Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help with pups

Started by wingnut49 , May 11 2010 06:03 PM

  • Please log in to reply

#1
wingnut49
Posted 11 May 2010 - 06:03 PM

wingnut49

    New Member

  • Member
  • Pip
  • 1 posts
Pups and trojans could not be removed.

OTL logfile created on: 5/11/2010 7:45:01 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Rick Clay\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4011

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/11/2010 7:19:41 PM
mbam-log-2010-05-11 (19-19-41).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 228908
Time elapsed: 26 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 65.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 389.76 Gb Free Space | 86.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICKCLAY-PC
Current User Name: Rick Clay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/11 19:33:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Rick Clay\Desktop\OTL.exe
PRC - [2010/04/20 15:16:10 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/13 01:42:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/25 18:08:06 | 001,573,376 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2010/01/26 20:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/15 05:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/08/07 18:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/03/16 16:20:36 | 001,482,240 | ---- | M] (WORDsearch Corp.) -- C:\Program Files (x86)\WORDsearch 7\ZipScript.exe


========== Modules (SafeList) ==========

MOD - [2010/05/11 19:33:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Rick Clay\Desktop\OTL.exe
MOD - [2009/10/14 09:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/10 17:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 17:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/19 14:39:26 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/10/14 09:30:58 | 000,800,624 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2009/08/18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/06/15 14:12:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/13 01:42:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/02/23 14:04:14 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/12/29 14:36:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/20 15:16:08 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/04/13 01:43:46 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/04/13 01:43:46 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/11/22 15:44:24 | 000,446,152 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009/10/14 09:30:04 | 000,032,888 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/25 00:23:40 | 001,224,704 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 14:48:00 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 06:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=SUN1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://g.msn.com/USCON/1"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...TDF&PC=SUN1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/02/24 09:43:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/04/20 16:52:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/04/13 01:43:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/04/13 16:19:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/13 16:19:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/19 09:30:52 | 000,000,000 | ---D | M]

