jpg[2009/12/03 09:50:04 | 00,446,310 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Slika 155.jpg[2009/12/03 09:49:57 | 04,659,712 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Predlog saradnje - kompanija Bambi.ppt[2009/11/27 14:15:39 | 00,049,664 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Memorandum o sporazumu.doc[2009/11/26 15:02:40 | 00,118,570 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\sabor-sli.xlsx[2009/11/25 12:56:54 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\filip djuricic.xls[2009/11/24 12:41:38 | 03,373,568 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Infrastrucure of Red Star.ppt[2009/11/24 11:09:03 | 00,078,848 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\dopis.doc[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/18 14:47:11 | 00,412,989 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\English.zip[2009/12/18 14:05:05 | 00,120,832 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\EXPRESS MAIL ugovor.doc[2009/12/18 14:04:56 | 00,089,600 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\Aneks ugovora express mail.doc[2009/12/18 12:09:25 | 00,077,824 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\PUNOMOCJE.doc[2009/12/17 17:21:52 | 00,579,584 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\RED STAR - JV agreement 16-10-2009-1-redigovano.doc[2009/12/17 16:25:44 | 01,691,620 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Visit- Portugalci.rar[2009/12/17 15:59:44 | 00,081,920 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\Za komisiju.doc[2009/12/17 10:49:16 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Vladimir Stojković.doc[2009/12/17 10:47:01 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Ardian Đokaj.doc[2009/12/16 16:05:03 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\menadzerske komisije od maja.xls[2009/12/15 13:30:41 | 00,734,148 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Majica brendiranje Crvena Zvezda preview.jpg[2009/12/15 11:14:31 | 00,076,288 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\press konf.doc[2009/12/11 11:25:31 | 00,084,992 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Turnir 23.12.2009. FK Crvena zvezda.doc[2009/12/11 10:49:10 | 00,069,632 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\VMA.doc[2009/12/07 12:18:11 | 00,082,944 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\DANILO KUZMANOVIC----engleski.doc[2009/12/07 11:59:50 | 00,082,944 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\DANILO KUZMANOVIC.doc[2009/12/03 12:49:56 | 52,788,0192 | -HS- | C] () -- C:\hiberfil.sys[2009/12/03 10:00:23 | 00,091,318 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\cc_20091203_100019.reg[2009/12/03 09:50:06 | 00,450,518 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Slika 156.jpg[2009/12/03 09:50:04 | 00,446,310 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Slika 155.jpg[2009/12/03 09:49:57 | 04,659,712 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Predlog saradnje - kompanija Bambi.ppt[2009/11/25 12:56:53 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\filip djuricic.xls[2009/11/24 12:31:02 | 03,373,568 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Infrastrucure of Red Star.ppt[2009/11/20 12:31:54 | 00,078,848 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\dopis.doc[2009/11/13 11:02:00 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2009/10/07 09:26:02 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll[2009/09/28 14:32:44 | 00,034,304 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2007/08/10 17:08:32 | 00,071,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2006/10/12 15:09:10 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2006/09/22 09:17:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2006/02/15 15:04:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll[2004/03/03 04:06:00 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll[2002/12/31 14:00:00 | 00,162,133 | RHS- | C] () -- C:\WINDOWS\System32\kthib.dll[2002/12/31 14:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll[2002/12/31 14:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys[2002/05/15 21:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest[2002/05/03 14:40:32 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL[2001/11/23 16:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest[2001/11/14 11:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== Files - Unicode (All) ==========[2009/12/08 15:20:57 | 11,868,160 | ---- | M] ()(C:\Documents and Settings\pantovic.s\My Documents\?? - ?? ??.ppt) -- C:\Documents and Settings\pantovic.s\My Documents\ФК Црвена звезда - презентација за спонзоре.ppt[2009/12/08 10:49:19 | 00,082,944 | ---- | M] ()(C:\Documents and Settings\pantovic.s\My Documents\ ??.doc) -- C:\Documents and Settings\pantovic.s\My Documents\РАНЂЕЛ ПЕТРОВИЋ.doc[2009/12/07 12:37:59 | 00,020,480 | ---- | M] ()(C:\Documents and Settings\pantovic.s\My Documents\ ?.xls) -- C:\Documents and Settings\pantovic.s\My Documents\данило кузмановић.xls[2009/12/07 12:37:58 | 00,020,480 | ---- | C] ()(C:\Documents and Settings\pantovic.s\My Documents\ ?.xls) -- C:\Documents and Settings\pantovic.s\My Documents\данило кузмановић.xls[2009/12/07 10:33:55 | 00,082,944 | ---- | C] ()(C:\Documents and Settings\pantovic.s\My Documents\ ??.doc) -- C:\Documents and Settings\pantovic.s\My Documents\РАНЂЕЛ ПЕТРОВИЋ.doc[2009/11/23 16:37:29 | 11,868,160 | ---- | C] ()(C:\Documents and Settings\pantovic.s\My Documents\?? - ?? ??.ppt) -- C:\Documents and Settings\pantovic.s\My Documents\ФК Црвена звезда - презентација за спонзоре.ppt ========== Alternate Data Streams ========== @Alternate Data Stream - 68 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\zipfldr.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\XpsSvcs.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\XPSSHHDR.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp2res.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp1res.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpob2res.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcsvc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcsapi.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcdlg.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wups2.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wups.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WUDFx.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WudfSvc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WudfPlatform.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WudfHost.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WUDFCoinstaller.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauserv.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaucpl.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshtcpip.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshom.ocx:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshext.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshcon.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscui.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscsvc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscript.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscntfy.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdshextres.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WpdShext.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wow32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVDECOD.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpui.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpps.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpmde.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmploc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMPhoto.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpeffects.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpcore.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpcd.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winrnr.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winlogon.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winipsec.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WindowsCodecsExt.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WindowsCodecs.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\win32spl.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wiashext.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\webcheck.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wdmaud.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\watchdog.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w32time.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vssvc.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vssapi.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\verclsid.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vdmdbg.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vbscript.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vbajet32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\userinit.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usbmon.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\url.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ups.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\upnp.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\untfs.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uniplat.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unimdmat.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unimdm.tsp:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\umpnpmgr.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ulib.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tzchange.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\txflog.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\twext.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsgqec.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsddd.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsbyuv.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\trkwks.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tourstart.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tlntsvr.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timedate.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\themeui.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\termsrv.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcpmon.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapisrv.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sysdm.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynTPAPI.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynCOM.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\storprop.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stobject.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sti_ci.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sti.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole2.tlb:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sstext3d.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssstars.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sspipes.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssmyst.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssmypics.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssmarque.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssflwbox.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssdpsrv.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssbezier.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ss3dfo.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srvsvc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srsvc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srrstr.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spupdsvc.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spoolsv.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spoolss.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spmsg.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spider.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sorttbls.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sortkey.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\softpub.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smss.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smlogsvc.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smlogcfg.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\slayerxp.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sl_anet.acm:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sirenacm.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shmgrate.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shgina.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shdoclc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfcfiles.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc_os.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sessmgr.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\services.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\senscfg.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sens.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\seclogon.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sdhcinst.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scrobj.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scrnsave.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\schedsvc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\scardsvr.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rtutils.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rshx32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rsaenh.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rpcss.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\riched32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\riched20.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rhttpaa.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\remotepg.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regsvr32.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\regsvc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rdpdd.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rdpcfgex.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rastls.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rastapi.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasppp.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasman.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\raschap.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\racpldlg.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\quartz.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\qmgr.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pstorsvc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pstorec.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psbase.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psapi.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\progman.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\prntvpt.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\printui.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\powercfg.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PostProc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceWMDRM.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceWiaCompat.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceTypes.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceClassExtension.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PortableDeviceApi.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pjlmon.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\photometadatahandler.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\perfctrs.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\pdh.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olethk32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olesvr32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olepro32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olecnv32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\olecli32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oleaccrc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ole32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.sig:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.dat:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oembios.bin:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcint.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbccp32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\odbcbcp.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\occache.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nwc.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\nusrmgr.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntvdm.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntshrui.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmsmgr.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntmarta.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntlsapi.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntkrnlpa.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdll.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\notepad.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\newdev.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netsetup.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netmsg.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netman.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netlogon.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netid.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netevent.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netdde.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ndptsp.tsp:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ncpa.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mydocs.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mycomput.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msyuv.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msxml3r.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mswstr10.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvidc32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcrt40.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcrt.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvbvm60.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msv1_0.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstsc.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstlsapi.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mstask.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msrle32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msprivs.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msports.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mspatcha.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msoert2.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msls31.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjtes40.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjter40.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjint40.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjetoledb40.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msjet40.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msisip.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msihnd.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msidntld.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msidle.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msident.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshtml.tlb:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mshearts.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msh263.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msh261.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdxm.ocx:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdtc.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdmo.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdelta.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msdart.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSCTF.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscories.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscoree.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\mscomctl.ocx:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msaud32.acm:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msadp32.acm:KAVICHS@Alternate Data Stream - 68 bytes -> C:&#

