Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Questscan but more worryingly I think I have a keylogger


  • This topic is locked This topic is locked

#1
ovalman

ovalman

    New Member

  • Member
  • Pip
  • 6 posts
Hi there, long time lurker and most of my problems have been fixed by using the search function.

A while back my first son downloaded TV software along with Questscan nuisance software attached to Mozilla. I deleted this but not fully and from time to time a google search from the web address bar will turn up questscan answers. I don't click on any of the links and search by another method. This is a nuisance but I can live with it. More worryingly was today when I came home from work was a Norton Security Scan pop up, trying to install itself onto the computer. I uninstalled and as yet no sign of the program. More worryingly was my first start up of Mozilla where I tried to log into my Betfair account. A pop up asked me for my password, a pop up I've never seen before. When I restarted Mozilla, the same pop up and I'm extremely worried I have keylogging software installed onto my computer.

Malware Anti Spyware loads at start up even though I've uninstalled it, this again is not a problem.

I'm running genuine Windows 7 and afaik it is up to date.

My OTL log file:

OTL logfile created on: 14/09/2011 19:23:00 - Run 2
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Users\Dad\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 19.34% Memory free
5.49 Gb Paging File | 2.86 Gb Available in Paging File | 51.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.30 Gb Total Space | 121.27 Gb Free Space | 42.51% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/14 19:10:55 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Downloads\OTL(1).exe
PRC - [2011/09/12 18:34:11 | 003,077,120 | ---- | M] (Playtech) -- C:\Poker\Boylepoker\casino.exe
PRC - [2011/09/08 21:34:06 | 007,565,312 | ---- | M] (Hold'em Manager) -- C:\Program Files (x86)\RVG Software\Holdem Manager\HoldemManager.exe
PRC - [2011/09/08 21:25:56 | 002,158,592 | ---- | M] (Hold'em Manager) -- C:\Program Files (x86)\RVG Software\Holdem Manager\HMImport.exe
PRC - [2011/09/08 12:55:16 | 001,156,096 | ---- | M] () -- C:\Program Files (x86)\RVG Software\Holdem Manager\HMHud.exe
PRC - [2011/09/08 09:07:19 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 16:47:32 | 001,800,736 | ---- | M] () -- C:\Betfair\Betfair.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/27 17:42:56 | 001,368,912 | ---- | M] (Comfort Software Group) -- C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
PRC - [2011/05/19 18:41:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Betfair\arch\win32\jre\bin\java.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 21:30:46 | 003,588,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgui.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/28 06:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2011/01/28 06:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2010/03/04 06:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/04 06:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/04 06:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
PRC - [2009/11/20 15:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2005/09/12 16:00:40 | 000,266,240 | ---- | M] (Philips) -- C:\Windows\SysWOW64\drivers\Tray900.exe
PRC - [2005/09/12 16:00:24 | 000,155,648 | ---- | M] (Philips) -- C:\Windows\SysWOW64\drivers\Phibtn.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/08 12:55:16 | 001,156,096 | ---- | M] () -- C:\Program Files (x86)\RVG Software\Holdem Manager\HMHud.exe
MOD - [2011/09/08 09:07:19 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/16 17:17:00 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\RVG Software\Holdem Manager\SitNGoWizard.Localization.2.0.dll
MOD - [2011/08/11 09:42:09 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bb04320c07e3c71ac2d18cb382d97f41\WindowsFormsIntegration.ni.dll
MOD - [2011/08/11 09:40:16 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\ebdaeeb5ef1a6209d67a2f70fcaf5cd5\System.Core.ni.dll
MOD - [2011/08/11 07:11:18 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
MOD - [2011/08/11 07:11:08 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4e03de263f1fec29c4a7fa18986d0868\System.Transactions.ni.dll
MOD - [2011/08/11 07:11:07 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
MOD - [2011/08/11 07:10:56 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c60906a715473ceccf93f0559527e84d\PresentationFramework.ni.dll
MOD - [2011/08/11 07:10:33 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/11 07:10:22 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/11 07:10:18 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
MOD - [2011/08/11 07:10:17 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5566b57732d9edea236f54d06149835a\PresentationCore.ni.dll
MOD - [2011/08/11 07:09:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011/08/11 07:09:50 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/11 07:09:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/11 07:09:43 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/11 07:09:28 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/06/15 16:47:32 | 001,800,736 | ---- | M] () -- C:\Betfair\Betfair.exe
MOD - [2011/04/19 19:14:13 | 006,053,536 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/04/13 14:25:14 | 000,227,840 | ---- | M] () -- C:\Program Files (x86)\RVG Software\Holdem Manager\TextboxHook.dll
MOD - [2010/04/13 12:26:44 | 000,615,936 | ---- | M] () -- C:\Program Files (x86)\RVG Software\Holdem Manager\System.Data.SQLite.dll
MOD - [2010/04/13 12:26:44 | 000,307,200 | ---- | M] () -- C:\Program Files (x86)\RVG Software\Holdem Manager\ZedGraph.dll
MOD - [2010/04/13 12:26:40 | 000,373,248 | ---- | M] () -- C:\Program Files (x86)\RVG Software\Holdem Manager\Npgsql.dll
MOD - [2009/11/20 15:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/05/20 23:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/19 22:18:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/29 17:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 20:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/28 06:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 06:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/29 09:11:46 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2009/07/29 09:11:46 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/13 03:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsmdm.sys -- (zghsmdm)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/04/29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010/04/07 19:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/29 17:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/29 16:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/09 15:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/02 03:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/10/16 11:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/24 02:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2007/05/04 09:45:34 | 001,533,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\camdrv42.sys -- (camdrv42)
DRV - [2011/01/27 12:06:50 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Removed, personal information on a public board, can be revealed if needed
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =Removed, personal information on a public board, can be revealed if needed
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Removed, personal information on a public board, can be revealed if needed
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Removed, personal information on a public board, can be revealed if needed
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Removed, personal information on a public board, can be revealed if needed

