safesurf virus problem

[IndiGenus]

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  :Files
  C:\Windows\System32\drivers\up.exe 
  C:\Windows\System32\Help64.exe  
  C:\Windows\System32\webe\Updater3.exe  
  C:\Windows\SysWOW64\drivers\up.exe  
  C:\Windows\SysWOW64\Help64.exe  
  C:\Windows\SysWOW64\webe\Updater3.exe
  C:\Windows\system\dwm.exe
  
  :reg
  [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
  
  :Commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done and post the resulting log.
• Then post a new OTL log and let me know how it's running.

[zoniq]

here is log after reboot:

All processes killed
========== FILES ==========
C:\Windows\System32\drivers\up.exe moved successfully.
C:\Windows\System32\Help64.exe moved successfully.
C:\Windows\System32\webe\Updater3.exe moved successfully.
File\Folder C:\Windows\SysWOW64\drivers\up.exe not found.
File\Folder C:\Windows\SysWOW64\Help64.exe not found.
File\Folder C:\Windows\SysWOW64\webe\Updater3.exe not found.
File\Folder C:\Windows\system\dwm.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: zoniq
->Temp folder emptied: 125525000 bytes
->Temporary Internet Files folder emptied: 63889 bytes
->Java cache emptied: 128101 bytes
->FireFox cache emptied: 98442461 bytes
->Opera cache emptied: 149685 bytes
->Flash cache emptied: 1066 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 177226 bytes

Total Files Cleaned = 214.00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09162010_162058

Files\Folders moved on Reboot...
C:\Users\zoniq\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[zoniq]

and OTL log:

OTL logfile created on: 9/16/2010 4:24:59 PM - Run 4
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\zoniq\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 214.98 Gb Free Space | 72.12% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 92.92 Gb Free Space | 95.15% Space Free | Partition Type: NTFS
Drive E: | 200.43 Gb Total Space | 82.89 Gb Free Space | 41.36% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KOMPIK
Current User Name: zoniq
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
PRC - [2010/09/09 16:32:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/21 16:49:12 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/19 22:13:57 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/19 22:13:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/19 22:13:52 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/05 12:03:40 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/21 16:49:12 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/19 22:13:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/02 19:27:53 | 000,312,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/08/02 19:27:52 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/07/25 09:39:58 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/19 22:13:57 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/19 22:13:56 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/07/19 22:13:53 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/01/17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007/08/02 10:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2007/07/18 11:34:16 | 000,189,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0260Vid.sys -- (V0260VID)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 71 0B 0A 6D 53 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/07/21 16:50:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/09 16:32:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/09 16:32:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\components [2010/09/10 19:20:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/18 14:00:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/09/08 19:36:54 | 000,000,000 | ---D | M]