[maninneed]

OTL Extras logfile created on: 12/18/2009 2:59:35 PM - Run 1
OTL by OldTimer - Version 3.1.18.0     Folder = C:\Documents and Settings\pantovic.s\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
503.36 Mb Total Physical Memory | 54.57 Mb Available Physical Memory | 10.84% Memory free
1.94 Gb Paging File | 1.51 Gb Available in Paging File | 77.72% Paging File free
Paging file location(s): Y:\pagefile.sys 1512 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 4.57 Gb Free Space | 23.39% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 34.41 Gb Total Space | 20.24 Gb Free Space | 58.81% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Y: | 1.95 Gb Total Space | 0.46 Gb Free Space | 23.79% Space Free | Partition Type: NTFS
 
Computer Name: GENSEKRETAR
Current User Name: pantovic.s
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Outlook\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"7593:TCP" = 7593:TCP:*:Enabled:ocbwn
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"7593:TCP" = 7593:TCP:*:Enabled:ocbwn
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Outlook\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Outlook\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Outlook\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Outlook\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Outlook\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Outlook\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"C:\Documents and Settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\pantovic.s\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- File not found
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype  -- (Skype Technologies S.A.)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 D2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{686BB230-DE5B-44F4-8DB0-4F9BEE7310F7}" = OpenOffice.org 2.0
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AC76BA86-7AD7-5676-5A64-E98530000001}" = Extended Language Support Fonts Package
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"BitLord" = BitLord 1.1
"Burn4Free" = Burn4Free CD and DVD
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"PokerStars" = PokerStars
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 12/18/2009 9:54:37 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:54:37 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:54:39 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:54:39 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:54:39 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:54:39 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:54:39 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:54:39 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/18/2009 9:55:04 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The server name or address could not be resolved  
 
Error - 12/18/2009 9:55:18 AM | Computer Name = GENSEKRETAR | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The server name or address could not be resolved  
 
[ System Events ]
Error - 12/11/2009 4:41:58 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
Error - 12/14/2009 4:37:58 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
Error - 12/15/2009 4:53:16 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
Error - 12/16/2009 4:43:46 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
Error - 12/16/2009 5:01:25 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
Error - 12/17/2009 5:05:48 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
Error - 12/17/2009 5:05:48 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7018
Description = Detected circular dependencies auto-starting services.
 
Error - 12/17/2009 11:51:59 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
Error - 12/17/2009 11:52:52 AM | Computer Name = GENSEKRETAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
 arguments ""  in order to run the server:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 12/18/2009 4:34:32 AM | Computer Name = GENSEKRETAR | Source = Service Control Manager | ID = 7023
Description = The Time Microsoft service terminated with the following error:   %%1114
 
 
< End of report >

[guestolo]

I just want to double check on something
Open Hijackthis>>Open MISC TOOLS SECTION>>Open HOSTS FILE MANAGER
Click the Open in NOTEPAD ... button

Copy/Paste back here the Whole contents


In addition:
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

[maninneed]

This is the whole list:

