Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Webbrowser opening a new Window with 4 tabs!

Started by Omaroso , Aug 15 2011 10:35 AM

This topic is locked

#1
Omaroso

Posted 15 August 2011 - 10:35 AM

New Member

Member
8 posts

Hi,

I got a problem with Malware/Virus. The problem is: everytime i'm surfing in the web, Firefox opens a new window with 4
tabs: http://www.xn--&-8ga.com/
file:///C:/Windows/
file:///C:/Windows/T%E2%80%98%C3%91%C3%A5%C2%AD%C2%A6%C5%92M%E2%80%98%1A%C2%BD%C5%B8y%C2%A7d%C3%B9%11vU%C2%B0%C2%BEd%C2%B3%C3%A7%C3%94%0EA%C2%AE%C2%A0.%C3%82%C2%BB%C2%A1%C2%AE%11%C3%84%C3%ABF+5%C3%B8%C3%88%E2%80%94%C3%B7%C3%84%08%C3%BD%C3%87%13siB%C3%BD%E2%80%A1%E2%84%A2p%C2%B0%E2%84%A2%C3%BB%C3%BE:%C2%AF%C3%A3%04%5B%C3%94:%C5%BE%20%C3%A1%E2%80%A0H%0B%C2%BDA%E2%82%AC:%C3%A0%C2%9D%C3%84%C2%AA%C3%8A%C5%A0SH%C2%AB%C3%A7%E2%80%98%17%C2%A9%C2%A5:%112%C3%9C%C2%BB%60%0E$%C3%A7%C3%A3%C3%BD%%19xmG%15%C3%B2%C3%B0%C3%99%C2%8F%1F%C3%83b%C3%9Cc%C2%AE%E2%84%A2%C3%9Bj%1FV%C3%91*%C3%87~%E2%84%A2%C3%985S.%04f%C3%8B%C3%86%C3%8C%C3%8B%C3%A0%C2%A8%C3%A55I*D%C3%968%02%C3%8Ad%C3%8DC%E2%80%A0%C3%B7%C3%A8%E2%80%A0%E2%80%BAG%C5%92!%1C%C3%8A:%C2%A5k%C2%B7%C3%B5%5DADj%E2%80%A2%C3%B5S%C3%90l%C3%B9%05%1B%0Cn~%C2%A2%C3%B9%C2%A5%C3%9Fv%C2%8D%C2%AF2Y%C3%B4%C5%BE%C2%BF%C3%A2%E2%80%B9J?^%E2%80%99d%C2%9DTFl%C3%A4zg%C2%B5%C3%B2%7F%C3%91u%C5%BDn%E2%80%98%C2%B3%C3%B4p+%C3%A3f%C2%B5%C2%A9%E2%80%A6%C3%A6l%C3%918%03%C2%AA%C3%AC
http://www.xn--pda.com/

OTL Log: OTL logfile created on: 15.08.2011 18:18:22 - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\omar\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 48,02% Memory free
6,63 Gb Paging File | 5,33 Gb Available in Paging File | 80,44% Paging File free
Paging file location(s): c:\pagefile.sys 5000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 4,70 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
Drive D: | 521,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 2,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: OMAR-PC | User Name: omar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.15 18:16:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\omar\Downloads\OTL.exe
PRC - [2011.08.04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.08.02 08:58:46 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\Steam.exe
PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2011.06.24 15:56:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.01 14:10:00 | 000,821,080 | ---- | M] (IObit) -- C:\Programme\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011.05.28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011.05.24 23:17:32 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.04.21 07:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.02.24 11:31:48 | 002,602,920 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec System Recovery\Agent\VProTray.exe
PRC - [2011.02.24 11:31:46 | 004,615,080 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec System Recovery\Agent\VProSvc.exe
PRC - [2011.01.12 17:23:08 | 001,966,064 | ---- | M] (Symantec) -- C:\Programme\Symantec\Symantec System Recovery\Shared\Drivers\SymSnapService.exe
PRC - [2010.11.25 22:48:46 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010.11.10 03:54:18 | 004,240,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2010.11.10 02:13:30 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2005.03.09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe

========== Modules (No Company Name) ==========

MOD - [2011.08.13 13:16:46 | 014,407,976 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll
MOD - [2011.08.13 13:16:45 | 000,914,216 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-52.dll
MOD - [2011.08.13 13:16:45 | 000,190,248 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll
MOD - [2011.08.13 13:16:45 | 000,155,432 | ---- | M] () -- C:\Programme\Steam\bin\avformat-52.dll
MOD - [2011.08.13 13:16:45 | 000,091,432 | ---- | M] () -- C:\Programme\Steam\bin\avutil-50.dll
MOD - [2011.06.24 15:56:56 | 001,850,328 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.06.17 12:29:30 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2006.08.24 14:17:52 | 000,004,096 | ---- | M] () -- C:\Programme\Messenger Plus! Live\Detoured.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.08.04 21:45:48 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011.08.04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.08.02 09:55:26 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Auto | Running] -- C:\Programme\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011.05.28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011.05.24 23:17:32 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.02.24 11:31:46 | 004,615,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\Symantec System Recovery\Agent\VProSvc.exe -- (Symantec System Recovery)
SRV - [2011.01.24 14:31:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.01.14 13:33:40 | 001,574,408 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2011.01.12 17:23:08 | 001,966,064 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2010.12.07 22:18:00 | 003,979,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.02.17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005.03.09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)

========== Driver Services (SafeList) ==========

DRV - [2011.07.21 12:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.21 12:11:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.07 16:04:20 | 000,162,432 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ithsgt.sys -- (ithsgt)
DRV - [2011.06.07 16:04:14 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lilsgt.sys -- (lilsgt)
DRV - [2011.05.22 18:23:45 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.04.27 19:17:48 | 000,018,768 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011.03.23 00:58:32 | 000,019,280 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011.03.23 00:58:28 | 000,030,600 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter)
DRV - [2011.02.24 11:52:58 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.02.23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011.01.14 13:34:24 | 000,057,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2011.01.12 17:25:10 | 000,139,360 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2010.03.18 20:01:22 | 000,048,640 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009.04.22 21:42:30 | 000,304,128 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VPS3Joy.sys -- (VPS3Joy) Virtual Playstation(3)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.12.01 23:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2005.03.09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 20 34 4C 0C 12 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files\Roblox\Versions\version-f93a5a6aa7924fae\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\omar\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\omar\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\omar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.26 14:28:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.24 15:56:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.03 09:38:19 | 000,000,000 | ---D | M]