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Removed, personal information on a public board, can be revealed if needed
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: Removed, personal information on a public board, can be revealed if needed
FF - prefs.js..keyword.URL: "http://www.questscan...anPB&keywords="

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dad\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dad\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/08/09 08:12:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/08 09:07:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/01 13:45:09 | 000,000,000 | ---D | M]

[2011/05/07 01:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2011/05/07 01:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/09/11 10:02:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9xid1l8i.default\extensions
[2011/04/29 16:30:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9xid1l8i.default\extensions\[email protected]
[2011/09/11 10:02:18 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\9xid1l8i.default\extensions\[email protected]
[2011/08/13 14:47:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/25 21:42:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/06/12 11:01:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/13 14:47:24 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
() (No name found) -- C:\USERS\DAD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9XID1L8I.DEFAULT\EXTENSIONS\[email protected]
[2011/09/08 09:07:19 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/17 21:47:29 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/08/17 21:47:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/08/17 21:47:29 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/08/17 21:47:29 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/08/17 21:47:29 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PhiBtn] C:\Windows\SysWOW64\drivers\Phibtn.exe (Philips)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayMin900] C:\Windows\SysWOW64\drivers\Tray900.exe (Philips)
O4 - HKCU..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\Windows\TEMP\E_SE90A.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.37\ShoppingReport.dll File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - C:\Program Files (x86)\ShoppingReport2\Bin\2.7.37\ShoppingReport.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DB0CA58-56E2-4870-850E-95D3BB711CF1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7470F331-08BC-45C2-9855-8C499CD6AD50}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL) -C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/14 18:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/09/14 07:13:09 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{CF7F92A2-9175-4723-AFFE-62369F9AFA27}
[2011/09/14 07:12:53 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{8C92A562-50E8-460C-8708-48F11A72A64B}
[2011/09/13 22:37:26 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{40F1336F-E7E8-4D1A-B072-9EBDAD12FBFB}
[2011/09/13 22:37:13 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{4A85DD77-E274-43EA-ADF8-763363287460}
[2011/09/13 07:09:47 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{A8668162-C403-4AE0-9B8E-8FB347727AE8}
[2011/09/13 07:09:31 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{CD04274C-8D65-4DA4-946C-27A490812F03}
[2011/09/12 12:13:33 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{299F2EBF-1CF6-45CD-8859-A1C39F04C0B8}
[2011/09/12 12:13:22 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{E31D8F81-01CA-401F-A943-7B3EC62FDA64}
[2011/09/11 10:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
[2011/09/11 10:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeAlarmClock
[2011/09/10 23:11:50 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{99E9F523-2324-40B0-AC84-B999D04CD633}
[2011/09/10 23:11:38 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{7A02838A-15E4-4171-A720-E28470990BE5}
[2011/09/09 15:38:03 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{FFEAB254-B0CB-4517-8CDA-7BC19893373E}
[2011/09/09 15:37:49 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{1B57176E-7E39-475B-8A74-DA6F66F08EEE}
[2011/09/09 15:35:31 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{A7E95546-EC8F-4E4B-8853-CAAA00D66D66}
[2011/09/08 06:12:00 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{5798E7A1-86EB-4EFE-AD46-E8D9CD9DF538}
[2011/09/08 06:11:47 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{7C438B00-AE83-429A-927F-A38F53CA8F78}
[2011/09/06 23:19:26 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{04CEE469-540C-434F-B87D-5C7BD4FC737F}
[2011/09/06 23:19:13 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{F7E81B81-FB16-40D7-BF01-590622B3E8C2}
[2011/09/06 06:19:06 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{E63F580B-E683-40E6-A1E6-BBBCD018D954}
[2011/09/06 06:18:50 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{92D706DB-A3BC-49DF-BAE4-28414EB530B1}