127.0.0.1       localhost

Results of screen317's Security Check version 0.99.1     
 Windows XP Service Pack 2  
 [color=\"red\"]Out of date service pack!![/color]
``````````````````````````````
Antivirus/Firewall Check:
 [color=\"red\"]Windows Security Center service is not running! This report may not be accurate![/color]
 Windows Firewall Enabled!  
 WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
 Spybot - Search & Destroy
 HijackThis 2.0.2    
 CCleaner    
 Adobe Flash Player 10  
Adobe Reader 7.0.8
[color=\"red\"]Out of date Adobe Reader installed![/color]
``````````````````````````````
Process Check:  
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
 POOR! (Vulnerable to DNS cache poisoning!!-- Consider OPENDNS)

`````````End of Log```````````

[guestolo]

Sorry for the delay, got  busy with Xmas and all
Are you still in need of a hand?
Can you do the following if you are
Reopen OTL.exe, run a fresh scan and post the new log that opens

[maninneed]

Hi,I have installed AVG in the meantime but it didnt help very muchOTL logfile created on: 12/28/2009 10:07:13 AM - Run 2OTL by OldTimer - Version 3.1.20.1     Folder = C:\Documents and Settings\pantovic.s\My Documents\DownloadsWindows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 503.00 Mb Total Physical Memory | 86.00 Mb Available Physical Memory | 17.00% Memory free2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File freePaging file location(s): Y:\pagefile.sys 1512 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 19.53 Gb Total Space | 7.32 Gb Free Space | 37.46% Space Free | Partition Type: NTFSD: Drive not present or media not loadedDrive E: | 34.41 Gb Total Space | 20.23 Gb Free Space | 58.78% Space Free | Partition Type: NTFSF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive Y: | 1.95 Gb Total Space | 0.46 Gb Free Space | 23.29% Space Free | Partition Type: NTFS Computer Name: GENSEKRETARCurrent User Name: pantovic.sLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2009/12/28 10:06:59 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pantovic.s\My Documents\Downloads\OTL(2).exePRC - [2009/12/24 10:35:33 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exePRC - [2009/12/24 10:35:32 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exePRC - [2009/12/23 13:49:23 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exePRC - [2009/12/23 13:49:22 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exePRC - [2009/12/23 13:49:22 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exePRC - [2009/12/23 13:49:21 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exePRC - [2009/12/23 13:49:14 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exePRC - [2009/12/23 13:49:13 | 00,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exePRC - [2009/12/23 13:49:11 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exePRC - [2009/12/17 11:06:41 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exePRC - [2009/10/09 02:18:10 | 26,805,255 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exePRC - [2008/04/28 05:14:00 | 00,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXEPRC - [2006/10/27 14:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Outlook\Office12\OUTLOOK.EXEPRC - [2006/10/26 23:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Outlook\Office12\GrooveMonitor.exePRC - [2006/06/22 19:28:24 | 02,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exePRC - [2006/06/22 00:03:50 | 02,478,080 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.binPRC - [2006/06/06 09:10:40 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exePRC - [2006/06/06 09:06:44 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exePRC - [2006/03/31 15:01:48 | 00,761,946 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exePRC - [2006/03/02 14:39:42 | 00,131,072 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exePRC - [2006/02/15 15:16:02 | 00,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exePRC - [2006/02/15 15:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exePRC - [2006/02/14 09:49:22 | 00,454,656 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exePRC - [2006/01/10 11:23:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exePRC - [2005/12/23 11:44:26 | 00,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exePRC - [2005/12/12 14:00:46 | 00,088,203 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exePRC - [2005/05/20 08:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exePRC - [2002/12/31 14:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe  ========== Modules (SafeList) ========== MOD - [2009/12/28 10:06:59 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pantovic.s\My Documents\Downloads\OTL(2).exeMOD - [2006/08/25 16:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dllMOD - [2002/12/31 14:00:00 | 02,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll  ========== Win32 Services (SafeList) ========== SRV - [2009/12/24 10:35:32 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)SRV - [2009/12/23 13:49:11 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)SRV - [2007/04/16 16:52:53 | 00,162,133 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\kthib.dll -- (hajwnjal)SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Outlook\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)SRV - [2006/02/15 15:09:20 | 00,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)SRV - [2006/01/10 11:23:56 | 00,098,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)  ========== Driver Services (SafeList) ========== DRV - [2009/12/23 13:49:48 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)DRV - [2009/12/23 13:49:47 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)DRV - [2009/12/23 13:49:42 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)DRV - [2009/12/23 13:49:40 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)DRV - [2006/08/03 19:56:01 | 00,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)DRV - [2006/06/06 09:32:54 | 01,168,860 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)DRV - [2006/04/28 16:12:40 | 00,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)DRV - [2006/03/31 14:41:40 | 00,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)DRV - [2006/02/28 13:36:20 | 00,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)DRV - [2006/02/15 14:59:52 | 00,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)DRV - [2006/02/15 14:56:58 | 01,342,570 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)DRV - [2006/02/15 14:54:46 | 00,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)DRV - [2006/02/15 14:54:40 | 00,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)DRV - [2006/02/15 14:54:10 | 00,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)DRV - [2006/02/15 14:51:22 | 00,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)DRV - [2005/12/12 14:00:46 | 01,120,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)DRV - [2005/09/19 12:24:20 | 00,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)DRV - [2005/09/19 12:24:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)DRV - [2005/09/19 12:23:52 | 00,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)DRV - [2005/08/05 10:33:56 | 00,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)DRV - [2005/06/07 13:53:46 | 00,152,960 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService)DRV - [2005/01/07 16:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2002/12/31 14:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)DRV - [2002/12/31 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com"FF - prefs.js..browser.search.defaultenginename: "Ask.com"FF - prefs.js..browser.search.order.1: "Ask.com"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/23 13:49:09 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 13:38:44 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/24 10:35:51 | 00,000,000 | ---D | M] [2009/08/25 13:26:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\pantovic.s\Application Data\Mozilla\Extensions[2009/12/03 09:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\pantovic.s\Application Data\Mozilla\Firefox\Profiles\tcj1louo.default\extensions[2009/12/02 12:45:19 | 00,002,255 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Application Data\Mozilla\Firefox\Profiles\tcj1louo.default\searchplugins\askcom.xml[2009/12/25 14:53:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1       localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Outlook\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Outlook\Office12\GrooveMonitor.exe (Microsoft Corporation)O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [Synchronization Manager] C:\WINDOWS\System32\mobsync.exe (Microsoft Corporation)O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)O4 - Startup: C:\Documents and Settings\pantovic.s\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe ()O4 - Startup: C:\Documents and Settings\pantovic.s\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 1800O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Outlook\Office12\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Outlook\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Outlook\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Outlook\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} https://secure.24x7.rs/MarfinBank/Corporate...etSetPlugIn.cab (NetSeTManager Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RedStar.localO18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Outlook\Office12\GrooveSystemServices.dll (Microsoft Corporation)O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Outlook\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/21 14:00:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O32 - AutoRun File - [2009/10/29 10:26:31 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009/10/29 10:26:31 | 00,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]O32 - AutoRun File - [2009/10/29 10:26:31 | 00,000,000 | R--D | M] - Y:\autorun.inf -- [ NTFS ]O33 - MountPoints2\{0f68332c-e4a1-11de-ad4c-0014a5afaf09}\Shell - "" = AutoRunO33 - MountPoints2\{0f68332c-e4a1-11de-ad4c-0014a5afaf09}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{0f68332c-e4a1-11de-ad4c-0014a5afaf09}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not foundO33 - MountPoints2\{147df181-e89b-11de-ad53-0014a5afaf09}\Shell - "" = AutoRunO33 - MountPoints2\{147df181-e89b-11de-ad53-0014a5afaf09}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{147df182-e89b-11de-ad53-0014a5afaf09}\Shell - "" = AutoRunO33 - MountPoints2\{147df182-e89b-11de-ad53-0014a5afaf09}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{147df182-e89b-11de-ad53-0014a5afaf09}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not foundO33 - MountPoints2\{4f8ee151-a43d-11de-acef-0014a5afaf09}\Shell - "" = AutoRunO33 - MountPoints2\{4f8ee151-a43d-11de-acef-0014a5afaf09}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{fc02a4a6-e3d9-11de-ad4b-0014a5afaf09}\Shell - "" = AutoRunO33 - MountPoints2\{fc02a4a6-e3d9-11de-ad4b-0014a5afaf09}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\F\Shell - "" = AutoRunO33 - MountPoints2\F\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not foundO34 - HKLM BootExecute: (autocheck autochk *) -  File not foundO35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/25 16:37:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Desktop\clipping[2009/12/24 13:59:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Desktop\STEFAN ZVEZDA CLIPPING[2009/12/24 10:35:51 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll[2009/12/24 10:35:51 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe[2009/12/24 10:35:51 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl[2009/12/24 10:35:50 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe[2009/12/24 10:35:50 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe[2009/12/24 10:35:25 | 00,000,000 | ---D | C] -- C:\Program Files\Java[2009/12/24 10:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Application Data\Sun[2009/12/23 16:01:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\My Documents\Master in Sports Marketing and Communication[2009/12/23 13:50:01 | 00,000,000 | -H-D | C] -- C:\$AVG[2009/12/23 13:49:48 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys[2009/12/23 13:49:48 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll[2009/12/23 13:49:47 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys[2009/12/23 13:49:41 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys[2009/12/23 13:49:40 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys[2009/12/23 13:49:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg[2009/12/23 13:49:08 | 00,000,000 | ---D | C] -- C:\Program Files\AVG[2009/12/23 13:49:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9[2009/12/23 13:48:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft[2009/12/23 13:48:23 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft[2009/12/23 13:48:23 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft[2009/12/23 13:43:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Contacts[2009/12/18 11:23:45 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy[2009/12/18 11:23:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy[2009/12/14 14:16:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Application Data\U3[2009/12/14 12:17:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\My Documents\MARAKANA[2009/12/14 11:31:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\My Documents\GINGER[2009/12/09 15:48:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\My Documents\TICKETING[2009/12/09 14:11:13 | 00,000,000 | ---D | C] -- C:\Program Files\Telenor Internet[2009/12/08 15:16:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\My Documents\SLIKE PORTUGALCI[2009/12/04 16:35:16 | 00,000,000 | -HSD | C] -- C:\RECYCLER[2009/12/04 16:28:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp[2009/12/04 14:44:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2009/12/03 14:52:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\My Documents\Konferencije za Å¡tampu[2009/12/03 12:42:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Application Data\Malwarebytes[2009/12/03 12:42:44 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2009/12/03 12:42:43 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2009/12/03 12:42:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009/12/03 12:42:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2009/12/03 10:08:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\pantovic.s\Application Data\vlc[2009/12/03 10:07:03 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN[2009/12/03 09:59:56 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\pantovic.s\Recent[2009/12/03 09:56:51 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner[2007/06/09 17:01:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\Documents and Settings\pantovic.s\My Documents\*.tmp files -> C:\Documents and Settings\pantovic.s\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/28 10:13:31 | 00,271,360 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\archive.pst[2009/12/28 09:58:58 | 47,117,356 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm[2009/12/28 09:55:26 | 00,439,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2009/12/28 09:55:25 | 00,071,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2009/12/28 09:55:24 | 00,520,014 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2009/12/28 09:53:56 | 00,128,036 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg[2009/12/28 09:50:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2009/12/28 09:50:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2009/12/28 09:50:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2009/12/28 09:50:15 | 52,788,0192 | -HS- | M] () -- C:\hiberfil.sys[2009/12/25 17:10:04 | 03,145,728 | -H-- | M] () -- C:\Documents and Settings\pantovic.s\NTUSER.DAT[2009/12/25 17:09:40 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\pantovic.s\ntuser.ini[2009/12/25 16:50:05 | 03,881,817 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\clipping.rar[2009/12/25 16:49:32 | 01,407,976 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\2512.rar[2009/12/25 16:37:17 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\Ugovori profesionalni pravna služba'92-'93.doc[2009/12/25 16:35:13 | 00,760,614 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\cvetkovic.jpg[2009/12/25 16:02:02 | 00,760,614 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\cvetkovic izjava.jpg[2009/12/25 13:01:03 | 00,009,136 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\0_15342_198293226855_707251855_3598421_2656288_n-1d11446eef4d880f08b331412c8e4235_portrait.jpg[2009/12/24 15:33:18 | 00,082,944 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\IzveÅ¡taj o otpisu dugovanja Castillo.doc[2009/12/24 15:27:13 | 00,081,408 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\IzveÅ¡taj o otpisu dugovanja.doc[2009/12/24 13:31:23 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\zbirna_lista 08[1].12..zip[2009/12/24 10:35:32 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll[2009/12/24 10:35:32 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe[2009/12/24 10:35:32 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe[2009/12/24 10:35:32 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe[2009/12/24 10:35:32 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl[2009/12/24 10:32:26 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2009/12/23 17:02:56 | 05,896,410 | -H-- | M] () -- C:\Documents and Settings\pantovic.s\Local Settings\Application Data\IconCache.db[2009/12/23 15:19:57 | 00,237,568 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\tekst zakona o sprecavanju nasilja koji treba da stoji na poledjini karte.doc[2009/12/23 13:49:48 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys[2009/12/23 13:49:48 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll[2009/12/23 13:49:48 | 00,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk[2009/12/23 13:49:47 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys[2009/12/23 13:49:42 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys[2009/12/23 13:49:40 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm[2009/12/23 13:49:40 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys[2009/12/23 13:49:32 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg[2009/12/23 13:49:32 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg[2009/12/23 13:38:34 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/12/22 16:06:19 | 00,270,336 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\cole-engleski.doc[2009/12/22 14:30:06 | 00,440,832 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\cole.doc[2009/12/22 13:37:00 | 00,128,000 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\EXPRESS MAIL ugovor.doc[2009/12/22 13:34:37 | 00,087,040 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\Aneks ugovora express mail.doc[2009/12/21 16:12:16 | 03,072,054 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\screen.bmp[2009/12/18 14:47:11 | 00,412,989 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\English.zip[2009/12/18 12:09:25 | 00,077,824 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\PUNOMOCJE.doc[2009/12/18 10:54:18 | 00,081,920 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\Otpis.doc[2009/12/17 17:21:53 | 00,579,584 | ---- | M] () -- C:\Documents and Settings\pantovic.s\Desktop\RED STAR - JV agreement 16-10-2009-1-redigovano.doc[2009/12/17 16:25:45 | 01,691,620 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Visit- Portugalci.rar[2009/12/17 14:06:51 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Ardian Đokaj.doc[2009/12/17 14:01:59 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Vladimir Stojković.doc[2009/12/16 16:05:04 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\menadzerske komisije od maja.xls[2009/12/15 13:30:41 | 00,734,148 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Majica brendiranje Crvena Zvezda preview.jpg[2009/12/15 11:14:32 | 00,076,288 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\press konf.doc[2009/12/11 11:43:02 | 00,084,992 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Turnir 23.12.2009. FK Crvena zvezda.doc[2009/12/11 11:26:37 | 00,069,632 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\VMA.doc[2009/12/11 10:19:40 | 00,076,800 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\HERTHA.doc[2009/12/11 10:13:11 | 00,216,576 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Pravna komisija Denkovic Stefan.doc[2009/12/07 13:34:37 | 00,082,944 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\DANILO KUZMANOVIC.doc[2009/12/07 12:18:11 | 00,082,944 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\DANILO KUZMANOVIC----engleski.doc[2009/12/04 16:26:57 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini[2009/12/03 10:00:31 | 00,091,318 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\cc_20091203_100019.reg[2009/12/03 09:50:06 | 00,450,518 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Slika 156.jpg[2009/12/03 09:50:04 | 00,446,310 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Slika 155.jpg[2009/12/03 09:49:57 | 04,659,712 | ---- | M] () -- C:\Documents and Settings\pantovic.s\My Documents\Predlog saradnje - kompanija Bambi.ppt[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ][1 C:\Documents and Settings\pantovic.s\My Documents\*.tmp files -> C:\Documents and Settings\pantovic.s\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/25 16:50:03 | 03,881,817 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\clipping.rar[2009/12/25 16:49:32 | 01,407,976 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\2512.rar[2009/12/25 16:37:17 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\Ugovori profesionalni pravna služba'92-'93.doc[2009/12/25 16:35:13 | 00,760,614 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\cvetkovic.jpg[2009/12/25 16:02:00 | 00,760,614 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\cvetkovic izjava.jpg[2009/12/25 13:00:57 | 00,009,136 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\0_15342_198293226855_707251855_3598421_2656288_n-1d11446eef4d880f08b331412c8e4235_portrait.jpg[2009/12/24 15:26:40 | 00,082,944 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\IzveÅ¡taj o otpisu dugovanja Castillo.doc[2009/12/24 13:31:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\zbirna_lista 08[1].12..zip[2009/12/24 11:26:52 | 00,081,408 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\IzveÅ¡taj o otpisu dugovanja.doc[2009/12/23 15:19:55 | 00,237,568 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\tekst zakona o sprecavanju nasilja koji treba da stoji na poledjini karte.doc[2009/12/23 13:49:48 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk[2009/12/23 13:49:40 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm[2009/12/23 13:49:32 | 47,117,356 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm[2009/12/23 13:49:32 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg[2009/12/23 13:49:32 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg[2009/12/23 13:49:32 | 00,128,036 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg[2009/12/22 16:06:18 | 00,270,336 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\cole-engleski.doc[2009/12/22 14:30:06 | 00,440,832 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\cole.doc[2009/12/21 16:12:15 | 03,072,054 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\screen.bmp[2009/12/18 14:47:11 | 00,412,989 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\English.zip[2009/12/18 14:05:05 | 00,128,000 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\EXPRESS MAIL ugovor.doc[2009/12/18 14:04:56 | 00,087,040 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\Aneks ugovora express mail.doc[2009/12/18 12:09:25 | 00,077,824 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\PUNOMOCJE.doc[2009/12/17 17:21:52 | 00,579,584 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\RED STAR - JV agreement 16-10-2009-1-redigovano.doc[2009/12/17 16:25:44 | 01,691,620 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Visit- Portugalci.rar[2009/12/17 15:59:44 | 00,081,920 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Desktop\Otpis.doc[2009/12/17 10:49:16 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Vladimir Stojković.doc[2009/12/17 10:47:01 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Ardian Đokaj.doc[2009/12/16 16:05:03 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\menadzerske komisije od maja.xls[2009/12/15 13:30:41 | 00,734,148 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Majica brendiranje Crvena Zvezda preview.jpg[2009/12/15 11:14:31 | 00,076,288 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\press konf.doc[2009/12/11 11:25:31 | 00,084,992 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Turnir 23.12.2009. FK Crvena zvezda.doc[2009/12/11 10:49:10 | 00,069,632 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\VMA.doc[2009/12/07 12:18:11 | 00,082,944 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\DANILO KUZMANOVIC----engleski.doc[2009/12/07 11:59:50 | 00,082,944 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\DANILO KUZMANOVIC.doc[2009/12/03 12:49:56 | 52,788,0192 | -HS- | C] () -- C:\hiberfil.sys[2009/12/03 10:00:23 | 00,091,318 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\cc_20091203_100019.reg[2009/12/03 09:50:06 | 00,450,518 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Slika 156.jpg[2009/12/03 09:50:04 | 00,446,310 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Slika 155.jpg[2009/12/03 09:49:57 | 04,659,712 | ---- | C] () -- C:\Documents and Settings\pantovic.s\My Documents\Predlog saradnje - kompanija Bambi.ppt[2009/11/13 11:02:00 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2009/10/07 09:26:02 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll[2009/09/28 14:32:44 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\pantovic.s\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2007/08/10 17:08:32 | 00,071,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2006/10/12 15:09:10 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2006/09/22 09:17:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini[2006/02/15 15:04:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll[2004/03/03 04:06:00 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll[2002/12/31 14:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll[2002/12/31 14:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys[2002/05/15 21:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest[2002/05/03 14:40:32 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL[2001/11/23 16:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest[2001/11/14 11:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== Files - Unicode (All) ==========[2009/12/23 13:31:36 | 00,021,504 | ---- | M] ()(C:\Documents and Settings\pantovic.s\My Documents\?? .xls) -- C:\Documents and Settings\pantovic.s\My Documents\попис табела.xls[2009/12/23 13:31:36 | 00,021,504 | ---- | C] ()(C:\Documents and Settings\pantovic.s\My Documents\?? .xls) -- C:\Documents and Settings\pantovic.s\My Documents\попис табела.xls[2009/12/23 13:31:17 | 00,081,408 | ---- | M] ()(C:\Documents and Settings\pantovic.s\My Documents\??.doc) -- C:\Documents and Settings\pantovic.s\My Documents\ПОПИС.doc[2009/12/23 13:15:43 | 00,081,408 | ---- | C] ()(C:\Documents and Settings\pantovic.s\My Documents\??.doc) -- C:\Documents and Settings\pantovic.s\My Documents\ПОПИС.doc[2009/12/08 15:20:57 | 11,868,160 | ---- | M] ()(C:\Documents and Settings\pantovic.s\My Documents\?? - ?? ??.ppt) -- C:\Documents and Settings\pantovic.s\My Documents\ФК Црвена звезда - презентација за спонзоре.ppt[2009/12/08 10:49:19 | 00,082,944 | ---- | M] ()(C:\Documents and Settings\pantovic.s\My Documents\ ??.doc) -- C:\Documents and Settings\pantovic.s\My Documents\РАНЂЕЛ ПЕТРОВИЋ.doc[2009/12/07 12:37:59 | 00,020,480 | ---- | M] ()(C:\Documents and Settings\pantovic.s\My Documents\ ?.xls) -- C:\Documents and Settings\pantovic.s\My Documents\данило кузмановић.xls[2009/12/07 12:37:58 | 00,020,480 | ---- | C] ()(C:\Documents and Settings\pantovic.s\My Documents\ ?.xls) -- C:\Documents and Settings\pantovic.s\My Documents\данило кузмановић.xls[2009/12/07 10:33:55 | 00,082,944 | ---- | C] ()(C:\Documents and Settings\pantovic.s\My Documents\ ??.doc) -- C:\Documents and Settings\pantovic.s\My Documents\РАНЂЕЛ ПЕТРОВИЋ.doc[2009/11/23 16:37:29 | 11,868,160 | ---- | C] ()(C:\Documents and Settings\pantovic.s\My Documents\?? - ?? ??.ppt) -- C:\Documents and Settings\pantovic.s\My Documents\ФК Црвена звезда - презентација за спонзоре.ppt ========== Alternate Data Streams ========== @Alternate Data Stream - 68 bytes -> C:\WINDOWS\wiaservc.log:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\zipfldr.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\XpsSvcs.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\XPSSHHDR.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp2res.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpsp1res.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\xpob2res.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcsvc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcsapi.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wzcdlg.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wups2.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wups.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wupdmgr.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WUDFx.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WudfSvc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WudfPlatform.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WudfHost.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WUDFCoinstaller.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuauserv.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaueng.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wuaucpl.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshtcpip.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshom.ocx:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshext.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wshcon.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscui.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscsvc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscript.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wscntfy.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WPDShServiceObj.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdshextres.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wpdshextautoplay.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WpdShext.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wow32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVXENCD.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVSENCD.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVSDECD.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVENCOD.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVDECOD.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpui.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpps.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpmde.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmploc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMPhoto.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpeffects.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpcore.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmpcd.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wmdrmsdk.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winrnr.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winlogon.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winipsec.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WindowsCodecsExt.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WindowsCodecs.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\win32spl.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wiashext.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\webcheck.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wdmaud.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\watchdog.sys:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\w32time.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vssvc.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vssapi.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga64k.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga256.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vga.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\verclsid.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vdmdbg.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vbscript.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vbajet32.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\utildll.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\userinit.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\user.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\usbmon.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\url.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ups.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\upnp.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\untfs.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uniplat.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unimdmat.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unimdm.tsp:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\unicode.nls:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\umpnpmgr.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ulib.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tzchange.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\txflog.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\twext.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsgqec.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsddd.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tsbyuv.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\trkwks.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tourstart.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tlntsvr.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\timedate.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\themeui.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\termsrv.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\telephon.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tcpmon.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapiui.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\tapisrv.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\systray.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sysdm.cpl:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynTPAPI.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SynCOM.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\streamci.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\storprop.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stobject.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sti_ci.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sti.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\stdole2.tlb:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sstext3d.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssstars.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sspipes.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssmyst.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssmypics.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssmarque.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssflwbox.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssdpsrv.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ssbezier.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ss3dfo.scr:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srvsvc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srsvc.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\srrstr.dll:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spupdsvc.exe:KAVICHS@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\spoolsv.ex

[maninneed]

extras cant seem to be on the desktop....

[guestolo]

Let's do the following
Download ComboFix from this location:

[color=\"#0000FF\"]Link [/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

[maninneed]

ComboFix 09-12-29.04 - pantovic.s 12/30/2009   9:37.6.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.503.149 [GMT 1:00]
Running from: c:\documents and settings\pantovic.s\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

-- Previous Run --

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

--------

Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
(((((((((((((((((((((((((   Files Created from 2009-11-28 to 2009-12-30  )))))))))))))))))))))))))))))))
.

2009-12-29 08:27 . 2009-12-23 12:49   360584   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-12-29 08:27 . 2009-12-23 12:49   502040   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsx.exe
2009-12-29 08:27 . 2009-12-23 12:49   12464   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsstx.dll
2009-12-29 08:27 . 2009-12-23 12:49   28424   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2009-12-29 08:24 . 2009-12-23 12:49   877848   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-12-29 08:24 . 2009-12-23 12:49   1657112   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-12-29 08:24 . 2009-12-23 12:49   798488   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2009-12-29 08:24 . 2009-12-23 12:49   610072   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-12-24 09:35 . 2009-12-24 09:35   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-24 09:35 . 2009-12-24 09:35   --------   d-----w-   c:\program files\Java
2009-12-24 09:34 . 2009-12-24 09:34   152576   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-24 09:34 . 2009-12-24 09:34   79488   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-23 12:50 . 2009-12-23 13:11   --------   d-----w-   C:\$AVG
2009-12-23 12:49 . 2009-12-29 08:26   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-12-23 12:49 . 2009-12-23 12:49   161800   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
2009-12-23 12:49 . 2009-12-29 08:26   360584   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-12-23 12:49 . 2009-12-23 12:49   333192   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-12-23 12:49 . 2009-12-29 08:26   28424   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-12-23 12:49 . 2009-12-30 08:19   --------   d-----w-   c:\windows\system32\drivers\Avg
2009-12-23 12:49 . 2009-12-23 12:49   --------   d-----w-   c:\program files\AVG
2009-12-23 12:49 . 2009-12-30 08:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2009-12-23 12:43 . 2009-12-23 12:43   --------   d-----w-   c:\documents and settings\pantovic.s\Contacts
2009-12-18 10:23 . 2009-12-18 11:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-18 10:23 . 2009-12-18 10:25   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-12-14 13:16 . 2009-12-14 13:16   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\U3
2009-12-09 13:11 . 2009-12-17 15:54   --------   d-----w-   c:\program files\Telenor Internet
2009-12-04 13:44 . 2009-12-04 13:44   --------   d-----w-   c:\program files\Trend Micro
2009-12-03 11:42 . 2009-12-03 11:42   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Malwarebytes
2009-12-03 11:42 . 2009-09-10 13:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 11:42 . 2009-12-03 11:42   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-12-03 11:42 . 2009-12-03 11:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-03 11:42 . 2009-09-10 13:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-12-03 09:08 . 2009-12-15 08:56   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\vlc
2009-12-03 09:07 . 2009-12-03 09:07   --------   d-----w-   c:\program files\VideoLAN
2009-12-03 08:56 . 2009-12-03 08:56   --------   d-----w-   c:\program files\CCleaner
2009-12-03 08:27 . 2009-12-03 08:27   --------   d-----w-   c:\documents and settings\suka.lj\Local Settings\Application Data\Mozilla

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 08:46 . 2009-11-10 13:01   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Dropbox
2009-12-30 08:45 . 2009-08-25 12:47   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\OpenOffice.org2
2009-12-29 11:36 . 2009-08-28 09:44   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Skype
2009-12-29 11:28 . 2009-08-28 09:53   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\skypePM
2009-12-23 12:42 . 2006-09-21 14:22   --------   d-----w-   c:\program files\MSN Messenger
2009-12-04 13:46 . 2009-09-07 13:34   --------   d-----w-   c:\program files\PokerStars
2009-12-03 12:49 . 2009-09-28 13:33   --------   d-----w-   c:\program files\BitLord
2009-11-17 10:26 . 2009-09-08 12:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-13 09:59 . 2009-11-13 09:59   --------   d-----w-   c:\program files\Ahead
2009-11-13 09:59 . 2009-11-13 09:59   --------   d-----w-   c:\program files\Common Files\Ahead
2009-11-11 14:49 . 2009-10-14 07:57   --------   d-----w-   c:\program files\Burn4Free
2009-11-10 13:02 . 2009-11-10 13:02   89962   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\Uninstall.exe
2009-11-09 12:33 . 2009-11-09 12:33   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Octoshape
2009-10-22 09:18 . 2009-10-22 09:18   15240   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2009-10-13 11:47 . 2009-10-13 11:47   71208   ----a-w-   c:\documents and settings\filipovic.n\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-09 01:18 . 2009-10-09 01:18   26805255   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe
2009-10-08 21:18 . 2009-10-08 21:18   499712   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\msvcp71.dll
2009-10-08 21:18 . 2009-10-08 21:18   348160   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\msvcr71.dll
2009-10-08 21:18 . 2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll
.

------- Sigcheck -------

[-] 2006-08-03 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((   SnapShot_2009-10-29_09.00.07   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 19:54 . 2009-07-11 19:54   65536              c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32   49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32   49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32   57344              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32   65536              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32   45056              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32   40960              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 00:07 . 2009-07-12 00:07   57856              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 00:19 . 2009-07-12 00:19   69632              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 18:41 . 2009-07-11 18:41   97280              c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-12-30 08:44 . 2009-12-30 08:44   16384              c:\windows\temp\Perflib_Perfdata_6c8.dat
+ 2009-10-23 10:50 . 2007-08-29 14:06   53248              c:\windows\system32\spool\drivers\w32x86\3\ZTAG.DLL
+ 2009-10-23 10:50 . 2007-08-29 14:06   61440              c:\windows\system32\spool\drivers\w32x86\3\ZSDNT5UI.DLL
+ 2009-10-23 10:50 . 2007-08-29 14:06   73728              c:\windows\system32\spool\drivers\w32x86\3\ZSDIMF.DLL
+ 2009-10-23 10:50 . 2007-08-29 14:06   57344              c:\windows\system32\spool\drivers\w32x86\3\ZQDPRINT.DLL
+ 2007-04-04 14:46 . 2007-08-29 14:06   65536              c:\windows\system32\spool\drivers\w32x86\3\ZJBIG.DLL
+ 2009-10-23 10:50 . 2007-08-29 14:06   57344              c:\windows\system32\spool\drivers\w32x86\3\ZIMFPRNT.DLL
+ 2009-10-23 10:50 . 2007-08-29 14:06   61440              c:\windows\system32\spool\drivers\w32x86\3\ZIMF.DLL
+ 2009-10-23 10:50 . 2007-08-29 14:06   98304              c:\windows\system32\spool\drivers\w32x86\3\ZGDI.DLL
+ 2007-01-19 11:53 . 2007-01-19 11:53   51056              c:\windows\system32\sirenacm.dll
+ 2002-12-31 13:00 . 2009-12-30 08:38   71370              c:\windows\system32\perfc009.dat
- 2002-12-31 13:00 . 2009-10-28 11:27   71370              c:\windows\system32\perfc009.dat
+ 2009-12-23 12:40 . 2009-12-23 12:40   29926              c:\windows\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe
+ 2009-10-23 10:50 . 2008-02-11 13:26   7680              c:\windows\system32\spool\drivers\w32x86\3\HPAppUsg.dll
+ 2009-11-13 10:00 . 2005-09-01 10:03   5888              c:\windows\system32\drivers\imagedrv.sys
+ 2009-07-12 00:12 . 2009-07-12 00:12   632656              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 00:09 . 2009-07-12 00:09   554832              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 00:08 . 2009-07-12 00:08   479232              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2006-06-05 13:14 . 2006-06-05 13:14   626688              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 13:14 . 2006-06-05 13:14   548864              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 13:14 . 2006-06-05 13:14   479232              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2009-11-13 09:59 . 2004-07-09 07:43   364544              c:\windows\system32\TwnLib4.dll
+ 2009-11-13 09:59 . 2000-06-26 09:45   106496              c:\windows\system32\TwnLib20.dll
+ 2009-10-23 10:50 . 2007-08-29 14:06   286720              c:\windows\system32\spool\drivers\w32x86\3\ZSUXML.DLL
+ 2009-10-23 10:50 . 2007-08-29 14:06   323584              c:\windows\system32\spool\drivers\w32x86\3\ZSR.DLL
+ 2007-04-04 14:46 . 2007-08-29 14:06   106496              c:\windows\system32\spool\drivers\w32x86\3\ZSPOOL.DLL
+ 2009-10-23 10:50 . 2007-08-29 14:06   172032              c:\windows\system32\spool\drivers\w32x86\3\ZSDDMUI.DLL
+ 2009-10-23 10:50 . 2007-08-29 14:06   122880              c:\windows\system32\spool\drivers\w32x86\3\ZSDDM.DLL
+ 2009-10-23 10:50 . 2007-08-29 14:06   155648              c:\windows\system32\spool\drivers\w32x86\3\ZSD.DLL
+ 2009-10-23 10:50 . 2007-08-29 14:06   110592              c:\windows\system32\spool\drivers\w32x86\3\ZIMFDRV.DLL
+ 2009-10-23 10:50 . 2007-08-29 14:06   618496              c:\windows\system32\spool\drivers\w32x86\3\SUcp1215.DLL
+ 2009-10-23 10:50 . 2007-08-29 14:06   454656              c:\windows\system32\spool\drivers\w32x86\3\SDcp1215.DLL
+ 2005-05-18 14:59 . 2005-05-18 14:59   262144              c:\windows\system32\PexCryptoAPI.dll
+ 2002-12-31 13:00 . 2009-12-30 08:38   439832              c:\windows\system32\perfh009.dat
- 2002-12-31 13:00 . 2009-10-28 11:27   439832              c:\windows\system32\perfh009.dat
+ 2005-05-18 15:00 . 2005-05-18 15:00   253952              c:\windows\system32\NetSeTAPI.dll
+ 2009-11-13 09:59 . 2006-01-12 14:40   155648              c:\windows\system32\NeroCheck.exe
+ 2009-12-24 09:35 . 2009-12-24 09:35   149280              c:\windows\system32\javaws.exe
+ 2009-12-24 09:35 . 2009-12-24 09:35   145184              c:\windows\system32\javaw.exe
+ 2009-12-24 09:35 . 2009-12-24 09:35   145184              c:\windows\system32\java.exe
+ 2009-11-13 09:59 . 2004-07-26 15:16   471040              c:\windows\system32\ImagXRA7.dll
+ 2009-11-13 09:59 . 2004-07-26 15:16   262144              c:\windows\system32\ImagXR7.dll
+ 2009-11-13 09:59 . 2004-07-26 15:16   476320              c:\windows\system32\ImagXpr7.dll
+ 2009-11-13 10:00 . 2005-09-01 10:03   127488              c:\windows\system32\drivers\imagesrv.sys
+ 2009-12-23 12:40 . 2009-12-23 12:40   697856              c:\windows\Installer\d42a6f.msi
+ 2009-12-23 12:49 . 2009-12-23 12:49   424448              c:\windows\Installer\648e9.msi
+ 2009-12-24 09:35 . 2009-12-24 09:35   537600              c:\windows\Installer\4d9930.msi
+ 2009-07-11 19:46 . 2009-07-11 19:46   1093120              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 19:46 . 2009-07-11 19:46   1105920              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2007-04-04 14:46 . 2007-08-29 14:06   1572864              c:\windows\system32\spool\drivers\w32x86\3\XERCES-C.DLL
+ 2009-10-23 10:50 . 2007-08-29 14:06   9916416              c:\windows\system32\spool\drivers\w32x86\3\cp1215PQ.dll
+ 2009-11-13 09:59 . 2004-07-26 15:16   1568768              c:\windows\system32\ImagX7.dll
+ 2009-12-23 12:40 . 2007-01-19 12:20   16633344              c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88203]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2002-12-31 143360]
"GrooveMonitor"="c:\program files\Microsoft Outlook\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-29 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-24 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2002-12-31 99840]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-12-31 44544]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]

c:\documents and settings\pantovic.s\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe [2009-10-9 26805255]
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-1-25 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 1800 (0x708)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-29 08:26   12464   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7593:TCP"= 7593:TCP:ocbwn

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/23/2009 1:49 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/23/2009 1:49 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/23/2009 1:49 PM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/29/2009 9:26 AM 285392]
S2 hajwnjal;Time Microsoft;c:\windows\system32\svchost.exe -k netsvcs [12/31/2002 2:00 PM 14336]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 ids00026;ids00026;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [?]
S3 ids00118;ids00118;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys [?]
S3 ids0014f;ids0014f;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
hajwnjal
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.24x7.rs/MarfinBank/Corporate/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab
FF - ProfilePath - c:\documents and settings\pantovic.s\Application Data\Mozilla\Firefox\Profiles\tcj1louo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 09:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3808)
c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\msiexec.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.BIN
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2009-12-30  09:50:09 - machine was rebooted
ComboFix-quarantined-files.txt  2009-12-30 08:50
ComboFix2.txt  2009-12-04 15:28
ComboFix3.txt  2009-10-29 09:26
ComboFix4.txt  2009-10-29 09:02
ComboFix5.txt  2009-12-29 09:08

Pre-Run: 7,625,969,664 bytes free
Post-Run: 7,605,567,488 bytes free

- - End Of File - - 552A2A5D46375A541AE74AB1E8A97DB0

[guestolo]

Delete your copy of ComboFix, redownload a fresh copy from
[color=\"#0000FF\"]HERE[/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]KillAll::
File::
C:\WINDOWS\system32\kthib.dll
NetSvc::
hajwnjal
Driver::
hajwnjal

[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript

Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the same name C:\ComboFix.txt..
Can I see that log again


In addition: I see that you have ran ComboFix more than once
Can you navigate to the following folder
C:\Qoobox\Quarantine
Post the contents of this file>>ComboFix-quarantined-files.txt

Also: Go to this link
http://www.virustotal.com/flash/index_en.html

Use the browse button and navigate to this file on your hard disk
c:\windows\system32\sfcfiles.dll<--this file

Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Or better yet, post the link to the results

[maninneed]

ComboFix 09-12-30.01 - pantovic.s 12/31/2009  10:36:37.7.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.503.203 [GMT 1:00]
Running from: c:\documents and settings\pantovic.s\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\pantovic.s\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\kthib.dll"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://sbs:8530
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HAJWNJAL
-------\Service_hajwnjal


(((((((((((((((((((((((((   Files Created from 2009-11-28 to 2009-12-31  )))))))))))))))))))))))))))))))
.

2009-12-31 08:56 . 2009-12-29 08:26   3966744   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-31 08:51 . 2009-12-31 09:01   0   ----a-w-   c:\documents and settings\pantovic.s\Local Settings\Application Data\prvlcl.dat
2009-12-29 08:27 . 2009-12-23 12:49   360584   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-12-29 08:27 . 2009-12-23 12:49   502040   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsx.exe
2009-12-29 08:27 . 2009-12-23 12:49   12464   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsstx.dll
2009-12-29 08:27 . 2009-12-23 12:49   28424   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2009-12-29 08:24 . 2009-12-23 12:49   877848   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-12-29 08:24 . 2009-12-23 12:49   1657112   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-12-29 08:24 . 2009-12-23 12:49   798488   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2009-12-29 08:24 . 2009-12-23 12:49   610072   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-12-24 09:35 . 2009-12-24 09:35   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-24 09:35 . 2009-12-24 09:35   --------   d-----w-   c:\program files\Java
2009-12-24 09:34 . 2009-12-24 09:34   152576   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-24 09:34 . 2009-12-24 09:34   79488   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-23 12:50 . 2009-12-23 13:11   --------   d-----w-   C:\$AVG
2009-12-23 12:49 . 2009-12-29 08:26   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-12-23 12:49 . 2009-12-23 12:49   161800   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
2009-12-23 12:49 . 2009-12-29 08:26   360584   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-12-23 12:49 . 2009-12-23 12:49   333192   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-12-23 12:49 . 2009-12-29 08:26   28424   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-12-23 12:49 . 2009-12-30 09:39   --------   d-----w-   c:\windows\system32\drivers\Avg
2009-12-23 12:49 . 2009-12-23 12:49   --------   d-----w-   c:\program files\AVG
2009-12-23 12:49 . 2009-12-30 08:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2009-12-23 12:43 . 2009-12-23 12:43   --------   d-----w-   c:\documents and settings\pantovic.s\Contacts
2009-12-18 10:23 . 2009-12-18 11:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-18 10:23 . 2009-12-18 10:25   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-12-14 13:16 . 2009-12-14 13:16   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\U3
2009-12-09 13:11 . 2009-12-17 15:54   --------   d-----w-   c:\program files\Telenor Internet
2009-12-04 13:44 . 2009-12-04 13:44   --------   d-----w-   c:\program files\Trend Micro
2009-12-03 11:42 . 2009-12-03 11:42   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Malwarebytes
2009-12-03 11:42 . 2009-09-10 13:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 11:42 . 2009-12-03 11:42   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-12-03 11:42 . 2009-12-03 11:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-03 11:42 . 2009-09-10 13:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-12-03 09:08 . 2009-12-15 08:56   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\vlc
2009-12-03 09:07 . 2009-12-03 09:07   --------   d-----w-   c:\program files\VideoLAN
2009-12-03 08:56 . 2009-12-03 08:56   --------   d-----w-   c:\program files\CCleaner
2009-12-03 08:27 . 2009-12-03 08:27   --------   d-----w-   c:\documents and settings\suka.lj\Local Settings\Application Data\Mozilla

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 09:45 . 2009-11-10 13:01   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Dropbox
2009-12-31 09:44 . 2009-08-25 12:47   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\OpenOffice.org2
2009-12-29 11:36 . 2009-08-28 09:44   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Skype
2009-12-29 11:28 . 2009-08-28 09:53   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\skypePM
2009-12-23 12:42 . 2006-09-21 14:22   --------   d-----w-   c:\program files\MSN Messenger
2009-12-04 13:46 . 2009-09-07 13:34   --------   d-----w-   c:\program files\PokerStars
2009-12-03 12:49 . 2009-09-28 13:33   --------   d-----w-   c:\program files\BitLord
2009-11-17 10:26 . 2009-09-08 12:21   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-13 09:59 . 2009-11-13 09:59   --------   d-----w-   c:\program files\Ahead
2009-11-13 09:59 . 2009-11-13 09:59   --------   d-----w-   c:\program files\Common Files\Ahead
2009-11-11 14:49 . 2009-10-14 07:57   --------   d-----w-   c:\program files\Burn4Free
2009-11-10 13:02 . 2009-11-10 13:02   89962   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\Uninstall.exe
2009-11-09 12:33 . 2009-11-09 12:33   --------   d-----w-   c:\documents and settings\pantovic.s\Application Data\Octoshape
2009-10-22 09:18 . 2009-10-22 09:18   15240   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2009-10-13 11:47 . 2009-10-13 11:47   71208   ----a-w-   c:\documents and settings\filipovic.n\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-09 01:18 . 2009-10-09 01:18   26805255   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe
2009-10-08 21:18 . 2009-10-08 21:18   499712   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\msvcp71.dll
2009-10-08 21:18 . 2009-10-08 21:18   348160   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\msvcr71.dll
2009-10-08 21:18 . 2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll
.

------- Sigcheck -------

[-] 2006-08-03 . 32272BF10467C8ACF1F83138C61D541E . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((   SnapShot_2009-12-30_08.45.15   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-31 09:42 . 2009-12-31 09:42   16384              c:\windows\temp\Perflib_Perfdata_69c.dat
+ 2002-12-31 13:00 . 2009-12-31 08:54   71370              c:\windows\system32\perfc009.dat
- 2002-12-31 13:00 . 2009-12-30 08:38   71370              c:\windows\system32\perfc009.dat
+ 2009-12-30 08:48 . 2009-12-30 08:49   9052              c:\windows\SoftwareDistribution\EventCache\{0432F98F-3282-4AEA-A64A-5D1FFC695473}.bin
+ 2002-12-31 13:00 . 2009-12-31 08:54   439832              c:\windows\system32\perfh009.dat
- 2002-12-31 13:00 . 2009-12-30 08:38   439832              c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18   77824   ----a-w-   c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88203]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2002-12-31 143360]
"GrooveMonitor"="c:\program files\Microsoft Outlook\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-29 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-24 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlhr"="c:\windows\System32\AdvPack.Dll" [2002-12-31 99840]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2002-12-31 44544]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]

c:\documents and settings\pantovic.s\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\Dropbox.exe [2009-10-9 26805255]
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-1-25 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 1800 (0x708)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-29 08:26   12464   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7593:TCP"= 7593:TCP:ocbwn

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/23/2009 1:49 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/23/2009 1:49 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/23/2009 1:49 PM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/29/2009 9:26 AM 285392]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 ids00026;ids00026;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [?]
S3 ids00118;ids00118;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys [?]
S3 ids0014f;ids0014f;\??\c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys --> c:\documents and settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys [?]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.24x7.rs/MarfinBank/Corporate/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab
FF - ProfilePath - c:\documents and settings\pantovic.s\Application Data\Mozilla\Firefox\Profiles\tcj1louo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-31 10:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3008)
c:\documents and settings\pantovic.s\Application Data\Dropbox\bin\DropboxExt.3.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\msiexec.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.BIN
c:\program files\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2009-12-31  10:48:01 - machine was rebooted
ComboFix-quarantined-files.txt  2009-12-31 09:47
ComboFix2.txt  2009-12-30 08:50
ComboFix3.txt  2009-12-04 15:28
ComboFix4.txt  2009-10-29 09:26
ComboFix5.txt  2009-12-31 09:35

Pre-Run: 6,902,173,696 bytes free
Post-Run: 6,804,750,336 bytes free

- - End Of File - - DCA92C9ACBF7683214BA0CD41ACF6515

[maninneed]

2009-12-31 09:40:17 . 2009-12-31 09:40:17            2,966 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Service_hajwnjal.reg.dat
2009-12-31 09:40:17 . 2009-12-31 09:40:17            1,050 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Legacy_HAJWNJAL.reg.dat
2009-12-30 08:47:52 . 2009-12-30 08:48:57            4,232 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir
2009-12-30 08:47:52 . 2009-12-30 08:48:57            5,343 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir
2009-12-04 15:28:12 . 2009-12-04 15:28:12            1,676 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Broadcom 802.11b Network Adapter.reg.dat
2009-10-29 09:13:01 . 2009-12-31 09:36:27                0 ----a-w-  C:\Qoobox\Quarantine\catchme.txt
2009-10-29 09:02:33 . 2009-10-29 09:02:34           52,892 ----a-w-  C:\Qoobox\Quarantine\C\log.txt.vir
2009-10-29 09:00:34 . 2009-10-29 09:00:34              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}.reg.dat
2009-09-18 11:41:28 . 2009-09-18 11:41:28              635 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.vir
2009-09-01 08:38:59 . 2009-12-31 09:40:11            9,779 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-09-01 08:35:27 . 2009-12-31 09:35:02              357 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2006-09-21 13:13:42 . 2001-08-08 16:31:50           12,627 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\readme.txt.vir
2002-12-31 13:00:00 . 2002-12-31 13:00:00           33,792 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\msgsvc.dll.vir

[maninneed]

http://www.virustotal.com/analisis/82de903...469a-1252585853

[guestolo]

Can you do the following:
Run an Online Virus scan
Temporarily disable your realtime protection with your own Virus scanner so it won't interfere with this scan

Go to the following link [color=\"#0000FF\"]ESET Online Scanner[/color][/url]
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
     
  
• Click Start
     
  
• When asked, allow the ActiveX control to install
• Click Start
     
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
     
  
• Click Scan (This scan can take awhile, so please be patient)
     
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
     
  
• Copy and paste that log as a reply to this topic

[maninneed]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=68746f21ae732c44be7a8d6f9dc86271
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-05 12:01:30
# local_time=2010-01-05 01:01:31 (+0100, Central Europe Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 2760754 2760754 0 0
# compatibility_mode=1029 16777189 100 91 442473 1122472 0 0
# compatibility_mode=8192 67108863 100 0 81875 81875 0 0
# scanned=54633
# found=0
# cleaned=0
# scan_time=1465

[guestolo]

Sorry for the delay, that's looking good, how is everything running on your end?

[maninneed]

sorry for mine late reply,,everything is fine as always after your advice.

thanks a lot