[2011.04.07 13:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\omar\AppData\Roaming\mozilla\Extensions
[2011.07.26 14:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\omar\AppData\Roaming\mozilla\Firefox\Profiles\muvhh96j.default\extensions
[2011.07.13 12:36:25 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\omar\AppData\Roaming\mozilla\Firefox\Profiles\muvhh96j.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011.04.23 19:21:55 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\omar\AppData\Roaming\mozilla\Firefox\Profiles\muvhh96j.default\extensions\[email protected]
[2011.05.22 18:24:20 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\omar\AppData\Roaming\mozilla\Firefox\Profiles\muvhh96j.default\extensions\[email protected]
[2011.08.08 17:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\omar\AppData\Roaming\mozilla\SeaMonkey\Profiles\neu4jwft.default\extensions
[2011.07.30 20:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.14 15:19:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.06.21 18:15:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.07.30 20:07:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.06.24 15:56:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.07.16 15:42:38 | 000,066,208 | ---- | M] (Joost Technologies B.V. ) -- C:\Program Files\mozilla firefox\plugins\npJoostPlugin.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Symantec System Recovery 2011] C:\Program Files\Symantec\Symantec System Recovery\Agent\VProTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Comrade.exe] C:\Programme\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\notepad.exe: Debugger - "C:\Program Files\Notepad2\Notepad2.exe" /z ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004.03.31 20:14:30 | 000,000,147 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.08.02 21:14:57 | 000,000,077 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{19cc2840-8e9b-11e0-91dd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{19cc2840-8e9b-11e0-91dd-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{28c0dcc0-8490-11e0-af17-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28c0dcc0-8490-11e0-af17-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011.08.02 21:14:57 | 001,892,384 | R--- | M] (Streum On Studio )
O33 - MountPoints2\{28c0dcc1-8490-11e0-af17-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28c0dcc1-8490-11e0-af17-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{6956812a-2bad-11e0-a916-00235ad93f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{6956812a-2bad-11e0-a916-00235ad93f8b}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011.08.02 21:14:57 | 001,892,384 | R--- | M] (Streum On Studio )
O33 - MountPoints2\{b916d440-57f5-11e0-8ddb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b916d440-57f5-11e0-8ddb-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup\rsrc\autorun.exe
O33 - MountPoints2\{b916d440-57f5-11e0-8ddb-806e6f6e6963}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O33 - MountPoints2\{fe3f64e4-2724-11e0-bad8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fe3f64e4-2724-11e0-bad8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\rsrc\AUTORUN.EXE -- [2000.01.17 18:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <[email protected]>)
O33 - MountPoints2\{fe3f64e4-2724-11e0-bad8-806e6f6e6963}\Shell\dinstall\command - "" = D:\DirectX\dxsetup.exe -- [2003.08.19 02:15:00 | 000,467,456 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011.08.02 21:14:57 | 001,892,384 | R--- | M] (Streum On Studio )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.15 18:09:19 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Symantec
[2011.08.15 18:02:59 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{39627752-337C-48A4-9559-6638BD11FECC}
[2011.08.15 18:01:56 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{02AC5E83-7EE0-4891-A33D-CE1D06B8C2B4}
[2011.08.14 21:26:16 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{9E4BB209-BF6F-4C83-9480-26917CE2EDD4}
[2011.08.14 21:25:32 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C5EC83B7-310D-456A-9B75-8CDFFC820DCA}
[2011.08.14 19:52:56 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\Symantec_Corporation
[2011.08.14 17:45:05 | 000,139,360 | ---- | C] (StorageCraft) -- C:\Windows\System32\drivers\symsnap.sys
[2011.08.14 17:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec System Recovery
[2011.08.14 17:44:35 | 000,015,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\vproeventmonitor.sys
[2011.08.14 17:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\79290820-B54E-4bb8-ADA7-3541B45B9445
[2011.08.14 17:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011.08.14 17:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011.08.14 17:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011.08.14 13:47:17 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C4EA6215-8F0B-4A21-835C-B5A840C8F3CE}
[2011.08.14 13:46:32 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{7DF09B66-EA77-4829-949F-6874FF66C035}
[2011.08.13 19:44:37 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Avira
[2011.08.13 19:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.08.13 19:42:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.08.13 19:42:23 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.08.13 19:42:23 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.08.13 19:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.08.13 19:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.08.13 19:41:06 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{93C88E28-252A-44EE-85BC-1495D989CDA0}
[2011.08.13 19:39:37 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{FEC81397-1C04-4727-9B5C-7D9237BAF006}
[2011.08.13 19:12:05 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{3080EFA1-3F99-48CC-A75A-4D3F3DC00729}
[2011.08.13 19:10:53 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{82B3213B-BD5B-46BD-A839-837705C4F724}
[2011.08.13 18:52:20 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{2060857D-6FCA-4534-9DBB-908AFC40D781}
[2011.08.13 13:17:27 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{E82D0F70-0696-4206-9B5A-89105FD6B244}
[2011.08.13 13:17:04 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{94D49ACB-7C77-450E-B887-5E5C65C160B0}
[2011.08.12 18:21:37 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{6A7A624C-0ED0-482C-BB03-FC038A1B9D85}
[2011.08.12 18:19:49 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{96B43B00-8911-4E4A-81C5-773311397A21}
[2011.08.12 16:54:36 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Opera
[2011.08.12 16:54:36 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\Opera
[2011.08.12 16:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011.08.12 16:50:05 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{672D4E27-3C3E-461E-BE53-73E3AF02E55C}
[2011.08.12 16:49:27 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{F9A6BF8D-3E6B-4F76-91DA-F411B1431E7F}
[2011.08.12 13:32:33 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{ADBD63A6-4FAF-4B4D-9C8C-0E07BD837BCC}
[2011.08.12 13:32:16 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{853EF61F-7158-4BB1-AB72-1394C0B136A7}
[2011.08.11 13:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.08.11 13:43:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.08.11 13:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.08.11 13:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.08.11 13:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.08.11 13:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.08.11 13:38:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.10 23:54:15 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{0EE57E14-CD71-4774-B80F-25DB1FBF1392}
[2011.08.10 22:06:39 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{27C4D990-3C88-45CB-BFA4-89AD77E3BB62}
[2011.08.10 22:05:22 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{35B95401-16B6-40DF-BBAF-BC6104A4A8DF}
[2011.08.10 20:54:19 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{3DB77F12-3DB7-4119-B0EA-420A3D2B7A29}
[2011.08.10 20:53:41 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{A12251F1-8432-4172-BDA5-E9282F733985}
[2011.08.10 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\mods
[2011.08.10 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\.minecraft
[2011.08.10 19:58:30 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\Amazopack
[2011.08.10 13:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streum On Studio
[2011.08.10 12:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Streum On Studio
[2011.08.10 12:57:21 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{0A36C644-CE6E-4875-8229-67930836E1CF}
[2011.08.10 09:33:24 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{2648586E-058A-455C-9D55-BB5C42A7BAC8}
[2011.08.09 14:03:38 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\Skylands server
[2011.08.09 13:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2011.08.09 13:08:28 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\catmario
[2011.08.09 10:28:30 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\Installers
[2011.08.09 09:41:29 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{D4184440-81AA-4328-B65B-0D51DEBF94D7}
[2011.08.09 09:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.08.09 09:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011.08.08 18:43:15 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{8D28D21D-3F61-4DC1-BE38-C94826BD496E}
[2011.08.08 17:06:08 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.08.08 10:19:46 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C1DDDD9A-533E-4643-8B72-22DFF69EF1B7}
[2011.08.07 23:33:04 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{AD4127D3-770A-432F-836A-C1EEF1F7803D}
[2011.08.07 20:00:20 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\AdventureCraft
[2011.08.07 18:09:11 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{3CB5CC37-D57E-4E85-95B4-2C4249C22C49}
[2011.08.07 15:24:46 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2011.08.07 00:15:00 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\Arktos
[2011.08.07 00:14:59 | 000,000,000 | ---D | C] -- C:\Users\omar\Documents\Arktos
[2011.08.06 22:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix
[2011.08.06 22:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Free WMA to MP3 Converter
[2011.08.06 21:22:29 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\HLDJ
[2011.08.06 13:23:12 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{E4A7FC10-4846-446B-90BF-8B8A33DDCE56}
[2011.08.06 09:52:12 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{90653FC3-C566-4C73-861C-4514C82BBB67}
[2011.08.05 13:25:11 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{402AB743-D06C-4F74-BE86-E1EA7B8F0C27}
[2011.08.04 19:20:19 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{3A34B3AA-D888-4A8C-90AE-7E5F811CC7DF}
[2011.08.04 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\GetRightToGo
[2011.08.04 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\omar\Documents\Downloads
[2011.08.03 14:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades
[2011.08.03 14:15:23 | 000,000,000 | ---D | C] -- C:\Ace of Spades
[2011.08.03 12:37:48 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{09C4A7B2-6758-4942-9455-4D65757D7D66}
[2011.08.03 09:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.08.03 09:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.08.02 20:21:49 | 000,000,000 | ---D | C] -- C:\Users\omar\Documents\Duke Nukem Forever Demo
[2011.08.02 20:21:24 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys
[2011.08.02 20:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2011.08.02 13:26:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2011.08.02 13:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
[2011.08.02 13:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA
[2011.08.02 11:22:16 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half Life Source
[2011.08.02 11:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Half Life Source
[2011.08.02 11:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Half Life
[2011.08.02 09:05:14 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{403A34DB-8A96-496E-9D1A-33F20E4E5D7C}
[2011.08.01 20:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Fox
[2011.08.01 20:30:12 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fox Interactive
[2011.08.01 20:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
[2011.08.01 19:14:53 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{223EC15F-249B-4CA9-96BE-E059849E260E}
[2011.07.31 11:22:48 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{325A6BB1-86CB-4D1D-8317-F8AB0852BBF5}
[2011.07.30 23:20:32 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{BDA28801-4C15-4B6C-9889-BA65274795E5}
[2011.07.30 22:23:55 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
[2011.07.30 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
[2011.07.30 22:23:50 | 000,000,000 | ---D | C] -- C:\Users\omar\Documents\Heroes of Newerth
[2011.07.30 22:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
[2011.07.30 20:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.07.30 20:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Survivors of Ragnarok
[2011.07.30 20:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\SurvivorsofRagnarok
[2011.07.30 13:31:04 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\Apple Computer
[2011.07.30 13:30:45 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Apple Computer
[2011.07.30 11:19:12 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C8B5A038-E297-40FB-9FD6-988ADED1620C}
[2011.07.29 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{96813E76-C59D-4E69-9E98-99006E76B9D8}
[2011.07.28 13:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2011.07.28 13:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2011.07.27 18:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Xaya3D
[2011.07.27 14:41:01 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{ED71D90A-7AF6-478D-8911-68155462E6A8}
[2011.07.26 14:29:44 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\DDMSettings
[2011.07.26 14:27:38 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\DivX
[2011.07.26 14:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011.07.26 14:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.07.26 14:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011.07.26 14:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.07.26 14:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.07.26 12:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.07.25 11:03:59 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C473905C-7E69-4ABB-8D9E-65CB8C3E2413}
[2011.07.24 22:30:44 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{4807C2BB-BC92-4B5E-816D-01B525454FC0}
[2011.07.24 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\Aether
[2011.07.23 21:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devolver Digital
[2011.07.23 18:02:17 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2 Patch 2.066.00
[2011.07.23 18:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2011.07.23 17:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2011.07.23 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Xfire
[2011.07.23 17:57:26 | 000,000,000 | --SD | C] -- C:\Program Files\Xfire
[2011.07.23 17:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
[2011.07.23 17:55:41 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
[2011.07.23 17:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Serious Sam 2
[2011.07.23 17:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQ-Girls Bildschirmschoner
[2011.07.23 17:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lomex
[2011.07.23 13:20:14 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{04014ADC-C12B-4C0E-B845-FC9C8F3BD077}
[2011.07.22 17:38:19 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\.doomseeker
[2011.07.22 17:33:56 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skulltag
[2011.07.22 17:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skulltag
[2011.07.22 17:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Skulltag
[2011.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{38C31BF5-7E50-4F31-881A-7B679472206D}
[2011.07.21 14:26:44 | 000,000,000 | ---D | C] -- C:\DUKE
[2011.07.21 13:40:28 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\True Crime - Streets of LA
[2011.07.21 13:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Crime - Streets of LA
[2011.07.21 11:39:03 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C0424103-C581-4C2E-9B6B-64F9EC75FCF1}
[2011.07.19 13:43:57 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C134BDD2-7837-4424-BFEC-3A5E5F0413F8}
[2011.07.18 08:38:13 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{93B89304-5AEF-4C73-BE58-0F5DCBCB6BE4}
[2011.07.17 13:38:18 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{87D0196C-FBDA-483A-A8DF-630D85CA4CAF}
[2011.07.16 19:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forgotten Hope 2
[2011.07.16 19:22:13 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forgotten Hope 2
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.15 18:12:35 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.15 18:12:35 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.15 17:58:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.15 17:58:30 | 1407,787,008 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.15 17:56:08 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-752189712-4168365328-2364872346-1000UA.job
[2011.08.14 17:44:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011.08.14 16:56:04 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-752189712-4168365328-2364872346-1000Core.job
[2011.08.14 16:44:26 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.08.14 16:44:18 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.08.14 16:38:26 | 000,103,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.08.13 19:43:00 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.08.11 13:43:18 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.11 13:18:20 | 000,023,978 | ---- | M] () -- C:\Users\omar\AppData\Roaming\Notepad2.ini
[2011.08.10 13:19:47 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\E.Y.E Divine Cybermancy.lnk
[2011.08.09 23:47:30 | 000,000,289 | ---- | M] () -- C:\Windows\System32\settings.xml
[2011.08.09 19:06:40 | 000,004,570 | ---- | M] () -- C:\Users\omar\.recently-used.xbel
[2011.08.09 18:51:56 | 000,001,720 | ---- | M] () -- C:\Users\omar\Desktop\Skeleton in Suit_272232.png
[2011.08.07 18:41:52 | 000,270,142 | ---- | M] () -- C:\Users\omar\Desktop\Minecraft.exe
[2011.08.06 22:04:58 | 000,001,043 | ---- | M] () -- C:\Users\omar\Desktop\Jodix Free WMA to MP3 Converter.lnk
[2011.08.03 14:15:26 | 000,000,143 | ---- | M] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2011.08.02 13:15:39 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Condemned - Criminal Origins.lnk
[2011.08.02 11:22:16 | 000,000,794 | ---- | M] () -- C:\Users\omar\Desktop\Half Life Source.lnk
[2011.07.30 14:52:45 | 000,706,838 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.30 14:52:45 | 000,660,416 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.30 14:52:45 | 000,152,398 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.30 14:52:45 | 000,124,606 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.28 21:28:26 | 000,000,279 | ---- | M] () -- C:\Users\omar\Desktop\char.png
[2011.07.26 16:24:42 | 000,031,415 | ---- | M] () -- C:\Users\omar\Desktop\U MAD.jpg
[2011.07.26 12:34:46 | 000,032,063 | ---- | M] () -- C:\Users\omar\Desktop\PWND.jpg
[2011.07.23 17:57:31 | 000,000,957 | ---- | M] () -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2011.07.23 17:57:31 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2011.07.21 13:40:27 | 000,000,284 | ---- | M] () -- C:\Windows\Tcsofla.INI
[2011.07.21 12:11:12 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.21 12:11:11 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.07.17 14:23:52 | 000,020,009 | ---- | M] () -- C:\Users\omar\Desktop\super_mario_troll.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.14 17:44:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011.08.13 19:43:00 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.08.11 13:43:18 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.10 13:19:47 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\E.Y.E Divine Cybermancy.lnk
[2011.08.09 23:47:30 | 000,000,289 | ---- | C] () -- C:\Windows\System32\settings.xml
[2011.08.09 19:06:40 | 000,004,570 | ---- | C] () -- C:\Users\omar\.recently-used.xbel
[2011.08.09 18:51:54 | 000,001,720 | ---- | C] () -- C:\Users\omar\Desktop\Skeleton in Suit_272232.png
[2011.08.08 16:51:03 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-752189712-4168365328-2364872346-1000UA.job
[2011.08.08 16:51:00 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-752189712-4168365328-2364872346-1000Core.job
[2011.08.07 18:41:50 | 000,270,142 | ---- | C] () -- C:\Users\omar\Desktop\Minecraft.exe
[2011.08.06 22:04:58 | 000,001,043 | ---- | C] () -- C:\Users\omar\Desktop\Jodix Free WMA to MP3 Converter.lnk
[2011.08.03 14:15:26 | 000,000,143 | ---- | C] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2011.08.03 09:38:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.08.02 13:15:39 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Condemned - Criminal Origins.lnk
[2011.08.02 11:22:16 | 000,000,794 | ---- | C] () -- C:\Users\omar\Desktop\Half Life Source.lnk
[2011.07.28 21:28:25 | 000,000,279 | ---- | C] () -- C:\Users\omar\Desktop\char.png
[2011.07.26 16:24:42 | 000,031,415 | ---- | C] () -- C:\Users\omar\Desktop\U MAD.jpg
[2011.07.26 12:32:18 | 000,032,063 | ---- | C] () -- C:\Users\omar\Desktop\PWND.jpg
[2011.07.23 17:57:31 | 000,000,957 | ---- | C] () -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2011.07.23 17:57:31 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2011.07.21 13:08:38 | 000,000,284 | ---- | C] () -- C:\Windows\Tcsofla.INI
[2011.07.17 14:17:02 | 000,020,009 | ---- | C] () -- C:\Users\omar\Desktop\super_mario_troll.jpg
[2011.07.03 22:06:21 | 000,023,978 | ---- | C] () -- C:\Users\omar\AppData\Roaming\Notepad2.ini
[2011.06.26 13:53:03 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011.06.26 13:53:03 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011.06.17 19:07:00 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011.06.17 13:17:06 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011.06.17 13:17:06 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011.06.15 21:50:20 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.06.14 16:19:52 | 000,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2011.06.13 00:12:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.06.07 16:04:20 | 000,162,432 | ---- | C] () -- C:\Windows\System32\drivers\ithsgt.sys
[2011.06.07 16:04:14 | 000,012,032 | ---- | C] () -- C:\Windows\System32\drivers\lilsgt.sys
[2011.06.06 21:13:04 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.04.28 20:11:31 | 000,000,031 | ---- | C] () -- C:\Windows\CAD3D.INI
[2011.04.28 20:11:25 | 000,059,392 | ---- | C] () -- C:\Windows\System32\Gksui16.exe
[2011.04.26 10:43:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.04.22 15:15:43 | 000,000,551 | ---- | C] () -- C:\Windows\eReg.dat
[2011.04.17 19:56:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.16 18:51:16 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.04.11 23:47:05 | 000,007,605 | ---- | C] () -- C:\Users\omar\AppData\Local\Resmon.ResmonCfg
[2011.03.27 00:22:58 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2011.03.23 21:49:38 | 000,000,092 | ---- | C] () -- C:\Users\omar\AppData\Local\fusioncache.dat
[2011.03.22 20:29:12 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2011.01.29 22:18:44 | 000,138,056 | ---- | C] () -- C:\Users\omar\AppData\Roaming\PnkBstrK.sys
[2011.01.29 22:17:57 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.01.29 22:17:56 | 000,837,192 | ---- | C] () -- C:\Windows\System32\Pbsvc.exe
[2011.01.29 22:17:56 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.01.23 23:08:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 10:47:43 | 000,706,838 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,152,398 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,294,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,660,416 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,124,606 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.12.01 21:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.12.01 21:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.10.30 15:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2005.10.21 00:58:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\vspxvfw.dll
[2005.09.01 16:20:46 | 000,524,288 | ---- | C] () -- C:\Windows\System32\vspxcore.dll
[1999.01.22 00:40:22 | 000,180,224 | ---- | C] () -- C:\Windows\Res2_uninst.exe