[2010/01/21 22:32:17 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\Mozilla\Extensions
[2010/04/10 20:59:13 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\Mozilla\Firefox\Profiles\k145sibc.default\extensions
[2010/03/08 14:15:48 | 000,001,832 | ---- | M] () -- C:\Users\Rick Clay\AppData\Roaming\Mozilla\Firefox\Profiles\k145sibc.default\searchplugins\bing.xml
[2010/05/08 13:30:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/09/21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [ZipScript] C:\Program Files (x86)\WORDsearch 7\ZipScript.exe (WORDsearch Corp.)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Rick Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Rick Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: emcp.com ([www.snap2007] http in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b174f761-fd24-11de-94c5-002564e70857}\Shell - "" = AutoRun
O33 - MountPoints2\{b174f761-fd24-11de-94c5-002564e70857}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/11 19:33:36 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Rick Clay\Desktop\OTL.exe
[2010/05/11 19:23:50 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Desktop\gmer
[2010/05/11 18:50:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/11 18:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/05/11 18:48:53 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Rick Clay\Desktop\erunt_setup.exe
[2010/05/11 18:41:46 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Rick Clay\Desktop\TFC.exe
[2010/05/08 22:40:16 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Documents\ForceField Shared Files
[2010/05/04 08:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/04 08:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/05/04 08:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/04 08:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/04 08:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/04/30 00:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/04/29 23:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/04/29 23:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/04/29 23:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC
[2010/04/29 23:09:08 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\AppData\Local\ElevatedDiagnostics
[2010/04/29 19:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/29 19:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/04/26 22:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2010/04/20 15:15:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010/04/20 01:22:50 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\AppData\Roaming\Malwarebytes
[2010/04/20 01:22:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/20 01:22:43 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/20 01:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/04/20 01:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/20 00:23:33 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/19 23:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[2010/04/19 14:39:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/04/19 14:39:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/04/18 17:26:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/13 01:52:02 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\AppData\Roaming\CheckPoint
[2010/04/13 01:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/04/13 01:51:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2010/04/13 01:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2010/04/13 01:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/04/13 01:43:52 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/04/13 01:43:49 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/04/13 01:43:46 | 000,269,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/04/13 01:43:45 | 000,035,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/04/13 01:43:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/04/13 01:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/04/13 01:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/04/13 01:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/04/13 01:27:08 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/04/13 01:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/04/13 01:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/04/04 12:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/04 12:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/03 21:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2010/04/03 21:50:58 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\AppData\Roaming\WildTangent
[2010/04/02 21:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/02 21:24:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/02 21:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010/03/27 16:25:35 | 000,015,120 | ---- | C] (Microsoft Corporation) -- C:\Users\Rick Clay\ICWRMIND.exe
[2010/03/20 09:28:57 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Documents\Certblaster
[2010/03/19 19:29:05 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Documents\Libronix DLS
