safesurf virus problem

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :Files
C:\Windows\System32\drivers\up.exe 
C:\Windows\System32\Help64.exe  
C:\Windows\System32\webe\Updater3.exe  
C:\Windows\SysWOW64\drivers\up.exe  
C:\Windows\SysWOW64\Help64.exe  
C:\Windows\SysWOW64\webe\Updater3.exe
C:\Windows\system\dwm.exe

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

:Commands
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done and post the resulting log.
  • Then post a new OTL log and let me know how it's running.
 
Last edited:
here is log after reboot:

All processes killed
========== FILES ==========
C:\Windows\System32\drivers\up.exe moved successfully.
C:\Windows\System32\Help64.exe moved successfully.
C:\Windows\System32\webe\Updater3.exe moved successfully.
File\Folder C:\Windows\SysWOW64\drivers\up.exe not found.
File\Folder C:\Windows\SysWOW64\Help64.exe not found.
File\Folder C:\Windows\SysWOW64\webe\Updater3.exe not found.
File\Folder C:\Windows\system\dwm.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: zoniq
->Temp folder emptied: 125525000 bytes
->Temporary Internet Files folder emptied: 63889 bytes
->Java cache emptied: 128101 bytes
->FireFox cache emptied: 98442461 bytes
->Opera cache emptied: 149685 bytes
->Flash cache emptied: 1066 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 177226 bytes

Total Files Cleaned = 214.00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09162010_162058

Files\Folders moved on Reboot...
C:\Users\zoniq\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
 
and OTL log:

OTL logfile created on: 9/16/2010 4:24:59 PM - Run 4
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\zoniq\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 70.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 214.98 Gb Free Space | 72.12% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 92.92 Gb Free Space | 95.15% Space Free | Partition Type: NTFS
Drive E: | 200.43 Gb Total Space | 82.89 Gb Free Space | 41.36% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KOMPIK
Current User Name: zoniq
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
PRC - [2010/09/09 16:32:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/21 16:49:12 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/19 22:13:57 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/19 22:13:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/19 22:13:52 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/05 12:03:40 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/21 16:49:12 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/19 22:13:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/02 19:27:53 | 000,312,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/08/02 19:27:52 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/07/25 09:39:58 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/19 22:13:57 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/19 22:13:56 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/07/19 22:13:53 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/01/17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007/08/02 10:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2007/07/18 11:34:16 | 000,189,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0260Vid.sys -- (V0260VID)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 71 0B 0A 6D 53 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/07/21 16:50:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/09 16:32:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/09 16:32:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\components [2010/09/10 19:20:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/18 14:00:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/09/08 19:36:54 | 000,000,000 | ---D | M]

[2010/06/18 14:00:03 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\mozilla\Extensions
[2010/06/18 14:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zoniq\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/15 19:56:50 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions
[2010/09/12 07:17:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/03 17:53:18 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/08/18 22:33:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/15 19:56:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/29 17:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/29 17:43:16 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19:40:34 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/04/01 19:40:34 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/04/01 19:40:34 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/04/01 19:40:34 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/04/01 19:40:34 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/04/01 19:40:34 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010/09/11 18:18:49 | 000,419,895 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 wat.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 14487 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{525647e2-2a16-11df-984d-0019dbf60ff8}\Shell - "" = AutoRun
O33 - MountPoints2\{525647e2-2a16-11df-984d-0019dbf60ff8}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{f24320e2-97bf-11df-83dd-0019dbf60ff8}\Shell - "" = AutoRun
O33 - MountPoints2\{f24320e2-97bf-11df-83dd-0019dbf60ff8}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/15 16:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/15 15:59:40 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/15 15:49:48 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Malwarebytes
[2010/09/15 15:49:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/15 15:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/15 15:49:22 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/15 15:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/15 15:48:33 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\zoniq\Desktop\mbam-setup-1.46.exe
[2010/09/15 15:45:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\zoniq\Desktop\TFC.exe
[2010/09/15 09:16:20 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\Fh_HDRI Map Pack 01
[2010/09/15 07:23:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/15 07:20:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache
[2010/09/15 07:20:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\dictionaries
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\pref
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\modules
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\html
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\greprefs
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\fonts
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\entityTables
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res\dtd
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\chrome
[2010/09/15 07:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig
[2010/09/15 07:20:30 | 009,799,128 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\xul.dll
[2010/09/15 07:20:30 | 000,710,104 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\mozcrt19.dll
[2010/09/15 07:20:30 | 000,701,400 | ---- | C] (Netscape Communications Corporation) -- C:\Windows\SysWow64\drivers\f\1\js3250.dll
[2010/09/15 07:20:30 | 000,632,280 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nss3.dll
[2010/09/15 07:20:30 | 000,443,352 | ---- | C] (sqlite.org) -- C:\Windows\SysWow64\drivers\f\1\sqlite3.dll
[2010/09/15 07:20:30 | 000,316,888 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssckbi.dll
[2010/09/15 07:20:30 | 000,249,856 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\freebl3.dll
[2010/09/15 07:20:30 | 000,198,104 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nspr4.dll
[2010/09/15 07:20:30 | 000,155,648 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\softokn3.dll
[2010/09/15 07:20:30 | 000,136,664 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\ssl3.dll
[2010/09/15 07:20:30 | 000,134,616 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\components\brwsrcmp.dll
[2010/09/15 07:20:30 | 000,103,896 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\smime3.dll
[2010/09/15 07:20:30 | 000,098,304 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssdbm3.dll
[2010/09/15 07:20:30 | 000,087,512 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\nssutil3.dll
[2010/09/15 07:20:30 | 000,065,496 | ---- | C] (mozilla.org) -- C:\Windows\SysWow64\drivers\f\1\plugins\npnul32.dll
[2010/09/15 07:20:30 | 000,023,000 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\components\browserdirprovider.dll
[2010/09/15 07:20:30 | 000,020,440 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\plc4.dll
[2010/09/15 07:20:30 | 000,017,880 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\xpcom.dll
[2010/09/15 07:20:30 | 000,017,368 | ---- | C] (Mozilla Foundation) -- C:\Windows\SysWow64\drivers\f\1\plds4.dll
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\res
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults\profile
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\plugins
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\defaults
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1\components
[2010/09/15 07:20:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f\1
[2010/09/14 18:52:24 | 165,665,144 | ---- | C] (NVIDIA Corporation) -- C:\Users\zoniq\Desktop\260.63_desktop_win7_winvista_64bit_international_beta.exe
[2010/09/14 16:52:41 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
[2010/09/13 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\Tires semi-glossy by Amleto
[2010/09/11 18:00:50 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/11 17:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2010/09/11 17:50:09 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\runic games
[2010/09/11 16:29:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
[2010/09/11 13:24:27 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\layered rock
[2010/09/11 13:06:36 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\DavelessSteel
[2010/09/10 19:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5
[2010/09/08 19:38:05 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Apple Computer
[2010/09/08 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\DivX
[2010/09/08 19:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/09/08 19:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/09/08 19:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/09/08 19:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/09/08 19:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/09/08 19:34:58 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Apple Computer
[2010/09/05 13:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ChaosGroup
[2010/09/05 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\plugins
[2010/09/05 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Chaos Group
[2010/09/05 13:02:21 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\3dsMax
[2010/09/05 12:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/09/05 12:46:05 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Autodesk
[2010/09/05 12:03:52 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\Inventor
[2010/09/05 12:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/09/05 12:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010/09/05 12:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/09/05 12:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2010/09/05 12:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2010/09/05 11:54:50 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Autodesk
[2010/09/05 11:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010/09/02 16:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/09/02 16:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/09/02 16:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/09/02 16:44:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/02 16:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/09/02 16:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/09/02 16:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/27 18:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Team17
[2010/08/25 16:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/08/25 16:37:59 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/08/24 18:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2010/08/24 18:27:03 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\My Games
[2010/08/24 17:43:12 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll
[2010/08/24 17:43:08 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\System\binkw32.dll
[2010/08/24 17:22:20 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\2K Games
[2010/08/24 17:19:13 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/08/24 17:19:13 | 000,019,456 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/08/24 17:18:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f
[2010/08/24 17:18:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\webe
[2010/08/24 16:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/08/24 16:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010/08/18 19:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/08/18 17:56:43 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\arboretum