[2011/09/05 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{31BF1D00-69C4-43C7-A8ED-BB6E7FE9BAEE}
[2011/09/05 16:58:52 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{D218D4A4-D429-4A30-8B0C-36C0F4BE8F7D}
[2011/09/05 05:48:48 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{404E5531-E148-494C-93DC-2B7267C11C5B}
[2011/09/05 05:48:33 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{5D9E1432-BD08-436B-ADEF-4683C76E582A}
[2011/09/04 06:44:02 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{51FB12CC-D18A-4C7F-AFDC-9F9D8AED2433}
[2011/09/04 06:43:42 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{BDD00A5A-4800-4AEB-90E4-2252EDA48AB4}
[2011/09/03 07:50:20 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{6016054B-0F79-4B56-9A7D-2DFF09C0B1C2}
[2011/09/03 07:50:07 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{69E18551-27C3-4929-AEAB-EA6D40732017}
[2011/09/02 06:45:37 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{174DF70C-708D-499B-B24A-344124B25B0F}
[2011/09/02 06:45:25 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{B79C5980-2554-4BA8-A9E3-3B2A7D066C1A}
[2011/08/31 23:41:26 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{0A7BB881-51A0-4760-BE5A-E808E5A410F2}
[2011/08/31 23:41:15 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{58F6FF9A-9062-4662-82C5-8686B33878B0}
[2011/08/30 23:55:14 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{49D1B347-3FA2-4442-8461-44DD16CC5E12}
[2011/08/30 23:55:02 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{51ED8B2B-EDAC-4E98-83C9-2C34DCBB97DE}
[2011/08/29 23:00:15 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{EBC3252D-F655-4839-A472-EB1E89268B34}
[2011/08/29 23:00:00 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{431D8EB1-3CF1-40E0-B07E-35A885A39C71}
[2011/08/29 20:49:55 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{69686BE1-BA64-4F40-A952-BA81BD3CD2F6}
[2011/08/29 20:49:36 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{2863C2A8-28A2-4163-B65C-B9B9131DE41C}
[2011/08/29 01:23:05 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{3CF5B414-D851-485F-A5C3-0D2488E34523}
[2011/08/29 01:22:52 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{BFFECBCD-D048-42FC-8029-8B921CB5B5E6}
[2011/08/28 00:55:28 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{44583389-081A-4705-A1B1-3393A4BA6997}
[2011/08/28 00:55:16 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{23637592-28DB-4E83-9CF9-0A70FD06EA90}
[2011/08/27 12:54:23 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{7A4D2458-DEDE-4777-B82A-00DFE63059C7}
[2011/08/27 12:54:07 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{D43C2DE2-A61D-481E-A677-37CB4DEB23B6}
[2011/08/27 06:00:44 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{07A0CB4A-1C50-428B-80AA-7CAA071C1AD3}
[2011/08/27 06:00:29 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{16FC73FB-E35F-4730-A062-513C71C01ACB}
[2011/08/25 23:30:05 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{EDBC38CB-F498-4FB2-82F3-AAA4442EB88F}
[2011/08/25 23:29:46 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{0E23C3D2-15AF-4368-904D-D48A78166BB4}
[2011/08/25 01:09:32 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{026079CE-658F-4C01-9C1D-8895ADA7AE2C}
[2011/08/25 01:09:16 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{F40C93A4-43D0-4512-BA66-0245FEBDB1C4}
[2011/08/24 13:08:46 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{0856761E-BE43-446C-A304-2DDE0F3E2618}
[2011/08/24 13:08:34 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{265E62FF-26DA-4CD2-A727-F963ED906A52}
[2011/08/24 01:08:05 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{E4583440-916B-440B-AEED-C01F53BC9150}
[2011/08/24 01:07:43 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{F9CC3280-6832-435E-B662-8AB62CA8FEB9}
[2011/08/23 13:07:05 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{814CEEB9-7C35-4C0F-BA14-F8792D10B479}
[2011/08/23 13:06:49 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{DCAE5AC1-B9F7-4101-A114-FB1EFEDA86F4}
[2011/08/22 23:27:14 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{995F9EEE-382D-4EB8-B41C-2406E38BADA6}
[2011/08/22 23:25:28 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{76F478EF-DA49-4CAA-B0B4-BCC5137DBBBD}
[2011/08/21 22:54:29 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{0F91D8D8-8B53-4C38-99B9-74A9A0069A4F}
[2011/08/21 22:54:03 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{C27A91E6-0BAD-4869-A262-E6078FE51CAF}
[2011/08/21 09:25:59 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{19E9BCBE-DE8D-4B3A-9C92-EEEB425D424D}
[2011/08/21 09:24:16 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{BD775806-E03F-472B-AB9B-3168803CA3E0}