[2010/03/19 14:45:25 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Documents\WORDsearch Backups
[2010/03/14 22:54:24 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Documents\My BN eBooks
[2010/03/14 22:54:24 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Library
[2010/03/14 22:54:16 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\AppData\Roaming\Barnes & Noble
[2010/03/14 22:54:14 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\DesktopReader
[2010/03/10 12:12:18 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2010/03/10 12:12:16 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Documents\My eBooks
[2010/03/10 12:12:16 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\AppData\Roaming\InterTrust
[2010/03/10 12:12:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/03/03 11:56:43 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\AppData\Roaming\Certblaster
[2010/03/03 11:56:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Certblaster
[2010/03/03 11:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/02/24 09:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/02/23 09:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar Installer
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/11 19:45:00 | 004,980,736 | -HS- | M] () -- C:\Users\Rick Clay\NTUSER.DAT
[2010/05/11 19:33:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Rick Clay\Desktop\OTL.exe
[2010/05/11 18:52:51 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/11 18:52:51 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/11 18:52:26 | 000,779,572 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/11 18:52:26 | 000,661,830 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/11 18:52:26 | 000,121,018 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/11 18:49:48 | 000,001,106 | ---- | M] () -- C:\Users\Rick Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/11 18:49:45 | 000,000,926 | ---- | M] () -- C:\Users\Rick Clay\Desktop\NTREGOPT.lnk
[2010/05/11 18:49:45 | 000,000,907 | ---- | M] () -- C:\Users\Rick Clay\Desktop\ERUNT.lnk
[2010/05/11 18:48:55 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Rick Clay\Desktop\erunt_setup.exe
[2010/05/11 18:45:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/11 18:44:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/11 18:44:32 | 536,174,591 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/11 18:43:54 | 016,850,639 | -H-- | M] () -- C:\Users\Rick Clay\AppData\Local\IconCache.db
[2010/05/11 18:41:46 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Rick Clay\Desktop\TFC.exe
[2010/05/11 17:52:09 | 059,847,767 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/05/04 08:43:31 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/30 00:34:28 | 000,001,887 | ---- | M] () -- C:\Users\Rick Clay\Desktop\CCleaner.lnk
[2010/04/29 16:31:55 | 000,002,399 | ---- | M] () -- C:\Users\Rick Clay\.dosfm
[2010/04/29 16:27:19 | 000,002,399 | ---- | M] () -- C:\Users\Rick Clay\DOSFM
[2010/04/27 15:42:50 | 008,656,832 | ---- | M] (Dell, Inc. ) -- C:\Users\Rick Clay\AppData\Roaming\DataSafeDotNet.exe
[2010/04/26 22:16:33 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/04/20 15:16:08 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/04/20 01:49:17 | 000,131,072 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010/04/20 01:22:47 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/20 00:21:05 | 000,001,124 | ---- | M] () -- C:\Users\Rick Clay\Desktop\YouTube Downloader.lnk
[2010/04/19 09:30:53 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/13 01:52:14 | 000,422,437 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/04/13 01:51:40 | 000,001,068 | ---- | M] () -- C:\Users\Rick Clay\Desktop\ZoneAlarm Security.lnk
[2010/04/13 01:43:53 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/04/13 01:43:53 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/04/13 01:43:46 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/04/13 01:43:46 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/04/13 01:43:45 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/04/13 01:19:44 | 000,001,260 | ---- | M] () -- C:\Users\Rick Clay\Desktop\Spybot - Search & Destroy.lnk
[2010/04/05 09:17:55 | 000,004,096 | -H-- | M] () -- C:\Users\Rick Clay\AppData\Local\keyfile3.drm
[2010/04/02 21:24:58 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/02 21:16:37 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/14 23:18:32 | 000,000,945 | ---- | M] () -- C:\Users\Rick Clay\Desktop\Barnes & Noble Desktop Reader.lnk
[2010/03/01 11:47:53 | 000,000,000 | ---- | M] () -- C:\Users\Rick Clay\type
[2010/03/01 11:29:47 | 000,000,000 | ---- | M] () -- C:\Users\Rick Clay\copy
[2010/02/15 13:52:26 | 000,000,000 | ---- | M] () -- C:\Users\Rick Clay\ipconfig
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/11 18:49:48 | 000,001,106 | ---- | C] () -- C:\Users\Rick Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/11 18:49:45 | 000,000,926 | ---- | C] () -- C:\Users\Rick Clay\Desktop\NTREGOPT.lnk
[2010/05/11 18:49:45 | 000,000,907 | ---- | C] () -- C:\Users\Rick Clay\Desktop\ERUNT.lnk