[2010/06/18 14:00:03 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\mozilla\Extensions
[2010/06/18 14:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zoniq\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/15 19:56:50 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions
[2010/09/12 07:17:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/03 17:53:18 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/08/18 22:33:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/15 19:56:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/29 17:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/29 17:43:16 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19:40:34 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/04/01 19:40:34 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/04/01 19:40:34 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/04/01 19:40:34 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/04/01 19:40:34 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/04/01 19:40:34 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010/09/11 18:18:49 | 000,419,895 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 wat.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 14487 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{525647e2-2a16-11df-984d-0019dbf60ff8}\Shell - "" = AutoRun
O33 - MountPoints2\{525647e2-2a16-11df-984d-0019dbf60ff8}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{f24320e2-97bf-11df-83dd-0019dbf60ff8}\Shell - "" = AutoRun
O33 - MountPoints2\{f24320e2-97bf-11df-83dd-0019dbf60ff8}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/15 16:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/15 15:59:40 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/15 15:49:48 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Malwarebytes
[2010/09/15 15:49:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/15 15:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/15 15:49:22 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/15 15:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/15 15:48:33 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\zoniq\Desktop\mbam-setup-1.46.exe
[2010/09/15 15:45:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\zoniq\Desktop\TFC.exe
[2010/09/15 09:16:20 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\Fh_HDRI Map Pack 01
[2010/09/15 07:23:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/15 07:20:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache
[2010/09/15 07:20:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\dictionaries
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\pref
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\modules
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\html
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\greprefs
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\fonts
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\entityTables
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\dtd
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\chrome
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig
[2010/09/15 07:20:30 | 009,799,128 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\xul.dll
[2010/09/15 07:20:30 | 000,710,104 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\mozcrt19.dll
[2010/09/15 07:20:30 | 000,701,400 | ---- | C] (Netscape Communications Corporation) -- C:\Windows\SysWow64\drivers\f\1\js3250.dll
[2010/09/15 07:20:30 | 000,632,280 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nss3.dll
[2010/09/15 07:20:30 | 000,443,352 | ---- | C] (sqlite.org) -- C:\Windows\SysWow64\drivers\f\1\sqlite3.dll
[2010/09/15 07:20:30 | 000,316,888 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssckbi.dll
[2010/09/15 07:20:30 | 000,249,856 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\freebl3.dll
[2010/09/15 07:20:30 | 000,198,104 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nspr4.dll
[2010/09/15 07:20:30 | 000,155,648 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\softokn3.dll
[2010/09/15 07:20:30 | 000,136,664 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\ssl3.dll
[2010/09/15 07:20:30 | 000,134,616 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\components\brwsrcmp.dll
[2010/09/15 07:20:30 | 000,103,896 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\smime3.dll
[2010/09/15 07:20:30 | 000,098,304 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssdbm3.dll
[2010/09/15 07:20:30 | 000,087,512 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssutil3.dll
[2010/09/15 07:20:30 | 000,065,496 | ---- | C] (mozilla.org) -- C:\Windows\SysWow64\drivers\f\1\plugins\npnul32.dll
[2010/09/15 07:20:30 | 000,023,000 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\components\browserdirprovider.dll
[2010/09/15 07:20:30 | 000,020,440 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\plc4.dll
[2010/09/15 07:20:30 | 000,017,880 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\xpcom.dll
[2010/09/15 07:20:30 | 000,017,368 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\plds4.dll
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\plugins
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\components
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1
[2010/09/14 18:52:24 | 165,665,144 | ---- | C] (NVIDIA Corporation) -- C:\Users\zoniq\Desktop\260.63_desktop_win7_winvista_64bit_international_beta.exe
[2010/09/14 16:52:41 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
[2010/09/13 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\Tires semi-glossy by Amleto
[2010/09/11 18:00:50 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/11 17:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2010/09/11 17:50:09 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\runic games
[2010/09/11 16:29:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
[2010/09/11 13:24:27 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\layered rock
[2010/09/11 13:06:36 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\DavelessSteel
[2010/09/10 19:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5
[2010/09/08 19:38:05 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Apple Computer
[2010/09/08 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\DivX
[2010/09/08 19:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/09/08 19:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/09/08 19:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/09/08 19:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/09/08 19:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/09/08 19:34:58 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Apple Computer
[2010/09/05 13:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ChaosGroup
[2010/09/05 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\plugins
[2010/09/05 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Chaos Group
[2010/09/05 13:02:21 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\3dsMax
[2010/09/05 12:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/09/05 12:46:05 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Autodesk
[2010/09/05 12:03:52 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\Inventor
[2010/09/05 12:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/09/05 12:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010/09/05 12:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/09/05 12:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2010/09/05 12:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2010/09/05 11:54:50 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Autodesk
[2010/09/05 11:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010/09/02 16:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/09/02 16:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/09/02 16:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/09/02 16:44:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/02 16:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/09/02 16:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/09/02 16:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/27 18:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Team17
[2010/08/25 16:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/08/25 16:37:59 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/08/24 18:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2010/08/24 18:27:03 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\My Games
[2010/08/24 17:43:12 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll
[2010/08/24 17:43:08 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\System\binkw32.dll
[2010/08/24 17:22:20 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\2K Games
[2010/08/24 17:19:13 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/08/24 17:19:13 | 000,019,456 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/08/24 17:18:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f
[2010/08/24 17:18:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\webe
[2010/08/24 16:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/08/24 16:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/08/18 19:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/08/18 17:56:43 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\arboretum

========== Files - Modified Within 30 Days ==========

[2010/09/16 16:22:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/16 16:22:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/16 16:22:11 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/16 16:21:26 | 006,291,456 | -HS- | M] () -- C:\Users\zoniq\NTUSER.DAT
[2010/09/16 16:21:07 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/16 16:21:07 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 21:36:31 | 007,352,497 | -H-- | M] () -- C:\Users\zoniq\AppData\Local\IconCache.db
[2010/09/15 16:52:55 | 000,003,007 | ---- | M] () -- C:\Users\zoniq\Desktop\HiJackThis.lnk
[2010/09/15 16:13:32 | 000,525,824 | ---- | M] () -- C:\Users\zoniq\Desktop\dds.scr
[2010/09/15 15:49:28 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 15:48:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\zoniq\Desktop\mbam-setup-1.46.exe
[2010/09/15 15:45:15 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\TFC.exe
[2010/09/15 12:50:36 | 000,167,014 | ---- | M] () -- C:\Users\zoniq\Desktop\BBS_GT_for_reference.jpg
[2010/09/15 11:34:34 | 064,637,111 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/15 07:20:34 | 000,142,385 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/09/15 07:20:32 | 000,102,022 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/09/14 20:39:55 | 000,035,157 | ---- | M] () -- C:\Users\zoniq\Desktop\cv_1168256.rtf
[2010/09/14 18:53:14 | 165,665,144 | ---- | M] (NVIDIA Corporation) -- C:\Users\zoniq\Desktop\260.63_desktop_win7_winvista_64bit_international_beta.exe
[2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
[2010/09/13 22:53:34 | 000,195,895 | ---- | M] () -- C:\Users\zoniq\Desktop\rim.jpg
[2010/09/13 20:37:51 | 004,003,840 | ---- | M] () -- C:\Users\zoniq\Desktop\tire.FBX
[2010/09/13 20:16:14 | 000,051,200 | ---- | M] () -- C:\Users\zoniq\Desktop\Rubber (Grey)_by_joa_grilo2376.mat
[2010/09/13 20:06:19 | 000,829,818 | ---- | M] () -- C:\Users\zoniq\Desktop\wm_original_exwalla_original.jpg
[2010/09/12 19:34:51 | 000,013,373 | ---- | M] () -- C:\Users\zoniq\Desktop\tyre_000bp.jpg
[2010/09/12 13:33:42 | 016,897,167 | ---- | M] () -- C:\Users\zoniq\Desktop\digitalin_hdr_chromFX-V2-HIRES.zip
[2010/09/11 18:18:49 | 000,419,895 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/09/10 19:20:16 | 000,002,173 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/10 19:20:16 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/02 16:28:13 | 009,655,677 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/09/02 11:55:06 | 000,019,456 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/08/27 19:11:33 | 000,009,456 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\nsRequestService.js
[2010/08/27 18:51:42 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/08/25 19:45:31 | 000,001,804 | ---- | M] () -- C:\Users\zoniq\Desktop\mafia2 - odkaz.lnk
[2010/08/25 16:30:58 | 000,276,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/24 17:18:36 | 000,058,736 | ---- | M] () -- C:\Users\zoniq\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/24 17:01:35 | 000,174,080 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\System\binkw32.dll
[2010/08/24 17:01:35 | 000,174,080 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll
[2010/08/21 08:05:15 | 000,000,857 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