========== Files - Modified Within 30 Days ==========

[2010/09/16 16:22:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/16 16:22:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/16 16:22:11 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/16 16:21:26 | 006,291,456 | -HS- | M] () -- C:\Users\zoniq\NTUSER.DAT
[2010/09/16 16:21:07 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/16 16:21:07 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/15 21:36:31 | 007,352,497 | -H-- | M] () -- C:\Users\zoniq\AppData\Local\IconCache.db
[2010/09/15 16:52:55 | 000,003,007 | ---- | M] () -- C:\Users\zoniq\Desktop\HiJackThis.lnk
[2010/09/15 16:13:32 | 000,525,824 | ---- | M] () -- C:\Users\zoniq\Desktop\dds.scr
[2010/09/15 15:49:28 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 15:48:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\zoniq\Desktop\mbam-setup-1.46.exe
[2010/09/15 15:45:15 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\TFC.exe
[2010/09/15 12:50:36 | 000,167,014 | ---- | M] () -- C:\Users\zoniq\Desktop\BBS_GT_for_reference.jpg
[2010/09/15 11:34:34 | 064,637,111 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/15 07:20:34 | 000,142,385 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/09/15 07:20:32 | 000,102,022 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/09/14 20:39:55 | 000,035,157 | ---- | M] () -- C:\Users\zoniq\Desktop\cv_1168256.rtf
[2010/09/14 18:53:14 | 165,665,144 | ---- | M] (NVIDIA Corporation) -- C:\Users\zoniq\Desktop\260.63_desktop_win7_winvista_64bit_international_beta.exe
[2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
[2010/09/13 22:53:34 | 000,195,895 | ---- | M] () -- C:\Users\zoniq\Desktop\rim.jpg
[2010/09/13 20:37:51 | 004,003,840 | ---- | M] () -- C:\Users\zoniq\Desktop\tire.FBX
[2010/09/13 20:16:14 | 000,051,200 | ---- | M] () -- C:\Users\zoniq\Desktop\Rubber (Grey)_by_joa_grilo2376.mat
[2010/09/13 20:06:19 | 000,829,818 | ---- | M] () -- C:\Users\zoniq\Desktop\wm_original_exwalla_original.jpg
[2010/09/12 19:34:51 | 000,013,373 | ---- | M] () -- C:\Users\zoniq\Desktop\tyre_000bp.jpg
[2010/09/12 13:33:42 | 016,897,167 | ---- | M] () -- C:\Users\zoniq\Desktop\digitalin_hdr_chromFX-V2-HIRES.zip
[2010/09/11 18:18:49 | 000,419,895 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/09/10 19:20:16 | 000,002,173 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/10 19:20:16 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/02 16:28:13 | 009,655,677 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/09/02 11:55:06 | 000,019,456 | ---- | M] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/08/27 19:11:33 | 000,009,456 | ---- | M] () -- C:\Windows\SysWow64\drivers\f\1\components\nsRequestService.js
[2010/08/27 18:51:42 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/08/25 19:45:31 | 000,001,804 | ---- | M] () -- C:\Users\zoniq\Desktop\mafia2 - odkaz.lnk
[2010/08/25 16:30:58 | 000,276,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/24 17:18:36 | 000,058,736 | ---- | M] () -- C:\Users\zoniq\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/24 17:01:35 | 000,174,080 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\System\binkw32.dll
[2010/08/24 17:01:35 | 000,174,080 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll
[2010/08/21 08:05:15 | 000,000,857 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
 