========== LOP Check ==========

[2011.07.22 17:53:05 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\.doomseeker
[2011.08.14 15:15:28 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\.minecraft
[2011.05.27 17:10:26 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\111 Pix Ltd
[2011.06.19 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Audacity
[2011.05.22 18:30:01 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\DAEMON Tools Lite
[2011.01.30 01:26:04 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\DAEMON Tools Pro
[2011.08.15 17:59:38 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\DNA
[2011.03.30 19:53:48 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Downloaded Installations
[2011.08.04 16:44:27 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\GetRightToGo
[2011.08.11 13:06:47 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\go
[2011.07.26 16:24:42 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\gtk-2.0
[2011.06.26 13:53:03 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\IObit
[2011.06.03 20:26:06 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\MAXON
[2011.03.25 22:46:23 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\MotioninJoy
[2011.05.22 16:27:10 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Mount&Blade
[2011.06.21 18:27:47 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\OpenOffice.org
[2011.08.12 16:54:36 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Opera
[2011.07.15 13:57:23 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\PFStaticIP
[2011.06.03 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Sony
[2011.02.03 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Subversion
[2011.01.31 13:21:30 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Synaptics
[2011.03.21 21:22:42 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\TeamViewer
[2011.06.06 21:44:31 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\TerrariaWorldViewer
[2011.04.26 10:42:02 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Tunngle
[2011.05.24 20:01:27 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Unity
[2011.08.15 17:59:59 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\uTorrent
[2011.06.11 19:19:46 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\wargaming.net
[2011.06.14 16:22:38 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Webcammax
[2011.07.31 11:34:44 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.17 19:54:45 | 000,000,204 | ---- | M] () -- C:\Windows\Tasks\{4BE033AE-43F4-4B0E-9E6A-8CD91F764958}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:364682BC

< End of report >

#2
Essexboy

Posted 15 August 2011 - 12:43 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi on completion of this run can you let me know if the problem is resolved

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
[2011.04.17 19:54:45 | 000,000,204 | ---- | M] () -- C:\Windows\Tasks\{4BE033AE-43F4-4B0E-9E6A-8CD91F764958}.job

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

#3
Omaroso

Posted 16 August 2011 - 09:37 AM

New Member

Topic Starter
Member
8 posts

Hi,

Thank you for taking your time to solve my problem

So, here's the new OTL log:

OTL logfile created on: 16.08.2011 17:10:02 - Run 2
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\omar\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 55,29% Memory free
6,63 Gb Paging File | 5,70 Gb Available in Paging File | 85,95% Paging File free
Paging file location(s): c:\pagefile.sys 5000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 4,85 Gb Free Space | 2,08% Space Free | Partition Type: NTFS
Drive D: | 521,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 2,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: OMAR-PC | User Name: omar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.15 18:16:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\omar\Desktop\OTL.exe
PRC - [2011.08.04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.08.02 08:58:46 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\Steam.exe
PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.01 14:10:00 | 000,821,080 | ---- | M] (IObit) -- C:\Programme\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011.05.28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011.05.24 23:17:32 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.04.21 07:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.02.24 11:31:46 | 004,615,080 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec System Recovery\Agent\VProSvc.exe
PRC - [2011.01.12 17:23:08 | 001,966,064 | ---- | M] (Symantec) -- C:\Programme\Symantec\Symantec System Recovery\Shared\Drivers\SymSnapService.exe
PRC - [2010.11.10 03:54:18 | 004,240,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2010.11.10 02:13:30 | 000,025,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2005.03.09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe

========== Modules (No Company Name) ==========

MOD - [2011.08.13 13:16:46 | 014,407,976 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll
MOD - [2011.08.13 13:16:45 | 000,914,216 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-52.dll
MOD - [2011.08.13 13:16:45 | 000,190,248 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll
MOD - [2011.08.13 13:16:45 | 000,155,432 | ---- | M] () -- C:\Programme\Steam\bin\avformat-52.dll
MOD - [2011.08.13 13:16:45 | 000,091,432 | ---- | M] () -- C:\Programme\Steam\bin\avutil-50.dll
MOD - [2006.08.24 14:17:52 | 000,004,096 | ---- | M] () -- C:\Programme\Messenger Plus! Live\Detoured.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.08.04 21:45:48 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011.08.04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.08.02 09:55:26 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Auto | Running] -- C:\Programme\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011.05.28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011.05.24 23:17:32 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.02.24 11:31:46 | 004,615,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\Symantec System Recovery\Agent\VProSvc.exe -- (Symantec System Recovery)
SRV - [2011.01.24 14:31:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.01.14 13:33:40 | 001,574,408 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2011.01.12 17:23:08 | 001,966,064 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2010.12.07 22:18:00 | 003,979,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.02.17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005.03.09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)

========== Driver Services (SafeList) ==========

DRV - [2011.07.21 12:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.21 12:11:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.07 16:04:20 | 000,162,432 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ithsgt.sys -- (ithsgt)
DRV - [2011.06.07 16:04:14 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lilsgt.sys -- (lilsgt)
DRV - [2011.05.22 18:23:45 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.04.27 19:17:48 | 000,018,768 | ---- | M] () [File_System | On_Demand | Running] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011.03.23 00:58:32 | 000,019,280 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011.03.23 00:58:28 | 000,030,600 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter)
DRV - [2011.02.24 11:52:58 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.02.23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011.01.14 13:34:24 | 000,057,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2011.01.12 17:25:10 | 000,139,360 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2010.03.18 20:01:22 | 000,048,640 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009.04.22 21:42:30 | 000,304,128 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VPS3Joy.sys -- (VPS3Joy) Virtual Playstation(3)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.12.01 23:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2005.03.09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 20 34 4C 0C 12 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files\Roblox\Versions\version-f93a5a6aa7924fae\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\omar\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\omar\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\omar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.26 14:28:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.24 15:56:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.03 09:38:19 | 000,000,000 | ---D | M]