[zoniq]

========== Files Created - No Company Name ==========

[2010/09/15 16:52:55 | 000,003,007 | ---- | C] () -- C:\Users\zoniq\Desktop\HiJackThis.lnk
[2010/09/15 16:13:31 | 000,525,824 | ---- | C] () -- C:\Users\zoniq\Desktop\dds.scr
[2010/09/15 15:49:28 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 12:50:34 | 000,167,014 | ---- | C] () -- C:\Users\zoniq\Desktop\BBS_GT_for_reference.jpg
[2010/09/15 07:22:16 | 000,070,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3A9602CBd01
[2010/09/15 07:22:16 | 000,030,923 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\83EAA7FBd01
[2010/09/15 07:22:16 | 000,030,709 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C83B3590d01
[2010/09/15 07:22:16 | 000,028,067 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\ACB96CA3d01
[2010/09/15 07:22:16 | 000,023,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\83FAA7FBd01
[2010/09/15 07:22:16 | 000,023,631 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E3A92517d01
[2010/09/15 07:22:16 | 000,022,475 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C83A3590d01
[2010/09/15 07:22:16 | 000,016,681 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\83DBA7FBd01
[2010/09/15 07:22:15 | 000,563,284 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\892C3590d01
[2010/09/15 07:22:15 | 000,067,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\802C1856d01
[2010/09/15 07:22:15 | 000,058,507 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\07E97743d01
[2010/09/15 07:22:12 | 000,043,554 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5EB8D088d01
[2010/09/15 07:22:12 | 000,028,702 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D01658B8d01
[2010/09/15 07:22:11 | 000,059,590 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0ED957E7d01
[2010/09/15 07:22:11 | 000,055,170 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\CE3B4F17d01
[2010/09/15 07:22:11 | 000,044,170 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\679E68D0d01
[2010/09/15 07:22:11 | 000,038,954 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\79E03FB6d01
[2010/09/15 07:22:11 | 000,036,728 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0A8C8175d01
[2010/09/15 07:22:11 | 000,030,653 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\151B0F7Ad01
[2010/09/15 07:22:11 | 000,029,449 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DDC87DEBd01
[2010/09/15 07:22:11 | 000,027,608 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\659A3614d01
[2010/09/15 07:22:11 | 000,026,932 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E84643C7d01
[2010/09/15 07:22:11 | 000,025,446 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D51291A0d01
[2010/09/15 07:22:11 | 000,024,424 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\33B96A08d01
[2010/09/15 07:22:11 | 000,017,226 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0C0937AEd01
[2010/09/15 07:22:11 | 000,016,728 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E7FCDF7Fd01
[2010/09/15 07:22:04 | 001,719,241 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E59411D5d01
[2010/09/15 07:22:04 | 000,024,783 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5D60DCD3d01
[2010/09/15 07:22:03 | 000,141,813 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9F31D11Ed01
[2010/09/15 07:22:03 | 000,068,397 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B9E2832Cd01
[2010/09/15 07:22:03 | 000,034,757 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B7701A1Dd01
[2010/09/15 07:22:03 | 000,032,545 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\68CBF6E4d01
[2010/09/15 07:22:02 | 000,020,591 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FD237C9Ed01
[2010/09/15 07:22:02 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\search.sqlite
[2010/09/15 07:21:56 | 000,002,366 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\pluginreg.dat
[2010/09/15 07:20:37 | 000,270,397 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_003_
[2010/09/15 07:20:37 | 000,122,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_002_
[2010/09/15 07:20:37 | 000,121,975 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_001_
[2010/09/15 07:20:37 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cert8.db
[2010/09/15 07:20:37 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\urlclassifier3.sqlite
[2010/09/15 07:20:37 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\secmod.db
[2010/09/15 07:20:37 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\key3.db
[2010/09/15 07:20:37 | 000,000,276 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_MAP_
[2010/09/15 07:20:36 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\webappsstore.sqlite
[2010/09/15 07:20:35 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cookies.sqlite
[2010/09/15 07:20:34 | 000,142,385 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/09/15 07:20:34 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite
[2010/09/15 07:20:34 | 000,066,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite-journal
[2010/09/15 07:20:34 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\permissions.sqlite
[2010/09/15 07:20:32 | 000,102,022 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/09/15 07:20:32 | 000,017,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko.xpt
[2010/09/15 07:20:32 | 000,012,938 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipnss.xpt
[2010/09/15 07:20:32 | 000,011,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\places.xpt
[2010/09/15 07:20:32 | 000,011,151 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\widget.xpt
[2010/09/15 07:20:32 | 000,011,095 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_ds.xpt
[2010/09/15 07:20:32 | 000,008,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpconnect.xpt
[2010/09/15 07:20:32 | 000,007,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_io.xpt
[2010/09/15 07:20:32 | 000,005,510 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webBrowser_core.xpt
[2010/09/15 07:20:32 | 000,005,145 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\plugin.xpt
[2010/09/15 07:20:32 | 000,004,908 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\rdf.xpt
[2010/09/15 07:20:32 | 000,003,731 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul_tree.xpt
[2010/09/15 07:20:32 | 000,003,290 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pref.xpt
[2010/09/15 07:20:32 | 000,003,185 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_base.xpt
[2010/09/15 07:20:32 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage.xpt
[2010/09/15 07:20:32 | 000,003,040 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_components.xpt
[2010/09/15 07:20:32 | 000,002,958 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\shistory.xpt