[2010/05/04 08:43:31 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/30 00:34:28 | 000,001,887 | ---- | C] () -- C:\Users\Rick Clay\Desktop\CCleaner.lnk
[2010/04/29 16:31:55 | 000,002,399 | ---- | C] () -- C:\Users\Rick Clay\.dosfm
[2010/04/29 16:27:19 | 000,002,399 | ---- | C] () -- C:\Users\Rick Clay\DOSFM
[2010/04/26 22:16:33 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/04/20 01:48:45 | 000,131,072 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2010/04/20 01:22:47 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/19 23:58:46 | 000,001,124 | ---- | C] () -- C:\Users\Rick Clay\Desktop\YouTube Downloader.lnk
[2010/04/13 01:51:40 | 000,001,068 | ---- | C] () -- C:\Users\Rick Clay\Desktop\ZoneAlarm Security.lnk
[2010/04/13 01:51:11 | 000,422,437 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/04/13 01:43:53 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/04/13 01:43:45 | 059,847,767 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/04/13 01:43:45 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/04/13 01:12:13 | 000,001,260 | ---- | C] () -- C:\Users\Rick Clay\Desktop\Spybot - Search & Destroy.lnk
[2010/04/05 09:17:55 | 000,004,096 | -H-- | C] () -- C:\Users\Rick Clay\AppData\Local\keyfile3.drm
[2010/04/02 21:24:58 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/02 21:16:37 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/14 22:54:18 | 000,000,945 | ---- | C] () -- C:\Users\Rick Clay\Desktop\Barnes & Noble Desktop Reader.lnk
[2010/03/03 19:30:13 | 000,165,864 | ---- | C] () -- C:\Users\Rick Clay\MSD.EXE
[2010/03/03 19:30:13 | 000,034,598 | ---- | C] () -- C:\Users\Rick Clay\KEYBOARD.SYS
[2010/03/03 19:30:13 | 000,029,336 | ---- | C] () -- C:\Users\Rick Clay\FDISK.EXE
[2010/03/03 19:30:13 | 000,022,974 | ---- | C] () -- C:\Users\Rick Clay\FORMAT.COM
[2010/03/03 19:30:13 | 000,016,129 | ---- | C] () -- C:\Users\Rick Clay\EXPAND.EXE
[2010/03/03 19:30:13 | 000,012,241 | ---- | C] () -- C:\Users\Rick Clay\CHKDSK.EXE
[2010/03/03 19:30:13 | 000,009,390 | ---- | C] () -- C:\Users\Rick Clay\LABEL.EXE
[2010/03/03 19:30:13 | 000,001,131 | ---- | C] () -- C:\Users\Rick Clay\LOADFIX.COM
[2010/03/03 19:30:13 | 000,001,131 | ---- | C] () -- C:\Users\Rick Clay\LABRATS.UNK
[2010/03/03 19:30:13 | 000,000,013 | ---- | C] () -- C:\Users\Rick Clay\LABNUM3.TXT
[2010/03/03 19:30:11 | 000,011,208 | ---- | C] () -- C:\Users\Rick Clay\ATTRIB.EXE
[2010/03/01 11:47:53 | 000,000,000 | ---- | C] () -- C:\Users\Rick Clay\type
[2010/02/15 13:52:26 | 000,000,000 | ---- | C] () -- C:\Users\Rick Clay\ipconfig
[2010/02/11 19:25:18 | 000,000,000 | ---- | C] () -- C:\Users\Rick Clay\copy
[2010/02/06 15:29:58 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/08 15:40:36 | 000,000,000 | ---- | C] () -- C:\Windows\QTW.ini
[2010/01/07 00:59:47 | 000,020,594 | ---- | C] () -- C:\Windows\SysWow64\DELS1LMK.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/14 22:54:16 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\Barnes & Noble
[2010/03/03 11:56:43 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\Certblaster
[2010/04/13 01:52:02 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\CheckPoint
[2010/03/10 12:12:16 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\InterTrust
[2010/01/06 18:04:09 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\Libronix DLS
[2010/04/03 21:50:58 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\WildTangent
[2010/05/03 06:16:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/07 13:51:44 | 000,004,632 | ---- | M] () -- C:\0x0409.ini
[2010/01/07 13:51:46 | 000,725,504 | ---- | M] () -- C:\1033.MST
[2009/12/29 16:17:29 | 000,003,872 | RH-- | M] () -- C:\dell.sdr
[2001/09/05 22:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2010/05/11 18:44:32 | 536,174,591 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/07 13:51:51 | 035,885,568 | ---- | M] () -- C:\iPod for Windows 2005-09-23.msi
[2010/05/11 18:44:35 | 2146,557,951 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/30 00:46:30 | 000,0OTL logfile created on: 5/11/2010 7:45:01 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Rick Clay\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 65.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 389.76 Gb Free Space | 86.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICKCLAY-PC
Current User Name: Rick Clay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/11 19:33:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Rick Clay\Desktop\OTL.exe
PRC - [2010/04/20 15:16:10 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/13 01:42:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/25 18:08:06 | 001,573,376 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2010/01/26 20:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/12/08 22:29:44 | 000,240,992 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/15 05:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/08/07 18:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/03/16 16:20:36 | 001,482,240 | ---- | M] (WORDsearch Corp.) -- C:\Program Files (x86)\WORDsearch 7\ZipScript.exe


