My girlfriend was playing Texas Hold'em on Facebook, received one of those phishing messages and stupidly clicked on the link inside. Soon after that her entire stack of 170M chips disappeared from her acct. We submited a request to Zynga, who's the maker of the software, and followed their security protocols (i.e. changed passwords to both her FB and email accts, made sure that authorization is needed to connect new device to Facebook, and deleted all existing devices connected to FB). After that Zynga refunded her account with all the stolen chips. Next day same thing happened, all chips gone. We repeated the process one more time, they refunded her chips, next day - gone again. Third time something interesting happened. Chips where refunded once again. Sunday morning I decided to play few hands on my account, while she was cooking breakfast, while I'm playing I see a "buddy online" game notification pop-up, went to see who it was and it was "my girlfriend" (who's still cooking), I followed "her" to the table to watch "her" bet entire stack on one hand, fold immediately and leave the table. I went ahead and checked her Facebook security logs, no new devices were added. Checked her gmail filters and login history, everything looks good, no unknown sessions and no changes were made to acct settings. Zynga customer support swears that there's no way to bypass Facebook in order to play on these servers, only other thing I can think off is that a trojan was planted into my system when she clicked that link and, possibly, someone is remotely connecting to her acct through my system.
Now, I did download and installed Malwarebytes, scanned the systemm, it didn't find anything. I also installed and ran SpyBot, it found and deleted some cookies, but nothing related to my problem. I believe, that other then doing a clean install you're my only hope at this time. Attached is a log from OTL you ask for in topic creation requirements.
One other thing, I don't know if it makes any difference, but it was Firefox she was using when this all started.
Thank you in advance for your help and everything you do to help people out.
Edit: OK, so I since my post I ran more checks and made some changes to the system. Seems to be running faster, but I know that it could only be temporary before it really gets messed up. Here's an updated OTL log. And I promise not to try anything else until I hear from you.
OTL logfile created on: 3/17/2012 1:49:50 PM - Run 3
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Steve\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 56.23% Memory free
7.49 Gb Paging File | 5.48 Gb Available in Paging File | 73.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.67 Gb Total Space | 193.05 Gb Free Space | 82.97% Space Free | Partition Type: NTFS
Drive D: | 18.71 Gb Total Space | 2.71 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
Drive F: | 214.09 Gb Total Space | 105.36 Gb Free Space | 49.21% Space Free | Partition Type: NTFS
Drive G: | 99.02 Mb Total Space | 88.89 Mb Free Space | 89.76% Space Free | Partition Type: FAT32
Computer Name: HPNB | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/02/26 12:34:03 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/02/22 15:02:36 | 001,685,720 | ---- | M] (Auslogics) -- C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
PRC - [2012/02/22 04:29:18 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/06 20:03:59 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/29 13:15:01 | 003,462,552 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2011/11/03 17:25:38 | 007,503,360 | ---- | M] (NewsGator Technologies, Inc.) -- C:\Program Files (x86)\FeedDemon\FeedDemon.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/15 01:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\POWERISO\PWRISOVM.EXE
PRC - [2011/05/21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/09/25 04:29:38 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files (x86)\FlashGet\flashget.exe
========== Modules (No Company Name) ==========
MOD - [2011/12/13 23:57:18 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/07/04 16:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 14:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2007/09/11 06:21:34 | 001,327,184 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGEMCORE.dll
MOD - [2007/09/11 06:21:34 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\FlashGet\FGBTCORE.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/10/12 17:19:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/10/12 15:09:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/13 19:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/09 04:06:18 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/29 16:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/05/21 16:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/12/10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/12 15:56:18 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/12 14:30:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/06 10:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/06/24 07:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/15 03:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/13 19:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 19:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 13:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/13 17:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/09 18:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2010/06/09 04:06:18 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/05/06 08:21:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/15 15:41:32 | 000,346,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_SSCFilter_amd64.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/07 13:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-60846531-21061585-1297222041-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-60846531-21061585-1297222041-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Steve\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Steve\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/01/06 20:05:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/19 08:38:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 08:48:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/12 21:14:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Steve\AppData\Roaming\IDM\idmmzcc5 [2012/01/08 16:03:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Steve\AppData\Roaming\IDM\idmmzcc5 [2012/01/08 16:03:38 | 000,000,000 | ---D | M]