========== Files Created - No Company Name ==========

[2010/09/15 16:52:55 | 000,003,007 | ---- | C] () -- C:\Users\zoniq\Desktop\HiJackThis.lnk
[2010/09/15 16:13:31 | 000,525,824 | ---- | C] () -- C:\Users\zoniq\Desktop\dds.scr
[2010/09/15 15:49:28 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 12:50:34 | 000,167,014 | ---- | C] () -- C:\Users\zoniq\Desktop\BBS_GT_for_reference.jpg
[2010/09/15 07:22:16 | 000,070,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\3A9602CBd01
[2010/09/15 07:22:16 | 000,030,923 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\83EAA7FBd01
[2010/09/15 07:22:16 | 000,030,709 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C83B3590d01
[2010/09/15 07:22:16 | 000,028,067 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\ACB96CA3d01
[2010/09/15 07:22:16 | 000,023,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\83FAA7FBd01
[2010/09/15 07:22:16 | 000,023,631 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E3A92517d01
[2010/09/15 07:22:16 | 000,022,475 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\C83A3590d01
[2010/09/15 07:22:16 | 000,016,681 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\83DBA7FBd01
[2010/09/15 07:22:15 | 000,563,284 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\892C3590d01
[2010/09/15 07:22:15 | 000,067,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\802C1856d01
[2010/09/15 07:22:15 | 000,058,507 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\07E97743d01
[2010/09/15 07:22:12 | 000,043,554 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5EB8D088d01
[2010/09/15 07:22:12 | 000,028,702 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D01658B8d01
[2010/09/15 07:22:11 | 000,059,590 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0ED957E7d01
[2010/09/15 07:22:11 | 000,055,170 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\CE3B4F17d01
[2010/09/15 07:22:11 | 000,044,170 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\679E68D0d01
[2010/09/15 07:22:11 | 000,038,954 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\79E03FB6d01
[2010/09/15 07:22:11 | 000,036,728 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0A8C8175d01
[2010/09/15 07:22:11 | 000,030,653 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\151B0F7Ad01
[2010/09/15 07:22:11 | 000,029,449 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\DDC87DEBd01
[2010/09/15 07:22:11 | 000,027,608 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\659A3614d01
[2010/09/15 07:22:11 | 000,026,932 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E84643C7d01
[2010/09/15 07:22:11 | 000,025,446 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\D51291A0d01
[2010/09/15 07:22:11 | 000,024,424 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\33B96A08d01
[2010/09/15 07:22:11 | 000,017,226 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\0C0937AEd01
[2010/09/15 07:22:11 | 000,016,728 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E7FCDF7Fd01
[2010/09/15 07:22:04 | 001,719,241 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\E59411D5d01
[2010/09/15 07:22:04 | 000,024,783 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\5D60DCD3d01
[2010/09/15 07:22:03 | 000,141,813 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\9F31D11Ed01
[2010/09/15 07:22:03 | 000,068,397 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B9E2832Cd01
[2010/09/15 07:22:03 | 000,034,757 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\B7701A1Dd01
[2010/09/15 07:22:03 | 000,032,545 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\68CBF6E4d01
[2010/09/15 07:22:02 | 000,020,591 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\FD237C9Ed01
[2010/09/15 07:22:02 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\search.sqlite
[2010/09/15 07:21:56 | 000,002,366 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\pluginreg.dat
[2010/09/15 07:20:37 | 000,270,397 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_003_
[2010/09/15 07:20:37 | 000,122,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_002_
[2010/09/15 07:20:37 | 000,121,975 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_001_
[2010/09/15 07:20:37 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cert8.db
[2010/09/15 07:20:37 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\urlclassifier3.sqlite
[2010/09/15 07:20:37 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\secmod.db
[2010/09/15 07:20:37 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\key3.db
[2010/09/15 07:20:37 | 000,000,276 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache\_CACHE_MAP_
[2010/09/15 07:20:36 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\webappsstore.sqlite
[2010/09/15 07:20:35 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\cookies.sqlite
[2010/09/15 07:20:34 | 000,142,385 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\compreg.dat
[2010/09/15 07:20:34 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite
[2010/09/15 07:20:34 | 000,066,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\places.sqlite-journal
[2010/09/15 07:20:34 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\permissions.sqlite
[2010/09/15 07:20:32 | 000,102,022 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpti.dat
[2010/09/15 07:20:32 | 000,017,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko.xpt
[2010/09/15 07:20:32 | 000,012,938 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipnss.xpt
[2010/09/15 07:20:32 | 000,011,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\places.xpt
[2010/09/15 07:20:32 | 000,011,151 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\widget.xpt
[2010/09/15 07:20:32 | 000,011,095 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_ds.xpt
[2010/09/15 07:20:32 | 000,008,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpconnect.xpt
[2010/09/15 07:20:32 | 000,007,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_io.xpt
[2010/09/15 07:20:32 | 000,005,510 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webBrowser_core.xpt
[2010/09/15 07:20:32 | 000,005,145 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\plugin.xpt
[2010/09/15 07:20:32 | 000,004,908 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\rdf.xpt
[2010/09/15 07:20:32 | 000,003,731 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul_tree.xpt
[2010/09/15 07:20:32 | 000,003,290 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pref.xpt
[2010/09/15 07:20:32 | 000,003,185 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_base.xpt
[2010/09/15 07:20:32 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage.xpt
[2010/09/15 07:20:32 | 000,003,040 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_components.xpt
[2010/09/15 07:20:32 | 000,002,958 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\shistory.xpt
[2010/09/15 07:20:32 | 000,002,793 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowwatcher.xpt
[2010/09/15 07:20:32 | 000,002,713 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uriloader.xpt
[2010/09/15 07:20:32 | 000,002,646 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\update.xpt
[2010/09/15 07:20:32 | 000,002,602 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_http.xpt
[2010/09/15 07:20:32 | 000,002,595 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cache.xpt
[2010/09/15 07:20:32 | 000,002,425 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xultmpl.xpt
[2010/09/15 07:20:32 | 000,002,369 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\saxparser.xpt
[2010/09/15 07:20:32 | 000,002,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_thread.xpt
[2010/09/15 07:20:32 | 000,002,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_xul.xpt
[2010/09/15 07:20:32 | 000,002,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webbrowserpersist.xpt
[2010/09/15 07:20:32 | 000,002,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mimetype.xpt
[2010/09/15 07:20:32 | 000,001,896 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_system.xpt
[2010/09/15 07:20:32 | 000,001,784 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\loginmgr.xpt
[2010/09/15 07:20:32 | 000,001,648 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_cookie.xpt
[2010/09/15 07:20:32 | 000,001,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpcom_xpti.xpt
[2010/09/15 07:20:32 | 000,001,491 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\uconv.xpt
[2010/09/15 07:20:32 | 000,001,475 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_strconv.xpt
[2010/09/15 07:20:32 | 000,001,293 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\webshell_idls.xpt
[2010/09/15 07:20:32 | 000,001,260 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\locale.xpt
[2010/09/15 07:20:32 | 000,001,258 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txmgr.xpt
[2010/09/15 07:20:32 | 000,001,209 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xuldoc.xpt
[2010/09/15 07:20:32 | 000,001,181 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\unicharutil.xpt
[2010/09/15 07:20:32 | 000,001,179 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\prefetch.xpt
[2010/09/15 07:20:32 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\oji.xpt
[2010/09/15 07:20:32 | 000,001,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xpinstall.xpt
[2010/09/15 07:20:32 | 000,001,088 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\toolkitprofile.xpt
[2010/09/15 07:20:32 | 000,001,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_dns.xpt
[2010/09/15 07:20:32 | 000,001,060 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\spellchecker.xpt
[2010/09/15 07:20:32 | 000,001,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xml-rpc.xpt
[2010/09/15 07:20:32 | 000,000,911 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_printing.xpt
[2010/09/15 07:20:32 | 000,000,893 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_socket.xpt
[2010/09/15 07:20:32 | 000,000,858 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\grabber.gif
[2010/09/15 07:20:32 | 000,000,845 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozfind.xpt
[2010/09/15 07:20:32 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-hover.gif
[2010/09/15 07:20:32 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row.gif
[2010/09/15 07:20:32 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-hover.gif
[2010/09/15 07:20:32 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column.gif
[2010/09/15 07:20:32 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-row-active.gif
[2010/09/15 07:20:32 | 000,000,835 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-remove-column-active.gif
[2010/09/15 07:20:32 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-hover.gif
[2010/09/15 07:20:32 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after.gif
[2010/09/15 07:20:32 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-hover.gif
[2010/09/15 07:20:32 | 000,000,826 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after.gif
[2010/09/15 07:20:32 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-hover.gif
[2010/09/15 07:20:32 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before.gif
[2010/09/15 07:20:32 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-hover.gif
[2010/09/15 07:20:32 | 000,000,825 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before.gif
[2010/09/15 07:20:32 | 000,000,771 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\zipwriter.xpt
[2010/09/15 07:20:32 | 000,000,759 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txtsvc.xpt
[2010/09/15 07:20:32 | 000,000,718 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\satchel.xpt
[2010/09/15 07:20:32 | 000,000,652 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\profile.xpt
[2010/09/15 07:20:32 | 000,000,628 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pipboot.xpt
[2010/09/15 07:20:32 | 000,000,619 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html\folder.png
[2010/09/15 07:20:32 | 000,000,613 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp.xpt
[2010/09/15 07:20:32 | 000,000,537 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\parentalcontrols.xpt
[2010/09/15 07:20:32 | 000,000,437 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_file.xpt
[2010/09/15 07:20:32 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pippki.xpt
[2010/09/15 07:20:32 | 000,000,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_about.xpt
[2010/09/15 07:20:32 | 000,000,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\mozbrwsr.xpt
[2010/09/15 07:20:32 | 000,000,287 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\proxyObject.xpt
[2010/09/15 07:20:32 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_res.xpt
[2010/09/15 07:20:32 | 000,000,212 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\windowds.xpt
[2010/09/15 07:20:32 | 000,000,201 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_ftp.xpt
[2010/09/15 07:20:32 | 000,000,198 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\xulapp_setup.xpt
[2010/09/15 07:20:32 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\necko_viewsource.xpt
[2010/09/15 07:20:32 | 000,000,174 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\lwbrk.xpt
[2010/09/15 07:20:32 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\urlformatter.xpt
[2010/09/15 07:20:32 | 000,000,122 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\loading-image.gif
[2010/09/15 07:20:32 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\broken-image.gif
[2010/09/15 07:20:32 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrowd.gif
[2010/09/15 07:20:32 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-after-active.gif
[2010/09/15 07:20:32 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-before-active.gif
[2010/09/15 07:20:32 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-row-after-active.gif
[2010/09/15 07:20:32 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\table-add-column-before-active.gif
[2010/09/15 07:20:32 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\arrow.gif
[2010/09/15 07:20:31 | 001,915,137 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.jar
[2010/09/15 07:20:31 | 000,777,705 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.jar
[2010/09/15 07:20:31 | 000,348,994 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\browser.xpt
[2010/09/15 07:20:31 | 000,333,726 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsExtensionManager.js
[2010/09/15 07:20:31 | 000,332,438 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.jar
[2010/09/15 07:20:31 | 000,317,480 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.jar
[2010/09/15 07:20:31 | 000,115,501 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUpdateService.js
[2010/09/15 07:20:31 | 000,110,913 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchService.js
[2010/09/15 07:20:31 | 000,077,051 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsMicrosummaryService.js
[2010/09/15 07:20:31 | 000,076,993 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStore.js
[2010/09/15 07:20:31 | 000,072,928 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\all.js
[2010/09/15 07:20:31 | 000,066,215 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedProcessor.js
[2010/09/15 07:20:31 | 000,064,412 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\Microformats.js
[2010/09/15 07:20:31 | 000,063,788 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\mathml.dtd
[2010/09/15 07:20:31 | 000,061,758 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\utils.js
[2010/09/15 07:20:31 | 000,056,411 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfont.properties
[2010/09/15 07:20:31 | 000,051,214 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHandlerService.js
[2010/09/15 07:20:31 | 000,050,600 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierLib.js
[2010/09/15 07:20:31 | 000,049,926 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\storage-Legacy.js
[2010/09/15 07:20:31 | 000,049,780 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedWriter.js
[2010/09/15 07:20:31 | 000,044,106 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManager.js
[2010/09/15 07:20:31 | 000,041,950 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsHelperAppDlg.js
[2010/09/15 07:20:31 | 000,040,367 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginManagerPrompter.js
[2010/09/15 07:20:31 | 000,039,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.jar
[2010/09/15 07:20:31 | 000,038,499 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\transliterate.properties
[2010/09/15 07:20:31 | 000,038,238 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fuelApplication.js
[2010/09/15 07:20:31 | 000,037,314 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProgressDialog.js
[2010/09/15 07:20:31 | 000,036,111 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLivemarkService.js
[2010/09/15 07:20:31 | 000,035,256 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXmlRpcClient.js
[2010/09/15 07:20:31 | 000,035,102 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox.js
[2010/09/15 07:20:31 | 000,034,011 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\WebContentConverter.js
[2010/09/15 07:20:31 | 000,033,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPlacesTransactionsService.js
[2010/09/15 07:20:31 | 000,033,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserContentHandler.js
[2010/09/15 07:20:31 | 000,032,409 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBrowserGlue.js
[2010/09/15 07:20:31 | 000,030,074 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBlocklistService.js
[2010/09/15 07:20:31 | 000,030,004 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\mathml20.properties
[2010/09/15 07:20:31 | 000,029,973 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentPrefService.js
[2010/09/15 07:20:31 | 000,025,339 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\FeedConverter.js
[2010/09/15 07:20:31 | 000,025,176 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSafebrowsingApplication.js
[2010/09/15 07:20:31 | 000,024,273 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSearchSuggestions.js
[2010/09/15 07:20:31 | 000,023,460 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_svg.xpt
[2010/09/15 07:20:31 | 000,021,420 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsPostUpdateWin.js
[2010/09/15 07:20:31 | 000,019,983 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsUrlClassifierListManager.js
[2010/09/15 07:20:31 | 000,019,182 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility.xpt
[2010/09/15 07:20:31 | 000,018,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_html.xpt
[2010/09/15 07:20:31 | 000,017,380 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\DownloadUtils.jsm
[2010/09/15 07:20:31 | 000,015,416 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\forms.css
[2010/09/15 07:20:31 | 000,014,664 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\mathml.css
[2010/09/15 07:20:31 | 000,013,682 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsProxyAutoConfig.js
[2010/09/15 07:20:31 | 000,013,443 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.jar
[2010/09/15 07:20:31 | 000,012,513 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSidebar.js
[2010/09/15 07:20:31 | 000,012,091 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\distribution.js
[2010/09/15 07:20:31 | 000,011,997 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_css.xpt
[2010/09/15 07:20:31 | 000,011,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsAddonRepository.js
[2010/09/15 07:20:31 | 000,011,637 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\contenteditable.css
[2010/09/15 07:20:31 | 000,011,608 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\quirk.css
[2010/09/15 07:20:31 | 000,011,557 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\editor.xpt
[2010/09/15 07:20:31 | 000,011,428 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSessionStartup.js
[2010/09/15 07:20:31 | 000,011,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetalias.properties
[2010/09/15 07:20:31 | 000,011,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\html.css
[2010/09/15 07:20:31 | 000,010,740 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\EditorOverride.css
[2010/09/15 07:20:31 | 000,010,561 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\docshell_base.xpt
[2010/09/15 07:20:31 | 000,009,998 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\XPCOMUtils.jsm
[2010/09/15 07:20:31 | 000,009,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTaggingService.js
[2010/09/15 07:20:31 | 000,009,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\charsetData.properties
[2010/09/15 07:20:31 | 000,009,477 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_base.xpt
[2010/09/15 07:20:31 | 000,009,456 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsRequestService.js
[2010/09/15 07:20:31 | 000,009,066 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_base.xpt
[2010/09/15 07:20:31 | 000,008,427 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\dtd\xhtml11.dtd
[2010/09/15 07:20:31 | 000,008,278 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsXULAppInstall.js
[2010/09/15 07:20:31 | 000,007,585 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\PluralForm.jsm
[2010/09/15 07:20:31 | 000,007,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xul.xpt
[2010/09/15 07:20:31 | 000,007,301 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_core.xpt
[2010/09/15 07:20:31 | 000,007,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\prefcalls.js
[2010/09/15 07:20:31 | 000,007,049 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsResetPref.js
[2010/09/15 07:20:31 | 000,007,039 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\ISO8601DateUtils.jsm
[2010/09/15 07:20:31 | 000,006,920 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsWebHandlerApp.js
[2010/09/15 07:20:31 | 000,006,869 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_events.xpt
[2010/09/15 07:20:31 | 000,006,721 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\JSON.jsm
[2010/09/15 07:20:31 | 000,006,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontUnicode.properties
[2010/09/15 07:20:31 | 000,006,667 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\txEXSLTRegExFunctions.js
[2010/09/15 07:20:31 | 000,006,469 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\ua.css
[2010/09/15 07:20:31 | 000,006,265 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDefaultCLH.js
[2010/09/15 07:20:31 | 000,006,029 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsdservice.xpt
[2010/09/15 07:20:31 | 000,005,737 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDownloadManagerUI.js
[2010/09/15 07:20:31 | 000,005,649 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\langGroups.properties
[2010/09/15 07:20:31 | 000,005,493 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXNonUnicode.properties
[2010/09/15 07:20:31 | 000,005,490 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\language.properties