[2011.04.07 13:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\omar\AppData\Roaming\mozilla\Extensions
[2011.07.26 14:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\omar\AppData\Roaming\mozilla\Firefox\Profiles\muvhh96j.default\extensions
[2011.07.13 12:36:25 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\omar\AppData\Roaming\mozilla\Firefox\Profiles\muvhh96j.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011.04.23 19:21:55 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\omar\AppData\Roaming\mozilla\Firefox\Profiles\muvhh96j.default\extensions\[email protected]
[2011.05.22 18:24:20 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\omar\AppData\Roaming\mozilla\Firefox\Profiles\muvhh96j.default\extensions\[email protected]
[2011.08.08 17:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\omar\AppData\Roaming\mozilla\SeaMonkey\Profiles\neu4jwft.default\extensions
[2011.07.30 20:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.14 15:19:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.06.21 18:15:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.07.30 20:07:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.06.24 15:56:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.07.16 15:42:38 | 000,066,208 | ---- | M] (Joost Technologies B.V. ) -- C:\Program Files\mozilla firefox\plugins\npJoostPlugin.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.08.16 17:03:52 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Programme\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Symantec System Recovery 2011] C:\Program Files\Symantec\Symantec System Recovery\Agent\VProTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Comrade.exe] C:\Programme\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\notepad.exe: Debugger - "C:\Program Files\Notepad2\Notepad2.exe" /z ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004.03.31 20:14:30 | 000,000,147 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.08.02 21:14:57 | 000,000,077 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{19cc2840-8e9b-11e0-91dd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{19cc2840-8e9b-11e0-91dd-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{28c0dcc0-8490-11e0-af17-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28c0dcc0-8490-11e0-af17-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011.08.02 21:14:57 | 001,892,384 | R--- | M] (Streum On Studio )
O33 - MountPoints2\{28c0dcc1-8490-11e0-af17-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28c0dcc1-8490-11e0-af17-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{6956812a-2bad-11e0-a916-00235ad93f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{6956812a-2bad-11e0-a916-00235ad93f8b}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011.08.02 21:14:57 | 001,892,384 | R--- | M] (Streum On Studio )
O33 - MountPoints2\{b916d440-57f5-11e0-8ddb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b916d440-57f5-11e0-8ddb-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup\rsrc\autorun.exe
O33 - MountPoints2\{b916d440-57f5-11e0-8ddb-806e6f6e6963}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O33 - MountPoints2\{fe3f64e4-2724-11e0-bad8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fe3f64e4-2724-11e0-bad8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\rsrc\AUTORUN.EXE -- [2000.01.17 18:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <[email protected]>)
O33 - MountPoints2\{fe3f64e4-2724-11e0-bad8-806e6f6e6963}\Shell\dinstall\command - "" = D:\DirectX\dxsetup.exe -- [2003.08.19 02:15:00 | 000,467,456 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011.08.02 21:14:57 | 001,892,384 | R--- | M] (Streum On Studio )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.16 17:19:03 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Malwarebytes
[2011.08.16 17:18:43 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.16 17:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.16 17:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.16 17:18:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.16 17:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.16 17:11:46 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{9B35CA5E-906B-4AF7-A571-914609CD57A9}
[2011.08.16 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{3CF39ADB-8406-4AA9-BFDD-9116C40249D1}
[2011.08.16 17:00:04 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{99BB0515-2258-4395-AF48-CB6BFB6A6FE5}
[2011.08.16 16:59:48 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{8FBABA18-5FE0-4652-9161-2211402094BF}
[2011.08.16 16:53:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.16 16:45:01 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{7F49006D-B913-46D2-AC6B-E0D91141CAC3}
[2011.08.16 16:44:04 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{4B9A19FC-2A18-4FA0-8A19-57DA55CB092B}
[2011.08.15 20:33:35 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{B73609B3-D4A9-4D1E-89F4-4F80CD32F0BE}
[2011.08.15 20:32:52 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{6BB19B6F-915C-42F9-BB5F-2B287AD18D82}
[2011.08.15 18:16:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\omar\Desktop\OTL.exe
[2011.08.15 18:09:19 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Symantec
[2011.08.15 18:02:59 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{39627752-337C-48A4-9559-6638BD11FECC}
[2011.08.15 18:01:56 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{02AC5E83-7EE0-4891-A33D-CE1D06B8C2B4}
[2011.08.14 21:26:16 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{9E4BB209-BF6F-4C83-9480-26917CE2EDD4}
[2011.08.14 21:25:32 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C5EC83B7-310D-456A-9B75-8CDFFC820DCA}
[2011.08.14 19:52:56 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\Symantec_Corporation
[2011.08.14 17:45:05 | 000,139,360 | ---- | C] (StorageCraft) -- C:\Windows\System32\drivers\symsnap.sys
[2011.08.14 17:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec System Recovery
[2011.08.14 17:44:35 | 000,015,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\vproeventmonitor.sys
[2011.08.14 17:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\79290820-B54E-4bb8-ADA7-3541B45B9445
[2011.08.14 17:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011.08.14 17:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011.08.14 17:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011.08.14 13:47:17 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C4EA6215-8F0B-4A21-835C-B5A840C8F3CE}
[2011.08.14 13:46:32 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{7DF09B66-EA77-4829-949F-6874FF66C035}
[2011.08.13 19:44:37 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Avira
[2011.08.13 19:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.08.13 19:42:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.08.13 19:42:23 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.08.13 19:42:23 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.08.13 19:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.08.13 19:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.08.13 19:41:06 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{93C88E28-252A-44EE-85BC-1495D989CDA0}
[2011.08.13 19:39:37 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{FEC81397-1C04-4727-9B5C-7D9237BAF006}
[2011.08.13 19:12:05 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{3080EFA1-3F99-48CC-A75A-4D3F3DC00729}
[2011.08.13 19:10:53 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{82B3213B-BD5B-46BD-A839-837705C4F724}
[2011.08.13 18:52:20 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{2060857D-6FCA-4534-9DBB-908AFC40D781}
[2011.08.13 13:17:27 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{E82D0F70-0696-4206-9B5A-89105FD6B244}
[2011.08.13 13:17:04 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{94D49ACB-7C77-450E-B887-5E5C65C160B0}
[2011.08.12 18:21:37 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{6A7A624C-0ED0-482C-BB03-FC038A1B9D85}
[2011.08.12 18:19:49 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{96B43B00-8911-4E4A-81C5-773311397A21}
[2011.08.12 16:54:36 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Opera
[2011.08.12 16:54:36 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\Opera
[2011.08.12 16:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011.08.12 16:50:05 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{672D4E27-3C3E-461E-BE53-73E3AF02E55C}
[2011.08.12 16:49:27 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{F9A6BF8D-3E6B-4F76-91DA-F411B1431E7F}
[2011.08.12 13:32:33 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{ADBD63A6-4FAF-4B4D-9C8C-0E07BD837BCC}
[2011.08.12 13:32:16 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{853EF61F-7158-4BB1-AB72-1394C0B136A7}
[2011.08.11 13:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.08.11 13:43:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.08.11 13:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.08.11 13:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.08.11 13:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.08.11 13:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.08.11 13:38:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.10 23:54:15 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{0EE57E14-CD71-4774-B80F-25DB1FBF1392}
[2011.08.10 22:06:39 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{27C4D990-3C88-45CB-BFA4-89AD77E3BB62}
[2011.08.10 22:05:22 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{35B95401-16B6-40DF-BBAF-BC6104A4A8DF}
[2011.08.10 20:54:19 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{3DB77F12-3DB7-4119-B0EA-420A3D2B7A29}
[2011.08.10 20:53:41 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{A12251F1-8432-4172-BDA5-E9282F733985}
[2011.08.10 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\mods
[2011.08.10 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\.minecraft
[2011.08.10 19:58:30 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\Amazopack
[2011.08.10 13:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streum On Studio
[2011.08.10 12:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Streum On Studio
[2011.08.10 12:57:21 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{0A36C644-CE6E-4875-8229-67930836E1CF}
[2011.08.10 09:33:24 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{2648586E-058A-455C-9D55-BB5C42A7BAC8}
[2011.08.09 14:03:38 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\Skylands server
[2011.08.09 13:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2011.08.09 13:08:28 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\catmario
[2011.08.09 10:28:30 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\Installers
[2011.08.09 09:41:29 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{D4184440-81AA-4328-B65B-0D51DEBF94D7}
[2011.08.09 09:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.08.09 09:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011.08.08 18:43:15 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{8D28D21D-3F61-4DC1-BE38-C94826BD496E}
[2011.08.08 17:06:08 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.08.08 10:19:46 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C1DDDD9A-533E-4643-8B72-22DFF69EF1B7}
[2011.08.07 23:33:04 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{AD4127D3-770A-432F-836A-C1EEF1F7803D}
[2011.08.07 20:00:20 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\AdventureCraft
[2011.08.07 18:09:11 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{3CB5CC37-D57E-4E85-95B4-2C4249C22C49}
[2011.08.07 15:24:46 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2011.08.07 00:15:00 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\Arktos
[2011.08.07 00:14:59 | 000,000,000 | ---D | C] -- C:\Users\omar\Documents\Arktos
[2011.08.06 22:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix
[2011.08.06 22:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Free WMA to MP3 Converter
[2011.08.06 21:22:29 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\HLDJ
[2011.08.06 13:23:12 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{E4A7FC10-4846-446B-90BF-8B8A33DDCE56}
[2011.08.06 09:52:12 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{90653FC3-C566-4C73-861C-4514C82BBB67}
[2011.08.05 13:25:11 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{402AB743-D06C-4F74-BE86-E1EA7B8F0C27}
[2011.08.04 19:20:19 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{3A34B3AA-D888-4A8C-90AE-7E5F811CC7DF}
[2011.08.04 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\GetRightToGo
[2011.08.04 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\omar\Documents\Downloads
[2011.08.03 14:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades
[2011.08.03 14:15:23 | 000,000,000 | ---D | C] -- C:\Ace of Spades
[2011.08.03 12:37:48 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{09C4A7B2-6758-4942-9455-4D65757D7D66}
[2011.08.03 09:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.08.03 09:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.08.02 20:21:49 | 000,000,000 | ---D | C] -- C:\Users\omar\Documents\Duke Nukem Forever Demo
[2011.08.02 20:21:24 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys
[2011.08.02 20:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2011.08.02 13:26:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2011.08.02 13:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
[2011.08.02 13:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA
[2011.08.02 11:22:16 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half Life Source
[2011.08.02 11:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Half Life Source
[2011.08.02 11:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Half Life
[2011.08.02 09:05:14 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{403A34DB-8A96-496E-9D1A-33F20E4E5D7C}
[2011.08.01 20:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Fox
[2011.08.01 20:30:12 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fox Interactive
[2011.08.01 20:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
[2011.08.01 19:14:53 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{223EC15F-249B-4CA9-96BE-E059849E260E}
[2011.07.31 11:22:48 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{325A6BB1-86CB-4D1D-8317-F8AB0852BBF5}
[2011.07.30 23:20:32 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{BDA28801-4C15-4B6C-9889-BA65274795E5}
[2011.07.30 22:23:55 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
[2011.07.30 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
[2011.07.30 22:23:50 | 000,000,000 | ---D | C] -- C:\Users\omar\Documents\Heroes of Newerth
[2011.07.30 22:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
[2011.07.30 20:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.07.30 20:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Survivors of Ragnarok
[2011.07.30 20:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\SurvivorsofRagnarok
[2011.07.30 13:31:04 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\Apple Computer
[2011.07.30 13:30:45 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Apple Computer
[2011.07.30 11:19:12 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C8B5A038-E297-40FB-9FD6-988ADED1620C}
[2011.07.29 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{96813E76-C59D-4E69-9E98-99006E76B9D8}
[2011.07.28 13:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2011.07.28 13:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2011.07.27 18:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Xaya3D
[2011.07.27 14:41:01 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{ED71D90A-7AF6-478D-8911-68155462E6A8}
[2011.07.26 14:29:44 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\DDMSettings
[2011.07.26 14:27:38 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\DivX
[2011.07.26 14:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011.07.26 14:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.07.26 14:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011.07.26 14:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.07.26 14:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.07.26 12:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.07.25 11:03:59 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C473905C-7E69-4ABB-8D9E-65CB8C3E2413}
[2011.07.24 22:30:44 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{4807C2BB-BC92-4B5E-816D-01B525454FC0}
[2011.07.24 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\Aether
[2011.07.23 21:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devolver Digital
[2011.07.23 18:02:17 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2 Patch 2.066.00
[2011.07.23 18:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2011.07.23 17:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2011.07.23 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Xfire
[2011.07.23 17:57:26 | 000,000,000 | --SD | C] -- C:\Program Files\Xfire
[2011.07.23 17:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
[2011.07.23 17:55:41 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
[2011.07.23 17:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Serious Sam 2
[2011.07.23 17:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQ-Girls Bildschirmschoner
[2011.07.23 17:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lomex
[2011.07.23 13:20:14 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{04014ADC-C12B-4C0E-B845-FC9C8F3BD077}
[2011.07.22 17:38:19 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\.doomseeker
[2011.07.22 17:33:56 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skulltag
[2011.07.22 17:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skulltag
[2011.07.22 17:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Skulltag
[2011.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{38C31BF5-7E50-4F31-881A-7B679472206D}
[2011.07.21 14:26:44 | 000,000,000 | ---D | C] -- C:\DUKE
[2011.07.21 13:40:28 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\True Crime - Streets of LA
[2011.07.21 13:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Crime - Streets of LA
[2011.07.21 11:39:03 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C0424103-C581-4C2E-9B6B-64F9EC75FCF1}
[2011.07.19 13:43:57 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C134BDD2-7837-4424-BFEC-3A5E5F0413F8}
[2011.07.18 08:38:13 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{93B89304-5AEF-4C73-BE58-0F5DCBCB6BE4}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.16 17:18:44 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.16 17:16:50 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.16 17:16:49 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.16 17:06:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.16 17:06:23 | 1407,787,008 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.16 17:03:52 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.08.15 22:56:04 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-752189712-4168365328-2364872346-1000UA.job
[2011.08.15 18:35:22 | 000,023,978 | ---- | M] () -- C:\Users\omar\AppData\Roaming\Notepad2.ini
[2011.08.15 18:16:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\omar\Desktop\OTL.exe
[2011.08.14 17:44:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011.08.14 16:56:04 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-752189712-4168365328-2364872346-1000Core.job
[2011.08.14 16:44:26 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.08.14 16:44:18 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.08.14 16:38:26 | 000,103,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.08.13 19:43:00 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.08.11 13:43:18 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.10 13:19:47 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\E.Y.E Divine Cybermancy.lnk
[2011.08.09 23:47:30 | 000,000,289 | ---- | M] () -- C:\Windows\System32\settings.xml
[2011.08.09 19:06:40 | 000,004,570 | ---- | M] () -- C:\Users\omar\.recently-used.xbel
[2011.08.09 18:51:56 | 000,001,720 | ---- | M] () -- C:\Users\omar\Desktop\Skeleton in Suit_272232.png
[2011.08.07 18:41:52 | 000,270,142 | ---- | M] () -- C:\Users\omar\Desktop\Minecraft.exe
[2011.08.06 22:04:58 | 000,001,043 | ---- | M] () -- C:\Users\omar\Desktop\Jodix Free WMA to MP3 Converter.lnk
[2011.08.03 14:15:26 | 000,000,143 | ---- | M] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2011.08.02 13:15:39 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Condemned - Criminal Origins.lnk
[2011.08.02 11:22:16 | 000,000,794 | ---- | M] () -- C:\Users\omar\Desktop\Half Life Source.lnk
[2011.07.30 14:52:45 | 000,706,838 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.30 14:52:45 | 000,660,416 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.30 14:52:45 | 000,152,398 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.30 14:52:45 | 000,124,606 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.28 21:28:26 | 000,000,279 | ---- | M] () -- C:\Users\omar\Desktop\char.png
[2011.07.26 16:24:42 | 000,031,415 | ---- | M] () -- C:\Users\omar\Desktop\U MAD.jpg
[2011.07.26 12:34:46 | 000,032,063 | ---- | M] () -- C:\Users\omar\Desktop\PWND.jpg
[2011.07.23 17:57:31 | 000,000,957 | ---- | M] () -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2011.07.23 17:57:31 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2011.07.21 13:40:27 | 000,000,284 | ---- | M] () -- C:\Windows\Tcsofla.INI
[2011.07.21 12:11:12 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.21 12:11:11 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.16 17:18:44 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.14 17:44:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011.08.13 19:43:00 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.08.11 13:43:18 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.10 13:19:47 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\E.Y.E Divine Cybermancy.lnk
[2011.08.09 23:47:30 | 000,000,289 | ---- | C] () -- C:\Windows\System32\settings.xml
[2011.08.09 19:06:40 | 000,004,570 | ---- | C] () -- C:\Users\omar\.recently-used.xbel
[2011.08.09 18:51:54 | 000,001,720 | ---- | C] () -- C:\Users\omar\Desktop\Skeleton in Suit_272232.png
[2011.08.08 16:51:03 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-752189712-4168365328-2364872346-1000UA.job
[2011.08.08 16:51:00 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-752189712-4168365328-2364872346-1000Core.job
[2011.08.07 18:41:50 | 000,270,142 | ---- | C] () -- C:\Users\omar\Desktop\Minecraft.exe
[2011.08.06 22:04:58 | 000,001,043 | ---- | C] () -- C:\Users\omar\Desktop\Jodix Free WMA to MP3 Converter.lnk
[2011.08.03 14:15:26 | 000,000,143 | ---- | C] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2011.08.03 09:38:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.08.02 13:15:39 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Condemned - Criminal Origins.lnk
[2011.08.02 11:22:16 | 000,000,794 | ---- | C] () -- C:\Users\omar\Desktop\Half Life Source.lnk
[2011.07.28 21:28:25 | 000,000,279 | ---- | C] () -- C:\Users\omar\Desktop\char.png
[2011.07.26 16:24:42 | 000,031,415 | ---- | C] () -- C:\Users\omar\Desktop\U MAD.jpg
[2011.07.26 12:32:18 | 000,032,063 | ---- | C] () -- C:\Users\omar\Desktop\PWND.jpg
[2011.07.23 17:57:31 | 000,000,957 | ---- | C] () -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2011.07.23 17:57:31 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2011.07.21 13:08:38 | 000,000,284 | ---- | C] () -- C:\Windows\Tcsofla.INI
[2011.07.03 22:06:21 | 000,023,978 | ---- | C] () -- C:\Users\omar\AppData\Roaming\Notepad2.ini
[2011.06.26 13:53:03 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011.06.26 13:53:03 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011.06.17 19:07:00 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011.06.17 13:17:06 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011.06.17 13:17:06 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011.06.15 21:50:20 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.06.14 16:19:52 | 000,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2011.06.13 00:12:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.06.07 16:04:20 | 000,162,432 | ---- | C] () -- C:\Windows\System32\drivers\ithsgt.sys
[2011.06.07 16:04:14 | 000,012,032 | ---- | C] () -- C:\Windows\System32\drivers\lilsgt.sys
[2011.06.06 21:13:04 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.04.28 20:11:31 | 000,000,031 | ---- | C] () -- C:\Windows\CAD3D.INI
[2011.04.28 20:11:25 | 000,059,392 | ---- | C] () -- C:\Windows\System32\Gksui16.exe
[2011.04.26 10:43:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.04.22 15:15:43 | 000,000,551 | ---- | C] () -- C:\Windows\eReg.dat
[2011.04.17 19:56:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.16 18:51:16 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.04.11 23:47:05 | 000,007,605 | ---- | C] () -- C:\Users\omar\AppData\Local\Resmon.ResmonCfg
[2011.03.27 00:22:58 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2011.03.23 21:49:38 | 000,000,092 | ---- | C] () -- C:\Users\omar\AppData\Local\fusioncache.dat
[2011.03.22 20:29:12 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2011.01.29 22:18:44 | 000,138,056 | ---- | C] () -- C:\Users\omar\AppData\Roaming\PnkBstrK.sys
[2011.01.29 22:17:57 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.01.29 22:17:56 | 000,837,192 | ---- | C] () -- C:\Windows\System32\Pbsvc.exe
[2011.01.29 22:17:56 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.01.23 23:08:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 10:47:43 | 000,706,838 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,152,398 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,294,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,660,416 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,124,606 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.12.01 21:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.12.01 21:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.10.30 15:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2005.10.21 00:58:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\vspxvfw.dll
[2005.09.01 16:20:46 | 000,524,288 | ---- | C] () -- C:\Windows\System32\vspxcore.dll
[1999.01.22 00:40:22 | 000,180,224 | ---- | C] () -- C:\Windows\Res2_uninst.exe

========== LOP Check ==========

[2011.07.22 17:53:05 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\.doomseeker
[2011.08.15 19:45:19 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\.minecraft
[2011.05.27 17:10:26 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\111 Pix Ltd
[2011.06.19 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Audacity
[2011.05.22 18:30:01 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\DAEMON Tools Lite
[2011.01.30 01:26:04 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\DAEMON Tools Pro
[2011.08.16 17:07:18 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\DNA
[2011.03.30 19:53:48 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Downloaded Installations
[2011.08.04 16:44:27 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\GetRightToGo
[2011.08.16 16:42:47 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\go
[2011.07.26 16:24:42 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\gtk-2.0
[2011.06.26 13:53:03 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\IObit
[2011.06.03 20:26:06 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\MAXON
[2011.03.25 22:46:23 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\MotioninJoy
[2011.05.22 16:27:10 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Mount&Blade
[2011.06.21 18:27:47 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\OpenOffice.org
[2011.08.12 16:54:36 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Opera
[2011.07.15 13:57:23 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\PFStaticIP
[2011.06.03 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Sony
[2011.02.03 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Subversion
[2011.01.31 13:21:30 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Synaptics
[2011.03.21 21:22:42 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\TeamViewer
[2011.06.06 21:44:31 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\TerrariaWorldViewer
[2011.04.26 10:42:02 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Tunngle
[2011.05.24 20:01:27 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Unity
[2011.08.16 17:09:09 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\uTorrent
[2011.06.11 19:19:46 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\wargaming.net
[2011.06.14 16:22:38 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Webcammax
[2011.07.31 11:34:44 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:364682BC

< End of report >

#4
Omaroso

Posted 16 August 2011 - 09:57 AM

New Member

Topic Starter
Member
8 posts

And here is the MBAM log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7478

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.08.2011 17:44:48
mbam-log-2011-08-16 (17-44-48).txt

Scan type: Quick scan
Objects scanned: 166009
Time elapsed: 22 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.
c:\program files\iobit toolbar\IE\4.5\iobittoolbarie.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.