[2011/08/20 23:02:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011/08/20 23:02:09 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011/08/20 23:02:08 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011/08/20 23:02:08 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011/08/20 23:02:08 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011/08/20 23:02:08 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011/08/20 23:02:04 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2011/08/20 23:02:04 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2011/08/20 23:02:03 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2011/08/20 23:02:03 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2011/08/20 23:01:50 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011/08/20 23:01:50 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011/08/20 23:01:50 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011/08/20 23:01:49 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011/08/20 23:01:45 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011/08/20 23:01:44 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011/08/20 23:01:32 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2011/08/20 23:01:31 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2011/08/20 23:01:31 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2011/08/20 23:01:31 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2011/08/20 23:01:31 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2011/08/20 23:01:27 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2011/08/20 23:01:25 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2011/08/20 23:01:22 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011/08/20 23:01:21 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2011/08/20 23:01:20 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011/08/20 23:01:16 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2011/08/20 23:00:34 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011/08/20 23:00:33 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011/08/20 23:00:32 | 000,439,808 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2011/08/20 23:00:31 | 000,527,872 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2011/08/20 23:00:30 | 000,515,584 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2011/08/20 23:00:28 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011/08/20 23:00:27 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011/08/20 23:00:25 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011/08/20 23:00:24 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011/08/20 23:00:22 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011/08/20 23:00:21 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011/08/20 23:00:19 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011/08/20 23:00:17 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011/08/20 23:00:16 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011/08/20 23:00:14 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011/08/20 23:00:12 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011/08/20 22:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/08/20 22:50:51 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\ElevatedDiagnostics
[2011/08/20 20:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/08/20 20:01:22 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{98FE3524-9685-4EBE-BBDD-E352BF2B8089}
[2011/08/20 20:01:02 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{CD55B95A-78EF-44B3-AF57-7AD7C8F76F08}
[2011/08/20 19:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011/08/19 23:27:45 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{24927652-F074-455A-8617-4A0DFFD2D62E}
[2011/08/19 23:27:23 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{31570DF0-D313-4C8C-8056-F11636FFDF12}
[2011/08/19 15:57:35 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{652D32FB-2CCA-4BE5-9B71-CBE14C3A4148}
[2011/08/19 15:45:09 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/08/19 15:25:49 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{C3F0D459-982E-4D00-ADEB-472C3086BCFC}
[2011/08/19 15:25:30 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{96988A91-7179-4314-A99D-0DAC1F08E76C}
[2011/08/19 06:03:37 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{13ADD6E0-6A6B-43AB-B236-12E1E357E690}
[2011/08/18 13:36:38 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{7AA7F172-B370-4F00-91B3-3C8C6FAAA1B1}
[2011/08/18 13:36:28 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{0DEB13F6-06CD-481A-8EA9-5D8B35242C9E}
[2011/08/18 00:26:00 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{297C7E10-03F2-4F0F-A873-0795223DB33F}
[2011/08/18 00:25:49 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{4B624BBD-E98C-4422-AABE-401A1CBBFFC9}
[2011/08/16 23:53:20 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{EF6DA355-EA13-4BA3-8C51-1D428F7A7391}
[2011/08/16 23:53:08 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{E19626E0-5410-43A9-BEB3-E5C4BF1C244E}
[2011/08/15 23:43:11 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{128C4CD5-59B2-4F4F-B503-C98A4CD213BD}
[2011/08/15 23:42:57 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\{786C0F1E-215E-47FC-9D69-47144F072825}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/14 18:58:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3837747319-1461288089-3290236012-1001UA.job