========== Modules (SafeList) ==========

MOD - [2010/05/11 19:33:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Rick Clay\Desktop\OTL.exe
MOD - [2009/10/14 09:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/06/10 17:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 17:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/19 14:39:26 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2009/10/14 09:30:58 | 000,800,624 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2009/08/18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/06/15 14:12:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/13 01:42:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/02/23 14:04:14 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/12/29 14:36:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/08/07 18:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 10:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/20 15:16:08 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/04/13 01:43:46 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/04/13 01:43:46 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/11/22 15:44:24 | 000,446,152 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009/10/14 09:30:04 | 000,032,888 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/25 00:23:40 | 001,224,704 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 14:48:00 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 06:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=SUN1&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://g.msn.com/USCON/1"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...TDF&PC=SUN1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/02/24 09:43:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/04/20 16:52:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/04/13 01:43:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/04/13 16:19:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/13 16:19:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/19 09:30:52 | 000,000,000 | ---D | M]

[2010/01/21 22:32:17 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\Mozilla\Extensions
[2010/04/10 20:59:13 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\Mozilla\Firefox\Profiles\k145sibc.default\extensions
[2010/03/08 14:15:48 | 000,001,832 | ---- | M] () -- C:\Users\Rick Clay\AppData\Roaming\Mozilla\Firefox\Profiles\k145sibc.default\searchplugins\bing.xml
[2010/05/08 13:30:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/09/21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [ZipScript] C:\Program Files (x86)\WORDsearch 7\ZipScript.exe (WORDsearch Corp.)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Rick Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Rick Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: emcp.com ([www.snap2007] http in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files (x86)\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files (x86)\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b174f761-fd24-11de-94c5-002564e70857}\Shell - "" = AutoRun
O33 - MountPoints2\{b174f761-fd24-11de-94c5-002564e70857}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/11 19:33:36 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Rick Clay\Desktop\OTL.exe
[2010/05/11 19:23:50 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Desktop\gmer
[2010/05/11 18:50:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/11 18:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/05/11 18:48:53 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Rick Clay\Desktop\erunt_setup.exe
[2010/05/11 18:41:46 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Rick Clay\Desktop\TFC.exe
[2010/05/08 22:40:16 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Documents\ForceField Shared Files
[2010/05/04 08:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/04 08:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/05/04 08:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/04 08:41:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/04 08:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/04/30 00:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/04/29 23:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010/04/29 23:32:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/04/29 23:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC
[2010/04/29 23:09:08 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\AppData\Local\ElevatedDiagnostics
[2010/04/29 19:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/04/29 19:48:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/04/26 22:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2010/04/20 15:15:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010/04/20 01:22:50 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\AppData\Roaming\Malwarebytes
[2010/04/20 01:22:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/20 01:22:43 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/20 01:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/04/20 01:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/20 00:23:33 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/19 23:58:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[2010/04/19 14:39:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/04/19 14:39:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/04/18 17:26:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/13 01:52:02 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\AppData\Roaming\CheckPoint