[2010/09/15 07:20:31 | 000,005,005 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsContentDispatchChooser.js
[2010/09/15 07:20:31 | 000,004,805 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsDictionary.js
[2010/09/15 07:20:31 | 000,004,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsLoginInfo.js
[2010/09/15 07:20:31 | 000,004,090 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Symbols.properties
[2010/09/15 07:20:31 | 000,003,954 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSymbol.properties
[2010/09/15 07:20:31 | 000,003,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\xulrunner.js
[2010/09/15 07:20:31 | 000,003,902 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontStandardSymbolsL.properties
[2010/09/15 07:20:31 | 000,003,831 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\extensions.xpt
[2010/09/15 07:20:31 | 000,003,690 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Latin1.properties
[2010/09/15 07:20:31 | 000,003,603 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autocomplete.xpt
[2010/09/15 07:20:31 | 000,003,378 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\security-prefs.js
[2010/09/15 07:20:31 | 000,003,274 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\feeds.xpt
[2010/09/15 07:20:31 | 000,003,268 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsTryToClose.js
[2010/09/15 07:20:31 | 000,003,142 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\pluginGlue.js
[2010/09/15 07:20:31 | 000,003,115 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsURLFormatter.js
[2010/09/15 07:20:31 | 000,003,104 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsBadCertHandler.js
[2010/09/15 07:20:31 | 000,003,037 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\viewsource.css
[2010/09/15 07:20:31 | 000,003,033 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\fonts\mathfontSTIXSize1.properties
[2010/09/15 07:20:31 | 000,003,021 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imglib2.xpt
[2010/09/15 07:20:31 | 000,002,927 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRobots.js
[2010/09/15 07:20:31 | 000,002,925 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\aboutRights.js
[2010/09/15 07:20:31 | 000,002,854 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\nsSetDefaultBrowser.js
[2010/09/15 07:20:31 | 000,002,738 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\modules\debug.js
[2010/09/15 07:20:31 | 000,002,719 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\caps.xpt
[2010/09/15 07:20:31 | 000,002,621 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_loadsave.xpt
[2010/09/15 07:20:31 | 000,002,547 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appshell.xpt
[2010/09/15 07:20:31 | 000,002,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xtf.xpt
[2010/09/15 07:20:31 | 000,002,502 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\inspector.xpt
[2010/09/15 07:20:31 | 000,002,396 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\html40Special.properties
[2010/09/15 07:20:31 | 000,002,295 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\svg.css
[2010/09/15 07:20:31 | 000,002,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\downloads.xpt
[2010/09/15 07:20:31 | 000,002,080 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\wincharset.properties
[2010/09/15 07:20:31 | 000,001,981 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthandler.xpt
[2010/09/15 07:20:31 | 000,001,967 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\entityTables\htmlEntityVersions.properties
[2010/09/15 07:20:31 | 000,001,930 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_canvas.xpt
[2010/09/15 07:20:31 | 000,001,861 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\designmode.css
[2010/09/15 07:20:31 | 000,001,789 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandhandler.xpt
[2010/09/15 07:20:31 | 000,001,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jsconsole-clhandler.js
[2010/09/15 07:20:31 | 000,001,508 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\exthelper.xpt
[2010/09/15 07:20:31 | 000,001,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\gfx.xpt
[2010/09/15 07:20:31 | 000,001,417 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xpath.xpt
[2010/09/15 07:20:31 | 000,001,346 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\jar.xpt
[2010/09/15 07:20:31 | 000,001,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xslt.xpt
[2010/09/15 07:20:31 | 000,001,282 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_traversal.xpt
[2010/09/15 07:20:31 | 000,001,263 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_offline.xpt
[2010/09/15 07:20:31 | 000,001,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_range.xpt
[2010/09/15 07:20:31 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userChrome-example.css
[2010/09/15 07:20:31 | 000,001,078 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userChrome-example.css
[2010/09/15 07:20:31 | 000,001,036 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\find.xpt
[2010/09/15 07:20:31 | 000,001,019 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_stylesheets.xpt
[2010/09/15 07:20:31 | 000,000,960 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\commandlines.xpt
[2010/09/15 07:20:31 | 000,000,915 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-branding.js
[2010/09/15 07:20:31 | 000,000,874 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_storage.xpt
[2010/09/15 07:20:31 | 000,000,856 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\flashplayer.xpt
[2010/09/15 07:20:31 | 000,000,774 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\en-US.manifest
[2010/09/15 07:20:31 | 000,000,755 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\composer.xpt
[2010/09/15 07:20:31 | 000,000,724 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\contentprefs.xpt
[2010/09/15 07:20:31 | 000,000,700 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_html.xpt
[2010/09/15 07:20:31 | 000,000,694 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\htmlparser.xpt
[2010/09/15 07:20:31 | 000,000,693 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_xmldoc.xpt
[2010/09/15 07:20:31 | 000,000,679 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chardet.xpt
[2010/09/15 07:20:31 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome\userContent-example.css
[2010/09/15 07:20:31 | 000,000,663 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome\userContent-example.css
[2010/09/15 07:20:31 | 000,000,645 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\intl.xpt
[2010/09/15 07:20:31 | 000,000,605 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\content_htmldoc.xpt
[2010/09/15 07:20:31 | 000,000,599 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\fastfind.xpt
[2010/09/15 07:20:31 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\classic.manifest
[2010/09/15 07:20:31 | 000,000,551 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_sidebar.xpt
[2010/09/15 07:20:31 | 000,000,543 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\appstartup.xpt
[2010/09/15 07:20:31 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\embed_base.xpt
[2010/09/15 07:20:31 | 000,000,517 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\toolkit.manifest
[2010/09/15 07:20:31 | 000,000,488 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\cookie.xpt
[2010/09/15 07:20:31 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\softokn3.chk
[2010/09/15 07:20:31 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\freebl3.chk
[2010/09/15 07:20:31 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_xbl.xpt
[2010/09/15 07:20:31 | 000,000,377 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom.xpt
[2010/09/15 07:20:31 | 000,000,373 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\directory.xpt
[2010/09/15 07:20:31 | 000,000,356 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\mimeTypes.rdf
[2010/09/15 07:20:31 | 000,000,349 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_json.xpt
[2010/09/15 07:20:31 | 000,000,347 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\prefs.js
[2010/09/15 07:20:31 | 000,000,344 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\chrome.xpt
[2010/09/15 07:20:31 | 000,000,326 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\imgicon.xpt
[2010/09/15 07:20:31 | 000,000,302 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\layout_base.xpt
[2010/09/15 07:20:31 | 000,000,233 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\accessibility-msaa.xpt
[2010/09/15 07:20:31 | 000,000,226 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\dom_views.xpt
[2010/09/15 07:20:31 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\firefox-l10n.js
[2010/09/15 07:20:31 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\autoconfig.xpt
[2010/09/15 07:20:31 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\components\alerts.xpt
[2010/09/15 07:20:31 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\reporter.js
[2010/09/15 07:20:31 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\geckofx.manifest
[2010/09/15 07:20:31 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\localstore.rdf
[2010/09/15 07:20:31 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\localstore.rdf
[2010/09/15 07:20:31 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\comm.manifest
[2010/09/15 07:20:31 | 000,000,126 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\pref\channel-prefs.js
[2010/09/15 07:20:31 | 000,000,087 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig\platform.js
[2010/09/15 07:20:31 | 000,000,085 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\greprefs\xpinstall.js
[2010/09/15 07:20:31 | 000,000,069 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\chrome\pippki.manifest
[2010/09/15 07:20:30 | 005,969,360 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\plugins\NPSWF32.dll
[2010/09/15 07:20:30 | 000,007,139 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\defaults\profile\bookmarks.html
[2010/09/15 07:20:30 | 000,000,117 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\1\res\hiddenWindow.html
[2010/09/14 20:39:55 | 000,035,157 | ---- | C] () -- C:\Users\zoniq\Desktop\cv_1168256.rtf
[2010/09/13 20:37:50 | 004,003,840 | ---- | C] () -- C:\Users\zoniq\Desktop\tire.FBX
[2010/09/13 20:16:13 | 000,051,200 | ---- | C] () -- C:\Users\zoniq\Desktop\Rubber (Grey)_by_joa_grilo2376.mat
[2010/09/13 20:06:18 | 000,829,818 | ---- | C] () -- C:\Users\zoniq\Desktop\wm_original_exwalla_original.jpg
[2010/09/12 19:34:49 | 000,013,373 | ---- | C] () -- C:\Users\zoniq\Desktop\tyre_000bp.jpg
[2010/09/12 13:33:24 | 016,897,167 | ---- | C] () -- C:\Users\zoniq\Desktop\digitalin_hdr_chromFX-V2-HIRES.zip
[2010/09/12 11:39:07 | 000,195,895 | ---- | C] () -- C:\Users\zoniq\Desktop\rim.jpg
[2010/09/12 11:24:54 | 000,079,360 | ---- | C] () -- C:\Users\zoniq\Desktop\car_paint_metallics_fx.mat
[2010/09/10 19:20:16 | 000,002,173 | ---- | C] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/10 19:20:16 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/06 22:14:09 | 000,028,672 | ---- | C] () -- C:\Users\zoniq\Desktop\rims paint.mat
[2010/08/27 18:51:42 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/08/25 19:45:31 | 000,001,804 | ---- | C] () -- C:\Users\zoniq\Desktop\mafia2 - odkaz.lnk
[2010/08/24 17:18:44 | 009,655,677 | ---- | C] () -- C:\Windows\SysWow64\drivers\f\jet.exe
[2010/07/21 19:16:50 | 000,007,605 | ---- | C] () -- C:\Users\zoniq\AppData\Local\Resmon.ResmonCfg
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
 