[2011/09/14 18:42:53 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/14 18:42:53 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/14 18:33:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/14 18:33:23 | 2213,154,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/14 18:10:34 | 132,196,299 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/09/13 22:35:14 | 000,001,057 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\vso_ts_preview.xml
[2011/09/13 19:58:08 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3837747319-1461288089-3290236012-1001Core.job
[2011/09/12 12:08:55 | 388,410,150 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/11 10:54:59 | 000,000,976 | ---- | M] () -- C:\Users\Dad\Desktop\Free Alarm Clock.lnk
[2011/09/03 18:51:55 | 000,002,397 | ---- | M] () -- C:\Users\Dad\Desktop\Google Chrome.lnk
[2011/08/29 01:27:10 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/29 01:27:10 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/29 01:27:10 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/24 12:29:22 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/08/24 12:29:22 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/08/18 15:25:47 | 000,000,129 | ---- | M] () -- C:\Users\Dad\jagex_runescape_preferences2.dat
[2011/08/18 15:25:47 | 000,000,035 | ---- | M] () -- C:\Users\Dad\jagex_runescape_preferences.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/11 10:54:59 | 000,000,976 | ---- | C] () -- C:\Users\Dad\Desktop\Free Alarm Clock.lnk
[2011/08/17 12:29:53 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/08/17 12:29:53 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/08/13 14:45:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\ec38019acb7b0b985ee45da8d8da89a8_c
[2011/07/03 16:22:13 | 000,004,106 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011/05/06 19:12:03 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2011/05/06 18:21:05 | 000,001,057 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\vso_ts_preview.xml
[2011/04/29 16:51:28 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011/04/26 21:24:11 | 000,000,174 | ---- | C] () -- C:\Windows\ESTIMATE-SETTING.INI
[2011/04/26 21:24:11 | 000,000,160 | ---- | C] () -- C:\Windows\ALIGN-SETTING.INI
[2011/04/26 21:24:11 | 000,000,106 | ---- | C] () -- C:\Windows\LIMIT-SETTING.INI
[2011/04/26 21:23:25 | 000,000,052 | ---- | C] () -- C:\Windows\MRU.ini
[2011/04/19 23:19:50 | 000,000,045 | ---- | C] () -- C:\Users\Dad\AppData\Local\machpro.dat
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/05/20 06:19:00 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/20 06:18:12 | 000,001,562 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/05/19 21:57:23 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/05/19 21:41:04 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010/05/19 21:41:04 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/05/19 21:41:04 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/05/19 21:41:04 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010/05/19 21:34:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/03/25 22:02:10 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/03/25 22:02:10 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/03/25 22:02:10 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/04/29 16:30:31 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\AVG10
[2011/08/11 19:34:55 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Azureus
[2011/04/29 13:01:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\HEM Data
[2011/05/03 23:46:08 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\HoldemManager
[2011/05/19 21:26:33 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\IObit
[2011/09/04 22:55:53 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Microgaming
[2011/05/06 19:38:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\MotioninJoy
[2011/07/06 00:18:55 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Opera
[2011/06/26 10:54:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\PacificPoker
[2011/05/07 01:12:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Songbird2
[2011/04/29 16:30:35 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Stellarium
[2011/04/23 16:48:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Video Wallpaper
[2011/09/13 15:36:55 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Vso
[2011/05/13 13:23:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Windows Live Writer
[2011/04/26 21:17:57 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\wxAstroCapture
[2011/06/27 11:22:16 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by ovalman, 14 September 2011 - 04:05 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello ovalman and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..keyword.URL: "http://www.questscan...anPB&keywords="
    [2011/08/13 14:47:24 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKCU..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\Windows\TEMP\E_SE90A.tmp" /EF "HKCU" File not found

