safesurf virus problem

**IndiGenus** · 2010-09-17, 19:06

They can go.

Run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:Files
C:\Windows\SysWow64\drivers\f
C:\Windows\SysWow64\webe

:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log

**zoniq** · 2010-09-17, 20:09

reboot log :

All processes killed
========== FILES ==========
C:\Windows\SysWow64\drivers\f\1\res\html folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\res\fonts folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\res\entityTables folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\res\dtd folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\res folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\plugins folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\modules folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\greprefs folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\dictionaries folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults\profile\US folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults\profile folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults\pref folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\components folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\chrome folder moved successfully.
C:\Windows\SysWow64\drivers\f\1 folder moved successfully.
C:\Windows\SysWow64\drivers\f folder moved successfully.
C:\Windows\SysWow64\webe folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: zoniq
->Temp folder emptied: 641206 bytes
->Temporary Internet Files folder emptied: 63794 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 93359745 bytes
->Opera cache emptied: 121880 bytes
->Flash cache emptied: 921 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65748 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 90.00 mb

OTL by OldTimer - Version 3.2.12.0 log created on 09172010_200440

Files\Folders moved on Reboot...
C:\Users\zoniq\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

**zoniq** · 2010-09-17, 20:12

.....and new scan log:

OTL logfile created on: 9/17/2010 8:09:07 PM - Run 5
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\zoniq\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 217.24 Gb Free Space | 72.88% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 92.92 Gb Free Space | 95.15% Space Free | Partition Type: NTFS
Drive E: | 200.43 Gb Total Space | 82.89 Gb Free Space | 41.36% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KOMPIK
Current User Name: zoniq
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/16 21:58:42 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
PRC - [2010/09/01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/21 16:49:12 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/19 22:13:57 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/19 22:13:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/19 22:13:52 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (SafeList) ==========

MOD - [2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/05 12:03:40 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/21 16:49:12 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/19 22:13:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/02 19:27:53 | 000,312,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/08/02 19:27:52 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/07/25 09:39:58 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/19 22:13:57 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/19 22:13:56 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/07/19 22:13:53 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/01/17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007/08/02 10:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2007/07/18 11:34:16 | 000,189,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0260Vid.sys -- (V0260VID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 71 0B 0A 6D 53 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/07/21 16:50:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/16 21:58:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/16 21:58:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\components [2010/09/10 19:20:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/18 14:00:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/09/08 19:36:54 | 000,000,000 | ---D | M]

[2010/06/18 14:00:03 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\mozilla\Extensions
[2010/06/18 14:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zoniq\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/16 20:02:38 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions
[2010/09/12 07:17:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/03 17:53:18 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/08/18 22:33:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/16 20:02:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/29 17:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/29 17:43:16 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19:40:34 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/04/01 19:40:34 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/04/01 19:40:34 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/04/01 19:40:34 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/04/01 19:40:34 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/04/01 19:40:34 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010/09/16 17:42:29 | 000,420,073 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 wat.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts:
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 14493 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{525647e2-2a16-11df-984d-0019dbf60ff8}\Shell - "" = AutoRun
O33 - MountPoints2\{525647e2-2a16-11df-984d-0019dbf60ff8}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{f24320e2-97bf-11df-83dd-0019dbf60ff8}\Shell - "" = AutoRun
O33 - MountPoints2\{f24320e2-97bf-11df-83dd-0019dbf60ff8}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/16 17:18:44 | 000,000,000 | ---D | C] -- C:\9e194e4617988486dcfb0243543ee7
[2010/09/16 17:18:30 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/15 16:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/15 15:59:40 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/15 15:49:48 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Malwarebytes
[2010/09/15 15:49:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/15 15:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/15 15:49:22 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/15 15:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/15 15:48:33 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\zoniq\Desktop\mbam-setup-1.46.exe
[2010/09/15 15:45:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\zoniq\Desktop\TFC.exe
[2010/09/15 09:16:20 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\Fh_HDRI Map Pack 01
[2010/09/15 07:23:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/14 18:52:24 | 165,665,144 | ---- | C] (NVIDIA Corporation) -- C:\Users\zoniq\Desktop\260.63_desktop_win7_winvista_64bit_international_beta.exe
[2010/09/14 16:52:41 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
[2010/09/13 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\Tires semi-glossy by Amleto
[2010/09/11 18:00:50 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/11 17:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2010/09/11 17:50:09 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\runic games
[2010/09/11 16:29:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
[2010/09/11 13:24:27 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\layered rock
[2010/09/11 13:06:36 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\DavelessSteel
[2010/09/10 19:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5
[2010/09/08 19:38:05 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Apple Computer
[2010/09/08 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\DivX
[2010/09/08 19:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/09/08 19:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/09/08 19:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/09/08 19:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/09/08 19:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/09/08 19:34:58 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Apple Computer
[2010/09/05 13:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ChaosGroup
[2010/09/05 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\plugins
[2010/09/05 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Chaos Group
[2010/09/05 13:02:21 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\3dsMax
[2010/09/05 12:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/09/05 12:46:05 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Autodesk
[2010/09/05 12:03:52 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\Inventor
[2010/09/05 12:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/09/05 12:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010/09/05 12:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/09/05 12:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2010/09/05 12:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2010/09/05 11:54:50 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Autodesk
[2010/09/05 11:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010/09/02 16:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/09/02 16:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/09/02 16:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/09/02 16:44:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/02 16:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/09/02 16:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/09/02 16:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/27 18:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Team17
[2010/08/25 16:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/08/25 16:37:59 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/08/24 18:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2010/08/24 18:27:03 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\My Games
[2010/08/24 17:43:12 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll
[2010/08/24 17:43:08 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\System\binkw32.dll
[2010/08/24 17:22:20 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\2K Games
[2010/08/24 17:19:13 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/08/24 16:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/08/24 16:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

========== Files - Modified Within 30 Days ==========

[2010/09/17 20:10:52 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/17 20:10:52 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/17 20:05:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/17 20:05:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/17 20:05:41 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/17 20:04:56 | 006,291,456 | -HS- | M] () -- C:\Users\zoniq\NTUSER.DAT
[2010/09/17 19:09:34 | 007,371,924 | -H-- | M] () -- C:\Users\zoniq\AppData\Local\IconCache.db
[2010/09/17 18:54:50 | 000,075,264 | ---- | M] () -- C:\Users\zoniq\Desktop\SystemLook.exe
[2010/09/17 18:49:29 | 064,745,114 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/17 16:57:53 | 002,672,312 | ---- | M] () -- C:\Users\zoniq\Desktop\esetsmartinstaller_enu.exe
[2010/09/16 18:49:55 | 001,318,982 | ---- | M] () -- C:\Users\zoniq\Desktop\BBS_Mask2.tif
[2010/09/16 17:42:29 | 000,420,073 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/09/15 16:52:55 | 000,003,007 | ---- | M] () -- C:\Users\zoniq\Desktop\HiJackThis.lnk
[2010/09/15 16:13:32 | 000,525,824 | ---- | M] () -- C:\Users\zoniq\Desktop\dds.scr
[2010/09/15 15:49:28 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 15:48:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\zoniq\Desktop\mbam-setup-1.46.exe
[2010/09/15 15:45:15 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\TFC.exe
[2010/09/15 12:50:36 | 000,167,014 | ---- | M] () -- C:\Users\zoniq\Desktop\BBS_GT_for_reference.jpg
[2010/09/14 20:39:55 | 000,035,157 | ---- | M] () -- C:\Users\zoniq\Desktop\cv_1168256.rtf
[2010/09/14 18:53:14 | 165,665,144 | ---- | M] (NVIDIA Corporation) -- C:\Users\zoniq\Desktop\260.63_desktop_win7_winvista_64bit_international_beta.exe
[2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
[2010/09/13 22:53:34 | 000,195,895 | ---- | M] () -- C:\Users\zoniq\Desktop\rim.jpg
[2010/09/13 20:37:51 | 004,003,840 | ---- | M] () -- C:\Users\zoniq\Desktop\tire.FBX
[2010/09/13 20:16:14 | 000,051,200 | ---- | M] () -- C:\Users\zoniq\Desktop\Rubber (Grey)_by_joa_grilo2376.mat
[2010/09/13 20:06:19 | 000,829,818 | ---- | M] () -- C:\Users\zoniq\Desktop\wm_original_exwalla_original.jpg
[2010/09/12 19:34:51 | 000,013,373 | ---- | M] () -- C:\Users\zoniq\Desktop\tyre_000bp.jpg
[2010/09/12 13:33:42 | 016,897,167 | ---- | M] () -- C:\Users\zoniq\Desktop\digitalin_hdr_chromFX-V2-HIRES.zip
[2010/09/11 18:18:49 | 000,419,895 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100916-174229.backup
[2010/09/10 19:20:16 | 000,002,173 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/10 19:20:16 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010/08/31 07:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/27 18:51:42 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/08/25 19:45:31 | 000,001,804 | ---- | M] () -- C:\Users\zoniq\Desktop\mafia2 - odkaz.lnk
[2010/08/25 16:30:58 | 000,276,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/24 17:18:36 | 000,058,736 | ---- | M] () -- C:\Users\zoniq\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/24 17:01:35 | 000,174,080 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\System\binkw32.dll
[2010/08/24 17:01:35 | 000,174,080 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll
[2010/08/21 08:05:15 | 000,000,857 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

========== Files Created - No Company Name ==========

[2010/09/17 18:54:49 | 000,075,264 | ---- | C] () -- C:\Users\zoniq\Desktop\SystemLook.exe
[2010/09/17 16:57:52 | 002,672,312 | ---- | C] () -- C:\Users\zoniq\Desktop\esetsmartinstaller_enu.exe
[2010/09/16 18:49:54 | 001,318,982 | ---- | C] () -- C:\Users\zoniq\Desktop\BBS_Mask2.tif
[2010/09/15 16:52:55 | 000,003,007 | ---- | C] () -- C:\Users\zoniq\Desktop\HiJackThis.lnk
[2010/09/15 16:13:31 | 000,525,824 | ---- | C] () -- C:\Users\zoniq\Desktop\dds.scr
[2010/09/15 15:49:28 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 12:50:34 | 000,167,014 | ---- | C] () -- C:\Users\zoniq\Desktop\BBS_GT_for_reference.jpg
[2010/09/14 20:39:55 | 000,035,157 | ---- | C] () -- C:\Users\zoniq\Desktop\cv_1168256.rtf
[2010/09/13 20:37:50 | 004,003,840 | ---- | C] () -- C:\Users\zoniq\Desktop\tire.FBX
[2010/09/13 20:16:13 | 000,051,200 | ---- | C] () -- C:\Users\zoniq\Desktop\Rubber (Grey)_by_joa_grilo2376.mat
[2010/09/13 20:06:18 | 000,829,818 | ---- | C] () -- C:\Users\zoniq\Desktop\wm_original_exwalla_original.jpg
[2010/09/12 19:34:49 | 000,013,373 | ---- | C] () -- C:\Users\zoniq\Desktop\tyre_000bp.jpg
[2010/09/12 13:33:24 | 016,897,167 | ---- | C] () -- C:\Users\zoniq\Desktop\digitalin_hdr_chromFX-V2-HIRES.zip
[2010/09/12 11:39:07 | 000,195,895 | ---- | C] () -- C:\Users\zoniq\Desktop\rim.jpg
[2010/09/12 11:24:54 | 000,079,360 | ---- | C] () -- C:\Users\zoniq\Desktop\car_paint_metallics_fx.mat
[2010/09/10 19:20:16 | 000,002,173 | ---- | C] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/10 19:20:16 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/06 22:14:09 | 000,028,672 | ---- | C] () -- C:\Users\zoniq\Desktop\rims paint.mat
[2010/08/27 18:51:42 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/08/25 19:45:31 | 000,001,804 | ---- | C] () -- C:\Users\zoniq\Desktop\mafia2 - odkaz.lnk
[2010/07/21 19:16:50 | 000,007,605 | ---- | C] () -- C:\Users\zoniq\AppData\Local\Resmon.ResmonCfg
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

**zoniq** · 2010-09-17, 20:34

Oh and I remember now what is radgametools....
I recently have problem with binkw32.dll with mafia2.
I cannot run the game because of this file missing, so I search the web and found that binkw32.dll is some kind of bink video codec used normally in games.
And this binkw32.dll is made by radgame tools.

Here is post that i found to solve my "problem"; don't know if it is important, but it's from http://www.tomshardware.co.uk/forum/...inkw32-missing

**IndiGenus** · 2010-09-17, 20:56

Okay so how's everything running now?

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

**zoniq** · 2010-09-17, 21:06

the system is now running good without any pop-ups from AVG.
When I scanned my computer with kasperski or eset, the pop-ups appeared, but now it is all right...

the log from security check:

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.3
Mozilla Firefox (x86 sk..) Firefox Out of Date!
Mozilla Thunderbird (3.0.4) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

**IndiGenus** · 2010-09-17, 21:21

Have you run a full scan with AVG? If not I'd suggest that.

Uninstall OTL and related files/folders

Make sure you have an Internet Connection.
Double-click OTL.exe to run it.
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
Click Yes to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which may be infected anyway).

Click Start, then right click Computer and select properties.
Click the System Protection link on the left.
Click the Create button to make a new restore point.

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section. This will clear out all old restore points except the one you just created.

**IndiGenus** · 2010-09-17, 21:23

Now that you are clean please take some time to read through TonyKlein's So how did I get infected in the first place?

**zoniq** · 2010-09-17, 21:34

Ok then

done...

Thank you very much for your time and energy once more

**IndiGenus** · 2010-09-17, 21:40

Yes, we should be all set. I'll leave the thread open a few days in case you have questions or issues.

You're welcome, and good luck.
Dave

Thread: safesurf virus problem

Thread Tools

Display

Posting Permissions