[2011/11/03 17:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2012/03/13 01:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p400yyhj.default\extensions
[2011/11/18 23:45:45 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p400yyhj.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2012/01/28 23:56:50 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p400yyhj.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2011/11/03 17:50:52 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p400yyhj.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2012/03/02 05:02:24 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p400yyhj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/03/13 01:44:52 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p400yyhj.default\extensions\[email protected]
[2011/11/03 18:02:59 | 000,001,635 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p400yyhj.default\searchplugins\firefox-add-ons.xml
[2011/11/12 20:27:26 | 000,001,504 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p400yyhj.default\searchplugins\imdb.xml
[2012/03/17 05:15:05 | 000,002,076 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p400yyhj.default\searchplugins\tvragecom.xml
[2011/11/03 18:01:34 | 000,001,030 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\p400yyhj.default\searchplugins\wikipedia-ru.xml
[2012/03/17 08:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P400YYHJ.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P400YYHJ.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P400YYHJ.DEFAULT\EXTENSIONS\{21E48E29-F574-4619-B65D-0F00EEA92E5B}.XPI
() (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P400YYHJ.DEFAULT\EXTENSIONS\{5CEFD22F-9A9E-4544-9BFC-C4F2FBCA87D6}.XPI
() (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P400YYHJ.DEFAULT\EXTENSIONS\{AFF87FA2-A58E-4EDD-B852-0A20203C1E17}.XPI
() (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P400YYHJ.DEFAULT\EXTENSIONS\{C2D0E930-64DE-11DB-BD13-0800200C9A66}.XPI
() (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P400YYHJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P400YYHJ.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P400YYHJ.DEFAULT\EXTENSIONS\{E6463D12-450D-45EB-9D47-804AEB0A9561}.XPI
() (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P400YYHJ.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P400YYHJ.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\STEVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P400YYHJ.DEFAULT\EXTENSIONS\[email protected]
[2012/03/17 08:48:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/26 12:31:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 13:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/08 18:03:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Downloaders plugin (Enabled) = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\npdmb.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.16_0\
CHR - Extension: Minimalist for Everything [Beta] = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek\0.5.20_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Tab Position Customizer = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldflinjcjehpjddjkohganfpjlnbpem\2.6_0\
CHR - Extension: Tab Manager = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda\3.11_0\
CHR - Extension: RSS Subscription Extension Plus = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobjkkjbcmhohalobdalmmenogajjlaj\2.0.3_0\
CHR - Extension: FB Photo Zoom = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.26.1_0\
CHR - Extension: AdBlock = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.22_0\
CHR - Extension: Instant Translate = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\0.6.9_0\
CHR - Extension: TVRage = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiacmmlhhnpnklejhckkiohnlljlgbni\2011.11.21.53722_0\
CHR - Extension: Downloads = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb\1_0\
CHR - Extension: AVG Safe Search = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gimme back my Google Bar! = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfohjdiahmhjbenfohpjplbffoeabkhj\1.0_0\
CHR - Extension: Downloaders = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
CHR - Extension: Smooth Gestures = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.13_0\
CHR - Extension: Google Redesigned = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkpckdjkmmgflnghjdokniaakigbfofa\1.0.1_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.1.3_0\
CHR - Extension: Context Menu Search = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocpcmghnefmdhljkoiapafejjohldoga\2.82_0\
O1 HOSTS File: ([2012/03/17 09:41:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-21-60846531-21061585-1297222041-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-60846531-21061585-1297222041-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-60846531-21061585-1297222041-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Flashget] C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-60846531-21061585-1297222041-1001..\Run: [FeedDemon] C:\Program Files (x86)\FeedDemon\FeedDemon.exe (NewsGator Technologies, Inc.)
O4 - HKU\S-1-5-21-60846531-21061585-1297222041-1001..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-60846531-21061585-1297222041-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-60846531-21061585-1297222041-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-60846531-21061585-1297222041-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-60846531-21061585-1297222041-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-60846531-21061585-1297222041-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-60846531-21061585-1297222041-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Закачать все при помощи FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Закачать при помощи FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: &Закачать все при помощи FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Закачать при помощи FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DD188EF-9AAB-4ECC-8366-D345834B85E5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F759198-16CF-46A4-B852-8689C17CA13D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E59B9714-67C8-4FDC-965F-8C67B7F706A4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/17 09:58:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/17 09:41:27 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/17 09:26:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/17 09:26:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/17 09:26:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/17 09:26:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/17 09:25:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/17 08:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/03/17 08:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/03/17 05:34:41 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2012/03/17 05:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2012/03/17 04:04:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\RK_Quarantine
[2012/03/17 04:04:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/03/17 04:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/03/17 04:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012/03/17 03:54:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\FastStone
[2012/03/17 02:13:00 | 000,000,000 | ---D | C] -- C:\PsTools
[2012/03/17 02:08:22 | 000,027,016 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysWow64\drivers\PROCEXP141.SYS
[2012/03/17 02:06:42 | 000,261,496 | ---- | C] (Sysinternals) -- C:\logonsessions.exe
[2012/03/17 01:47:41 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\ar
[2012/03/17 01:45:17 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Auslogics
[2012/03/17 01:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012/03/17 01:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2012/03/16 08:42:45 | 000,520,192 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\Side 9 Screensaver.scr
[2012/03/16 08:42:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Side 9 Screensaver dir
[2012/03/08 05:24:35 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Wireshark
[2012/03/08 05:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/03/08 05:21:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/03/08 05:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012/03/03 11:49:50 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\WSOP-USA.com
[2012/03/03 11:49:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSOP-USA.com
[2012/03/03 11:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WSOP-USA.com
[2012/03/03 11:49:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/03/03 11:49:33 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\WSOP-USA.com
[2012/03/03 11:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WSOP-USA.com
[2012/02/29 01:50:53 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Network Monitor 3
[2012/02/29 01:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
[2012/02/29 01:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3
[2012/02/27 17:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/27 17:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/02/27 17:24:51 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/02/27 15:59:37 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/02/27 02:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/27 02:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/27 02:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/02/26 15:51:22 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2012/02/26 15:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/26 15:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/26 15:51:14 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/26 15:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/26 14:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HJ
[2012/02/26 14:38:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/26 13:11:24 | 000,000,000 | ---D | C] -- C:\Silent Runners
[2012/02/26 12:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/02/26 12:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/02/19 09:33:58 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/02/19 08:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/02/19 08:38:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/02/19 08:37:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/02/19 08:37:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
========== Files - Modified Within 30 Days ==========
[2012/03/17 13:47:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-60846531-21061585-1297222041-1001UA.job
[2012/03/17 13:43:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/17 10:14:11 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/17 10:14:11 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/17 10:11:52 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/17 10:11:52 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/17 10:11:52 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/17 10:06:26 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/17 10:06:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/17 10:06:12 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/17 09:41:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/17 09:40:44 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSteve.job
[2012/03/17 08:49:21 | 092,069,082 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/03/17 08:40:44 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/03/17 07:59:48 | 000,007,627 | ---- | M] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
[2012/03/17 06:52:35 | 000,002,515 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/17 06:52:35 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/03/17 04:04:04 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/03/17 02:08:22 | 000,027,016 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\SysWow64\drivers\PROCEXP141.SYS
[2012/03/17 01:44:12 | 000,001,219 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk
[2012/03/16 16:47:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-60846531-21061585-1297222041-1001Core.job
[2012/03/16 08:42:45 | 000,520,192 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\Side 9 Screensaver.scr
[2012/03/15 16:32:25 | 000,000,740 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\111 - Shortcut.lnk
[2012/03/14 20:48:34 | 000,116,774 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/14 07:25:40 | 000,304,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/12 18:48:54 | 000,002,351 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/12 18:48:53 | 000,002,389 | ---- | M] () -- C:\Users\Steve\Desktop\Google Chrome.lnk
[2012/03/11 00:30:12 | 000,000,959 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2012/03/08 05:21:32 | 000,001,829 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2012/03/07 03:39:52 | 000,001,268 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/03 19:06:42 | 000,002,533 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/03/03 11:49:48 | 000,001,989 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\WSOP-USA.com.lnk
[2012/02/29 01:50:01 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
[2012/02/27 17:24:52 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/27 02:45:58 | 000,441,463 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120307-030926.backup
[2012/02/26 15:51:16 | 000,001,089 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/26 14:38:06 | 000,002,979 | ---- | M] () -- C:\Users\Steve\Desktop\HiJackThis.lnk
[2012/02/23 18:15:28 | 000,003,337 | ---- | M] () -- C:\Users\Steve\.recently-used.xbel
[2012/02/22 07:37:24 | 000,013,824 | ---- | M] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/22 04:29:18 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2012/02/19 13:49:58 | 000,015,708 | ---- | M] () -- C:\Users\Steve\Documents\zynga.odt
[2012/02/19 08:38:04 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/02/19 08:38:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/02/19 08:38:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
========== Files Created - No Company Name ==========
[2012/03/17 09:26:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/17 09:26:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/17 09:26:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/17 09:26:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/17 09:26:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/17 08:49:21 | 092,069,082 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/03/17 08:40:44 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/03/17 04:04:03 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/03/17 01:44:12 | 000,001,219 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk
[2012/03/15 16:32:25 | 000,000,740 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\111 - Shortcut.lnk
[2012/03/14 20:48:34 | 000,116,774 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/08 05:20:25 | 000,001,829 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2012/03/08 05:20:25 | 000,001,543 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012/03/03 19:06:42 | 000,002,533 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/03/03 11:49:48 | 000,001,989 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\WSOP-USA.com.lnk
[2012/02/29 01:50:01 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
[2012/02/27 02:35:15 | 000,001,268 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/26 15:51:16 | 000,001,089 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/26 14:38:06 | 000,002,979 | ---- | C] () -- C:\Users\Steve\Desktop\HiJackThis.lnk
[2012/02/23 18:15:28 | 000,003,337 | ---- | C] () -- C:\Users\Steve\.recently-used.xbel
[2012/02/19 13:49:57 | 000,015,708 | ---- | C] () -- C:\Users\Steve\Documents\zynga.odt
[2012/02/19 08:38:04 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/02/19 08:38:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/02/19 08:38:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/02/07 02:29:04 | 000,106,088 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/08 16:34:47 | 000,007,627 | ---- | C] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
[2011/12/29 05:36:25 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/14 06:30:25 | 000,013,824 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/03 18:07:53 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/11/03 18:07:52 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/11/03 18:07:52 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/11/03 18:07:52 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/10/12 17:16:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/04/27 19:30:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/27 19:23:32 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/04/27 19:23:32 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2011/03/17 12:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/09/06 14:10:43 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/09/06 13:08:58 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
========== LOP Check ==========
[2011/11/03 18:46:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ACD Systems
[2011/11/03 17:44:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Ashampoo
[2012/03/17 03:44:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Auslogics
[2011/11/04 03:28:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AVG2012
[2012/03/17 09:39:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DMCache
[2011/11/03 17:02:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FlashGet
[2012/02/23 18:15:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
[2011/12/14 05:45:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ID3-TagIT 3
[2012/01/12 22:54:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\IDM
[2011/11/23 12:29:42 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\IKKK88gRZ
[2011/11/23 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\JggRZZqhYXwk
[2011/12/14 05:06:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MediaMonkey
[2012/03/11 01:25:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mipony
[2011/12/14 05:14:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mp3tag
[2011/12/13 23:58:08 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OpenOffice.org
[2011/11/23 12:29:29 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\oRRRL99gTXqjCeI
[2011/11/23 12:29:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\r22oonFF4pH5sJ7
[2011/11/03 16:43:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\RoboForm
[2011/11/23 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\rsssWKK7fELgTqj
[2011/11/23 12:29:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TrrrllONt
[2012/03/17 13:50:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uTorrent
[2012/03/08 05:24:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Wireshark
[2012/03/03 11:52:38 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WSOP-USA.com
[2011/11/23 12:29:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ZrllOONtxP0u
[2009/07/14 00:08:49 | 000,013,886 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:07BF512B
< End of report >
Attached Files
Edited by RxEnergy, 17 March 2012 - 12:59 PM.