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#3
ovalman

ovalman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
All processes killed
========== OTL ==========
Prefs.js: "http://www.questscan...anPB&keywords=" removed from keyword.URL
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096} folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON SX100 Series deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dad
->Temp folder emptied: 830709535 bytes
->Temporary Internet Files folder emptied: 447058299 bytes
->Java cache emptied: 4315098 bytes
->FireFox cache emptied: 159750849 bytes
->Google Chrome cache emptied: 12896799 bytes
->Flash cache emptied: 2946344 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.Dad-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36046340 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67429 bytes
RecycleBin emptied: 5485508517 bytes

Total Files Cleaned = 6,656.00 mb


[EMPTYFLASH]

User: All Users

User: Dad
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: postgres

User: postgres.Dad-PC

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 09232011_174425

Files\Folders moved on Reboot...
C:\Users\Dad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#4
ovalman

ovalman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I've downloaded GMER but I'm having trouble closing down AVG - the instructions on that site are not up to date, there is no Status menu. More worryingly when I try and disable the Resident Shield I get the following message "An error occurred when saving the configuration. Specific file was not found" No matter what I do I can't disable AVG. Should I run msconfig and untick AVG start up and try it from there? Or run the program in safe mode?

Thanks for your help BTW, really appreciated.
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi ovalman,

Don't touch AVG and try to run GMER. If all goes fine post GMER log here for me.
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP