safesurf virus problem

[zoniq]

Hi,
I have a problem..in my process list suddenly appear process called safesurf, and AVG still detect it as a threat. Can you help me pls remove it?

my dds:

DDS (Ver_10-03-17.01) - NTFSX64
Run by zoniq at 7:54:43,39 on ne 12. 09. 2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.4095.2541 [GMT 2:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system\dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Windows\SysWOW64\drivers\safesurf.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\drivers\surfguard.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\TEMP\Stm.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\zoniq\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [jsafesurf] c:\windows\syswow64\drivers\safesurf.exe
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [YXE7DXCQ37] c:\windows\temp\Stm.exe
dRun: [Metropolis] rundll32.exe c:\windows\system32\sshnas21.dll,GetHandle
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\zoniq\appdata\roaming\mozilla\firefox\profiles\u8fwv41d.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files (x86)\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-7-19 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-7-19 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-7-19 317520]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-7-19 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-19 308136]
R2 darkness;IpSectPro service;c:\windows\system\dwm.exe [2010-9-11 59392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-2-19 1153368]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-8-2 12672]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-1-17 18816]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-2 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-9-5 1436424]
S3 HTCAND64;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 32768]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2010-5-1 189664]
S3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-18 1255736]

=============== Created Last 30 ================

2010-09-11 20:26:43 266752 ----a-w- c:\windows\syswow64\sshnas21.dll
2010-09-11 16:00:50 0 d--h--w- C:\$AVG
2010-09-11 16:00:34 59392 ----a-w- c:\windows\system\dwm.exe
2010-09-11 15:59:55 0 d-----w- c:\program files (x86)\Runic Games
2010-09-11 15:50:09 0 d-----w- c:\users\zoniq\appdata\roaming\runic games
2010-09-10 17:20:12 0 d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 5
2010-09-08 17:36:34 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-09-08 17:36:30 0 d-----w- c:\program files\DivX
2010-09-08 17:36:19 0 d-----w- c:\program files (x86)\common files\DivX Shared
2010-09-08 17:35:56 0 d-----w- c:\program files (x86)\DivX
2010-09-08 17:35:35 0 d-----w- c:\programdata\DivX
2010-09-05 11:16:01 0 d-----w- c:\program files\common files\ChaosGroup
2010-09-05 11:15:59 0 d-----w- c:\program files\plugins
2010-09-05 11:15:59 0 d-----w- c:\program files\Chaos Group
2010-09-05 10:46:08 0 d-----w- c:\programdata\FLEXnet
2010-09-05 10:03:40 0 d-----w- c:\program files\common files\Macrovision Shared
2010-09-05 10:02:36 0 d-----w- c:\program files\common files\Autodesk Shared
2010-09-05 10:02:36 0 d-----w- c:\program files\Autodesk
2010-09-05 10:01:01 0 d-----w- c:\program files (x86)\common files\Autodesk Shared
2010-09-05 10:00:48 0 d-----w- c:\program files (x86)\Autodesk
2010-09-05 09:54:50 0 d-----w- c:\users\zoniq\appdata\roaming\Autodesk
2010-09-05 09:54:50 0 d-----w- c:\programdata\Autodesk
2010-09-02 14:45:16 0 d-----w- c:\program files (x86)\Microsoft
2010-09-02 14:45:01 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-09-02 14:44:39 0 d-----w- c:\windows\PCHEALTH
2010-09-02 14:44:25 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-09-02 14:37:57 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-09-02 14:36:24 0 d-----w- c:\programdata\NVIDIA Corporation
2010-08-27 16:50:21 0 d-----w- c:\program files (x86)\Team17
2010-08-25 14:55:40 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-08-25 14:37:59 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-25 14:37:59 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-24 16:27:03 0 d-----w- c:\programdata\Stardock
2010-08-24 15:43:12 174080 ----a-w- c:\windows\system32\binkw32.dll
2010-08-24 15:43:08 174080 ----a-w- c:\windows\system\binkw32.dll
2010-08-24 15:18:18 0 d-----w- c:\windows\syswow64\webe
2010-08-24 14:38:48 0 d-----w- c:\program files (x86)\common files\Steam
2010-08-24 14:38:46 0 d-----w- c:\program files (x86)\Steam
2010-08-18 17:39:32 0 d-----w- c:\programdata\McAfee
2010-08-15 20:32:18 817664 ----a-w- c:\windows\syswow64\Help64.exe

==================== Find3M ====================

2010-08-02 17:27:53 312480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-08-02 17:27:52 43168 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-07-29 15:43:16 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-29 15:43:16 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-29 15:43:16 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-29 15:43:16 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-25 07:39:58 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-19 20:13:57 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-07-19 20:13:57 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-07-19 20:13:56 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-07-19 20:13:53 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-07-09 14:27:02 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 14:27:02 1585256 ----a-w- c:\windows\system32\nvsvc64.dll
2010-07-09 14:27:02 15314024 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:27:02 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 7:55:30,46 ===============

 

[IndiGenus]

Hi zoniq and welcome to the forums.

:snwelcome:

Run OTL and post the logs

OTL - Download or alternative link here and here

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in
  
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\System32\config\*.sav
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[zoniq]

Hi again, and thanks for reply :thanks:

I don't know if I do it right, but my spybot and AVG was active when scanning with OTL.
If it is necessary, I can scan it once more with disabled resident shield of AVG, and teatimer.
And while scanning, my AVG pops up three times with infection found; name of the process was OTL.exe.

Here are the logs:

Part one of the OTL.txt:

OTL logfile created on: 9/14/2010 4:54:17 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\zoniq\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 214.95 Gb Free Space | 72.11% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 92.92 Gb Free Space | 95.15% Space Free | Partition Type: NTFS
Drive E: | 200.43 Gb Total Space | 59.52 Gb Free Space | 29.70% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KOMPIK
Current User Name: zoniq
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
PRC - [2010/09/02 11:55:05 | 000,211,968 | ---- | M] (JetSwap) -- C:\Windows\SysWOW64\drivers\safesurf.exe
PRC - [2010/09/01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/21 16:49:12 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/19 22:13:57 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/19 22:13:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/19 22:13:52 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/19 22:13:27 | 001,054,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgupd.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/05 12:03:40 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/11 18:00:32 | 000,059,392 | ---- | M] () [Auto | Stopped] -- C:\Windows\system\dwm.exe -- (darkness)
SRV - [2010/07/21 16:49:12 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/19 22:13:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/02 19:27:53 | 000,312,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/08/02 19:27:52 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/07/25 09:39:58 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/19 22:13:57 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/19 22:13:56 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/07/19 22:13:53 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/01/17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007/08/02 10:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2007/07/18 11:34:16 | 000,189,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0260Vid.sys -- (V0260VID)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 71 0B 0A 6D 53 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/07/21 16:50:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/09 16:32:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/09 16:32:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\components [2010/09/10 19:20:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/18 14:00:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/09/08 19:36:54 | 000,000,000 | ---D | M]