In C:\Windows\SysWOW64\drivers\ there is no sign of up.exe
But there is file called surfguard.exe
Don't know if it is bad or not...just for info ;)

And I cannot see Help64.exe and Updater3.exe

System runs still without any pop-up from my AVG....
 
But there is file called surfguard.exe
Click to expand...
That's part of the Safe Surf junk and can be removed.

Did you install something from Skybound Software called Stylelyzer? Some kind off .css editor or something?

Let's run another scanner too.

I would like you to run the following scan: Eset Online Scanner
Run with Internet Explorer
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button, or click the notification bar at the top of the window and choose to install.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes click the Details tab.
  • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.
 
I removed surfguard.exe to recycle bin.
I don't install anything from Skybound Software, no stylelyzer, no .css editor, nothing like that..

anyway eset found some infections...here is the log:

C:\ProgramData\avg9\Temp\ab392bb3-72e4-4f55-801d-dc0aacef9d60.tmp a variant of Win32/Adware.FakeAntiSpy.E application
C:\ProgramData\avg9\Temp\c2db90a2-4f50-454d-8e90-e7bd172b7a1a.tmp a variant of Win32/Adware.FakeAntiSpy.E application
C:\ProgramData\avg9\Temp\f5bc5f3a-4f52-44be-8433-50ed287501b6.tmp a variant of Win32/Adware.FakeAntiSpy.E application
C:\Users\All Users\avg9\Temp\ab392bb3-72e4-4f55-801d-dc0aacef9d60.tmp a variant of Win32/Adware.FakeAntiSpy.E application
C:\Users\All Users\avg9\Temp\c2db90a2-4f50-454d-8e90-e7bd172b7a1a.tmp a variant of Win32/Adware.FakeAntiSpy.E application
C:\Users\All Users\avg9\Temp\f5bc5f3a-4f52-44be-8433-50ed287501b6.tmp a variant of Win32/Adware.FakeAntiSpy.E application
E:\soft\Nero 8.3.2.1\Nero-8.3.2.1b_eng_trial.exe Win32/Toolbar.AskSBar application
 
I don't install anything from Skybound Software, no stylelyzer, no .css editor, nothing like that..
Click to expand...
Ya what I figured. Looks like it came in with the safesurf junk. Looks like a bunch of stuff created in folders too. Need to check.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :dir
C:\Windows\SysWow64\drivers\f
C:\Windows\SysWow64\webe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Also looks like it may have been let it when you installed 2k games or RAD game tools?

[2010/08/24 17:43:12 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll
[2010/08/24 17:43:08 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\System\binkw32.dll
[2010/08/24 17:22:20 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\2K Games
[2010/08/24 17:19:13 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/08/24 17:19:13 | 000,019,456 | ---- | C] (JetSwap) -- C:\Windows\SysWow64\drivers\surfguard.exe
[2010/08/24 17:18:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\f
[2010/08/24 17:18:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\webe
Click to expand...
 
Don't remeber the RAD games installation, but I've installed some games from 2k games...mafia2 etc.

here is log from systemlook:

SystemLook 04.09.10 by jpshortstuff
Log created at 18:56 on 17/09/2010 by zoniq
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== dir ==========

C:\Windows\SysWow64\drivers\f - Parameters: "(none)"

---Files---
jet.exe --a---- 9655677 bytes [15:18 24/08/2010] [14:28 02/09/2010]
sfa.txt --a---- 595940 bytes [15:19 24/08/2010] [14:49 06/09/2010]

---Folders---
1 d------ [05:20 15/09/2010]

C:\Windows\SysWow64\webe - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-= EOF =-
 
They can go.

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :Files
C:\Windows\SysWow64\drivers\f
C:\Windows\SysWow64\webe

:Commands
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log
 
reboot log :

All processes killed
========== FILES ==========
C:\Windows\SysWow64\drivers\f\1\res\html folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\res\fonts folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\res\entityTables folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\res\dtd folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\res folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\plugins folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\modules folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\greprefs folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\dictionaries folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults\profile\US\chrome folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults\profile\US folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults\profile\chrome folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults\profile\Cache folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults\profile folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults\pref folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults\autoconfig folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\defaults folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\components folder moved successfully.
C:\Windows\SysWow64\drivers\f\1\chrome folder moved successfully.
C:\Windows\SysWow64\drivers\f\1 folder moved successfully.
C:\Windows\SysWow64\drivers\f folder moved successfully.
C:\Windows\SysWow64\webe folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: zoniq
->Temp folder emptied: 641206 bytes
->Temporary Internet Files folder emptied: 63794 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 93359745 bytes
->Opera cache emptied: 121880 bytes
->Flash cache emptied: 921 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65748 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 90.00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09172010_200440

Files\Folders moved on Reboot...
C:\Users\zoniq\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
 
.....and new scan log:

OTL logfile created on: 9/17/2010 8:09:07 PM - Run 5
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\zoniq\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 217.24 Gb Free Space | 72.88% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 92.92 Gb Free Space | 95.15% Space Free | Partition Type: NTFS
Drive E: | 200.43 Gb Total Space | 82.89 Gb Free Space | 41.36% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KOMPIK
Current User Name: zoniq
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/16 21:58:42 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
PRC - [2010/09/01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/21 16:49:12 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/19 22:13:57 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/19 22:13:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/19 22:13:52 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/05 12:03:40 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/07/14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/21 16:49:12 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/19 22:13:54 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/08/02 19:27:53 | 000,312,480 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/08/02 19:27:52 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/07/25 09:39:58 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/19 22:13:57 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/19 22:13:56 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/07/19 22:13:53 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009/07/14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009/07/14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009/07/14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009/07/14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/01/17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007/08/02 10:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2007/07/18 11:34:16 | 000,189,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0260Vid.sys -- (V0260VID)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 71 0B 0A 6D 53 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/07/21 16:50:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/16 21:58:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/16 21:58:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\components [2010/09/10 19:20:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/18 14:00:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/09/08 19:36:54 | 000,000,000 | ---D | M]

[2010/06/18 14:00:03 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\mozilla\Extensions
[2010/06/18 14:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zoniq\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/16 20:02:38 | 000,000,000 | ---D | M] -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions
[2010/09/12 07:17:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/03 17:53:18 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/08/18 22:33:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\zoniq\AppData\Roaming\mozilla\Firefox\Profiles\u8fwv41d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/16 20:02:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/29 17:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/29 17:43:16 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19:40:34 | 000,001,583 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/04/01 19:40:34 | 000,001,380 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/04/01 19:40:34 | 000,001,479 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/04/01 19:40:34 | 000,001,473 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/04/01 19:40:34 | 000,001,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/04/01 19:40:34 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2010/09/16 17:42:29 | 000,420,073 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 wat.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.microsoft.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 14493 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{525647e2-2a16-11df-984d-0019dbf60ff8}\Shell - "" = AutoRun
O33 - MountPoints2\{525647e2-2a16-11df-984d-0019dbf60ff8}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O33 - MountPoints2\{f24320e2-97bf-11df-83dd-0019dbf60ff8}\Shell - "" = AutoRun
O33 - MountPoints2\{f24320e2-97bf-11df-83dd-0019dbf60ff8}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/16 17:18:44 | 000,000,000 | ---D | C] -- C:\9e194e4617988486dcfb0243543ee7
[2010/09/16 17:18:30 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/15 16:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/15 15:59:40 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/15 15:49:48 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Malwarebytes
[2010/09/15 15:49:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/15 15:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/15 15:49:22 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/15 15:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/15 15:48:33 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\zoniq\Desktop\mbam-setup-1.46.exe
[2010/09/15 15:45:15 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\zoniq\Desktop\TFC.exe
[2010/09/15 09:16:20 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\Fh_HDRI Map Pack 01
[2010/09/15 07:23:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/14 18:52:24 | 165,665,144 | ---- | C] (NVIDIA Corporation) -- C:\Users\zoniq\Desktop\260.63_desktop_win7_winvista_64bit_international_beta.exe
[2010/09/14 16:52:41 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
[2010/09/13 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\Tires semi-glossy by Amleto
[2010/09/11 18:00:50 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/11 17:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2010/09/11 17:50:09 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\runic games
[2010/09/11 16:29:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
[2010/09/11 13:24:27 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\layered rock
[2010/09/11 13:06:36 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Desktop\DavelessSteel
[2010/09/10 19:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 5
[2010/09/08 19:38:05 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Apple Computer
[2010/09/08 19:36:48 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\DivX
[2010/09/08 19:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010/09/08 19:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/09/08 19:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/09/08 19:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/09/08 19:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/09/08 19:34:58 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Apple Computer
[2010/09/05 13:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ChaosGroup
[2010/09/05 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\plugins
[2010/09/05 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\Chaos Group
[2010/09/05 13:02:21 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\3dsMax
[2010/09/05 12:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/09/05 12:46:05 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\Autodesk
[2010/09/05 12:03:52 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\Inventor
[2010/09/05 12:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/09/05 12:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2010/09/05 12:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/09/05 12:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2010/09/05 12:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2010/09/05 11:54:50 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Roaming\Autodesk
[2010/09/05 11:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010/09/02 16:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/09/02 16:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/09/02 16:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/09/02 16:44:39 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/02 16:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/09/02 16:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/09/02 16:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/08/27 18:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Team17
[2010/08/25 16:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/08/25 16:37:59 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010/08/24 18:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2010/08/24 18:27:03 | 000,000,000 | ---D | C] -- C:\Users\zoniq\Documents\My Games
[2010/08/24 17:43:12 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll
[2010/08/24 17:43:08 | 000,174,080 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\System\binkw32.dll
[2010/08/24 17:22:20 | 000,000,000 | ---D | C] -- C:\Users\zoniq\AppData\Local\2K Games
[2010/08/24 17:19:13 | 000,158,720 | ---- | C] (Skybound Software (http://www.skybound.ca)) -- C:\Windows\SysWow64\drivers\skybound.gecko.dll
[2010/08/24 16:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010/08/24 16:38:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

========== Files - Modified Within 30 Days ==========

[2010/09/17 20:10:52 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/17 20:10:52 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/17 20:05:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/17 20:05:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/17 20:05:41 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/17 20:04:56 | 006,291,456 | -HS- | M] () -- C:\Users\zoniq\NTUSER.DAT
[2010/09/17 19:09:34 | 007,371,924 | -H-- | M] () -- C:\Users\zoniq\AppData\Local\IconCache.db
[2010/09/17 18:54:50 | 000,075,264 | ---- | M] () -- C:\Users\zoniq\Desktop\SystemLook.exe
[2010/09/17 18:49:29 | 064,745,114 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/09/17 16:57:53 | 002,672,312 | ---- | M] () -- C:\Users\zoniq\Desktop\esetsmartinstaller_enu.exe
[2010/09/16 18:49:55 | 001,318,982 | ---- | M] () -- C:\Users\zoniq\Desktop\BBS_Mask2.tif
[2010/09/16 17:42:29 | 000,420,073 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/09/15 16:52:55 | 000,003,007 | ---- | M] () -- C:\Users\zoniq\Desktop\HiJackThis.lnk
[2010/09/15 16:13:32 | 000,525,824 | ---- | M] () -- C:\Users\zoniq\Desktop\dds.scr
[2010/09/15 15:49:28 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 15:48:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\zoniq\Desktop\mbam-setup-1.46.exe
[2010/09/15 15:45:15 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\TFC.exe
[2010/09/15 12:50:36 | 000,167,014 | ---- | M] () -- C:\Users\zoniq\Desktop\BBS_GT_for_reference.jpg
[2010/09/14 20:39:55 | 000,035,157 | ---- | M] () -- C:\Users\zoniq\Desktop\cv_1168256.rtf
[2010/09/14 18:53:14 | 165,665,144 | ---- | M] (NVIDIA Corporation) -- C:\Users\zoniq\Desktop\260.63_desktop_win7_winvista_64bit_international_beta.exe
[2010/09/14 16:52:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\zoniq\Desktop\OTL.exe
[2010/09/13 22:53:34 | 000,195,895 | ---- | M] () -- C:\Users\zoniq\Desktop\rim.jpg
[2010/09/13 20:37:51 | 004,003,840 | ---- | M] () -- C:\Users\zoniq\Desktop\tire.FBX
[2010/09/13 20:16:14 | 000,051,200 | ---- | M] () -- C:\Users\zoniq\Desktop\Rubber (Grey)_by_joa_grilo2376.mat
[2010/09/13 20:06:19 | 000,829,818 | ---- | M] () -- C:\Users\zoniq\Desktop\wm_original_exwalla_original.jpg
[2010/09/12 19:34:51 | 000,013,373 | ---- | M] () -- C:\Users\zoniq\Desktop\tyre_000bp.jpg
[2010/09/12 13:33:42 | 016,897,167 | ---- | M] () -- C:\Users\zoniq\Desktop\digitalin_hdr_chromFX-V2-HIRES.zip
[2010/09/11 18:18:49 | 000,419,895 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100916-174229.backup
[2010/09/10 19:20:16 | 000,002,173 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/10 19:20:16 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010/08/31 07:19:12 | 002,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/08/27 18:51:42 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/08/25 19:45:31 | 000,001,804 | ---- | M] () -- C:\Users\zoniq\Desktop\mafia2 - odkaz.lnk
[2010/08/25 16:30:58 | 000,276,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/24 17:18:36 | 000,058,736 | ---- | M] () -- C:\Users\zoniq\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/24 17:01:35 | 000,174,080 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\System\binkw32.dll
[2010/08/24 17:01:35 | 000,174,080 | ---- | M] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll
[2010/08/21 08:05:15 | 000,000,857 | ---- | M] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

========== Files Created - No Company Name ==========

[2010/09/17 18:54:49 | 000,075,264 | ---- | C] () -- C:\Users\zoniq\Desktop\SystemLook.exe
[2010/09/17 16:57:52 | 002,672,312 | ---- | C] () -- C:\Users\zoniq\Desktop\esetsmartinstaller_enu.exe
[2010/09/16 18:49:54 | 001,318,982 | ---- | C] () -- C:\Users\zoniq\Desktop\BBS_Mask2.tif
[2010/09/15 16:52:55 | 000,003,007 | ---- | C] () -- C:\Users\zoniq\Desktop\HiJackThis.lnk
[2010/09/15 16:13:31 | 000,525,824 | ---- | C] () -- C:\Users\zoniq\Desktop\dds.scr
[2010/09/15 15:49:28 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 12:50:34 | 000,167,014 | ---- | C] () -- C:\Users\zoniq\Desktop\BBS_GT_for_reference.jpg
[2010/09/14 20:39:55 | 000,035,157 | ---- | C] () -- C:\Users\zoniq\Desktop\cv_1168256.rtf
[2010/09/13 20:37:50 | 004,003,840 | ---- | C] () -- C:\Users\zoniq\Desktop\tire.FBX
[2010/09/13 20:16:13 | 000,051,200 | ---- | C] () -- C:\Users\zoniq\Desktop\Rubber (Grey)_by_joa_grilo2376.mat
[2010/09/13 20:06:18 | 000,829,818 | ---- | C] () -- C:\Users\zoniq\Desktop\wm_original_exwalla_original.jpg
[2010/09/12 19:34:49 | 000,013,373 | ---- | C] () -- C:\Users\zoniq\Desktop\tyre_000bp.jpg
[2010/09/12 13:33:24 | 016,897,167 | ---- | C] () -- C:\Users\zoniq\Desktop\digitalin_hdr_chromFX-V2-HIRES.zip
[2010/09/12 11:39:07 | 000,195,895 | ---- | C] () -- C:\Users\zoniq\Desktop\rim.jpg
[2010/09/12 11:24:54 | 000,079,360 | ---- | C] () -- C:\Users\zoniq\Desktop\car_paint_metallics_fx.mat
[2010/09/10 19:20:16 | 000,002,173 | ---- | C] () -- C:\Users\zoniq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/10 19:20:16 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 5.lnk
[2010/09/06 22:14:09 | 000,028,672 | ---- | C] () -- C:\Users\zoniq\Desktop\rims paint.mat
[2010/08/27 18:51:42 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/08/25 19:45:31 | 000,001,804 | ---- | C] () -- C:\Users\zoniq\Desktop\mafia2 - odkaz.lnk
[2010/07/21 19:16:50 | 000,007,605 | ---- | C] () -- C:\Users\zoniq\AppData\Local\Resmon.ResmonCfg
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
 
Oh and I remember now what is radgametools....
I recently have problem with binkw32.dll with mafia2.
I cannot run the game because of this file missing, so I search the web and found that binkw32.dll is some kind of bink video codec used normally in games.
And this binkw32.dll is made by radgame tools.

Here is post that i found to solve my "problem"; don't know if it is important, but it's from http://www.tomshardware.co.uk/forum/105987-25-what-binkw32-missing
 
Okay so how's everything running now?

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
the system is now running good without any pop-ups from AVG.
When I scanned my computer with kasperski or eset, the pop-ups appeared, but now it is all right...

the log from security check:

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date HijackThis installed!
Malwarebytes' Anti-Malware
HijackThis 1.99.1
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.3
Mozilla Firefox (x86 sk..) Firefox Out of Date!
Mozilla Thunderbird (3.0.4) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
Have you run a full scan with AVG? If not I'd suggest that.

Uninstall OTL and related files/folders
  • Make sure you have an Internet Connection.
  • Double-click OTL.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTL to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which may be infected anyway).

Click Start, then right click Computer and select properties.
Click the System Protection link on the left.
Click the Create button to make a new restore point.

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section. This will clear out all old restore points except the one you just created.
 
Ok then:) done...

Thank you very much for your time and energy once more:)

:rockon:
 
Last edited by a moderator:
Yes, we should be all set. I'll leave the thread open a few days in case you have questions or issues.

You're welcome, and good luck.
Dave
 
You must log in or register to reply here.
Back
Top