#5
Essexboy

Posted 16 August 2011 - 11:31 AM

GeekU Moderator

Retired Staff
69,964 posts

OK one more run with OTL to clear some more FF settings - then let me know if the problem is resolved

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#6
Omaroso

Posted 16 August 2011 - 01:25 PM

New Member

Topic Starter
Member
8 posts

Hi,

I can only thank you again!

Here's the log!:

OTL logfile created on: 16.08.2011 21:09:05 - Run 3
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\omar\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 54,14% Memory free
6,63 Gb Paging File | 5,57 Gb Available in Paging File | 83,95% Paging File free
Paging file location(s): c:\pagefile.sys 5000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 5,25 Gb Free Space | 2,25% Space Free | Partition Type: NTFS
Drive D: | 521,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: OMAR-PC | User Name: omar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.15 18:16:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\omar\Desktop\OTL.exe
PRC - [2011.08.04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.06 19:52:38 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2011.06.24 15:56:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.01 14:10:00 | 000,821,080 | ---- | M] (IObit) -- C:\Programme\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011.05.28 14:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011.05.24 23:17:32 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.04.21 07:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.02.24 11:31:46 | 004,615,080 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Symantec System Recovery\Agent\VProSvc.exe
PRC - [2011.01.12 17:23:08 | 001,966,064 | ---- | M] (Symantec) -- C:\Programme\Symantec\Symantec System Recovery\Shared\Drivers\SymSnapService.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2005.03.09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe

========== Modules (No Company Name) ==========

MOD - [2011.06.24 15:56:56 | 001,850,328 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.08.04 21:45:48 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011.08.04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.08.02 09:55:26 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Auto | Running] -- C:\Programme\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011.05.28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011.05.24 23:17:32 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.02.24 11:31:46 | 004,615,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\Symantec System Recovery\Agent\VProSvc.exe -- (Symantec System Recovery)
SRV - [2011.01.24 14:31:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.01.14 13:33:40 | 001,574,408 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2011.01.12 17:23:08 | 001,966,064 | ---- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2010.12.07 22:18:00 | 003,979,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.02.17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005.03.09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)

========== Driver Services (SafeList) ==========

DRV - [2011.07.21 12:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.21 12:11:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.07 16:04:20 | 000,162,432 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ithsgt.sys -- (ithsgt)
DRV - [2011.06.07 16:04:14 | 000,012,032 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lilsgt.sys -- (lilsgt)
DRV - [2011.05.22 18:23:45 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.04.27 19:17:48 | 000,018,768 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011.03.23 00:58:32 | 000,019,280 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011.03.23 00:58:28 | 000,030,600 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Programme\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter)
DRV - [2011.02.24 11:52:58 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.02.23 16:50:44 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2011.01.14 13:34:24 | 000,057,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2011.01.12 17:25:10 | 000,139,360 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2010.03.18 20:01:22 | 000,048,640 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009.04.22 21:42:30 | 000,304,128 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VPS3Joy.sys -- (VPS3Joy) Virtual Playstation(3)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.12.01 23:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2005.03.09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 20 34 4C 0C 12 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=382950&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files\Roblox\Versions\version-f93a5a6aa7924fae\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\omar\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\omar\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\omar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.26 14:28:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.24 15:56:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.03 09:38:19 | 000,000,000 | ---D | M]

[2011.04.07 13:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\omar\AppData\Roaming\mozilla\Extensions
[2011.07.26 14:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\omar\AppData\Roaming\mozilla\Firefox\Profiles\muvhh96j.default\extensions
[2011.07.13 12:36:25 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\omar\AppData\Roaming\mozilla\Firefox\Profiles\muvhh96j.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011.04.23 19:21:55 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\omar\AppData\Roaming\mozilla\Firefox\Profiles\muvhh96j.default\extensions\[email protected]
[2011.05.22 18:24:20 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\omar\AppData\Roaming\mozilla\Firefox\Profiles\muvhh96j.default\extensions\[email protected]
[2011.08.08 17:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\omar\AppData\Roaming\mozilla\SeaMonkey\Profiles\neu4jwft.default\extensions
[2011.07.30 20:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.14 15:19:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.06.21 18:15:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.07.30 20:07:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.06.24 15:56:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.07.16 15:42:38 | 000,066,208 | ---- | M] (Joost Technologies B.V. ) -- C:\Program Files\mozilla firefox\plugins\npJoostPlugin.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.08.16 20:57:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Symantec System Recovery 2011] C:\Program Files\Symantec\Symantec System Recovery\Agent\VProTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Comrade.exe] C:\Programme\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004.03.31 20:14:30 | 000,000,147 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{19cc2840-8e9b-11e0-91dd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{19cc2840-8e9b-11e0-91dd-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{28c0dcc0-8490-11e0-af17-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28c0dcc0-8490-11e0-af17-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{28c0dcc1-8490-11e0-af17-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{28c0dcc1-8490-11e0-af17-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{6956812a-2bad-11e0-a916-00235ad93f8b}\Shell - "" = AutoRun
O33 - MountPoints2\{6956812a-2bad-11e0-a916-00235ad93f8b}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{b916d440-57f5-11e0-8ddb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b916d440-57f5-11e0-8ddb-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup\rsrc\autorun.exe
O33 - MountPoints2\{b916d440-57f5-11e0-8ddb-806e6f6e6963}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O33 - MountPoints2\{fe3f64e4-2724-11e0-bad8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fe3f64e4-2724-11e0-bad8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\rsrc\AUTORUN.EXE -- [2000.01.17 18:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <[email protected]>)
O33 - MountPoints2\{fe3f64e4-2724-11e0-bad8-806e6f6e6963}\Shell\dinstall\command - "" = D:\DirectX\dxsetup.exe -- [2003.08.19 02:15:00 | 000,467,456 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.16 17:52:09 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{A1DB9939-FFF0-4F6F-BE59-531049422353}
[2011.08.16 17:51:30 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{6CD392C6-C117-4550-8143-66AEFBFD063E}
[2011.08.16 17:19:03 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Malwarebytes
[2011.08.16 17:18:43 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.16 17:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.16 17:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.16 17:18:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.16 17:18:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.16 17:11:46 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{9B35CA5E-906B-4AF7-A571-914609CD57A9}
[2011.08.16 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{3CF39ADB-8406-4AA9-BFDD-9116C40249D1}
[2011.08.16 17:00:04 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{99BB0515-2258-4395-AF48-CB6BFB6A6FE5}
[2011.08.16 16:59:48 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{8FBABA18-5FE0-4652-9161-2211402094BF}
[2011.08.16 16:53:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.16 16:45:01 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{7F49006D-B913-46D2-AC6B-E0D91141CAC3}
[2011.08.16 16:44:04 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{4B9A19FC-2A18-4FA0-8A19-57DA55CB092B}
[2011.08.15 20:33:35 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{B73609B3-D4A9-4D1E-89F4-4F80CD32F0BE}
[2011.08.15 20:32:52 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{6BB19B6F-915C-42F9-BB5F-2B287AD18D82}
[2011.08.15 18:16:29 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\omar\Desktop\OTL.exe
[2011.08.15 18:09:19 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Symantec
[2011.08.15 18:02:59 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{39627752-337C-48A4-9559-6638BD11FECC}
[2011.08.15 18:01:56 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{02AC5E83-7EE0-4891-A33D-CE1D06B8C2B4}
[2011.08.14 21:26:16 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{9E4BB209-BF6F-4C83-9480-26917CE2EDD4}
[2011.08.14 21:25:32 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C5EC83B7-310D-456A-9B75-8CDFFC820DCA}
[2011.08.14 19:52:56 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\Symantec_Corporation
[2011.08.14 17:45:05 | 000,139,360 | ---- | C] (StorageCraft) -- C:\Windows\System32\drivers\symsnap.sys
[2011.08.14 17:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec System Recovery
[2011.08.14 17:44:35 | 000,015,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\vproeventmonitor.sys
[2011.08.14 17:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\79290820-B54E-4bb8-ADA7-3541B45B9445
[2011.08.14 17:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011.08.14 17:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011.08.14 17:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011.08.14 13:47:17 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C4EA6215-8F0B-4A21-835C-B5A840C8F3CE}
[2011.08.14 13:46:32 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{7DF09B66-EA77-4829-949F-6874FF66C035}
[2011.08.13 19:44:37 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Avira
[2011.08.13 19:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.08.13 19:42:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.08.13 19:42:23 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.08.13 19:42:23 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.08.13 19:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.08.13 19:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.08.13 19:41:06 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{93C88E28-252A-44EE-85BC-1495D989CDA0}
[2011.08.13 19:39:37 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{FEC81397-1C04-4727-9B5C-7D9237BAF006}
[2011.08.13 19:12:05 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{3080EFA1-3F99-48CC-A75A-4D3F3DC00729}
[2011.08.13 19:10:53 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{82B3213B-BD5B-46BD-A839-837705C4F724}
[2011.08.13 18:52:20 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{2060857D-6FCA-4534-9DBB-908AFC40D781}
[2011.08.13 13:17:27 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{E82D0F70-0696-4206-9B5A-89105FD6B244}
[2011.08.13 13:17:04 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{94D49ACB-7C77-450E-B887-5E5C65C160B0}
[2011.08.12 18:21:37 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{6A7A624C-0ED0-482C-BB03-FC038A1B9D85}
[2011.08.12 18:19:49 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{96B43B00-8911-4E4A-81C5-773311397A21}
[2011.08.12 16:54:36 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Opera
[2011.08.12 16:54:36 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\Opera
[2011.08.12 16:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011.08.12 16:50:05 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{672D4E27-3C3E-461E-BE53-73E3AF02E55C}
[2011.08.12 16:49:27 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{F9A6BF8D-3E6B-4F76-91DA-F411B1431E7F}
[2011.08.12 13:32:33 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{ADBD63A6-4FAF-4B4D-9C8C-0E07BD837BCC}
[2011.08.12 13:32:16 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{853EF61F-7158-4BB1-AB72-1394C0B136A7}
[2011.08.11 13:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.08.11 13:43:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011.08.11 13:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.08.11 13:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.08.11 13:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.08.11 13:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.08.11 13:38:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.10 23:54:15 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{0EE57E14-CD71-4774-B80F-25DB1FBF1392}
[2011.08.10 22:06:39 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{27C4D990-3C88-45CB-BFA4-89AD77E3BB62}
[2011.08.10 22:05:22 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{35B95401-16B6-40DF-BBAF-BC6104A4A8DF}
[2011.08.10 20:54:19 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{3DB77F12-3DB7-4119-B0EA-420A3D2B7A29}
[2011.08.10 20:53:41 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{A12251F1-8432-4172-BDA5-E9282F733985}
[2011.08.10 20:34:54 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\mods
[2011.08.10 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\.minecraft
[2011.08.10 19:58:30 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\Amazopack
[2011.08.10 13:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streum On Studio
[2011.08.10 12:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Streum On Studio
[2011.08.10 12:57:21 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{0A36C644-CE6E-4875-8229-67930836E1CF}
[2011.08.10 09:33:24 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{2648586E-058A-455C-9D55-BB5C42A7BAC8}
[2011.08.09 14:03:38 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\Skylands server
[2011.08.09 13:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2011.08.09 13:08:28 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\catmario
[2011.08.09 10:28:30 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\Installers
[2011.08.09 09:41:29 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{D4184440-81AA-4328-B65B-0D51DEBF94D7}
[2011.08.09 09:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.08.09 09:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011.08.08 18:43:15 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{8D28D21D-3F61-4DC1-BE38-C94826BD496E}
[2011.08.08 17:06:08 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.08.08 10:19:46 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C1DDDD9A-533E-4643-8B72-22DFF69EF1B7}
[2011.08.07 23:33:04 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{AD4127D3-770A-432F-836A-C1EEF1F7803D}
[2011.08.07 20:00:20 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\AdventureCraft
[2011.08.07 18:09:11 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{3CB5CC37-D57E-4E85-95B4-2C4249C22C49}
[2011.08.07 15:24:46 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2011.08.07 00:15:00 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\Arktos
[2011.08.07 00:14:59 | 000,000,000 | ---D | C] -- C:\Users\omar\Documents\Arktos
[2011.08.06 22:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jodix
[2011.08.06 22:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Free WMA to MP3 Converter
[2011.08.06 21:22:29 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\HLDJ
[2011.08.06 13:23:12 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{E4A7FC10-4846-446B-90BF-8B8A33DDCE56}
[2011.08.06 09:52:12 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{90653FC3-C566-4C73-861C-4514C82BBB67}
[2011.08.05 13:25:11 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{402AB743-D06C-4F74-BE86-E1EA7B8F0C27}
[2011.08.04 19:20:19 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{3A34B3AA-D888-4A8C-90AE-7E5F811CC7DF}
[2011.08.04 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\GetRightToGo
[2011.08.04 16:43:33 | 000,000,000 | ---D | C] -- C:\Users\omar\Documents\Downloads
[2011.08.03 14:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades
[2011.08.03 14:15:23 | 000,000,000 | ---D | C] -- C:\Ace of Spades
[2011.08.03 12:37:48 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{09C4A7B2-6758-4942-9455-4D65757D7D66}
[2011.08.03 09:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.08.03 09:37:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011.08.02 20:21:49 | 000,000,000 | ---D | C] -- C:\Users\omar\Documents\Duke Nukem Forever Demo
[2011.08.02 20:21:24 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys
[2011.08.02 20:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2011.08.02 13:26:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2011.08.02 13:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
[2011.08.02 13:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA
[2011.08.02 11:22:16 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half Life Source
[2011.08.02 11:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Half Life Source
[2011.08.02 11:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\Half Life
[2011.08.02 09:05:14 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{403A34DB-8A96-496E-9D1A-33F20E4E5D7C}
[2011.08.01 20:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Fox
[2011.08.01 20:30:12 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fox Interactive
[2011.08.01 20:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
[2011.08.01 19:14:53 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{223EC15F-249B-4CA9-96BE-E059849E260E}
[2011.07.31 11:22:48 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{325A6BB1-86CB-4D1D-8317-F8AB0852BBF5}
[2011.07.30 23:20:32 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{BDA28801-4C15-4B6C-9889-BA65274795E5}
[2011.07.30 22:23:55 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
[2011.07.30 22:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth
[2011.07.30 22:23:50 | 000,000,000 | ---D | C] -- C:\Users\omar\Documents\Heroes of Newerth
[2011.07.30 22:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\Heroes of Newerth
[2011.07.30 20:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.07.30 20:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Survivors of Ragnarok
[2011.07.30 20:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\SurvivorsofRagnarok
[2011.07.30 13:31:04 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\Apple Computer
[2011.07.30 13:30:45 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Apple Computer
[2011.07.30 11:19:12 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C8B5A038-E297-40FB-9FD6-988ADED1620C}
[2011.07.29 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{96813E76-C59D-4E69-9E98-99006E76B9D8}
[2011.07.28 13:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2011.07.28 13:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2011.07.27 18:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Xaya3D
[2011.07.27 14:41:01 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{ED71D90A-7AF6-478D-8911-68155462E6A8}
[2011.07.26 14:29:44 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\DDMSettings
[2011.07.26 14:27:38 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\DivX
[2011.07.26 14:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011.07.26 14:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.07.26 14:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011.07.26 14:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.07.26 14:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.07.26 12:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.07.25 11:03:59 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C473905C-7E69-4ABB-8D9E-65CB8C3E2413}
[2011.07.24 22:30:44 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{4807C2BB-BC92-4B5E-816D-01B525454FC0}
[2011.07.24 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\omar\Desktop\Aether
[2011.07.23 21:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devolver Digital
[2011.07.23 18:02:17 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2 Patch 2.066.00
[2011.07.23 18:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2011.07.23 17:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2011.07.23 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Xfire
[2011.07.23 17:57:26 | 000,000,000 | --SD | C] -- C:\Program Files\Xfire
[2011.07.23 17:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
[2011.07.23 17:55:41 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serious Sam 2
[2011.07.23 17:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Serious Sam 2
[2011.07.23 17:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQ-Girls Bildschirmschoner
[2011.07.23 17:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Lomex
[2011.07.23 13:20:14 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{04014ADC-C12B-4C0E-B845-FC9C8F3BD077}
[2011.07.22 17:38:19 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\.doomseeker
[2011.07.22 17:33:56 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skulltag
[2011.07.22 17:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skulltag
[2011.07.22 17:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Skulltag
[2011.07.22 10:58:00 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{38C31BF5-7E50-4F31-881A-7B679472206D}
[2011.07.21 14:26:44 | 000,000,000 | ---D | C] -- C:\DUKE
[2011.07.21 13:40:28 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\True Crime - Streets of LA
[2011.07.21 13:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Crime - Streets of LA
[2011.07.21 11:39:03 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C0424103-C581-4C2E-9B6B-64F9EC75FCF1}
[2011.07.19 13:43:57 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{C134BDD2-7837-4424-BFEC-3A5E5F0413F8}
[2011.07.18 08:38:13 | 000,000,000 | ---D | C] -- C:\Users\omar\AppData\Local\{93B89304-5AEF-4C73-BE58-0F5DCBCB6BE4}

========== Files - Modified Within 30 Days ==========

[2011.08.16 21:10:03 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.16 21:10:03 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.16 21:02:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.16 21:01:56 | 1407,787,008 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.16 20:57:00 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.08.16 20:56:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-752189712-4168365328-2364872346-1000UA.job
[2011.08.16 17:35:59 | 000,023,978 | ---- | M] () -- C:\Users\omar\AppData\Roaming\Notepad2.ini
[2011.08.16 17:18:44 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.15 18:16:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\omar\Desktop\OTL.exe
[2011.08.14 17:44:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011.08.14 16:56:04 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-752189712-4168365328-2364872346-1000Core.job
[2011.08.14 16:44:26 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.08.14 16:44:18 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.08.14 16:38:26 | 000,103,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.08.13 19:43:00 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.08.11 13:43:18 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.10 13:19:47 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\E.Y.E Divine Cybermancy.lnk
[2011.08.09 23:47:30 | 000,000,289 | ---- | M] () -- C:\Windows\System32\settings.xml
[2011.08.09 19:06:40 | 000,004,570 | ---- | M] () -- C:\Users\omar\.recently-used.xbel
[2011.08.09 18:51:56 | 000,001,720 | ---- | M] () -- C:\Users\omar\Desktop\Skeleton in Suit_272232.png
[2011.08.07 18:41:52 | 000,270,142 | ---- | M] () -- C:\Users\omar\Desktop\Minecraft.exe
[2011.08.06 22:04:58 | 000,001,043 | ---- | M] () -- C:\Users\omar\Desktop\Jodix Free WMA to MP3 Converter.lnk
[2011.08.03 14:15:26 | 000,000,143 | ---- | M] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2011.08.02 13:15:39 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Condemned - Criminal Origins.lnk
[2011.08.02 11:22:16 | 000,000,794 | ---- | M] () -- C:\Users\omar\Desktop\Half Life Source.lnk
[2011.07.30 14:52:45 | 000,706,838 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.30 14:52:45 | 000,660,416 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.30 14:52:45 | 000,152,398 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.30 14:52:45 | 000,124,606 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.28 21:28:26 | 000,000,279 | ---- | M] () -- C:\Users\omar\Desktop\char.png
[2011.07.26 16:24:42 | 000,031,415 | ---- | M] () -- C:\Users\omar\Desktop\U MAD.jpg
[2011.07.26 12:34:46 | 000,032,063 | ---- | M] () -- C:\Users\omar\Desktop\PWND.jpg
[2011.07.23 17:57:31 | 000,000,957 | ---- | M] () -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2011.07.23 17:57:31 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2011.07.21 13:40:27 | 000,000,284 | ---- | M] () -- C:\Windows\Tcsofla.INI
[2011.07.21 12:11:12 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.21 12:11:11 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2011.08.16 17:18:44 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.14 17:44:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2011.08.13 19:43:00 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.08.11 13:43:18 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.08.10 13:19:47 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\E.Y.E Divine Cybermancy.lnk
[2011.08.09 23:47:30 | 000,000,289 | ---- | C] () -- C:\Windows\System32\settings.xml
[2011.08.09 19:06:40 | 000,004,570 | ---- | C] () -- C:\Users\omar\.recently-used.xbel
[2011.08.09 18:51:54 | 000,001,720 | ---- | C] () -- C:\Users\omar\Desktop\Skeleton in Suit_272232.png
[2011.08.08 16:51:03 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-752189712-4168365328-2364872346-1000UA.job
[2011.08.08 16:51:00 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-752189712-4168365328-2364872346-1000Core.job
[2011.08.07 18:41:50 | 000,270,142 | ---- | C] () -- C:\Users\omar\Desktop\Minecraft.exe
[2011.08.06 22:04:58 | 000,001,043 | ---- | C] () -- C:\Users\omar\Desktop\Jodix Free WMA to MP3 Converter.lnk
[2011.08.03 14:15:26 | 000,000,143 | ---- | C] () -- C:\Users\Public\Desktop\Play Ace of Spades.url
[2011.08.03 09:38:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.08.02 13:15:39 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Condemned - Criminal Origins.lnk
[2011.08.02 11:22:16 | 000,000,794 | ---- | C] () -- C:\Users\omar\Desktop\Half Life Source.lnk
[2011.07.28 21:28:25 | 000,000,279 | ---- | C] () -- C:\Users\omar\Desktop\char.png
[2011.07.26 16:24:42 | 000,031,415 | ---- | C] () -- C:\Users\omar\Desktop\U MAD.jpg
[2011.07.26 12:32:18 | 000,032,063 | ---- | C] () -- C:\Users\omar\Desktop\PWND.jpg
[2011.07.23 17:57:31 | 000,000,957 | ---- | C] () -- C:\Users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2011.07.23 17:57:31 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2011.07.21 13:08:38 | 000,000,284 | ---- | C] () -- C:\Windows\Tcsofla.INI
[2011.07.03 22:06:21 | 000,023,978 | ---- | C] () -- C:\Users\omar\AppData\Roaming\Notepad2.ini
[2011.06.26 13:53:03 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011.06.26 13:53:03 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011.06.17 19:07:00 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011.06.17 13:17:06 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2011.06.17 13:17:06 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011.06.15 21:50:20 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.06.14 16:19:52 | 000,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2011.06.13 00:12:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.06.07 16:04:20 | 000,162,432 | ---- | C] () -- C:\Windows\System32\drivers\ithsgt.sys
[2011.06.07 16:04:14 | 000,012,032 | ---- | C] () -- C:\Windows\System32\drivers\lilsgt.sys
[2011.06.06 21:13:04 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.04.28 20:11:31 | 000,000,031 | ---- | C] () -- C:\Windows\CAD3D.INI
[2011.04.28 20:11:25 | 000,059,392 | ---- | C] () -- C:\Windows\System32\Gksui16.exe
[2011.04.26 10:43:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.04.22 15:15:43 | 000,000,551 | ---- | C] () -- C:\Windows\eReg.dat
[2011.04.17 19:56:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.16 18:51:16 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.04.11 23:47:05 | 000,007,605 | ---- | C] () -- C:\Users\omar\AppData\Local\Resmon.ResmonCfg
[2011.03.27 00:22:58 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2011.03.23 21:49:38 | 000,000,092 | ---- | C] () -- C:\Users\omar\AppData\Local\fusioncache.dat
[2011.03.22 20:29:12 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2011.01.29 22:18:44 | 000,138,056 | ---- | C] () -- C:\Users\omar\AppData\Roaming\PnkBstrK.sys
[2011.01.29 22:17:57 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.01.29 22:17:56 | 000,837,192 | ---- | C] () -- C:\Windows\System32\Pbsvc.exe
[2011.01.29 22:17:56 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.01.23 23:08:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 10:47:43 | 000,706,838 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,152,398 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,294,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,660,416 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,124,606 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.12.01 21:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.12.01 21:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.10.30 15:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2005.10.21 00:58:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\vspxvfw.dll
[2005.09.01 16:20:46 | 000,524,288 | ---- | C] () -- C:\Windows\System32\vspxcore.dll
[1999.01.22 00:40:22 | 000,180,224 | ---- | C] () -- C:\Windows\Res2_uninst.exe

========== LOP Check ==========

[2011.07.22 17:53:05 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\.doomseeker
[2011.08.15 19:45:19 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\.minecraft
[2011.05.27 17:10:26 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\111 Pix Ltd
[2011.06.19 20:33:45 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Audacity
[2011.05.22 18:30:01 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\DAEMON Tools Lite
[2011.01.30 01:26:04 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\DAEMON Tools Pro
[2011.08.16 17:50:05 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\DNA
[2011.03.30 19:53:48 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Downloaded Installations
[2011.08.04 16:44:27 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\GetRightToGo
[2011.08.16 16:42:47 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\go
[2011.07.26 16:24:42 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\gtk-2.0
[2011.06.26 13:53:03 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\IObit
[2011.06.03 20:26:06 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\MAXON
[2011.03.25 22:46:23 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\MotioninJoy
[2011.05.22 16:27:10 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Mount&Blade
[2011.06.21 18:27:47 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\OpenOffice.org
[2011.08.12 16:54:36 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Opera
[2011.07.15 13:57:23 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\PFStaticIP
[2011.06.03 10:31:04 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Sony
[2011.02.03 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Subversion
[2011.01.31 13:21:30 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Synaptics
[2011.03.21 21:22:42 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\TeamViewer
[2011.06.06 21:44:31 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\TerrariaWorldViewer
[2011.04.26 10:42:02 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Tunngle
[2011.05.24 20:01:27 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Unity
[2011.08.16 17:50:30 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\uTorrent
[2011.06.11 19:19:46 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\wargaming.net
[2011.06.14 16:22:38 | 000,000,000 | ---D | M] -- C:\Users\omar\AppData\Roaming\Webcammax
[2011.07.31 11:34:44 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:364682BC

< End of report >

#7
Essexboy

Posted 16 August 2011 - 02:13 PM

GeekU Moderator

Retired Staff
69,964 posts

It appears to be returning so I will need to search deeper

Download and Install CombofixDownload ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#8
Omaroso

Posted 17 August 2011 - 07:10 AM

New Member

Topic Starter
Member
8 posts

Hi,

Sorry for the late reply. My computer is pretty slow on startup and sometimes i get a blackscreen on startup, but i know how to fix it.

Here's the log:

ComboFix 11-08-16.05 - omar 17.08.2011 14:38:45.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.1790.1106 [GMT 2:00]
ausgeführt von:: c:\users\omar\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\iun6002.exe
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((( Dateien erstellt von 2011-07-17 bis 2011-08-17 ))))))))))))))))))))))))))))))
.
.
2011-08-16 19:30 . 2011-08-16 19:30 -------- d-----w- c:\program files\CCleaner
2011-08-16 15:19 . 2011-08-16 15:19 -------- d-----w- c:\users\omar\AppData\Roaming\Malwarebytes
2011-08-16 15:18 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-16 15:18 . 2011-08-16 15:18 -------- d-----w- c:\programdata\Malwarebytes
2011-08-16 15:18 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 15:18 . 2011-08-16 15:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-16 14:53 . 2011-08-16 14:53 -------- d-----w- C:\_OTL
2011-08-15 16:09 . 2011-08-15 16:09 -------- d-----w- c:\users\omar\AppData\Roaming\Symantec
2011-08-14 17:52 . 2011-08-14 17:52 -------- d-----w- c:\users\omar\AppData\Local\Symantec_Corporation
2011-08-14 15:47 . 2007-03-21 19:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2011-08-14 15:47 . 2007-03-21 19:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2011-08-14 15:47 . 2007-03-21 19:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2011-08-14 15:47 . 2011-02-24 09:52 131000 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2011-08-14 15:45 . 2011-01-12 15:25 139360 ----a-w- c:\windows\system32\drivers\symsnap.sys
2011-08-14 15:44 . 2009-09-21 18:40 15096 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2011-08-14 15:43 . 2010-08-27 10:08 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-08-14 15:43 . 2011-08-14 15:43 -------- d-----w- c:\programdata\79290820-B54E-4bb8-ADA7-3541B45B9445
2011-08-14 15:43 . 2011-08-14 15:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-08-14 15:42 . 2011-08-14 17:51 -------- d-----w- c:\programdata\Symantec
2011-08-14 15:42 . 2011-08-14 15:47 -------- d-----w- c:\program files\Symantec
2011-08-13 17:44 . 2011-08-13 17:44 -------- d-----w- c:\users\omar\AppData\Roaming\Avira
2011-08-13 17:42 . 2011-07-21 10:11 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-13 17:42 . 2011-07-21 10:11 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-13 17:42 . 2011-08-13 17:42 -------- d-----w- c:\programdata\Avira
2011-08-13 17:42 . 2011-08-13 17:42 -------- d-----w- c:\program files\Avira
2011-08-12 14:54 . 2011-08-12 14:54 -------- d-----w- c:\users\omar\AppData\Local\Opera
2011-08-12 14:54 . 2011-08-12 16:15 -------- d-----w- c:\program files\Opera
2011-08-11 11:43 . 2011-08-14 15:47 -------- dc----w- c:\windows\system32\DRVSTORE
2011-08-11 11:43 . 2010-08-27 10:08 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2011-08-11 11:41 . 2011-08-12 16:15 -------- d-----w- c:\program files\iPod
2011-08-11 11:41 . 2011-08-12 16:16 -------- d-----w- c:\program files\iTunes
2011-08-11 11:41 . 2011-08-12 16:15 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-08-11 11:38 . 2011-08-11 11:39 -------- d-----w- c:\program files\Bonjour
2011-08-10 18:31 . 2011-08-15 17:45 -------- d-----w- c:\users\omar\AppData\Roaming\.minecraft
2011-08-10 10:59 . 2011-08-10 10:59 -------- d-----w- c:\program files\Streum On Studio
2011-08-09 11:51 . 2011-08-09 11:56 -------- d-----w- c:\programdata\eMule
2011-08-09 07:41 . 2011-08-09 07:41 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-08-07 13:24 . 2011-08-07 13:43 -------- d--h--w- c:\program files\Temp
2011-08-06 22:15 . 2011-08-06 22:15 -------- d-----w- c:\users\omar\AppData\Local\Arktos
2011-08-06 20:04 . 2011-08-06 20:04 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2011-08-04 14:43 . 2011-08-04 14:44 -------- d-----w- c:\users\omar\AppData\Roaming\GetRightToGo
2011-08-03 12:15 . 2011-08-03 12:15 -------- d-----w- C:\Ace of Spades
2011-08-03 07:37 . 2011-08-03 07:38 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-02 18:21 . 2007-06-29 12:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2011-08-02 18:21 . 2011-08-02 18:21 -------- d-----w- c:\program files\AMD
2011-08-02 11:15 . 2011-08-02 11:15 -------- d-----w- c:\program files\SEGA
2011-08-02 11:14 . 2005-11-13 21:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-08-02 11:13 . 2006-02-07 13:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-08-02 11:13 . 2006-02-07 13:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-08-02 11:13 . 2006-02-07 13:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-08-02 11:13 . 2006-02-07 13:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-08-02 11:13 . 2011-08-02 11:13 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-08-02 11:13 . 2011-08-02 11:13 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-08-02 09:22 . 2011-08-02 09:57 -------- d-----w- c:\program files\Half Life
2011-08-01 18:31 . 2011-08-01 18:31 -------- d-----w- c:\program files\Fox
2011-07-30 20:18 . 2011-07-30 20:23 -------- d-----w- c:\program files\Heroes of Newerth
2011-07-30 18:08 . 2011-07-30 18:08 -------- d-----w- c:\program files\Common Files\Java
2011-07-30 18:07 . 2011-05-04 02:52 476904 ----a-w- c:\program files\Mozilla Firefox\Plugins\npdeployJava1.dll
2011-07-30 18:03 . 2011-07-30 18:03 -------- d-----w- c:\program files\SurvivorsofRagnarok
2011-07-30 11:31 . 2011-08-11 11:43 -------- d-----w- c:\users\omar\AppData\Local\Apple Computer
2011-07-30 11:30 . 2011-08-11 11:44 -------- d-----w- c:\users\omar\AppData\Roaming\Apple Computer
2011-07-28 11:03 . 2011-07-28 11:03 -------- d-----w- c:\program files\GOG.com
2011-07-27 16:33 . 2011-07-27 16:33 -------- d-----w- c:\program files\Xaya3D
2011-07-27 13:48 . 2011-07-27 13:48 243712 ----a-w- c:\program files\Mozilla Firefox\tMod v3.exe
2011-07-27 13:48 . 2011-06-24 07:50 748032 ----a-w- c:\program files\Mozilla Firefox\TerrariaServer.exe
2011-07-27 13:48 . 2011-07-27 13:48 60928 ----a-w- c:\program files\Mozilla Firefox\LuaInterface.dll
2011-07-27 13:48 . 2011-07-27 13:48 336896 ----a-w- c:\program files\Mozilla Firefox\lua51.dll
2011-07-27 13:48 . 2011-07-27 13:48 385024 ----a-w- c:\program files\Mozilla Firefox\Mono.Cecil.dll
2011-07-26 12:29 . 2011-07-26 12:29 -------- d-----w- c:\users\omar\AppData\Local\DDMSettings
2011-07-26 12:27 . 2011-07-29 18:30 -------- d-----w- c:\users\omar\AppData\Roaming\DivX
2011-07-26 12:27 . 2011-07-26 12:27 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-07-26 12:25 . 2011-07-26 12:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-07-26 12:22 . 2011-07-26 12:28 -------- d-----w- c:\program files\DivX
2011-07-26 12:21 . 2011-07-26 12:28 -------- d-----w- c:\programdata\DivX
2011-07-26 10:31 . 2011-07-26 10:31 -------- d-----w- c:\program files\Apple Software Update
2011-07-23 16:00 . 2011-08-13 18:06 -------- d-----w- c:\programdata\Xfire
2011-07-23 15:57 . 2011-08-12 16:15 -------- d-----w- c:\users\omar\AppData\Roaming\Xfire
2011-07-23 15:57 . 2011-07-23 18:08 -------- d-s---w- c:\program files\Xfire
2011-07-23 15:51 . 2011-07-23 16:07 -------- d-----w- c:\program files\Serious Sam 2
2011-07-23 15:21 . 2011-07-23 15:32 -------- d-----w- c:\program files\Lomex
2011-07-22 15:38 . 2011-07-22 15:53 -------- d-----w- c:\users\omar\AppData\Roaming\.doomseeker
2011-07-22 15:33 . 2011-07-22 15:53 -------- d-----w- c:\program files\Skulltag
2011-07-21 12:26 . 2011-07-21 12:26 -------- d-----w- C:\DUKE
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-14 14:44 . 2011-06-06 19:13 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-14 14:44 . 2011-03-23 15:07 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-14 14:44 . 2011-01-29 20:17 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-14 14:38 . 2011-01-29 20:17 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-06 14:51 . 2011-04-22 14:30 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-06-20 06:57 . 2011-07-14 09:10 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DA61B8E-5AF5-400F-BD6E-1864DD262DD2}\mpengine.dll
2011-06-17 17:06 . 2011-06-17 17:06 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-06-17 17:06 . 2011-06-17 17:06 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-06-17 10:29 . 2011-05-19 17:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-13 14:01 . 2011-02-01 21:05 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-13 14:01 . 2011-02-01 21:05 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-07 14:04 . 2011-06-07 14:04 162432 ----a-w- c:\windows\system32\drivers\ithsgt.sys
2011-06-07 14:04 . 2011-06-07 14:04 12032 ----a-w- c:\windows\system32\drivers\lilsgt.sys
2011-06-06 19:13 . 2011-01-29 20:18 138056 ----a-w- c:\users\omar\AppData\Roaming\PnkBstrK.sys
2011-06-06 19:12 . 2011-01-29 20:17 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-24 17:14 . 2011-01-23 20:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 16:23 . 2011-03-26 22:00 431672 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-06-24 13:56 . 2011-04-07 14:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-08-02 1242448]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-21 399736]
"Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2010-06-30 80896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2011-06-07 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-06-01 4385112]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-04 1955208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Symantec System Recovery 2011"="c:\program files\Symantec\Symantec System Recovery\Agent\VProTray.exe" [2011-02-24 2602920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-16 3510160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2011-6-30 2588784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2011-04-27 18768]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Symantec\Symantec System Recovery\Shared\Drivers\GenericMountHelper.exe [2011-01-14 1574408]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-03-18 48640]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-12-07 3979632]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-03-22 30600]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 7168]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2011-03-22 19280]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-24 1343400]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R3 XDva383;XDva383;c:\windows\system32\XDva383.sys [x]
R3 XDva387;XDva387;c:\windows\system32\XDva387.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-05-24 294400]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 1361288]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 Symantec System Recovery;Symantec System Recovery;c:\program files\Symantec\Symantec System Recovery\Agent\VProSvc.exe [2011-02-24 4615080]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2011-01-14 57840]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 SymSnapService;SymSnapService;c:\program files\Symantec\Symantec System Recovery\Shared\Drivers\SymSnapService.exe [2011-01-12 1966064]
S3 VPS3Joy;Virtual Playstation(3) Joystick;c:\windows\system32\DRIVERS\VPS3Joy.sys [2009-04-22 304128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752189712-4168365328-2364872346-1000Core.job
- c:\users\omar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-08 10:47]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752189712-4168365328-2364872346-1000UA.job
- c:\users\omar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-08 10:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = my.daemon-search.com
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\omar\AppData\Roaming\Mozilla\Firefox\Profiles\muvhh96j.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Half-Life Dedicated Server Update Tool - c:\srcds\UNWISE.EXE
AddRemove-Merciless_MatadoR - c:\windows\iun6002.exe
AddRemove-Serious Sam HD The First Encounter_is1 - c:\program files\Devolver Digital\Serious Sam HD The First Encounter\unins000.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD2500BEVS-22UST0 rev.01.01A01 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85AE2555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85ae87b0]; MOV EAX, [0x85ae882c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82A4F448] -> \Device\Harddisk0\DR0[0x85AB7648]
3 CLASSPNP[0x888BD59E] -> ntkrnlpa!IofCallDriver[0x82A4F448] -> [0x859E1C10]
5 ACPI[0x833673B2] -> ntkrnlpa!IofCallDriver[0x82A4F448] -> \IdeDeviceP2T0L0-4[0x859C1030]
\Driver\atapi[0x85ABB158] -> IRP_MJ_CREATE -> 0x85AE2555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskWDC_WD2500BEVS-22UST0___________________01.01A01#5&2755f8e4&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
copy of MBR has been found in sector 9 !
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-752189712-4168365328-2364872346-1000\Software\SecuROM\License information*]
"datasecu"=hex:32,9e,04,3d,0f,bf,43,1f,fc,4c,22,62,79,39,01,9d,1f,23,61,74,07,
f9,bf,22,f1,c1,9f,cc,90,bc,8f,64,c5,50,59,53,4c,b1,a8,27,90,56,0f,2b,d7,b9,\
"rkeysecu"=hex:2e,1a,7a,5f,56,71,4d,a3,94,d6,00,1d,a6,60,64,30
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-08-17 14:58:58
ComboFix-quarantined-files.txt 2011-08-17 12:58
.
Vor Suchlauf: 5.288.808.448 Bytes frei
Nach Suchlauf: 5.273.575.424 Bytes frei
.
- - End Of File - - A086AC79912D46776C34808D7886F207

EDIT: Forgot to thank you!