[2010/06/18 14:00:03 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\mozilla\Extensions
[2010/06/18 14:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zoniq\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/13 19:32:56 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions
[2010/09/12 07:17:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/03 17:53:18 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/08/18 22:33:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/13 19:32:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/29 17:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/29 17:43:16 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19:40:34 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/04/01 19:40:34 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/04/01 19:40:34 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/04/01 19:40:34 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/04/01 19:40:34 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/04/01 19:40:34 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010/09/11 18:18:49 | 000,419,895 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 wat.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 14487 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [jsafesurf] C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{525647e2-2a16-11df-984d-0019dbf60ff8}\Shell - "" = AutoRun
O33 - MountPoints2\{525647e2-2a16-11df-984d-0019dbf60ff8}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{f24320e2-97bf-11df-83dd-0019dbf60ff8}\Shell - "" = AutoRun
O33 - MountPoints2\{f24320e2-97bf-11df-83dd-0019dbf60ff8}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.I420 - File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/14 16:52:41 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
[2010/09/14 16:50:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache
[2010/09/14 16:50:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\dictionaries
[2010/09/14 16:50:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\pref
[2010/09/14 16:50:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\modules
[2010/09/14 16:50:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\greprefs
[2010/09/14 16:50:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\fonts
[2010/09/14 16:50:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\entityTables
[2010/09/14 16:50:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig
[2010/09/14 16:50:02 | 000,701,400 | ---- | C] (Netscape Communications Corporation) -- C:\Windows\SysWow64\drivers\f\1\js3250.dll
[2010/09/14 16:50:02 | 000,443,352 | ---- | C] (sqlite.org) -- C:\Windows\SysWow64\drivers\f\1\sqlite3.dll
[2010/09/14 16:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US
[2010/09/14 16:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res
[2010/09/14 16:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile
[2010/09/14 16:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\plugins
[2010/09/14 16:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\html
[2010/09/14 16:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\dtd
[2010/09/14 16:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults
[2010/09/14 16:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\components
[2010/09/14 16:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome
[2010/09/14 16:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome
[2010/09/14 16:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\chrome
[2010/09/14 16:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1
[2010/09/13 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\Tires semi-glossy by Amleto
[2010/09/11 18:00:50 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/11 17:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2010/09/11 17:50:09 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\runic games
[2010/09/11 16:29:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
[2010/09/11 13:24:27 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\layered rock
[2010/09/11 13:06:36 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\DavelessSteel
[2010/09/10 19:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5
[2010/09/08 19:38:05 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Apple Computer
[2010/09/08 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\DivX
[2010/09/08 19:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/09/08 19:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/09/08 19:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/09/08 19:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/09/08 19:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/09/08 19:34:58 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Apple Computer
[2010/09/05 13:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ChaosGroup
[2010/09/05 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\plugins
[2010/09/05 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Chaos Group
[2010/09/05 13:02:21 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\3dsMax
[2010/09/05 12:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/09/05 12:46:05 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Autodesk
[2010/09/05 12:03:52 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\Inventor
[2010/09/05 12:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/09/05 12:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010/09/05 12:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/09/05 12:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2010/09/05 12:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2010/09/05 11:54:50 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Autodesk
[2010/09/05 11:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010/09/02 16:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/09/02 16:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/09/02 16:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/09/02 16:44:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/02 16:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/09/02 16:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/09/02 16:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/27 18:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Team17
[2010/08/25 16:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/08/24 18:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2010/08/24 18:27:03 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\My Games
[2010/08/24 17:43:12 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll
[2010/08/24 17:43:08 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\System\binkw32.dll
[2010/08/24 17:22:20 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\2K Games
[2010/08/24 17:19:13 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/08/24 17:19:13 | 000,019,456 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/08/24 17:18:44 | 000,016,896 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\up.exe
[2010/08/24 17:18:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f
[2010/08/24 17:18:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\webe
[2010/08/24 16:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/08/24 16:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/08/18 19:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/08/18 17:56:43 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\arboretum
[2010/08/14 11:26:53 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Namco
[2010/07/29 17:50:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/07/29 17:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/29 17:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/29 17:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/07/28 18:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/07/28 17:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010/07/26 19:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disney Interactive Studios
[2010/07/25 22:18:04 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/07/25 22:17:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010/07/25 09:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/07/25 09:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/07/25 09:26:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/07/20 18:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/07/19 22:13:57 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/19 22:11:29 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/19 22:11:22 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/19 22:11:13 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/07/19 22:11:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/07/19 22:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/07/10 11:24:51 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\NVIDIA
[2010/07/10 10:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010/07/10 10:38:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010/07/10 05:38:00 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/10 05:38:00 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/09 16:29:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/06/30 17:34:21 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Need for Speed World
[2010/06/25 21:39:35 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Electronic_Arts_Inc
[2010/06/25 18:15:10 | 000,211,968 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\safesurf.exe
[2010/06/25 16:45:41 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\ElevatedDiagnostics
[2010/06/23 16:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/06/18 14:00:02 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Thunderbird
[2010/06/18 14:00:02 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Thunderbird
[2010/06/18 13:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/14 16:56:56 | 006,291,456 | -HS- | M] () -- C:\Users\zoniq\NTUSER.DAT
[2010/09/14 16:54:14 | 064,607,632 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/14 16:53:35 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/14 16:53:35 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
[2010/09/14 16:50:07 | 000,142,385 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/09/14 16:50:05 | 000,102,022 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/09/14 16:49:40 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/14 16:48:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/14 16:48:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/14 16:48:21 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/13 23:07:38 | 007,396,765 | -H-- | M] () -- C:\Users\zoniq\AppData\Local\IconCache.db
[2010/09/13 22:53:34 | 000,195,895 | ---- | M] () -- C:\Users\zoniq\Desktop\rim.jpg
[2010/09/13 20:37:51 | 004,003,840 | ---- | M] () -- C:\Users\zoniq\Desktop\tire.FBX
[2010/09/13 20:16:14 | 000,051,200 | ---- | M] () -- C:\Users\zoniq\Desktop\Rubber (Grey)_by_joa_grilo2376.mat
[2010/09/13 20:06:19 | 000,829,818 | ---- | M] () -- C:\Users\zoniq\Desktop\wm_original_exwalla_original.jpg
[2010/09/13 19:03:06 | 000,013,553 | ---- | M] () -- C:\Users\zoniq\Desktop\mfhmdardeaholjulmic_qt.mp4.torrent
[2010/09/12 19:34:51 | 000,013,373 | ---- | M] () -- C:\Users\zoniq\Desktop\tyre_000bp.jpg
[2010/09/12 15:20:04 | 000,001,680 | ---- | M] () -- C:\Users\zoniq\Desktop\Torchlight - odkaz.lnk
[2010/09/12 13:33:42 | 016,897,167 | ---- | M] () -- C:\Users\zoniq\Desktop\digitalin_hdr_chromFX-V2-HIRES.zip
[2010/09/12 07:47:02 | 000,525,824 | ---- | M] () -- C:\Users\zoniq\Desktop\dds.scr
[2010/09/12 07:38:03 | 003,842,655 | ---- | M] () -- C:\Users\zoniq\Desktop\ComboFix.exe
[2010/09/11 18:33:02 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/09/11 18:18:49 | 000,419,895 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/09/11 18:13:18 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/09/11 18:13:18 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/09/11 18:13:18 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/09/11 18:13:18 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/09/11 18:02:32 | 000,266,752 | ---- | M] () -- C:\Windows\SysWow64\sshnas21.dll
[2010/09/10 19:20:16 | 000,002,173 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/10 19:20:16 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/02 16:28:13 | 009,655,677 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/09/02 16:28:08 | 000,016,896 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\up.exe
[2010/09/02 11:55:06 | 000,019,456 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/09/02 11:55:05 | 000,211,968 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\safesurf.exe
[2010/08/27 19:11:33 | 000,009,456 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\nsRequestService.js
[2010/08/27 18:51:42 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/08/25 19:45:31 | 000,001,804 | ---- | M] () -- C:\Users\zoniq\Desktop\mafia2 - odkaz.lnk
[2010/08/25 16:30:58 | 000,276,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/24 17:18:36 | 000,058,736 | ---- | M] () -- C:\Users\zoniq\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/24 17:01:35 | 000,174,080 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\System\binkw32.dll
[2010/08/24 17:01:35 | 000,174,080 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll
[2010/08/21 08:05:15 | 000,000,857 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/17 10:14:07 | 119,325,084 | ---- | M] () -- C:\Users\zoniq\Desktop\Navigon_folder_android_q1_2010(2).rar
[2010/08/17 09:37:33 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/17 09:37:33 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/17 09:37:33 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/15 22:32:18 | 000,817,664 | ---- | M] () -- C:\Windows\SysWow64\Help64.exe
[2010/08/11 16:18:47 | 000,417,353 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100911-181849.backup
[2010/08/02 19:27:53 | 000,312,480 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010/08/02 19:27:52 | 000,043,168 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010/07/27 21:11:40 | 000,001,316 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/25 09:39:58 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/24 20:51:16 | 000,000,971 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/21 19:16:50 | 000,007,605 | ---- | M] () -- C:\Users\zoniq\AppData\Local\Resmon.ResmonCfg
[2010/07/19 22:13:57 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/19 22:13:57 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/19 22:13:56 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/07/19 22:13:53 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/19 22:11:13 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/07/10 05:38:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/10 05:38:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/10 05:38:00 | 000,012,264 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/07/01 16:17:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2010/06/18 13:59:57 | 000,002,033 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

[zoniq]

part two of the OTL.txt:

========== Files Created - No Company Name ==========

[2010/09/14 16:50:15 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cert8.db
[2010/09/14 16:50:15 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\urlclassifier3.sqlite
[2010/09/14 16:50:15 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\key3.db
[2010/09/14 16:50:14 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\secmod.db
[2010/09/14 16:50:14 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_003_
[2010/09/14 16:50:14 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_002_
[2010/09/14 16:50:14 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_001_
[2010/09/14 16:50:14 | 000,000,276 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_MAP_
[2010/09/14 16:50:10 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\webappsstore.sqlite
[2010/09/14 16:50:08 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\permissions.sqlite
[2010/09/14 16:50:08 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cookies.sqlite
[2010/09/14 16:50:07 | 000,142,385 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/09/14 16:50:07 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite
[2010/09/14 16:50:07 | 000,066,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite-journal
[2010/09/14 16:50:05 | 000,102,022 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/09/14 16:50:04 | 000,000,858 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\grabber.gif
[2010/09/14 16:50:04 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-hover.gif
[2010/09/14 16:50:04 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row.gif
[2010/09/14 16:50:04 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-hover.gif
[2010/09/14 16:50:04 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column.gif
[2010/09/14 16:50:04 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-active.gif
[2010/09/14 16:50:04 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-active.gif
[2010/09/14 16:50:04 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-hover.gif
[2010/09/14 16:50:04 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after.gif
[2010/09/14 16:50:04 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-hover.gif
[2010/09/14 16:50:04 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after.gif
[2010/09/14 16:50:04 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-hover.gif
[2010/09/14 16:50:04 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before.gif
[2010/09/14 16:50:04 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-hover.gif
[2010/09/14 16:50:04 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before.gif
[2010/09/14 16:50:04 | 000,000,619 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html\folder.png
[2010/09/14 16:50:04 | 000,000,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\loading-image.gif
[2010/09/14 16:50:04 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-active.gif
[2010/09/14 16:50:04 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-active.gif
[2010/09/14 16:50:04 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-active.gif
[2010/09/14 16:50:04 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-active.gif
[2010/09/14 16:50:03 | 001,915,137 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.jar
[2010/09/14 16:50:03 | 000,348,994 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\browser.xpt
[2010/09/14 16:50:03 | 000,333,726 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsExtensionManager.js
[2010/09/14 16:50:03 | 000,317,480 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.jar
[2010/09/14 16:50:03 | 000,115,501 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUpdateService.js
[2010/09/14 16:50:03 | 000,110,913 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchService.js
[2010/09/14 16:50:03 | 000,077,051 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsMicrosummaryService.js
[2010/09/14 16:50:03 | 000,076,993 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStore.js
[2010/09/14 16:50:03 | 000,072,928 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\all.js
[2010/09/14 16:50:03 | 000,066,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedProcessor.js
[2010/09/14 16:50:03 | 000,064,412 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\Microformats.js
[2010/09/14 16:50:03 | 000,061,758 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\utils.js
[2010/09/14 16:50:03 | 000,056,411 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfont.properties
[2010/09/14 16:50:03 | 000,051,214 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHandlerService.js
[2010/09/14 16:50:03 | 000,050,600 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierLib.js
[2010/09/14 16:50:03 | 000,049,926 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage-Legacy.js
[2010/09/14 16:50:03 | 000,049,780 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedWriter.js
[2010/09/14 16:50:03 | 000,044,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManager.js
[2010/09/14 16:50:03 | 000,041,950 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHelperAppDlg.js
[2010/09/14 16:50:03 | 000,040,367 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManagerPrompter.js
[2010/09/14 16:50:03 | 000,038,499 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\transliterate.properties
[2010/09/14 16:50:03 | 000,038,238 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fuelApplication.js
[2010/09/14 16:50:03 | 000,037,314 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProgressDialog.js
[2010/09/14 16:50:03 | 000,036,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLivemarkService.js
[2010/09/14 16:50:03 | 000,035,256 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXmlRpcClient.js
[2010/09/14 16:50:03 | 000,035,102 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox.js
[2010/09/14 16:50:03 | 000,034,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\WebContentConverter.js
[2010/09/14 16:50:03 | 000,033,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPlacesTransactionsService.js
[2010/09/14 16:50:03 | 000,033,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserContentHandler.js
[2010/09/14 16:50:03 | 000,032,409 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserGlue.js
[2010/09/14 16:50:03 | 000,030,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBlocklistService.js
[2010/09/14 16:50:03 | 000,030,004 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\mathml20.properties
[2010/09/14 16:50:03 | 000,029,973 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentPrefService.js
[2010/09/14 16:50:03 | 000,025,339 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedConverter.js
[2010/09/14 16:50:03 | 000,025,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSafebrowsingApplication.js
[2010/09/14 16:50:03 | 000,024,273 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchSuggestions.js
[2010/09/14 16:50:03 | 000,023,460 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_svg.xpt
[2010/09/14 16:50:03 | 000,021,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPostUpdateWin.js
[2010/09/14 16:50:03 | 000,019,983 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierListManager.js
[2010/09/14 16:50:03 | 000,019,182 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility.xpt
[2010/09/14 16:50:03 | 000,018,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_html.xpt
[2010/09/14 16:50:03 | 000,017,380 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\DownloadUtils.jsm
[2010/09/14 16:50:03 | 000,017,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko.xpt
[2010/09/14 16:50:03 | 000,013,682 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProxyAutoConfig.js
[2010/09/14 16:50:03 | 000,013,443 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.jar
[2010/09/14 16:50:03 | 000,012,938 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipnss.xpt
[2010/09/14 16:50:03 | 000,012,513 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSidebar.js
[2010/09/14 16:50:03 | 000,012,091 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\distribution.js
[2010/09/14 16:50:03 | 000,011,997 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_css.xpt
[2010/09/14 16:50:03 | 000,011,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsAddonRepository.js
[2010/09/14 16:50:03 | 000,011,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\places.xpt
[2010/09/14 16:50:03 | 000,011,557 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\editor.xpt
[2010/09/14 16:50:03 | 000,011,428 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStartup.js
[2010/09/14 16:50:03 | 000,011,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetalias.properties
[2010/09/14 16:50:03 | 000,011,151 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\widget.xpt
[2010/09/14 16:50:03 | 000,011,095 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_ds.xpt
[2010/09/14 16:50:03 | 000,010,561 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\docshell_base.xpt
[2010/09/14 16:50:03 | 000,009,998 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\XPCOMUtils.jsm
[2010/09/14 16:50:03 | 000,009,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTaggingService.js
[2010/09/14 16:50:03 | 000,009,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetData.properties
[2010/09/14 16:50:03 | 000,009,477 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_base.xpt
[2010/09/14 16:50:03 | 000,009,456 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsRequestService.js
[2010/09/14 16:50:03 | 000,009,066 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_base.xpt
[2010/09/14 16:50:03 | 000,008,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpconnect.xpt
[2010/09/14 16:50:03 | 000,008,278 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXULAppInstall.js
[2010/09/14 16:50:03 | 000,007,585 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\PluralForm.jsm
[2010/09/14 16:50:03 | 000,007,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_io.xpt
[2010/09/14 16:50:03 | 000,007,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xul.xpt
[2010/09/14 16:50:03 | 000,007,301 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_core.xpt
[2010/09/14 16:50:03 | 000,007,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\prefcalls.js
[2010/09/14 16:50:03 | 000,007,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsResetPref.js
[2010/09/14 16:50:03 | 000,007,039 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\ISO8601DateUtils.jsm
[2010/09/14 16:50:03 | 000,006,920 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsWebHandlerApp.js
[2010/09/14 16:50:03 | 000,006,869 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_events.xpt
[2010/09/14 16:50:03 | 000,006,721 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\JSON.jsm
[2010/09/14 16:50:03 | 000,006,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontUnicode.properties
[2010/09/14 16:50:03 | 000,006,667 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txEXSLTRegExFunctions.js
[2010/09/14 16:50:03 | 000,006,265 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDefaultCLH.js
[2010/09/14 16:50:03 | 000,006,029 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsdservice.xpt
[2010/09/14 16:50:03 | 000,005,737 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDownloadManagerUI.js
[2010/09/14 16:50:03 | 000,005,649 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\langGroups.properties
[2010/09/14 16:50:03 | 000,005,510 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webBrowser_core.xpt
[2010/09/14 16:50:03 | 000,005,493 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXNonUnicode.properties
[2010/09/14 16:50:03 | 000,005,490 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\language.properties
[2010/09/14 16:50:03 | 000,005,145 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\plugin.xpt
[2010/09/14 16:50:03 | 000,005,005 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentDispatchChooser.js
[2010/09/14 16:50:03 | 000,004,908 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\rdf.xpt
[2010/09/14 16:50:03 | 000,004,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDictionary.js
[2010/09/14 16:50:03 | 000,004,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginInfo.js
[2010/09/14 16:50:03 | 000,004,090 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Symbols.properties
[2010/09/14 16:50:03 | 000,003,954 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSymbol.properties
[2010/09/14 16:50:03 | 000,003,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\xulrunner.js
[2010/09/14 16:50:03 | 000,003,902 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontStandardSymbolsL.properties
[2010/09/14 16:50:03 | 000,003,831 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\extensions.xpt
[2010/09/14 16:50:03 | 000,003,731 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul_tree.xpt
[2010/09/14 16:50:03 | 000,003,690 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Latin1.properties
[2010/09/14 16:50:03 | 000,003,603 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autocomplete.xpt
[2010/09/14 16:50:03 | 000,003,378 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\security-prefs.js
[2010/09/14 16:50:03 | 000,003,290 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pref.xpt
[2010/09/14 16:50:03 | 000,003,274 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\feeds.xpt
[2010/09/14 16:50:03 | 000,003,268 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTryToClose.js
[2010/09/14 16:50:03 | 000,003,185 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_base.xpt
[2010/09/14 16:50:03 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage.xpt
[2010/09/14 16:50:03 | 000,003,142 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pluginGlue.js
[2010/09/14 16:50:03 | 000,003,115 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsURLFormatter.js
[2010/09/14 16:50:03 | 000,003,104 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBadCertHandler.js
[2010/09/14 16:50:03 | 000,003,040 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_components.xpt
[2010/09/14 16:50:03 | 000,003,033 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXSize1.properties
[2010/09/14 16:50:03 | 000,003,021 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imglib2.xpt
[2010/09/14 16:50:03 | 000,002,958 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\shistory.xpt
[2010/09/14 16:50:03 | 000,002,927 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRobots.js
[2010/09/14 16:50:03 | 000,002,925 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRights.js
[2010/09/14 16:50:03 | 000,002,854 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSetDefaultBrowser.js
[2010/09/14 16:50:03 | 000,002,793 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowwatcher.xpt
[2010/09/14 16:50:03 | 000,002,738 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\debug.js
[2010/09/14 16:50:03 | 000,002,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\caps.xpt
[2010/09/14 16:50:03 | 000,002,713 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uriloader.xpt
[2010/09/14 16:50:03 | 000,002,646 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\update.xpt
[2010/09/14 16:50:03 | 000,002,621 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_loadsave.xpt
[2010/09/14 16:50:03 | 000,002,602 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_http.xpt
[2010/09/14 16:50:03 | 000,002,595 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cache.xpt
[2010/09/14 16:50:03 | 000,002,547 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appshell.xpt
[2010/09/14 16:50:03 | 000,002,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xtf.xpt
[2010/09/14 16:50:03 | 000,002,502 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\inspector.xpt
[2010/09/14 16:50:03 | 000,002,425 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xultmpl.xpt
[2010/09/14 16:50:03 | 000,002,396 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Special.properties
[2010/09/14 16:50:03 | 000,002,369 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\saxparser.xpt
[2010/09/14 16:50:03 | 000,002,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_thread.xpt
[2010/09/14 16:50:03 | 000,002,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\downloads.xpt
[2010/09/14 16:50:03 | 000,002,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul.xpt
[2010/09/14 16:50:03 | 000,002,080 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\wincharset.properties
[2010/09/14 16:50:03 | 000,002,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webbrowserpersist.xpt
[2010/09/14 16:50:03 | 000,002,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mimetype.xpt
[2010/09/14 16:50:03 | 000,001,981 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthandler.xpt
[2010/09/14 16:50:03 | 000,001,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\htmlEntityVersions.properties
[2010/09/14 16:50:03 | 000,001,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_canvas.xpt
[2010/09/14 16:50:03 | 000,001,896 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_system.xpt
[2010/09/14 16:50:03 | 000,001,789 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandhandler.xpt
[2010/09/14 16:50:03 | 000,001,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\loginmgr.xpt
[2010/09/14 16:50:03 | 000,001,648 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cookie.xpt
[2010/09/14 16:50:03 | 000,001,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_xpti.xpt
[2010/09/14 16:50:03 | 000,001,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsconsole-clhandler.js
[2010/09/14 16:50:03 | 000,001,508 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthelper.xpt
[2010/09/14 16:50:03 | 000,001,491 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uconv.xpt
[2010/09/14 16:50:03 | 000,001,475 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_strconv.xpt
[2010/09/14 16:50:03 | 000,001,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\gfx.xpt
[2010/09/14 16:50:03 | 000,001,417 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xpath.xpt
[2010/09/14 16:50:03 | 000,001,346 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jar.xpt
[2010/09/14 16:50:03 | 000,001,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xslt.xpt
[2010/09/14 16:50:03 | 000,001,293 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webshell_idls.xpt
[2010/09/14 16:50:03 | 000,001,282 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_traversal.xpt
[2010/09/14 16:50:03 | 000,001,263 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_offline.xpt
[2010/09/14 16:50:03 | 000,001,260 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\locale.xpt
[2010/09/14 16:50:03 | 000,001,258 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txmgr.xpt
[2010/09/14 16:50:03 | 000,001,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_range.xpt
[2010/09/14 16:50:03 | 000,001,209 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xuldoc.xpt
[2010/09/14 16:50:03 | 000,001,181 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\unicharutil.xpt
[2010/09/14 16:50:03 | 000,001,179 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\prefetch.xpt
[2010/09/14 16:50:03 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\oji.xpt
[2010/09/14 16:50:03 | 000,001,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpinstall.xpt
[2010/09/14 16:50:03 | 000,001,088 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\toolkitprofile.xpt
[2010/09/14 16:50:03 | 000,001,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_dns.xpt
[2010/09/14 16:50:03 | 000,001,060 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\spellchecker.xpt
[2010/09/14 16:50:03 | 000,001,036 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\find.xpt
[2010/09/14 16:50:03 | 000,001,019 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_stylesheets.xpt
[2010/09/14 16:50:03 | 000,001,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xml-rpc.xpt
[2010/09/14 16:50:03 | 000,000,960 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandlines.xpt
[2010/09/14 16:50:03 | 000,000,915 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-branding.js
[2010/09/14 16:50:03 | 000,000,911 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_printing.xpt
[2010/09/14 16:50:03 | 000,000,893 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_socket.xpt
[2010/09/14 16:50:03 | 000,000,874 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_storage.xpt
[2010/09/14 16:50:03 | 000,000,856 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\flashplayer.xpt
[2010/09/14 16:50:03 | 000,000,845 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozfind.xpt
[2010/09/14 16:50:03 | 000,000,774 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.manifest
[2010/09/14 16:50:03 | 000,000,771 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\zipwriter.xpt
[2010/09/14 16:50:03 | 000,000,759 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txtsvc.xpt
[2010/09/14 16:50:03 | 000,000,755 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\composer.xpt
[2010/09/14 16:50:03 | 000,000,724 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\contentprefs.xpt
[2010/09/14 16:50:03 | 000,000,718 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\satchel.xpt
[2010/09/14 16:50:03 | 000,000,700 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_html.xpt
[2010/09/14 16:50:03 | 000,000,694 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\htmlparser.xpt
[2010/09/14 16:50:03 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xmldoc.xpt
[2010/09/14 16:50:03 | 000,000,679 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chardet.xpt
[2010/09/14 16:50:03 | 000,000,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\profile.xpt
[2010/09/14 16:50:03 | 000,000,645 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\intl.xpt
[2010/09/14 16:50:03 | 000,000,628 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipboot.xpt
[2010/09/14 16:50:03 | 000,000,613 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp.xpt
[2010/09/14 16:50:03 | 000,000,605 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_htmldoc.xpt
[2010/09/14 16:50:03 | 000,000,599 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fastfind.xpt
[2010/09/14 16:50:03 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.manifest
[2010/09/14 16:50:03 | 000,000,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_sidebar.xpt
[2010/09/14 16:50:03 | 000,000,543 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appstartup.xpt
[2010/09/14 16:50:03 | 000,000,537 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\parentalcontrols.xpt
[2010/09/14 16:50:03 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\embed_base.xpt
[2010/09/14 16:50:03 | 000,000,517 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.manifest
[2010/09/14 16:50:03 | 000,000,488 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\cookie.xpt
[2010/09/14 16:50:03 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xbl.xpt
[2010/09/14 16:50:03 | 000,000,437 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_file.xpt
[2010/09/14 16:50:03 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pippki.xpt
[2010/09/14 16:50:03 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom.xpt
[2010/09/14 16:50:03 | 000,000,373 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\directory.xpt
[2010/09/14 16:50:03 | 000,000,356 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\mimeTypes.rdf
[2010/09/14 16:50:03 | 000,000,349 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_json.xpt
[2010/09/14 16:50:03 | 000,000,347 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\prefs.js
[2010/09/14 16:50:03 | 000,000,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chrome.xpt
[2010/09/14 16:50:03 | 000,000,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imgicon.xpt
[2010/09/14 16:50:03 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_about.xpt
[2010/09/14 16:50:03 | 000,000,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_base.xpt
[2010/09/14 16:50:03 | 000,000,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozbrwsr.xpt
[2010/09/14 16:50:03 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\proxyObject.xpt
[2010/09/14 16:50:03 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_res.xpt
[2010/09/14 16:50:03 | 000,000,233 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility-msaa.xpt
[2010/09/14 16:50:03 | 000,000,226 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_views.xpt
[2010/09/14 16:50:03 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-l10n.js
[2010/09/14 16:50:03 | 000,000,212 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowds.xpt
[2010/09/14 16:50:03 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autoconfig.xpt
[2010/09/14 16:50:03 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\alerts.xpt
[2010/09/14 16:50:03 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\reporter.js
[2010/09/14 16:50:03 | 000,000,201 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_ftp.xpt
[2010/09/14 16:50:03 | 000,000,198 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp_setup.xpt
[2010/09/14 16:50:03 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_viewsource.xpt
[2010/09/14 16:50:03 | 000,000,174 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\lwbrk.xpt
[2010/09/14 16:50:03 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\urlformatter.xpt
[2010/09/14 16:50:03 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.manifest
[2010/09/14 16:50:03 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\localstore.rdf
[2010/09/14 16:50:03 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\localstore.rdf
[2010/09/14 16:50:03 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.manifest
[2010/09/14 16:50:03 | 000,000,126 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\channel-prefs.js
[2010/09/14 16:50:03 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\broken-image.gif
[2010/09/14 16:50:03 | 000,000,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\platform.js
[2010/09/14 16:50:03 | 000,000,085 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\xpinstall.js
[2010/09/14 16:50:03 | 000,000,069 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.manifest
[2010/09/14 16:50:03 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrowd.gif
[2010/09/14 16:50:03 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrow.gif
[2010/09/14 16:50:02 | 005,969,360 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\NPSWF32.dll
[2010/09/14 16:50:02 | 000,777,705 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.jar
[2010/09/14 16:50:02 | 000,332,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.jar
[2010/09/14 16:50:02 | 000,063,788 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\mathml.dtd
[2010/09/14 16:50:02 | 000,039,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.jar
[2010/09/14 16:50:02 | 000,015,416 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\forms.css
[2010/09/14 16:50:02 | 000,014,664 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\mathml.css
[2010/09/14 16:50:02 | 000,011,637 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\contenteditable.css
[2010/09/14 16:50:02 | 000,011,608 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\quirk.css
[2010/09/14 16:50:02 | 000,011,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html.css
[2010/09/14 16:50:02 | 000,010,740 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\EditorOverride.css
[2010/09/14 16:50:02 | 000,008,427 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\xhtml11.dtd
[2010/09/14 16:50:02 | 000,007,139 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\bookmarks.html
[2010/09/14 16:50:02 | 000,006,469 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\ua.css
[2010/09/14 16:50:02 | 000,003,037 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\viewsource.css
[2010/09/14 16:50:02 | 000,002,295 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\svg.css
[2010/09/14 16:50:02 | 000,001,861 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\designmode.css
[2010/09/14 16:50:02 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userChrome-example.css
[2010/09/14 16:50:02 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userChrome-example.css
[2010/09/14 16:50:02 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userContent-example.css
[2010/09/14 16:50:02 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userContent-example.css
[2010/09/14 16:50:02 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\softokn3.chk
[2010/09/14 16:50:02 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\freebl3.chk
[2010/09/14 16:50:02 | 000,000,117 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\hiddenWindow.html
[2010/09/13 20:37:50 | 004,003,840 | ---- | C] () -- C:\Users\zoniq\Desktop\tire.FBX
[2010/09/13 20:16:13 | 000,051,200 | ---- | C] () -- C:\Users\zoniq\Desktop\Rubber (Grey)_by_joa_grilo2376.mat
[2010/09/13 20:06:18 | 000,829,818 | ---- | C] () -- C:\Users\zoniq\Desktop\wm_original_exwalla_original.jpg
[2010/09/13 19:03:04 | 000,013,553 | ---- | C] () -- C:\Users\zoniq\Desktop\mfhmdardeaholjulmic_qt.mp4.torrent
[2010/09/12 19:34:49 | 000,013,373 | ---- | C] () -- C:\Users\zoniq\Desktop\tyre_000bp.jpg
[2010/09/12 15:20:04 | 000,001,680 | ---- | C] () -- C:\Users\zoniq\Desktop\Torchlight - odkaz.lnk
[2010/09/12 13:33:24 | 016,897,167 | ---- | C] () -- C:\Users\zoniq\Desktop\digitalin_hdr_chromFX-V2-HIRES.zip
[2010/09/12 11:39:07 | 000,195,895 | ---- | C] () -- C:\Users\zoniq\Desktop\rim.jpg
[2010/09/12 11:24:54 | 000,079,360 | ---- | C] () -- C:\Users\zoniq\Desktop\car_paint_metallics_fx.mat
[2010/09/12 07:46:59 | 000,525,824 | ---- | C] () -- C:\Users\zoniq\Desktop\dds.scr
[2010/09/12 07:37:57 | 003,842,655 | ---- | C] () -- C:\Users\zoniq\Desktop\ComboFix.exe
[2010/09/11 22:26:43 | 000,266,752 | ---- | C] () -- C:\Windows\SysWow64\sshnas21.dll
[2010/09/11 22:26:43 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/09/11 18:02:13 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/11 17:51:28 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/09/11 17:16:41 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/09/11 17:14:14 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/09/11 17:13:39 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/09/10 19:20:16 | 000,002,173 | ---- | C] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/10 19:20:16 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/06 22:14:09 | 000,028,672 | ---- | C] () -- C:\Users\zoniq\Desktop\rims paint.mat
[2010/08/27 18:51:42 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/08/25 19:45:31 | 000,001,804 | ---- | C] () -- C:\Users\zoniq\Desktop\mafia2 - odkaz.lnk
[2010/08/24 17:18:44 | 009,655,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/08/17 09:58:50 | 119,325,084 | ---- | C] () -- C:\Users\zoniq\Desktop\Navigon_folder_android_q1_2010(2).rar
[2010/08/15 22:32:18 | 000,817,664 | ---- | C] () -- C:\Windows\SysWow64\Help64.exe
[2010/08/02 19:27:53 | 000,312,480 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010/08/02 19:27:52 | 000,043,168 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010/07/25 09:39:58 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/21 19:16:50 | 000,007,605 | ---- | C] () -- C:\Users\zoniq\AppData\Local\Resmon.ResmonCfg
[2010/07/19 22:11:13 | 064,607,632 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/07/19 22:11:13 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/07/01 16:17:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2010/06/18 13:59:57 | 000,002,033 | ---- | C] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/05 13:02:20 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\Autodesk
[2010/03/14 22:15:58 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\Bioshock2
[2010/03/29 20:53:41 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\BitSpirit
[2010/03/13 18:57:10 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\DAEMON Tools Lite
[2010/06/30 17:34:21 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\Need for Speed World
[2010/02/19 23:33:50 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\Opera
[2010/09/11 18:52:29 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\runic games
[2010/06/06 12:55:24 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\Teleca
[2010/06/18 14:00:03 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\Thunderbird
[2010/02/21 18:44:36 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\TS3Client
[2010/09/13 23:07:38 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\uTorrent
[2010/09/11 18:13:18 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/09/11 18:13:18 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/09/11 18:13:18 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/09/11 18:13:18 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2010/08/28 16:12:13 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/14 16:49:40 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/11 18:33:02 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/09/14 16:48:21 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/09/14 16:48:21 | 4294,230,016 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010/09/13 22:53:57 | 005,234,106 | ---- | M] () -- C:\vraylog.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

 

[zoniq]

Extras.txt:

OTL Extras logfile created on: 9/14/2010 4:54:17 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\zoniq\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 214.95 Gb Free Space | 72.11% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 92.92 Gb Free Space | 95.15% Space Free | Partition Type: NTFS
Drive E: | 200.43 Gb Total Space | 59.52 Gb Free Space | 29.70% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KOMPIK
Current User Name: zoniq
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"" = :\\windows\\system32\\drivers\\safesurf.exe:*:Enabled:Updater Service
"\" = C:\Windows\system\dwm.exe:*:Enabled:KL -- File not found
"" = :\\windows\\system32\\drivers\\safesurf.exe:*:Enabled:Updater Service
"\" = C:\Windows\system\dwm.exe:*:Enabled:KL -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{39BFB02A-9692-0409-A808-3F5C7B1F8953}" = Autodesk 3ds Max 2011 64-bit
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7563F495-80F5-0409-A514-747C66C22449}" = Autodesk 3ds Max 2011 64-bit Components
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DBF6B4E9-CD43-476A-895D-4D688D41CE63}" = Composite 2011 (64-bit)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011 64-bit
"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.11.02.00)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"V-Ray for 3dsmax 2010 for x64" = V-Ray for 3dsmax 2010 for x64

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65D872BC-7C4B-4945-8EEA-8DBA37EB82AD}" = VistaBootPRO 3.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"BSPlayerp" = BS.Player PRO
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Live! Cam Center" = Creative Live! Cam Center
"DivX Setup.divx.com" = DivX Setup
"HijackThis" = HijackThis 1.99.1
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Mozilla Firefox 4.0b5 (x86 sk)" = Mozilla Firefox 4.0b5 (x86 sk)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Runic Games Torchlight" = Torchlight
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archivátor
"Worms Reloaded_is1" = Worms Reloaded

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

[IndiGenus]

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - [2010/09/02 11:55:05 | 000,211,968 | ---- | M] (JetSwap) -- C:\Windows\SysWOW64\drivers\safesurf.exe
  O4 - HKLM..\Run: [jsafesurf] C:\Windows\SysWOW64\drivers\safesurf.exe (JetSwap)
  
  :Files
  C:\Windows\Tasks\At1.job
  C:\Windows\Tasks\At2.job
  C:\Windows\Tasks\At3.job
  C:\Windows\Tasks\At4.job
  C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
  C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
  C:\Windows\SysWOW64\drivers\safesurf.exe
  
  :Commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then run and post a new OTL log. You won't get the extras log this time.

Also, run DDS again, post those logs, and let me know how it's running.

 

[zoniq]

hi, I've done what u wrote and system's looking good...still
Here is the new log from OTL:

OTL logfile created on: 9/15/2010 7:28:33 AM - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\zoniq\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 216.22 Gb Free Space | 72.54% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 92.92 Gb Free Space | 95.15% Space Free | Partition Type: NTFS
Drive E: | 200.43 Gb Total Space | 59.52 Gb Free Space | 29.70% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KOMPIK
Current User Name: zoniq
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
PRC - [2010/09/09 16:32:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/21 16:49:12 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/19 22:13:57 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/19 22:13:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/19 22:13:52 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/05 12:03:40 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/21 16:49:12 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/19 22:13:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/02 19:27:53 | 000,312,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/08/02 19:27:52 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/07/25 09:39:58 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/19 22:13:57 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/19 22:13:56 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/07/19 22:13:53 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/01/17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007/08/02 10:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2007/07/18 11:34:16 | 000,189,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0260Vid.sys -- (V0260VID)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 71 0B 0A 6D 53 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/07/21 16:50:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/09 16:32:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/09 16:32:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\components [2010/09/10 19:20:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/18 14:00:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/09/08 19:36:54 | 000,000,000 | ---D | M]

[2010/06/18 14:00:03 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\mozilla\Extensions
[2010/06/18 14:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zoniq\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/14 19:50:37 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions
[2010/09/12 07:17:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/03 17:53:18 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/08/18 22:33:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/14 19:50:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/29 17:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/29 17:43:16 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19:40:34 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/04/01 19:40:34 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/04/01 19:40:34 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/04/01 19:40:34 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/04/01 19:40:34 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/04/01 19:40:34 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010/09/11 18:18:49 | 000,419,895 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 wat.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 14487 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{525647e2-2a16-11df-984d-0019dbf60ff8}\Shell - "" = AutoRun
O33 - MountPoints2\{525647e2-2a16-11df-984d-0019dbf60ff8}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{f24320e2-97bf-11df-83dd-0019dbf60ff8}\Shell - "" = AutoRun
O33 - MountPoints2\{f24320e2-97bf-11df-83dd-0019dbf60ff8}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/15 07:23:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/15 07:20:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache
[2010/09/15 07:20:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\dictionaries
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\pref
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\modules
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\html
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\greprefs
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\fonts
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\entityTables
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\dtd
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\chrome
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig
[2010/09/15 07:20:30 | 009,799,128 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\xul.dll
[2010/09/15 07:20:30 | 000,710,104 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\mozcrt19.dll
[2010/09/15 07:20:30 | 000,701,400 | ---- | C] (Netscape Communications Corporation) -- C:\Windows\SysWow64\drivers\f\1\js3250.dll
[2010/09/15 07:20:30 | 000,632,280 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nss3.dll
[2010/09/15 07:20:30 | 000,443,352 | ---- | C] (sqlite.org) -- C:\Windows\SysWow64\drivers\f\1\sqlite3.dll
[2010/09/15 07:20:30 | 000,316,888 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssckbi.dll
[2010/09/15 07:20:30 | 000,249,856 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\freebl3.dll
[2010/09/15 07:20:30 | 000,198,104 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nspr4.dll
[2010/09/15 07:20:30 | 000,155,648 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\softokn3.dll
[2010/09/15 07:20:30 | 000,136,664 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\ssl3.dll
[2010/09/15 07:20:30 | 000,134,616 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\components\brwsrcmp.dll
[2010/09/15 07:20:30 | 000,103,896 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\smime3.dll
[2010/09/15 07:20:30 | 000,098,304 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssdbm3.dll
[2010/09/15 07:20:30 | 000,087,512 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssutil3.dll
[2010/09/15 07:20:30 | 000,065,496 | ---- | C] (mozilla.org) -- C:\Windows\SysWow64\drivers\f\1\plugins\npnul32.dll
[2010/09/15 07:20:30 | 000,023,000 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\components\browserdirprovider.dll
[2010/09/15 07:20:30 | 000,020,440 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\plc4.dll
[2010/09/15 07:20:30 | 000,017,880 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\xpcom.dll
[2010/09/15 07:20:30 | 000,017,368 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\plds4.dll
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\plugins
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\components
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1
[2010/09/14 18:52:24 | 165,665,144 | ---- | C] (NVIDIA Corporation) -- C:\Users\zoniq\Desktop\260.63_desktop_win7_winvista_64bit_international_beta.exe
[2010/09/14 16:52:41 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
[2010/09/13 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\Tires semi-glossy by Amleto
[2010/09/11 18:00:50 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/11 17:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2010/09/11 17:50:09 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\runic games
[2010/09/11 16:29:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
[2010/09/11 13:24:27 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\layered rock
[2010/09/11 13:06:36 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\DavelessSteel
[2010/09/10 19:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5
[2010/09/08 19:38:05 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Apple Computer
[2010/09/08 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\DivX
[2010/09/08 19:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/09/08 19:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/09/08 19:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/09/08 19:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/09/08 19:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/09/08 19:34:58 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Apple Computer
[2010/09/05 13:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ChaosGroup
[2010/09/05 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\plugins
[2010/09/05 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Chaos Group
[2010/09/05 13:02:21 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\3dsMax
[2010/09/05 12:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/09/05 12:46:05 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Autodesk
[2010/09/05 12:03:52 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\Inventor
[2010/09/05 12:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/09/05 12:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010/09/05 12:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/09/05 12:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2010/09/05 12:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2010/09/05 11:54:50 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Autodesk
[2010/09/05 11:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010/09/02 16:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/09/02 16:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/09/02 16:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/09/02 16:44:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/02 16:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/09/02 16:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/09/02 16:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/27 18:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Team17
[2010/08/25 16:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/08/25 16:37:59 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/08/24 18:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2010/08/24 18:27:03 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\My Games
[2010/08/24 17:43:12 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll
[2010/08/24 17:43:08 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\System\binkw32.dll
[2010/08/24 17:22:20 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\2K Games
[2010/08/24 17:19:13 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/08/24 17:19:13 | 000,019,456 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/08/24 17:18:44 | 000,016,896 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\up.exe
[2010/08/24 17:18:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f
[2010/08/24 17:18:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\webe
[2010/08/24 16:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/08/24 16:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/08/18 19:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/08/18 17:56:43 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\arboretum

 

[zoniq]

========== Files - Modified Within 30 Days ==========

[2010/09/15 07:30:42 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 07:30:42 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 07:25:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/15 07:25:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/15 07:25:28 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/15 07:24:43 | 006,291,456 | -HS- | M] () -- C:\Users\zoniq\NTUSER.DAT
[2010/09/15 07:20:34 | 000,142,385 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/09/15 07:20:32 | 000,102,022 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/09/14 22:34:53 | 007,332,374 | -H-- | M] () -- C:\Users\zoniq\AppData\Local\IconCache.db
[2010/09/14 20:39:55 | 000,035,157 | ---- | M] () -- C:\Users\zoniq\Desktop\cv_1168256.rtf
[2010/09/14 18:53:14 | 165,665,144 | ---- | M] (NVIDIA Corporation) -- C:\Users\zoniq\Desktop\260.63_desktop_win7_winvista_64bit_international_beta.exe
[2010/09/14 16:54:14 | 064,607,632 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
[2010/09/13 22:53:34 | 000,195,895 | ---- | M] () -- C:\Users\zoniq\Desktop\rim.jpg
[2010/09/13 20:37:51 | 004,003,840 | ---- | M] () -- C:\Users\zoniq\Desktop\tire.FBX
[2010/09/13 20:16:14 | 000,051,200 | ---- | M] () -- C:\Users\zoniq\Desktop\Rubber (Grey)_by_joa_grilo2376.mat
[2010/09/13 20:06:19 | 000,829,818 | ---- | M] () -- C:\Users\zoniq\Desktop\wm_original_exwalla_original.jpg
[2010/09/13 19:03:06 | 000,013,553 | ---- | M] () -- C:\Users\zoniq\Desktop\mfhmdardeaholjulmic_qt.mp4.torrent
[2010/09/12 19:34:51 | 000,013,373 | ---- | M] () -- C:\Users\zoniq\Desktop\tyre_000bp.jpg
[2010/09/12 13:33:42 | 016,897,167 | ---- | M] () -- C:\Users\zoniq\Desktop\digitalin_hdr_chromFX-V2-HIRES.zip
[2010/09/12 07:38:03 | 003,842,655 | ---- | M] () -- C:\Users\zoniq\Desktop\ComboFix.exe
[2010/09/11 18:18:49 | 000,419,895 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/09/11 18:02:32 | 000,266,752 | ---- | M] () -- C:\Windows\SysWow64\sshnas21.dll
[2010/09/10 19:20:16 | 000,002,173 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/10 19:20:16 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/02 16:28:13 | 009,655,677 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/09/02 16:28:08 | 000,016,896 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\up.exe
[2010/09/02 11:55:06 | 000,019,456 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/08/27 19:11:33 | 000,009,456 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\nsRequestService.js
[2010/08/27 18:51:42 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/08/25 19:45:31 | 000,001,804 | ---- | M] () -- C:\Users\zoniq\Desktop\mafia2 - odkaz.lnk
[2010/08/25 16:30:58 | 000,276,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/24 17:18:36 | 000,058,736 | ---- | M] () -- C:\Users\zoniq\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/24 17:01:35 | 000,174,080 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\System\binkw32.dll
[2010/08/24 17:01:35 | 000,174,080 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll
[2010/08/21 08:05:15 | 000,000,857 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/08/17 10:14:07 | 119,325,084 | ---- | M] () -- C:\Users\zoniq\Desktop\Navigon_folder_android_q1_2010(2).rar
[2010/08/17 09:37:33 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/17 09:37:33 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/17 09:37:33 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2010/09/15 07:22:16 | 000,070,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3A9602CBd01
[2010/09/15 07:22:16 | 000,030,923 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\83EAA7FBd01
[2010/09/15 07:22:16 | 000,030,709 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C83B3590d01
[2010/09/15 07:22:16 | 000,028,067 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\ACB96CA3d01
[2010/09/15 07:22:16 | 000,023,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\83FAA7FBd01
[2010/09/15 07:22:16 | 000,023,631 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E3A92517d01
[2010/09/15 07:22:16 | 000,022,475 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C83A3590d01
[2010/09/15 07:22:16 | 000,016,681 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\83DBA7FBd01
[2010/09/15 07:22:15 | 000,563,284 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\892C3590d01
[2010/09/15 07:22:15 | 000,067,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\802C1856d01
[2010/09/15 07:22:15 | 000,058,507 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\07E97743d01
[2010/09/15 07:22:12 | 000,043,554 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5EB8D088d01
[2010/09/15 07:22:12 | 000,028,702 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D01658B8d01
[2010/09/15 07:22:11 | 000,059,590 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0ED957E7d01
[2010/09/15 07:22:11 | 000,055,170 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\CE3B4F17d01
[2010/09/15 07:22:11 | 000,044,170 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\679E68D0d01
[2010/09/15 07:22:11 | 000,038,954 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\79E03FB6d01
[2010/09/15 07:22:11 | 000,036,728 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0A8C8175d01
[2010/09/15 07:22:11 | 000,030,653 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\151B0F7Ad01
[2010/09/15 07:22:11 | 000,029,449 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DDC87DEBd01
[2010/09/15 07:22:11 | 000,027,608 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\659A3614d01
[2010/09/15 07:22:11 | 000,026,932 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E84643C7d01
[2010/09/15 07:22:11 | 000,025,446 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D51291A0d01
[2010/09/15 07:22:11 | 000,024,424 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\33B96A08d01
[2010/09/15 07:22:11 | 000,017,226 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0C0937AEd01
[2010/09/15 07:22:11 | 000,016,728 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E7FCDF7Fd01
[2010/09/15 07:22:04 | 001,719,241 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E59411D5d01
[2010/09/15 07:22:04 | 000,024,783 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5D60DCD3d01
[2010/09/15 07:22:03 | 000,141,813 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9F31D11Ed01
[2010/09/15 07:22:03 | 000,068,397 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B9E2832Cd01
[2010/09/15 07:22:03 | 000,034,757 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B7701A1Dd01
[2010/09/15 07:22:03 | 000,032,545 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\68CBF6E4d01
[2010/09/15 07:22:02 | 000,020,591 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FD237C9Ed01
[2010/09/15 07:22:02 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\search.sqlite
[2010/09/15 07:21:56 | 000,002,366 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\pluginreg.dat
[2010/09/15 07:20:37 | 000,270,397 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_003_
[2010/09/15 07:20:37 | 000,122,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_002_
[2010/09/15 07:20:37 | 000,121,975 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_001_
[2010/09/15 07:20:37 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cert8.db
[2010/09/15 07:20:37 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\urlclassifier3.sqlite
[2010/09/15 07:20:37 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\secmod.db
[2010/09/15 07:20:37 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\key3.db
[2010/09/15 07:20:37 | 000,000,276 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_MAP_
[2010/09/15 07:20:36 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\webappsstore.sqlite
[2010/09/15 07:20:35 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cookies.sqlite
[2010/09/15 07:20:34 | 000,142,385 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/09/15 07:20:34 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite
[2010/09/15 07:20:34 | 000,066,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite-journal
[2010/09/15 07:20:34 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\permissions.sqlite
[2010/09/15 07:20:32 | 000,102,022 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/09/15 07:20:32 | 000,017,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko.xpt
[2010/09/15 07:20:32 | 000,012,938 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipnss.xpt
[2010/09/15 07:20:32 | 000,011,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\places.xpt
[2010/09/15 07:20:32 | 000,011,151 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\widget.xpt
[2010/09/15 07:20:32 | 000,011,095 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_ds.xpt
[2010/09/15 07:20:32 | 000,008,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpconnect.xpt
[2010/09/15 07:20:32 | 000,007,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_io.xpt
[2010/09/15 07:20:32 | 000,005,510 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webBrowser_core.xpt
[2010/09/15 07:20:32 | 000,005,145 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\plugin.xpt
[2010/09/15 07:20:32 | 000,004,908 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\rdf.xpt
[2010/09/15 07:20:32 | 000,003,731 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul_tree.xpt
[2010/09/15 07:20:32 | 000,003,290 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pref.xpt
[2010/09/15 07:20:32 | 000,003,185 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_base.xpt
[2010/09/15 07:20:32 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage.xpt
[2010/09/15 07:20:32 | 000,003,040 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_components.xpt
[2010/09/15 07:20:32 | 000,002,958 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\shistory.xpt
[2010/09/15 07:20:32 | 000,002,793 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowwatcher.xpt
[2010/09/15 07:20:32 | 000,002,713 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uriloader.xpt
[2010/09/15 07:20:32 | 000,002,646 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\update.xpt
[2010/09/15 07:20:32 | 000,002,602 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_http.xpt
[2010/09/15 07:20:32 | 000,002,595 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cache.xpt
[2010/09/15 07:20:32 | 000,002,425 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xultmpl.xpt
[2010/09/15 07:20:32 | 000,002,369 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\saxparser.xpt
[2010/09/15 07:20:32 | 000,002,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_thread.xpt
[2010/09/15 07:20:32 | 000,002,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul.xpt
[2010/09/15 07:20:32 | 000,002,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webbrowserpersist.xpt
[2010/09/15 07:20:32 | 000,002,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mimetype.xpt
[2010/09/15 07:20:32 | 000,001,896 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_system.xpt
[2010/09/15 07:20:32 | 000,001,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\loginmgr.xpt
[2010/09/15 07:20:32 | 000,001,648 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cookie.xpt
[2010/09/15 07:20:32 | 000,001,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_xpti.xpt
[2010/09/15 07:20:32 | 000,001,491 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uconv.xpt
[2010/09/15 07:20:32 | 000,001,475 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_strconv.xpt
[2010/09/15 07:20:32 | 000,001,293 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webshell_idls.xpt
[2010/09/15 07:20:32 | 000,001,260 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\locale.xpt
[2010/09/15 07:20:32 | 000,001,258 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txmgr.xpt
[2010/09/15 07:20:32 | 000,001,209 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xuldoc.xpt
[2010/09/15 07:20:32 | 000,001,181 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\unicharutil.xpt
[2010/09/15 07:20:32 | 000,001,179 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\prefetch.xpt
[2010/09/15 07:20:32 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\oji.xpt
[2010/09/15 07:20:32 | 000,001,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpinstall.xpt
[2010/09/15 07:20:32 | 000,001,088 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\toolkitprofile.xpt
[2010/09/15 07:20:32 | 000,001,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_dns.xpt
[2010/09/15 07:20:32 | 000,001,060 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\spellchecker.xpt
[2010/09/15 07:20:32 | 000,001,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xml-rpc.xpt
[2010/09/15 07:20:32 | 000,000,911 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_printing.xpt
[2010/09/15 07:20:32 | 000,000,893 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_socket.xpt
[2010/09/15 07:20:32 | 000,000,858 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\grabber.gif
[2010/09/15 07:20:32 | 000,000,845 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozfind.xpt
[2010/09/15 07:20:32 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-hover.gif
[2010/09/15 07:20:32 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row.gif
[2010/09/15 07:20:32 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-hover.gif
[2010/09/15 07:20:32 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column.gif
[2010/09/15 07:20:32 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-active.gif
[2010/09/15 07:20:32 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-active.gif
[2010/09/15 07:20:32 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-hover.gif
[2010/09/15 07:20:32 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after.gif
[2010/09/15 07:20:32 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-hover.gif
[2010/09/15 07:20:32 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after.gif
[2010/09/15 07:20:32 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-hover.gif
[2010/09/15 07:20:32 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before.gif
[2010/09/15 07:20:32 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-hover.gif
[2010/09/15 07:20:32 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before.gif
[2010/09/15 07:20:32 | 000,000,771 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\zipwriter.xpt
[2010/09/15 07:20:32 | 000,000,759 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txtsvc.xpt
[2010/09/15 07:20:32 | 000,000,718 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\satchel.xpt
[2010/09/15 07:20:32 | 000,000,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\profile.xpt
[2010/09/15 07:20:32 | 000,000,628 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipboot.xpt
[2010/09/15 07:20:32 | 000,000,619 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html\folder.png
[2010/09/15 07:20:32 | 000,000,613 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp.xpt
[2010/09/15 07:20:32 | 000,000,537 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\parentalcontrols.xpt
[2010/09/15 07:20:32 | 000,000,437 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_file.xpt
[2010/09/15 07:20:32 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pippki.xpt
[2010/09/15 07:20:32 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_about.xpt
[2010/09/15 07:20:32 | 000,000,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozbrwsr.xpt
[2010/09/15 07:20:32 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\proxyObject.xpt
[2010/09/15 07:20:32 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_res.xpt
[2010/09/15 07:20:32 | 000,000,212 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowds.xpt
[2010/09/15 07:20:32 | 000,000,201 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_ftp.xpt
[2010/09/15 07:20:32 | 000,000,198 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp_setup.xpt
[2010/09/15 07:20:32 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_viewsource.xpt
[2010/09/15 07:20:32 | 000,000,174 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\lwbrk.xpt
[2010/09/15 07:20:32 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\urlformatter.xpt
[2010/09/15 07:20:32 | 000,000,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\loading-image.gif
[2010/09/15 07:20:32 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\broken-image.gif
[2010/09/15 07:20:32 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrowd.gif
[2010/09/15 07:20:32 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-active.gif
[2010/09/15 07:20:32 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-active.gif
[2010/09/15 07:20:32 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-active.gif
[2010/09/15 07:20:32 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-active.gif
[2010/09/15 07:20:32 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrow.gif
[2010/09/15 07:20:31 | 001,915,137 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.jar
[2010/09/15 07:20:31 | 000,777,705 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.jar
[2010/09/15 07:20:31 | 000,348,994 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\browser.xpt
[2010/09/15 07:20:31 | 000,333,726 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsExtensionManager.js
[2010/09/15 07:20:31 | 000,332,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.jar
[2010/09/15 07:20:31 | 000,317,480 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.jar
[2010/09/15 07:20:31 | 000,115,501 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUpdateService.js
[2010/09/15 07:20:31 | 000,110,913 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchService.js
[2010/09/15 07:20:31 | 000,077,051 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsMicrosummaryService.js
[2010/09/15 07:20:31 | 000,076,993 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStore.js
[2010/09/15 07:20:31 | 000,072,928 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\all.js
[2010/09/15 07:20:31 | 000,066,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedProcessor.js
[2010/09/15 07:20:31 | 000,064,412 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\Microformats.js
[2010/09/15 07:20:31 | 000,063,788 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\mathml.dtd
[2010/09/15 07:20:31 | 000,061,758 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\utils.js
[2010/09/15 07:20:31 | 000,056,411 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfont.properties
[2010/09/15 07:20:31 | 000,051,214 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHandlerService.js
[2010/09/15 07:20:31 | 000,050,600 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierLib.js
[2010/09/15 07:20:31 | 000,049,926 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage-Legacy.js
[2010/09/15 07:20:31 | 000,049,780 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedWriter.js
[2010/09/15 07:20:31 | 000,044,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManager.js
[2010/09/15 07:20:31 | 000,041,950 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHelperAppDlg.js
[2010/09/15 07:20:31 | 000,040,367 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManagerPrompter.js
[2010/09/15 07:20:31 | 000,039,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.jar
[2010/09/15 07:20:31 | 000,038,499 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\transliterate.properties
[2010/09/15 07:20:31 | 000,038,238 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fuelApplication.js
[2010/09/15 07:20:31 | 000,037,314 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProgressDialog.js
[2010/09/15 07:20:31 | 000,036,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLivemarkService.js
[2010/09/15 07:20:31 | 000,035,256 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXmlRpcClient.js
[2010/09/15 07:20:31 | 000,035,102 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox.js
[2010/09/15 07:20:31 | 000,034,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\WebContentConverter.js
[2010/09/15 07:20:31 | 000,033,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPlacesTransactionsService.js
[2010/09/15 07:20:31 | 000,033,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserContentHandler.js
[2010/09/15 07:20:31 | 000,032,409 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserGlue.js
[2010/09/15 07:20:31 | 000,030,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBlocklistService.js
[2010/09/15 07:20:31 | 000,030,004 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\mathml20.properties
[2010/09/15 07:20:31 | 000,029,973 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentPrefService.js
[2010/09/15 07:20:31 | 000,025,339 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedConverter.js
[2010/09/15 07:20:31 | 000,025,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSafebrowsingApplication.js
[2010/09/15 07:20:31 | 000,024,273 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchSuggestions.js
[2010/09/15 07:20:31 | 000,023,460 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_svg.xpt
[2010/09/15 07:20:31 | 000,021,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPostUpdateWin.js
[2010/09/15 07:20:31 | 000,019,983 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierListManager.js
[2010/09/15 07:20:31 | 000,019,182 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility.xpt
[2010/09/15 07:20:31 | 000,018,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_html.xpt
[2010/09/15 07:20:31 | 000,017,380 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\DownloadUtils.jsm
[2010/09/15 07:20:31 | 000,015,416 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\forms.css
[2010/09/15 07:20:31 | 000,014,664 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\mathml.css
[2010/09/15 07:20:31 | 000,013,682 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProxyAutoConfig.js
[2010/09/15 07:20:31 | 000,013,443 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.jar
[2010/09/15 07:20:31 | 000,012,513 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSidebar.js
[2010/09/15 07:20:31 | 000,012,091 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\distribution.js
[2010/09/15 07:20:31 | 000,011,997 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_css.xpt
[2010/09/15 07:20:31 | 000,011,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsAddonRepository.js
[2010/09/15 07:20:31 | 000,011,637 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\contenteditable.css
[2010/09/15 07:20:31 | 000,011,608 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\quirk.css
[2010/09/15 07:20:31 | 000,011,557 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\editor.xpt
[2010/09/15 07:20:31 | 000,011,428 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStartup.js
[2010/09/15 07:20:31 | 000,011,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetalias.properties
[2010/09/15 07:20:31 | 000,011,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html.css
[2010/09/15 07:20:31 | 000,010,740 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\EditorOverride.css
[2010/09/15 07:20:31 | 000,010,561 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\docshell_base.xpt
[2010/09/15 07:20:31 | 000,009,998 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\XPCOMUtils.jsm
[2010/09/15 07:20:31 | 000,009,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTaggingService.js
[2010/09/15 07:20:31 | 000,009,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetData.properties
[2010/09/15 07:20:31 | 000,009,477 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_base.xpt
[2010/09/15 07:20:31 | 000,009,456 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsRequestService.js
[2010/09/15 07:20:31 | 000,009,066 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_base.xpt
[2010/09/15 07:20:31 | 000,008,427 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\xhtml11.dtd
[2010/09/15 07:20:31 | 000,008,278 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXULAppInstall.js
[2010/09/15 07:20:31 | 000,007,585 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\PluralForm.jsm
[2010/09/15 07:20:31 | 000,007,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xul.xpt
[2010/09/15 07:20:31 | 000,007,301 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_core.xpt
[2010/09/15 07:20:31 | 000,007,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\prefcalls.js
[2010/09/15 07:20:31 | 000,007,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsResetPref.js
[2010/09/15 07:20:31 | 000,007,039 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\ISO8601DateUtils.jsm
[2010/09/15 07:20:31 | 000,006,920 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsWebHandlerApp.js
[2010/09/15 07:20:31 | 000,006,869 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_events.xpt
[2010/09/15 07:20:31 | 000,006,721 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\JSON.jsm
[2010/09/15 07:20:31 | 000,006,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontUnicode.properties
[2010/09/15 07:20:31 | 000,006,667 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txEXSLTRegExFunctions.js
[2010/09/15 07:20:31 | 000,006,469 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\ua.css
[2010/09/15 07:20:31 | 000,006,265 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDefaultCLH.js
[2010/09/15 07:20:31 | 000,006,029 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsdservice.xpt
[2010/09/15 07:20:31 | 000,005,737 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDownloadManagerUI.js
[2010/09/15 07:20:31 | 000,005,649 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\langGroups.properties
[2010/09/15 07:20:31 | 000,005,493 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXNonUnicode.properties
[2010/09/15 07:20:31 | 000,005,490 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\language.properties
[2010/09/15 07:20:31 | 000,005,005 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentDispatchChooser.js
[2010/09/15 07:20:31 | 000,004,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDictionary.js
[2010/09/15 07:20:31 | 000,004,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginInfo.js
[2010/09/15 07:20:31 | 000,004,090 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Symbols.properties
[2010/09/15 07:20:31 | 000,003,954 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSymbol.properties
[2010/09/15 07:20:31 | 000,003,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\xulrunner.js
[2010/09/15 07:20:31 | 000,003,902 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontStandardSymbolsL.properties
[2010/09/15 07:20:31 | 000,003,831 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\extensions.xpt
[2010/09/15 07:20:31 | 000,003,690 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Latin1.properties
[2010/09/15 07:20:31 | 000,003,603 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autocomplete.xpt
[2010/09/15 07:20:31 | 000,003,378 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\security-prefs.js
[2010/09/15 07:20:31 | 000,003,274 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\feeds.xpt
[2010/09/15 07:20:31 | 000,003,268 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTryToClose.js
[2010/09/15 07:20:31 | 000,003,142 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pluginGlue.js
[2010/09/15 07:20:31 | 000,003,115 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsURLFormatter.js
[2010/09/15 07:20:31 | 000,003,104 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBadCertHandler.js
[2010/09/15 07:20:31 | 000,003,037 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\viewsource.css
[2010/09/15 07:20:31 | 000,003,033 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXSize1.properties
[2010/09/15 07:20:31 | 000,003,021 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imglib2.xpt
[2010/09/15 07:20:31 | 000,002,927 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRobots.js
[2010/09/15 07:20:31 | 000,002,925 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRights.js
[2010/09/15 07:20:31 | 000,002,854 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSetDefaultBrowser.js
[2010/09/15 07:20:31 | 000,002,738 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\debug.js
[2010/09/15 07:20:31 | 000,002,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\caps.xpt
[2010/09/15 07:20:31 | 000,002,621 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_loadsave.xpt
[2010/09/15 07:20:31 | 000,002,547 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appshell.xpt
[2010/09/15 07:20:31 | 000,002,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xtf.xpt
[2010/09/15 07:20:31 | 000,002,502 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\inspector.xpt
[2010/09/15 07:20:31 | 000,002,396 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Special.properties
[2010/09/15 07:20:31 | 000,002,295 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\svg.css
[2010/09/15 07:20:31 | 000,002,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\downloads.xpt
[2010/09/15 07:20:31 | 000,002,080 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\wincharset.properties
[2010/09/15 07:20:31 | 000,001,981 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthandler.xpt
[2010/09/15 07:20:31 | 000,001,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\htmlEntityVersions.properties
[2010/09/15 07:20:31 | 000,001,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_canvas.xpt
[2010/09/15 07:20:31 | 000,001,861 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\designmode.css
[2010/09/15 07:20:31 | 000,001,789 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandhandler.xpt
[2010/09/15 07:20:31 | 000,001,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsconsole-clhandler.js
[2010/09/15 07:20:31 | 000,001,508 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthelper.xpt
[2010/09/15 07:20:31 | 000,001,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\gfx.xpt
[2010/09/15 07:20:31 | 000,001,417 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xpath.xpt
[2010/09/15 07:20:31 | 000,001,346 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jar.xpt
[2010/09/15 07:20:31 | 000,001,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xslt.xpt
[2010/09/15 07:20:31 | 000,001,282 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_traversal.xpt
[2010/09/15 07:20:31 | 000,001,263 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_offline.xpt
[2010/09/15 07:20:31 | 000,001,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_range.xpt
[2010/09/15 07:20:31 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userChrome-example.css
[2010/09/15 07:20:31 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userChrome-example.css
[2010/09/15 07:20:31 | 000,001,036 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\find.xpt
[2010/09/15 07:20:31 | 000,001,019 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_stylesheets.xpt
[2010/09/15 07:20:31 | 000,000,960 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandlines.xpt
[2010/09/15 07:20:31 | 000,000,915 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-branding.js
[2010/09/15 07:20:31 | 000,000,874 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_storage.xpt
[2010/09/15 07:20:31 | 000,000,856 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\flashplayer.xpt
[2010/09/15 07:20:31 | 000,000,774 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.manifest
[2010/09/15 07:20:31 | 000,000,755 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\composer.xpt
[2010/09/15 07:20:31 | 000,000,724 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\contentprefs.xpt
[2010/09/15 07:20:31 | 000,000,700 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_html.xpt
[2010/09/15 07:20:31 | 000,000,694 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\htmlparser.xpt
[2010/09/15 07:20:31 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xmldoc.xpt
[2010/09/15 07:20:31 | 000,000,679 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chardet.xpt
[2010/09/15 07:20:31 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userContent-example.css
[2010/09/15 07:20:31 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userContent-example.css
[2010/09/15 07:20:31 | 000,000,645 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\intl.xpt
[2010/09/15 07:20:31 | 000,000,605 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_htmldoc.xpt
[2010/09/15 07:20:31 | 000,000,599 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fastfind.xpt
[2010/09/15 07:20:31 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.manifest
[2010/09/15 07:20:31 | 000,000,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_sidebar.xpt
[2010/09/15 07:20:31 | 000,000,543 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appstartup.xpt
[2010/09/15 07:20:31 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\embed_base.xpt
[2010/09/15 07:20:31 | 000,000,517 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.manifest
[2010/09/15 07:20:31 | 000,000,488 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\cookie.xpt
[2010/09/15 07:20:31 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\softokn3.chk
[2010/09/15 07:20:31 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\freebl3.chk
[2010/09/15 07:20:31 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xbl.xpt
[2010/09/15 07:20:31 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom.xpt
[2010/09/15 07:20:31 | 000,000,373 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\directory.xpt
[2010/09/15 07:20:31 | 000,000,356 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\mimeTypes.rdf
[2010/09/15 07:20:31 | 000,000,349 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_json.xpt
[2010/09/15 07:20:31 | 000,000,347 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\prefs.js
[2010/09/15 07:20:31 | 000,000,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chrome.xpt
[2010/09/15 07:20:31 | 000,000,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imgicon.xpt
[2010/09/15 07:20:31 | 000,000,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_base.xpt
[2010/09/15 07:20:31 | 000,000,233 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility-msaa.xpt
[2010/09/15 07:20:31 | 000,000,226 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_views.xpt
[2010/09/15 07:20:31 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-l10n.js
[2010/09/15 07:20:31 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autoconfig.xpt
[2010/09/15 07:20:31 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\alerts.xpt
[2010/09/15 07:20:31 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\reporter.js
[2010/09/15 07:20:31 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.manifest
[2010/09/15 07:20:31 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\localstore.rdf
[2010/09/15 07:20:31 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\localstore.rdf
[2010/09/15 07:20:31 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.manifest
[2010/09/15 07:20:31 | 000,000,126 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\channel-prefs.js
[2010/09/15 07:20:31 | 000,000,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\platform.js
[2010/09/15 07:20:31 | 000,000,085 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\xpinstall.js
[2010/09/15 07:20:31 | 000,000,069 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.manifest
[2010/09/15 07:20:30 | 005,969,360 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\NPSWF32.dll
[2010/09/15 07:20:30 | 000,007,139 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\bookmarks.html
[2010/09/15 07:20:30 | 000,000,117 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\hiddenWindow.html
[2010/09/14 20:39:55 | 000,035,157 | ---- | C] () -- C:\Users\zoniq\Desktop\cv_1168256.rtf
[2010/09/13 20:37:50 | 004,003,840 | ---- | C] () -- C:\Users\zoniq\Desktop\tire.FBX
[2010/09/13 20:16:13 | 000,051,200 | ---- | C] () -- C:\Users\zoniq\Desktop\Rubber (Grey)_by_joa_grilo2376.mat
[2010/09/13 20:06:18 | 000,829,818 | ---- | C] () -- C:\Users\zoniq\Desktop\wm_original_exwalla_original.jpg
[2010/09/13 19:03:04 | 000,013,553 | ---- | C] () -- C:\Users\zoniq\Desktop\mfhmdardeaholjulmic_qt.mp4.torrent
[2010/09/12 19:34:49 | 000,013,373 | ---- | C] () -- C:\Users\zoniq\Desktop\tyre_000bp.jpg
[2010/09/12 13:33:24 | 016,897,167 | ---- | C] () -- C:\Users\zoniq\Desktop\digitalin_hdr_chromFX-V2-HIRES.zip
[2010/09/12 11:39:07 | 000,195,895 | ---- | C] () -- C:\Users\zoniq\Desktop\rim.jpg
[2010/09/12 11:24:54 | 000,079,360 | ---- | C] () -- C:\Users\zoniq\Desktop\car_paint_metallics_fx.mat
[2010/09/12 07:37:57 | 003,842,655 | ---- | C] () -- C:\Users\zoniq\Desktop\ComboFix.exe
[2010/09/11 22:26:43 | 000,266,752 | ---- | C] () -- C:\Windows\SysWow64\sshnas21.dll
[2010/09/10 19:20:16 | 000,002,173 | ---- | C] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/10 19:20:16 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/06 22:14:09 | 000,028,672 | ---- | C] () -- C:\Users\zoniq\Desktop\rims paint.mat
[2010/08/27 18:51:42 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/08/25 19:45:31 | 000,001,804 | ---- | C] () -- C:\Users\zoniq\Desktop\mafia2 - odkaz.lnk
[2010/08/24 17:18:44 | 009,655,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/08/17 09:58:50 | 119,325,084 | ---- | C] () -- C:\Users\zoniq\Desktop\Navigon_folder_android_q1_2010(2).rar
[2010/07/21 19:16:50 | 000,007,605 | ---- | C] () -- C:\Users\zoniq\AppData\Local\Resmon.ResmonCfg
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

 

[IndiGenus]

Delete Temp files

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and Paste the entire report in your next reply along with a new DDS log.

++++++++++++++++++++++

Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

[zoniq]

I do as u ask and here is my mbam log (it is in slovakian language, but i'm sure u can extract the information u need from it ):

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4621

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15. 9. 2010 15:54:33
mbam-log-2010-09-15 (15-54-33).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 131571
Uplynulý čas: 3 min, 14 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 1
Infikované registračné hodnoty: 1
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 1

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Darkness (Trojan.Backdoor) -> Quarantined and deleted successfully.

Infikované registračné hodnoty:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

[zoniq]

DDS (Ver_10-03-17.01) - NTFSX64
Run by zoniq at 16:13:55,36 on st 15. 09. 2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.4095.2810 [GMT 2:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\zoniq\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [YXE7DXCQ37] c:\windows\temp\Stm.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\zoniq\appdata\roaming\mozilla\firefox\profiles\u8fwv41d.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files (x86)\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-7-19 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-7-19 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-7-19 317520]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-7-19 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-19 308136]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-2-19 1153368]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-8-2 12672]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-1-17 18816]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-2 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-9-5 1436424]
S3 HTCAND64;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 32768]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2010-5-1 189664]
S3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-18 1255736]

=============== Created Last 30 ================

2010-09-15 13:49:48 0 d-----w- c:\users\zoniq\appdata\roaming\Malwarebytes
2010-09-15 13:49:23 0 d-----w- c:\programdata\Malwarebytes
2010-09-15 13:49:22 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-15 13:49:22 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-09-15 05:23:59 0 d-----w- C:\_OTL
2010-09-11 16:00:50 0 d--h--w- C:\$AVG
2010-09-11 15:59:55 0 d-----w- c:\program files (x86)\Runic Games
2010-09-11 15:50:09 0 d-----w- c:\users\zoniq\appdata\roaming\runic games
2010-09-10 17:20:12 0 d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 5
2010-09-08 17:36:34 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-09-08 17:36:30 0 d-----w- c:\program files\DivX
2010-09-08 17:36:19 0 d-----w- c:\program files (x86)\common files\DivX Shared
2010-09-08 17:35:56 0 d-----w- c:\program files (x86)\DivX
2010-09-08 17:35:35 0 d-----w- c:\programdata\DivX
2010-09-05 11:16:01 0 d-----w- c:\program files\common files\ChaosGroup
2010-09-05 11:15:59 0 d-----w- c:\program files\plugins
2010-09-05 11:15:59 0 d-----w- c:\program files\Chaos Group
2010-09-05 10:46:08 0 d-----w- c:\programdata\FLEXnet
2010-09-05 10:03:40 0 d-----w- c:\program files\common files\Macrovision Shared
2010-09-05 10:02:36 0 d-----w- c:\program files\common files\Autodesk Shared
2010-09-05 10:02:36 0 d-----w- c:\program files\Autodesk
2010-09-05 10:01:01 0 d-----w- c:\program files (x86)\common files\Autodesk Shared
2010-09-05 10:00:48 0 d-----w- c:\program files (x86)\Autodesk
2010-09-05 09:54:50 0 d-----w- c:\users\zoniq\appdata\roaming\Autodesk
2010-09-05 09:54:50 0 d-----w- c:\programdata\Autodesk
2010-09-02 14:45:16 0 d-----w- c:\program files (x86)\Microsoft
2010-09-02 14:45:01 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-09-02 14:44:39 0 d-----w- c:\windows\PCHEALTH
2010-09-02 14:44:25 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-09-02 14:37:57 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-09-02 14:36:24 0 d-----w- c:\programdata\NVIDIA Corporation
2010-08-27 16:50:21 0 d-----w- c:\program files (x86)\Team17
2010-08-25 14:55:40 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-08-25 14:37:59 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-25 14:37:59 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-24 16:27:03 0 d-----w- c:\programdata\Stardock
2010-08-24 15:43:12 174080 ----a-w- c:\windows\system32\binkw32.dll
2010-08-24 15:43:08 174080 ----a-w- c:\windows\system\binkw32.dll
2010-08-24 15:18:18 0 d-----w- c:\windows\syswow64\webe
2010-08-24 14:38:48 0 d-----w- c:\program files (x86)\common files\Steam
2010-08-24 14:38:46 0 d-----w- c:\program files (x86)\Steam
2010-08-18 17:39:32 0 d-----w- c:\programdata\McAfee

==================== Find3M ====================

2010-08-15 20:32:18 817664 ----a-w- c:\windows\syswow64\Help64.exe
2010-08-02 17:27:53 312480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-08-02 17:27:52 43168 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-07-29 15:43:16 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-29 15:43:16 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-29 15:43:16 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-29 15:43:16 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-25 07:39:58 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-19 20:13:57 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-07-19 20:13:57 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-07-19 20:13:56 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-07-19 20:13:53 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-07-09 14:27:02 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 14:27:02 1585256 ----a-w- c:\windows\system32\nvsvc64.dll
2010-07-09 14:27:02 15314024 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:27:02 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 16:14:40,16 ===============

 

[IndiGenus]

While we wait for the Kaspersky scanner to run can you do the following please.

Download and install HijackThis from the following link. You can just accept and use all the default settings to install.

http://www.trendmicro.com/ftp/products/hijackthis/HiJackThis.msi

Once installed please run from the shortcut that was created on the desktop and from the Main Menu click Do a system scan and save a log file.

Copy and paste the contents of the log file back here in your next reply.

 

[zoniq]

ok, here is the log from HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:55:05, on 15. 9. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [YXE7DXCQ37] C:\Windows\TEMP\Stm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [YXE7DXCQ37] C:\Windows\TEMP\Stm.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7227 bytes

 

[IndiGenus]

Run HijackThis.Click Do a System Scan Only. Put a Check in the box on the left side on these:

O4 - HKUS\S-1-5-18\..\Run: [YXE7DXCQ37] C:\Windows\TEMP\Stm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [YXE7DXCQ37] C:\Windows\TEMP\Stm.exe (User 'Default user')

Then close all windows except HijackThis and press Fix checked.

Please also check the following location to see if the file still exists. I'm pretty sure it does not but want to make sure of that.

C:\Windows\TEMP\Stm.exe

If you see it there please delete if possible. Let me know if not and we can use a tool to remove.

Run HijackThis again and post the log.

 

[zoniq]

I will do as u ask, but first Kasperski online scanner must finnish his job
but anyway here is the log without closed firefox

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:11:39, on 15. 9. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7026 bytes

 

[IndiGenus]

I will do as u ask, but first Kasperski online scanner must finnish his job
but anyway here is the log without closed firefox

Good point. :red: Looks like HJT took care of those startup items anyway, so I think we're good there. Just need to check on the file.

 

[zoniq]

Ok, I think I can now thank you very much for your time and energy

:thanks:

if kasperski finishes, I'll post a log from it here

 

[zoniq]

Kasperski is still scanning and by far there are 3 threats and 8 infected files....

 

[IndiGenus]

Kasperski is still scanning and by far there are 3 threats and 8 infected files....

It's a time consuming/deep scan, so they can take a while.

It is also known to produce false positives, so post the log and let us review before deleting anything.

 

[zoniq]

Finally..here is log from kasperski online scanner:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, September 15, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 15, 2010 12:05:24
Records in database: 4215361
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 131438
Threats found: 3
Infected objects found: 8
Suspicious objects found: 0
Scan duration: 01:38:45


File name / Threat / Threats count
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\sbtcplib[2].exe Infected: Trojan-Dropper.Win32.TDSS.hax 1
C:\Windows\System32\drivers\up.exe Infected: not-a-virus:RiskTool.Win32.SafeSurf.s 1
C:\Windows\System32\Help64.exe Infected: Trojan.Win32.Swisyn.akbe 1
C:\Windows\System32\webe\Updater3.exe Infected: Trojan.Win32.Swisyn.akbe 1
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\sbtcplib[2].exe Infected: Trojan-Dropper.Win32.TDSS.hax 1
C:\Windows\SysWOW64\drivers\up.exe Infected: not-a-virus:RiskTool.Win32.SafeSurf.s 1
C:\Windows\SysWOW64\Help64.exe Infected: Trojan.Win32.Swisyn.akbe 1
C:\Windows\SysWOW64\webe\Updater3.exe Infected: Trojan.Win32.Swisyn.akbe 1

Selected area has been scanned.