[2010/09/15 07:20:32 | 000,002,793 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowwatcher.xpt
[2010/09/15 07:20:32 | 000,002,713 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uriloader.xpt
[2010/09/15 07:20:32 | 000,002,646 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\update.xpt
[2010/09/15 07:20:32 | 000,002,602 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_http.xpt
[2010/09/15 07:20:32 | 000,002,595 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cache.xpt
[2010/09/15 07:20:32 | 000,002,425 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xultmpl.xpt
[2010/09/15 07:20:32 | 000,002,369 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\saxparser.xpt
[2010/09/15 07:20:32 | 000,002,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_thread.xpt
[2010/09/15 07:20:32 | 000,002,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul.xpt
[2010/09/15 07:20:32 | 000,002,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webbrowserpersist.xpt
[2010/09/15 07:20:32 | 000,002,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mimetype.xpt
[2010/09/15 07:20:32 | 000,001,896 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_system.xpt
[2010/09/15 07:20:32 | 000,001,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\loginmgr.xpt
[2010/09/15 07:20:32 | 000,001,648 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cookie.xpt
[2010/09/15 07:20:32 | 000,001,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_xpti.xpt
[2010/09/15 07:20:32 | 000,001,491 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uconv.xpt
[2010/09/15 07:20:32 | 000,001,475 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_strconv.xpt
[2010/09/15 07:20:32 | 000,001,293 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webshell_idls.xpt
[2010/09/15 07:20:32 | 000,001,260 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\locale.xpt
[2010/09/15 07:20:32 | 000,001,258 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txmgr.xpt
[2010/09/15 07:20:32 | 000,001,209 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xuldoc.xpt
[2010/09/15 07:20:32 | 000,001,181 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\unicharutil.xpt
[2010/09/15 07:20:32 | 000,001,179 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\prefetch.xpt
[2010/09/15 07:20:32 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\oji.xpt
[2010/09/15 07:20:32 | 000,001,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpinstall.xpt
[2010/09/15 07:20:32 | 000,001,088 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\toolkitprofile.xpt
[2010/09/15 07:20:32 | 000,001,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_dns.xpt
[2010/09/15 07:20:32 | 000,001,060 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\spellchecker.xpt
[2010/09/15 07:20:32 | 000,001,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xml-rpc.xpt
[2010/09/15 07:20:32 | 000,000,911 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_printing.xpt
[2010/09/15 07:20:32 | 000,000,893 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_socket.xpt
[2010/09/15 07:20:32 | 000,000,858 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\grabber.gif
[2010/09/15 07:20:32 | 000,000,845 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozfind.xpt
[2010/09/15 07:20:32 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-hover.gif
[2010/09/15 07:20:32 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row.gif
[2010/09/15 07:20:32 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-hover.gif
[2010/09/15 07:20:32 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column.gif
[2010/09/15 07:20:32 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-active.gif
[2010/09/15 07:20:32 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-active.gif
[2010/09/15 07:20:32 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-hover.gif
[2010/09/15 07:20:32 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after.gif
[2010/09/15 07:20:32 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-hover.gif
[2010/09/15 07:20:32 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after.gif
[2010/09/15 07:20:32 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-hover.gif
[2010/09/15 07:20:32 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before.gif
[2010/09/15 07:20:32 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-hover.gif
[2010/09/15 07:20:32 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before.gif
[2010/09/15 07:20:32 | 000,000,771 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\zipwriter.xpt
[2010/09/15 07:20:32 | 000,000,759 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txtsvc.xpt
[2010/09/15 07:20:32 | 000,000,718 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\satchel.xpt
[2010/09/15 07:20:32 | 000,000,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\profile.xpt
[2010/09/15 07:20:32 | 000,000,628 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipboot.xpt
[2010/09/15 07:20:32 | 000,000,619 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html\folder.png
[2010/09/15 07:20:32 | 000,000,613 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp.xpt
[2010/09/15 07:20:32 | 000,000,537 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\parentalcontrols.xpt
[2010/09/15 07:20:32 | 000,000,437 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_file.xpt
[2010/09/15 07:20:32 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pippki.xpt
[2010/09/15 07:20:32 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_about.xpt
[2010/09/15 07:20:32 | 000,000,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozbrwsr.xpt
[2010/09/15 07:20:32 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\proxyObject.xpt
[2010/09/15 07:20:32 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_res.xpt
[2010/09/15 07:20:32 | 000,000,212 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowds.xpt
[2010/09/15 07:20:32 | 000,000,201 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_ftp.xpt
[2010/09/15 07:20:32 | 000,000,198 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp_setup.xpt
[2010/09/15 07:20:32 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_viewsource.xpt
[2010/09/15 07:20:32 | 000,000,174 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\lwbrk.xpt
[2010/09/15 07:20:32 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\urlformatter.xpt
[2010/09/15 07:20:32 | 000,000,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\loading-image.gif
[2010/09/15 07:20:32 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\broken-image.gif
[2010/09/15 07:20:32 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrowd.gif
[2010/09/15 07:20:32 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-active.gif
[2010/09/15 07:20:32 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-active.gif
[2010/09/15 07:20:32 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-active.gif
[2010/09/15 07:20:32 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-active.gif
[2010/09/15 07:20:32 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrow.gif
[2010/09/15 07:20:31 | 001,915,137 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.jar
[2010/09/15 07:20:31 | 000,777,705 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.jar
[2010/09/15 07:20:31 | 000,348,994 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\browser.xpt
[2010/09/15 07:20:31 | 000,333,726 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsExtensionManager.js
[2010/09/15 07:20:31 | 000,332,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.jar
[2010/09/15 07:20:31 | 000,317,480 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.jar
[2010/09/15 07:20:31 | 000,115,501 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUpdateService.js
[2010/09/15 07:20:31 | 000,110,913 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchService.js
[2010/09/15 07:20:31 | 000,077,051 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsMicrosummaryService.js
[2010/09/15 07:20:31 | 000,076,993 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStore.js
[2010/09/15 07:20:31 | 000,072,928 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\all.js
[2010/09/15 07:20:31 | 000,066,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedProcessor.js
[2010/09/15 07:20:31 | 000,064,412 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\Microformats.js
[2010/09/15 07:20:31 | 000,063,788 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\mathml.dtd
[2010/09/15 07:20:31 | 000,061,758 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\utils.js
[2010/09/15 07:20:31 | 000,056,411 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfont.properties
[2010/09/15 07:20:31 | 000,051,214 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHandlerService.js
[2010/09/15 07:20:31 | 000,050,600 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierLib.js
[2010/09/15 07:20:31 | 000,049,926 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage-Legacy.js
[2010/09/15 07:20:31 | 000,049,780 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedWriter.js
[2010/09/15 07:20:31 | 000,044,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManager.js
[2010/09/15 07:20:31 | 000,041,950 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHelperAppDlg.js
[2010/09/15 07:20:31 | 000,040,367 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManagerPrompter.js
[2010/09/15 07:20:31 | 000,039,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.jar
[2010/09/15 07:20:31 | 000,038,499 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\transliterate.properties
[2010/09/15 07:20:31 | 000,038,238 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fuelApplication.js
[2010/09/15 07:20:31 | 000,037,314 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProgressDialog.js
[2010/09/15 07:20:31 | 000,036,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLivemarkService.js
[2010/09/15 07:20:31 | 000,035,256 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXmlRpcClient.js
[2010/09/15 07:20:31 | 000,035,102 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox.js
[2010/09/15 07:20:31 | 000,034,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\WebContentConverter.js
[2010/09/15 07:20:31 | 000,033,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPlacesTransactionsService.js
[2010/09/15 07:20:31 | 000,033,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserContentHandler.js
[2010/09/15 07:20:31 | 000,032,409 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserGlue.js
[2010/09/15 07:20:31 | 000,030,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBlocklistService.js
[2010/09/15 07:20:31 | 000,030,004 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\mathml20.properties
[2010/09/15 07:20:31 | 000,029,973 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentPrefService.js
[2010/09/15 07:20:31 | 000,025,339 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedConverter.js
[2010/09/15 07:20:31 | 000,025,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSafebrowsingApplication.js
[2010/09/15 07:20:31 | 000,024,273 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchSuggestions.js
[2010/09/15 07:20:31 | 000,023,460 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_svg.xpt
[2010/09/15 07:20:31 | 000,021,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPostUpdateWin.js
[2010/09/15 07:20:31 | 000,019,983 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierListManager.js
[2010/09/15 07:20:31 | 000,019,182 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility.xpt
[2010/09/15 07:20:31 | 000,018,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_html.xpt
[2010/09/15 07:20:31 | 000,017,380 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\DownloadUtils.jsm
[2010/09/15 07:20:31 | 000,015,416 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\forms.css
[2010/09/15 07:20:31 | 000,014,664 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\mathml.css
[2010/09/15 07:20:31 | 000,013,682 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProxyAutoConfig.js
[2010/09/15 07:20:31 | 000,013,443 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.jar
[2010/09/15 07:20:31 | 000,012,513 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSidebar.js
[2010/09/15 07:20:31 | 000,012,091 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\distribution.js
[2010/09/15 07:20:31 | 000,011,997 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_css.xpt
[2010/09/15 07:20:31 | 000,011,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsAddonRepository.js
[2010/09/15 07:20:31 | 000,011,637 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\contenteditable.css
[2010/09/15 07:20:31 | 000,011,608 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\quirk.css
[2010/09/15 07:20:31 | 000,011,557 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\editor.xpt
[2010/09/15 07:20:31 | 000,011,428 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStartup.js
[2010/09/15 07:20:31 | 000,011,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetalias.properties
[2010/09/15 07:20:31 | 000,011,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html.css
[2010/09/15 07:20:31 | 000,010,740 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\EditorOverride.css
[2010/09/15 07:20:31 | 000,010,561 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\docshell_base.xpt
[2010/09/15 07:20:31 | 000,009,998 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\XPCOMUtils.jsm
[2010/09/15 07:20:31 | 000,009,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTaggingService.js
[2010/09/15 07:20:31 | 000,009,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetData.properties
[2010/09/15 07:20:31 | 000,009,477 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_base.xpt
[2010/09/15 07:20:31 | 000,009,456 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsRequestService.js
[2010/09/15 07:20:31 | 000,009,066 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_base.xpt
[2010/09/15 07:20:31 | 000,008,427 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\xhtml11.dtd
[2010/09/15 07:20:31 | 000,008,278 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXULAppInstall.js
[2010/09/15 07:20:31 | 000,007,585 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\PluralForm.jsm
[2010/09/15 07:20:31 | 000,007,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xul.xpt
[2010/09/15 07:20:31 | 000,007,301 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_core.xpt
[2010/09/15 07:20:31 | 000,007,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\prefcalls.js
[2010/09/15 07:20:31 | 000,007,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsResetPref.js
[2010/09/15 07:20:31 | 000,007,039 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\ISO8601DateUtils.jsm
[2010/09/15 07:20:31 | 000,006,920 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsWebHandlerApp.js
[2010/09/15 07:20:31 | 000,006,869 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_events.xpt
[2010/09/15 07:20:31 | 000,006,721 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\JSON.jsm
[2010/09/15 07:20:31 | 000,006,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontUnicode.properties
[2010/09/15 07:20:31 | 000,006,667 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txEXSLTRegExFunctions.js
[2010/09/15 07:20:31 | 000,006,469 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\ua.css
[2010/09/15 07:20:31 | 000,006,265 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDefaultCLH.js
[2010/09/15 07:20:31 | 000,006,029 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsdservice.xpt
[2010/09/15 07:20:31 | 000,005,737 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDownloadManagerUI.js
[2010/09/15 07:20:31 | 000,005,649 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\langGroups.properties
[2010/09/15 07:20:31 | 000,005,493 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXNonUnicode.properties
[2010/09/15 07:20:31 | 000,005,490 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\language.properties
[2010/09/15 07:20:31 | 000,005,005 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentDispatchChooser.js
[2010/09/15 07:20:31 | 000,004,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDictionary.js
[2010/09/15 07:20:31 | 000,004,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginInfo.js
[2010/09/15 07:20:31 | 000,004,090 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Symbols.properties
[2010/09/15 07:20:31 | 000,003,954 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSymbol.properties
[2010/09/15 07:20:31 | 000,003,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\xulrunner.js
[2010/09/15 07:20:31 | 000,003,902 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontStandardSymbolsL.properties
[2010/09/15 07:20:31 | 000,003,831 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\extensions.xpt
[2010/09/15 07:20:31 | 000,003,690 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Latin1.properties
[2010/09/15 07:20:31 | 000,003,603 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autocomplete.xpt
[2010/09/15 07:20:31 | 000,003,378 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\security-prefs.js
[2010/09/15 07:20:31 | 000,003,274 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\feeds.xpt
[2010/09/15 07:20:31 | 000,003,268 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTryToClose.js
[2010/09/15 07:20:31 | 000,003,142 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pluginGlue.js
[2010/09/15 07:20:31 | 000,003,115 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsURLFormatter.js
[2010/09/15 07:20:31 | 000,003,104 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBadCertHandler.js
[2010/09/15 07:20:31 | 000,003,037 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\viewsource.css
[2010/09/15 07:20:31 | 000,003,033 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXSize1.properties
[2010/09/15 07:20:31 | 000,003,021 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imglib2.xpt
[2010/09/15 07:20:31 | 000,002,927 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRobots.js
[2010/09/15 07:20:31 | 000,002,925 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRights.js
[2010/09/15 07:20:31 | 000,002,854 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSetDefaultBrowser.js
[2010/09/15 07:20:31 | 000,002,738 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\debug.js
[2010/09/15 07:20:31 | 000,002,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\caps.xpt
[2010/09/15 07:20:31 | 000,002,621 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_loadsave.xpt
[2010/09/15 07:20:31 | 000,002,547 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appshell.xpt
[2010/09/15 07:20:31 | 000,002,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xtf.xpt
[2010/09/15 07:20:31 | 000,002,502 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\inspector.xpt
[2010/09/15 07:20:31 | 000,002,396 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Special.properties
[2010/09/15 07:20:31 | 000,002,295 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\svg.css
[2010/09/15 07:20:31 | 000,002,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\downloads.xpt
[2010/09/15 07:20:31 | 000,002,080 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\wincharset.properties
[2010/09/15 07:20:31 | 000,001,981 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthandler.xpt
[2010/09/15 07:20:31 | 000,001,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\htmlEntityVersions.properties
[2010/09/15 07:20:31 | 000,001,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_canvas.xpt
[2010/09/15 07:20:31 | 000,001,861 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\designmode.css
[2010/09/15 07:20:31 | 000,001,789 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandhandler.xpt
[2010/09/15 07:20:31 | 000,001,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsconsole-clhandler.js
[2010/09/15 07:20:31 | 000,001,508 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthelper.xpt
[2010/09/15 07:20:31 | 000,001,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\gfx.xpt
[2010/09/15 07:20:31 | 000,001,417 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xpath.xpt
[2010/09/15 07:20:31 | 000,001,346 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jar.xpt
[2010/09/15 07:20:31 | 000,001,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xslt.xpt
[2010/09/15 07:20:31 | 000,001,282 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_traversal.xpt
[2010/09/15 07:20:31 | 000,001,263 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_offline.xpt
[2010/09/15 07:20:31 | 000,001,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_range.xpt
[2010/09/15 07:20:31 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userChrome-example.css
[2010/09/15 07:20:31 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userChrome-example.css
[2010/09/15 07:20:31 | 000,001,036 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\find.xpt
[2010/09/15 07:20:31 | 000,001,019 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_stylesheets.xpt
[2010/09/15 07:20:31 | 000,000,960 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandlines.xpt
[2010/09/15 07:20:31 | 000,000,915 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-branding.js
[2010/09/15 07:20:31 | 000,000,874 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_storage.xpt
[2010/09/15 07:20:31 | 000,000,856 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\flashplayer.xpt
[2010/09/15 07:20:31 | 000,000,774 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.manifest
[2010/09/15 07:20:31 | 000,000,755 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\composer.xpt
[2010/09/15 07:20:31 | 000,000,724 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\contentprefs.xpt
[2010/09/15 07:20:31 | 000,000,700 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_html.xpt
[2010/09/15 07:20:31 | 000,000,694 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\htmlparser.xpt
[2010/09/15 07:20:31 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xmldoc.xpt
[2010/09/15 07:20:31 | 000,000,679 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chardet.xpt
[2010/09/15 07:20:31 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userContent-example.css
[2010/09/15 07:20:31 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userContent-example.css
[2010/09/15 07:20:31 | 000,000,645 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\intl.xpt
[2010/09/15 07:20:31 | 000,000,605 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_htmldoc.xpt
[2010/09/15 07:20:31 | 000,000,599 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fastfind.xpt
[2010/09/15 07:20:31 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.manifest
[2010/09/15 07:20:31 | 000,000,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_sidebar.xpt
[2010/09/15 07:20:31 | 000,000,543 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appstartup.xpt
[2010/09/15 07:20:31 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\embed_base.xpt
[2010/09/15 07:20:31 | 000,000,517 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.manifest
[2010/09/15 07:20:31 | 000,000,488 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\cookie.xpt
[2010/09/15 07:20:31 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\softokn3.chk
[2010/09/15 07:20:31 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\freebl3.chk
[2010/09/15 07:20:31 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xbl.xpt
[2010/09/15 07:20:31 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom.xpt
[2010/09/15 07:20:31 | 000,000,373 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\directory.xpt
[2010/09/15 07:20:31 | 000,000,356 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\mimeTypes.rdf
[2010/09/15 07:20:31 | 000,000,349 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_json.xpt
[2010/09/15 07:20:31 | 000,000,347 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\prefs.js
[2010/09/15 07:20:31 | 000,000,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chrome.xpt
[2010/09/15 07:20:31 | 000,000,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imgicon.xpt
[2010/09/15 07:20:31 | 000,000,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_base.xpt
[2010/09/15 07:20:31 | 000,000,233 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility-msaa.xpt
[2010/09/15 07:20:31 | 000,000,226 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_views.xpt
[2010/09/15 07:20:31 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-l10n.js
[2010/09/15 07:20:31 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autoconfig.xpt
[2010/09/15 07:20:31 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\alerts.xpt
[2010/09/15 07:20:31 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\reporter.js
[2010/09/15 07:20:31 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.manifest
[2010/09/15 07:20:31 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\localstore.rdf
[2010/09/15 07:20:31 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\localstore.rdf
[2010/09/15 07:20:31 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.manifest
[2010/09/15 07:20:31 | 000,000,126 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\channel-prefs.js
[2010/09/15 07:20:31 | 000,000,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\platform.js
[2010/09/15 07:20:31 | 000,000,085 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\xpinstall.js
[2010/09/15 07:20:31 | 000,000,069 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.manifest
[2010/09/15 07:20:30 | 005,969,360 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\NPSWF32.dll
[2010/09/15 07:20:30 | 000,007,139 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\bookmarks.html
[2010/09/15 07:20:30 | 000,000,117 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\hiddenWindow.html
[2010/09/14 20:39:55 | 000,035,157 | ---- | C] () -- C:\Users\zoniq\Desktop\cv_1168256.rtf
[2010/09/13 20:37:50 | 004,003,840 | ---- | C] () -- C:\Users\zoniq\Desktop\tire.FBX
[2010/09/13 20:16:13 | 000,051,200 | ---- | C] () -- C:\Users\zoniq\Desktop\Rubber (Grey)_by_joa_grilo2376.mat
[2010/09/13 20:06:18 | 000,829,818 | ---- | C] () -- C:\Users\zoniq\Desktop\wm_original_exwalla_original.jpg
[2010/09/12 19:34:49 | 000,013,373 | ---- | C] () -- C:\Users\zoniq\Desktop\tyre_000bp.jpg
[2010/09/12 13:33:24 | 016,897,167 | ---- | C] () -- C:\Users\zoniq\Desktop\digitalin_hdr_chromFX-V2-HIRES.zip
[2010/09/12 11:39:07 | 000,195,895 | ---- | C] () -- C:\Users\zoniq\Desktop\rim.jpg
[2010/09/12 11:24:54 | 000,079,360 | ---- | C] () -- C:\Users\zoniq\Desktop\car_paint_metallics_fx.mat
[2010/09/10 19:20:16 | 000,002,173 | ---- | C] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/10 19:20:16 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/06 22:14:09 | 000,028,672 | ---- | C] () -- C:\Users\zoniq\Desktop\rims paint.mat
[2010/08/27 18:51:42 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/08/25 19:45:31 | 000,001,804 | ---- | C] () -- C:\Users\zoniq\Desktop\mafia2 - odkaz.lnk
[2010/08/24 17:18:44 | 009,655,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/07/21 19:16:50 | 000,007,605 | ---- | C] () -- C:\Users\zoniq\AppData\Local\Resmon.ResmonCfg
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

[IndiGenus]

Interesting that OTL did not find the 3 files in the SysWOW folder.

C:\Windows\SysWOW64\drivers\up.exe
C:\Windows\SysWOW64\Help64.exe
C:\Windows\SysWOW64\webe\Updater3.exe

Can you take a peek at those locations and see if they are there. You will likely need to make sure you can see hidden and system files.

http://www.bleepingcomputer.com/tuto...torial151.html

[zoniq]

In C:\Windows\SysWOW64\drivers\ there is no sign of up.exe
But there is file called surfguard.exe
Don't know if it is bad or not...just for info

And I cannot see Help64.exe and Updater3.exe

System runs still without any pop-up from my AVG....

[IndiGenus]

But there is file called surfguard.exe

That's part of the Safe Surf junk and can be removed.

Did you install something from Skybound Software called Stylelyzer? Some kind off .css editor or something?

Let's run another scanner too.

I would like you to run the following scan: Eset Online Scanner
Run with Internet Explorer

• Place a check mark in the box YES, I accept the Terms Of Use
• Click the Start button.
• Now click the Install button, or click the notification bar at the top of the window and choose to install.
• Click Start. The scanner engine will initialize and update.
• Do Not place a check mark in the box beside Remove found threats.
• Click the Scan button. The scan will now run, please be patient.
• When the scan finishes click the Details tab.
• Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.

[zoniq]

I removed surfguard.exe to recycle bin.
I don't install anything from Skybound Software, no stylelyzer, no .css editor, nothing like that..

anyway eset found some infections...here is the log:

C:\ProgramData\avg9\Temp\ab392bb3-72e4-4f55-801d-dc0aacef9d60.tmp a variant of Win32/Adware.FakeAntiSpy.E application
C:\ProgramData\avg9\Temp\c2db90a2-4f50-454d-8e90-e7bd172b7a1a.tmp a variant of Win32/Adware.FakeAntiSpy.E application
C:\ProgramData\avg9\Temp\f5bc5f3a-4f52-44be-8433-50ed287501b6.tmp a variant of Win32/Adware.FakeAntiSpy.E application
C:\Users\All Users\avg9\Temp\ab392bb3-72e4-4f55-801d-dc0aacef9d60.tmp a variant of Win32/Adware.FakeAntiSpy.E application
C:\Users\All Users\avg9\Temp\c2db90a2-4f50-454d-8e90-e7bd172b7a1a.tmp a variant of Win32/Adware.FakeAntiSpy.E application
C:\Users\All Users\avg9\Temp\f5bc5f3a-4f52-44be-8433-50ed287501b6.tmp a variant of Win32/Adware.FakeAntiSpy.E application
E:\soft\Nero 8.3.2.1\Nero-8.3.2.1b_eng_trial.exe Win32/Toolbar.AskSBar application

[IndiGenus]

I don't install anything from Skybound Software, no stylelyzer, no .css editor, nothing like that..

Ya what I figured. Looks like it came in with the safesurf junk. Looks like a bunch of stuff created in folders too. Need to check.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :dir
  C:\Windows\SysWow64\drivers\f
  C:\Windows\SysWow64\webe

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Also looks like it may have been let it when you installed 2k games or RAD game tools?

[2010/08/24 17:43:12 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll
[2010/08/24 17:43:08 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\System\binkw32.dll
[2010/08/24 17:22:20 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\2K Games
[2010/08/24 17:19:13 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/08/24 17:19:13 | 000,019,456 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/08/24 17:18:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f
[2010/08/24 17:18:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\webe

[zoniq]

Don't remeber the RAD games installation, but I've installed some games from 2k games...mafia2 etc.

here is log from systemlook:

SystemLook 04.09.10 by jpshortstuff
Log created at 18:56 on 17/09/2010 by zoniq
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== dir ==========

C:\Windows\SysWow64\drivers\f - Parameters: "(none)"

---Files---
jet.exe --a---- 9655677 bytes [15:18 24/08/2010] [14:28 02/09/2010]
sfa.txt --a---- 595940 bytes [15:19 24/08/2010] [14:49 06/09/2010]

---Folders---
1 d------ [05:20 15/09/2010]

C:\Windows\SysWow64\webe - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-= EOF =-