Edited by Omaroso, 17 August 2011 - 07:10 AM.

#9
Essexboy

Posted 17 August 2011 - 11:19 AM

GeekU Moderator

Retired Staff
69,964 posts

Looks like the MBR bootkit does not want to go, I will use a specialist tool now. If that fails we may need to create a recovery disc, so lets do that first

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

recdisc.exe
Allow the UAC(User Account Control) prompt via selecting Yes.
You should now see a menu like the below:-

Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
Note: If a AutoPlay window pops up, just close it.
When the SRD has been created you will see the below:-

Now click on Close >> OK. .
You now have a Windows 7 System Repair Disc.

NEXT

Please read carefully and follow these steps.

DownloadTDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#10
Omaroso

Posted 19 August 2011 - 11:29 AM

New Member

Topic Starter
Member
8 posts

Hi,

I'm umable to create a recovery disk.
I'm getting the error: 0xC0AA020D.

Can I continue without a recovery disk?

Thanks.

Edited by Omaroso, 19 August 2011 - 11:29 AM.

#11
Essexboy

Posted 19 August 2011 - 12:01 PM

GeekU Moderator

Retired Staff
69,964 posts

Yes continue without the disc - I have other methods up my sleeve

#12
Omaroso

Posted 19 August 2011 - 12:19 PM

New Member

Topic Starter
Member
8 posts

,

Here's the log... but it didn't find anything.... I think i did
something with the first OTL thingy...

2011/08/19 20:15:23.0282 2940 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/19 20:15:23.0672 2940 ================================================================================
2011/08/19 20:15:23.0672 2940 SystemInfo:
2011/08/19 20:15:23.0672 2940
2011/08/19 20:15:23.0672 2940 OS Version: 6.1.7600 ServicePack: 0.0
2011/08/19 20:15:23.0672 2940 Product type: Workstation
2011/08/19 20:15:23.0672 2940 ComputerName: OMAR-PC
2011/08/19 20:15:23.0672 2940 UserName: omar
2011/08/19 20:15:23.0672 2940 Windows directory: C:\Windows
2011/08/19 20:15:23.0672 2940 System windows directory: C:\Windows
2011/08/19 20:15:23.0673 2940 Processor architecture: Intel x86
2011/08/19 20:15:23.0673 2940 Number of processors: 1
2011/08/19 20:15:23.0673 2940 Page size: 0x1000
2011/08/19 20:15:23.0673 2940 Boot type: Normal boot
2011/08/19 20:15:23.0673 2940 ================================================================================
2011/08/19 20:15:26.0851 2940 !crdlk
2011/08/19 20:15:26.0881 2940 Initialize success
2011/08/19 20:15:40.0721 2860 ================================================================================
2011/08/19 20:15:40.0721 2860 Scan started
2011/08/19 20:15:40.0721 2860 Mode: Manual;
2011/08/19 20:15:40.0721 2860 ================================================================================
2011/08/19 20:16:01.0484 2860 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/19 20:16:01.0543 2860 ================================================================================
2011/08/19 20:16:01.0543 2860 Scan finished
2011/08/19 20:16:01.0543 2860 ================================================================================
2011/08/19 20:16:01.0604 2776 Detected object count: 0
2011/08/19 20:16:01.0604 2776 Actual detected object count: 0

#13
Essexboy

Posted 19 August 2011 - 12:56 PM

GeekU Moderator

Retired Staff
69,964 posts

Hmm that log is not big enough, so it is worthy of further investigation

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

#14
Omaroso

Posted 19 August 2011 - 01:02 PM

New Member

Topic Starter
Member
8 posts

Here's the log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: eMachines
BIOS Manufacturer: eMachines
System Manufacturer: eMachines
System Product Name: E625
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 169):
0x82A4A000 \SystemRoot\system32\ntkrnlpa.exe
0x82A13000 \SystemRoot\system32\halmacpi.dll
0x85ED3000 \SystemRoot\system32\kdcom.dll
0x8303B000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x83046000 \SystemRoot\system32\PSHED.dll
0x83057000 \SystemRoot\system32\BOOTVID.dll
0x8305F000 \SystemRoot\system32\CLFS.SYS
0x830A1000 \SystemRoot\system32\CI.dll
0x8314C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x831BD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83214000 \SystemRoot\System32\Drivers\sptd.sys
0x83324000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8332D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x83353000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8339B000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x833A3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x833AE000 \SystemRoot\system32\DRIVERS\pci.sys
0x833D8000 \SystemRoot\System32\drivers\partmgr.sys
0x833E9000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x833F1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x83200000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8822C000 \SystemRoot\System32\drivers\volmgrx.sys
0x88277000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8827E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8828C000 \SystemRoot\System32\drivers\mountmgr.sys
0x882A2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x882AB000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x882CE000 \SystemRoot\system32\DRIVERS\msahci.sys
0x882D8000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x882E1000 \SystemRoot\system32\drivers\fltmgr.sys
0x88315000 \SystemRoot\system32\drivers\fileinfo.sys
0x88326000 \SystemRoot\system32\DRIVERS\symsnap.sys
0x88425000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88554000 \SystemRoot\System32\Drivers\msrpc.sys
0x8857F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88592000 \SystemRoot\System32\Drivers\cng.sys
0x885EF000 \SystemRoot\System32\drivers\pcw.sys
0x88400000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x88347000 \SystemRoot\system32\drivers\ndis.sys
0x8861B000 \SystemRoot\system32\drivers\NETIO.SYS
0x88659000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8867E000 \SystemRoot\System32\drivers\tcpip.sys
0x887C7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x88836000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x88875000 \SystemRoot\System32\Drivers\spldr.sys
0x8887D000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys
0x88884000 \SystemRoot\System32\drivers\rdyboost.sys
0x888B1000 \SystemRoot\System32\Drivers\mup.sys
0x888C1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x888C9000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x888FB000 \SystemRoot\system32\DRIVERS\disk.sys
0x8890C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x88964000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88983000 \SystemRoot\System32\Drivers\Null.SYS
0x8898A000 \SystemRoot\System32\Drivers\Beep.SYS
0x88991000 \SystemRoot\System32\drivers\vga.sys
0x8899D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x889BE000 \SystemRoot\System32\drivers\watchdog.sys
0x889CB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x889D3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x889DB000 \SystemRoot\system32\drivers\rdprefmp.sys
0x889E3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x889EE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x88800000 \SystemRoot\system32\DRIVERS\tdx.sys
0x88817000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DE1A000 \SystemRoot\system32\drivers\afd.sys
0x8DE74000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DEA6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8DEAD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DECC000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8DEDD000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DEEB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DEFE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DF0E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8DF14000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DF55000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DF5F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8DF69000 \SystemRoot\System32\drivers\discache.sys
0x8DF75000 \SystemRoot\system32\drivers\csc.sys
0x8DFD9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DFF1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x88200000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x831CB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8DE00000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x88822000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90415000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x90031000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x900E8000 \SystemRoot\System32\drivers\dxgmms1.sys
0x90A3D000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x90B55000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x90B5F000 \SystemRoot\system32\DRIVERS\L1C62x86.sys
0x90B6F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x90B75000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x90B7F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90BCA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90BD9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90A00000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90A18000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90A25000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90A32000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90121000 \SystemRoot\System32\Drivers\ahgspjom.SYS
0x9015E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9016B000 \SystemRoot\system32\DRIVERS\GenericMount.sys
0x90178000 \SystemRoot\system32\DRIVERS\VPS3Joy.sys
0x901C3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90A36000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x901D6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x901E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9000B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x88409000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x83000000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x83017000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90BF8000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x90400000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x90BFD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90C18000 \SystemRoot\system32\DRIVERS\ks.sys
0x90C4C000 \SystemRoot\system32\DRIVERS\amdiox86.sys
0x90C5C000 \SystemRoot\system32\DRIVERS\AmdLLD.sys
0x90C6B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90C79000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90CBD000 \SystemRoot\system32\drivers\libusb0.sys
0x90CCB000 \SystemRoot\system32\drivers\usbd.sys
0x90CCD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90CDE000 \SystemRoot\system32\drivers\HdAudio.sys
0x90D2E000 \SystemRoot\system32\drivers\portcls.sys
0x90D5D000 \SystemRoot\system32\drivers\drmk.sys
0x90D8C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90DA3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x96E10000 \SystemRoot\System32\win32k.sys
0x90DC7000 \SystemRoot\System32\drivers\Dxapi.sys
0x90DD1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97070000 \SystemRoot\System32\TSDDD.dll
0x90DDC000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x970A0000 \SystemRoot\System32\cdd.dll
0x90DF2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90C00000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90C0B000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x88931000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x88942000 \SystemRoot\system32\drivers\luafv.sys
0x89E2F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x89E46000 \SystemRoot\system32\drivers\WudfPf.sys
0x89E60000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x89E70000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x89EB6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x89EC6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x89ED9000 \SystemRoot\system32\drivers\HTTP.sys
0x89F5E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x89F77000 \SystemRoot\System32\drivers\mpsdrv.sys
0x89F89000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x89FAC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x89E00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E024000 \SystemRoot\system32\DRIVERS\ithsgt.sys
0x9E04C000 \SystemRoot\system32\DRIVERS\lilsgt.sys
0x9E04F000 \SystemRoot\system32\drivers\peauth.sys
0x9E0E6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9E0F0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E111000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E11E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E16D000 \SystemRoot\System32\DRIVERS\srv.sys
0x9E1C6000 \??\C:\Windows\system32\drivers\mbam.sys
0x9E1EB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9E000000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x77370000 \Windows\System32\ntdll.dll
0x47E80000 \Windows\System32\smss.exe
0x775B0000 \Windows\System32\apisetschema.dll
0x770A0000 \Program Files\DAEMON Tools Lite\Engine.dll
0x00120000 \Windows\System32\autochk.exe

Processes (total 65):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
364 csrss.exe
436 C:\Windows\System32\wininit.exe
448 csrss.exe
496 C:\Windows\System32\winlogon.exe
520 C:\Windows\System32\services.exe
528 C:\Windows\System32\lsass.exe
536 C:\Windows\System32\lsm.exe
668 C:\Windows\System32\svchost.exe
752 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\Ati2evxx.exe
924 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\Ati2evxx.exe
1304 C:\Windows\System32\svchost.exe
1484 C:\Windows\System32\spoolsv.exe
1584 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1632 C:\Windows\System32\svchost.exe
1668 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
1716 C:\Windows\System32\taskhost.exe
1964 C:\Windows\explorer.exe
628 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1524 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1528 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
1580 C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
1944 C:\Windows\System32\svchost.exe
1628 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1048 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2080 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2136 C:\Program Files\Application Updater\ApplicationUpdater.exe
2196 C:\Program Files\Bonjour\mDNSResponder.exe
2232 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2284 C:\Windows\System32\conhost.exe
2368 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
2692 C:\Windows\System32\libusbd-nt.exe
2808 C:\Windows\System32\PnkBstrA.exe
1168 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
900 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3428 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3996 C:\Windows\System32\dwm.exe
596 C:\Windows\System32\svchost.exe
3564 C:\Program Files\Symantec\Symantec System Recovery\Agent\VProSvc.exe
3824 C:\Program Files\iPod\bin\iPodService.exe
1604 C:\Windows\System32\SearchIndexer.exe
3372 C:\Windows\System32\svchost.exe
3216 C:\Program Files\Symantec\Symantec System Recovery\Shared\Drivers\SymSnapService.exe
956 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
3744 C:\Program Files\Windows Media Player\wmpnetwk.exe
2520 C:\Program Files\Steam\Steam.exe
2932 C:\Windows\System32\taskhost.exe
2500 C:\Windows\System32\audiodg.exe
3448 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
3072 C:\Program Files\Aurora\firefox.exe
2604 C:\Program Files\Aurora\plugin-container.exe
2184 C:\Windows\System32\prevhost.exe
896 C:\Windows\System32\taskeng.exe
3720 C:\Windows\System32\SearchProtocolHost.exe
2400 C:\Windows\System32\SearchFilterHost.exe
808 C:\Windows\System32\dllhost.exe
2656 C:\Users\omar\Desktop\MBRCheck.exe
2632 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

#15
Essexboy

Posted 19 August 2011 - 01:08 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you re-run combofix please allow it to update if it asks

When it has finished could you post the log and let me know if the browser problem is resolved