[2010/04/13 01:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/04/13 01:51:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2010/04/13 01:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2010/04/13 01:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/04/13 01:43:52 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/04/13 01:43:49 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/04/13 01:43:46 | 000,269,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/04/13 01:43:45 | 000,035,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/04/13 01:43:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/04/13 01:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/04/13 01:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/04/13 01:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/04/13 01:27:08 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/04/13 01:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/04/13 01:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/04/04 12:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/04 12:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/03 21:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2010/04/03 21:50:58 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\AppData\Roaming\WildTangent
[2010/04/02 21:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/02 21:24:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/02 21:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010/03/27 16:25:35 | 000,015,120 | ---- | C] (Microsoft Corporation) -- C:\Users\Rick Clay\ICWRMIND.exe
[2010/03/20 09:28:57 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Documents\Certblaster
[2010/03/19 19:29:05 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Documents\Libronix DLS
[2010/03/19 14:45:25 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Documents\WORDsearch Backups
[2010/03/14 22:54:24 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Documents\My BN eBooks
[2010/03/14 22:54:24 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Library
[2010/03/14 22:54:16 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\AppData\Roaming\Barnes & Noble
[2010/03/14 22:54:14 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\DesktopReader
[2010/03/10 12:12:18 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2010/03/10 12:12:16 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\Documents\My eBooks
[2010/03/10 12:12:16 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\AppData\Roaming\InterTrust
[2010/03/10 12:12:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/03/03 11:56:43 | 000,000,000 | ---D | C] -- C:\Users\Rick Clay\AppData\Roaming\Certblaster
[2010/03/03 11:56:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Certblaster
[2010/03/03 11:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/02/24 09:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/02/23 09:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar Installer
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/11 19:45:00 | 004,980,736 | -HS- | M] () -- C:\Users\Rick Clay\NTUSER.DAT
[2010/05/11 19:33:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Rick Clay\Desktop\OTL.exe
[2010/05/11 18:52:51 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/11 18:52:51 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/11 18:52:26 | 000,779,572 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/11 18:52:26 | 000,661,830 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/11 18:52:26 | 000,121,018 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/11 18:49:48 | 000,001,106 | ---- | M] () -- C:\Users\Rick Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/11 18:49:45 | 000,000,926 | ---- | M] () -- C:\Users\Rick Clay\Desktop\NTREGOPT.lnk
[2010/05/11 18:49:45 | 000,000,907 | ---- | M] () -- C:\Users\Rick Clay\Desktop\ERUNT.lnk
[2010/05/11 18:48:55 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Rick Clay\Desktop\erunt_setup.exe
[2010/05/11 18:45:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/11 18:44:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/11 18:44:32 | 536,174,591 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/11 18:43:54 | 016,850,639 | -H-- | M] () -- C:\Users\Rick Clay\AppData\Local\IconCache.db
[2010/05/11 18:41:46 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Rick Clay\Desktop\TFC.exe
[2010/05/11 17:52:09 | 059,847,767 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/05/04 08:43:31 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/30 00:34:28 | 000,001,887 | ---- | M] () -- C:\Users\Rick Clay\Desktop\CCleaner.lnk
[2010/04/29 16:31:55 | 000,002,399 | ---- | M] () -- C:\Users\Rick Clay\.dosfm
[2010/04/29 16:27:19 | 000,002,399 | ---- | M] () -- C:\Users\Rick Clay\DOSFM
[2010/04/27 15:42:50 | 008,656,832 | ---- | M] (Dell, Inc. ) -- C:\Users\Rick Clay\AppData\Roaming\DataSafeDotNet.exe
[2010/04/26 22:16:33 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/04/20 15:16:08 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/04/20 01:49:17 | 000,131,072 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2010/04/20 01:22:47 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/20 00:21:05 | 000,001,124 | ---- | M] () -- C:\Users\Rick Clay\Desktop\YouTube Downloader.lnk
[2010/04/19 09:30:53 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/13 01:52:14 | 000,422,437 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/04/13 01:51:40 | 000,001,068 | ---- | M] () -- C:\Users\Rick Clay\Desktop\ZoneAlarm Security.lnk
[2010/04/13 01:43:53 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/04/13 01:43:53 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/04/13 01:43:46 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/04/13 01:43:46 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/04/13 01:43:45 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/04/13 01:19:44 | 000,001,260 | ---- | M] () -- C:\Users\Rick Clay\Desktop\Spybot - Search & Destroy.lnk
[2010/04/05 09:17:55 | 000,004,096 | -H-- | M] () -- C:\Users\Rick Clay\AppData\Local\keyfile3.drm
[2010/04/02 21:24:58 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/02 21:16:37 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/14 23:18:32 | 000,000,945 | ---- | M] () -- C:\Users\Rick Clay\Desktop\Barnes & Noble Desktop Reader.lnk
[2010/03/01 11:47:53 | 000,000,000 | ---- | M] () -- C:\Users\Rick Clay\type
[2010/03/01 11:29:47 | 000,000,000 | ---- | M] () -- C:\Users\Rick Clay\copy
[2010/02/15 13:52:26 | 000,000,000 | ---- | M] () -- C:\Users\Rick Clay\ipconfig
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/11 18:49:48 | 000,001,106 | ---- | C] () -- C:\Users\Rick Clay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/11 18:49:45 | 000,000,926 | ---- | C] () -- C:\Users\Rick Clay\Desktop\NTREGOPT.lnk
[2010/05/11 18:49:45 | 000,000,907 | ---- | C] () -- C:\Users\Rick Clay\Desktop\ERUNT.lnk
[2010/05/04 08:43:31 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/30 00:34:28 | 000,001,887 | ---- | C] () -- C:\Users\Rick Clay\Desktop\CCleaner.lnk
[2010/04/29 16:31:55 | 000,002,399 | ---- | C] () -- C:\Users\Rick Clay\.dosfm
[2010/04/29 16:27:19 | 000,002,399 | ---- | C] () -- C:\Users\Rick Clay\DOSFM
[2010/04/26 22:16:33 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2010/04/20 01:48:45 | 000,131,072 | ---- | C] () -- C:\Windows\SysNative\Ikeext.etl
[2010/04/20 01:22:47 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/19 23:58:46 | 000,001,124 | ---- | C] () -- C:\Users\Rick Clay\Desktop\YouTube Downloader.lnk
[2010/04/13 01:51:40 | 000,001,068 | ---- | C] () -- C:\Users\Rick Clay\Desktop\ZoneAlarm Security.lnk
[2010/04/13 01:51:11 | 000,422,437 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/04/13 01:43:53 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/04/13 01:43:45 | 059,847,767 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/04/13 01:43:45 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/04/13 01:12:13 | 000,001,260 | ---- | C] () -- C:\Users\Rick Clay\Desktop\Spybot - Search & Destroy.lnk
[2010/04/05 09:17:55 | 000,004,096 | -H-- | C] () -- C:\Users\Rick Clay\AppData\Local\keyfile3.drm
[2010/04/02 21:24:58 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/02 21:16:37 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/03/14 22:54:18 | 000,000,945 | ---- | C] () -- C:\Users\Rick Clay\Desktop\Barnes & Noble Desktop Reader.lnk
[2010/03/03 19:30:13 | 000,165,864 | ---- | C] () -- C:\Users\Rick Clay\MSD.EXE
[2010/03/03 19:30:13 | 000,034,598 | ---- | C] () -- C:\Users\Rick Clay\KEYBOARD.SYS
[2010/03/03 19:30:13 | 000,029,336 | ---- | C] () -- C:\Users\Rick Clay\FDISK.EXE
[2010/03/03 19:30:13 | 000,022,974 | ---- | C] () -- C:\Users\Rick Clay\FORMAT.COM
[2010/03/03 19:30:13 | 000,016,129 | ---- | C] () -- C:\Users\Rick Clay\EXPAND.EXE
[2010/03/03 19:30:13 | 000,012,241 | ---- | C] () -- C:\Users\Rick Clay\CHKDSK.EXE
[2010/03/03 19:30:13 | 000,009,390 | ---- | C] () -- C:\Users\Rick Clay\LABEL.EXE
[2010/03/03 19:30:13 | 000,001,131 | ---- | C] () -- C:\Users\Rick Clay\LOADFIX.COM
[2010/03/03 19:30:13 | 000,001,131 | ---- | C] () -- C:\Users\Rick Clay\LABRATS.UNK
[2010/03/03 19:30:13 | 000,000,013 | ---- | C] () -- C:\Users\Rick Clay\LABNUM3.TXT
[2010/03/03 19:30:11 | 000,011,208 | ---- | C] () -- C:\Users\Rick Clay\ATTRIB.EXE
[2010/03/01 11:47:53 | 000,000,000 | ---- | C] () -- C:\Users\Rick Clay\type
[2010/02/15 13:52:26 | 000,000,000 | ---- | C] () -- C:\Users\Rick Clay\ipconfig
[2010/02/11 19:25:18 | 000,000,000 | ---- | C] () -- C:\Users\Rick Clay\copy
[2010/02/06 15:29:58 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/08 15:40:36 | 000,000,000 | ---- | C] () -- C:\Windows\QTW.ini
[2010/01/07 00:59:47 | 000,020,594 | ---- | C] () -- C:\Windows\SysWow64\DELS1LMK.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/14 22:54:16 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\Barnes & Noble
[2010/03/03 11:56:43 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\Certblaster
[2010/04/13 01:52:02 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\CheckPoint
[2010/03/10 12:12:16 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\InterTrust
[2010/01/06 18:04:09 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\Libronix DLS
[2010/04/03 21:50:58 | 000,000,000 | ---D | M] -- C:\Users\Rick Clay\AppData\Roaming\WildTangent
[2010/05/03 06:16:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/07 13:51:44 | 000,004,632 | ---- | M] () -- C:\0x0409.ini
[2010/01/07 13:51:46 | 000,725,504 | ---- | M] () -- C:\1033.MST
[2009/12/29 16:17:29 | 000,003,872 | RH-- | M] () -- C:\dell.sdr
[2001/09/05 22:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2010/05/11 18:44:32 | 536,174,591 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/07 13:51:51 | 035,885,568 | ---- | M] () -- C:\iPod for Windows 2005-09-23.msi
[2010/05/11 18:44:35 | 2146,557,951 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 2140 bytes -> C:\Users\Public\Desktop\Myst III: Exile.lnk
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

38,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 2140 bytes -> C:\Users\Public\Desktop\Myst III: Exile.lnk
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP