BleepingComputer.com: New BSOD Vista 64bit C0000135, consrv not found

I found this topic on your forum previously, and while tempted to use the solution you posted for that user, I also noted the disclaimer that it was specific to that user's problem, so I'm posting a new thread.

I'm working on a PC for a friend, have scanned it with Sophos AV's rescue disk, BitDefender's rescue disk and FSecure's rescue disk. All have found and cleaned up several viruses, but it continues to fail to boot, and when booting into safe mode it gives the BSOD error: STOP: c0000135 {Unable To Locate Component} This application has failed to start because consrv was not found. Re-installing the application may fix this problem.

It appears you've had success in cleaning this a few times, so looking to you for yet another bit of magic to see if you can get this one. I downloaded your FRST64.exe scanner and ran it. The output is attached.

Thank you in advance for your assistance.  FRST.txt (16.89K)
Number of downloads: 15

Hello richwnkc,

Welcome to this forum.


Please download  fixlist.txt (364bytes)
Number of downloads: 36
Save it to your flash drive.
Boot to System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let it boot normally and tell me how it went.

Farbar;

So far so good; it boots up into the OS, multiple times. I've attached the fixlog.txt as requested.

I did notice that the Trend Micro AV still can't recognize that there's a C:\ volume, but I suspect you'll have some additional tasks for me.

I'd sure like to know more about that "voodoo that you do!"

Thanks for your efforts thus far.

Great.

I forgot to ask you to copy and paste the content of the logs unless it is requested otherwise.

• Please download unhide.exe to your desktop and run it. It could be run more than once and it is just a precaution in case the malware has moved some of the legit files/directories.
  
  
• Please download Malwarebytes' Anti-Malware from one of these locations:
  malwarebytes.org
  majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
    
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    
  • If an update is found, it will download and install the latest version.
    
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    
  • The scan may take some time to finish,so please be patient.
    
  • When the scan is complete, click OK, then Show Results to view the results.
    
  • Make sure that everything is checked, and click Remove Selected.
    
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    
  • Copy&Paste the MBAM log.
  
  Extra Note:
  If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Farbar;

Installed and ran unhide, then installed, updated and ran Malwarebytes. Here is the output after cleanup:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.03.02

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 8.0.6001.19088
Owner :: OWNER-PC [administrator]

2/2/2012 8:05:17 PM
mbam-log-2012-02-02 (20-05-17).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 461430
Time elapsed: 1 hour(s), 4 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 47
HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{5BE1ED16-E6DD-4c4e-A596-6CFD5EE7C1EE} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BE1ED16-E6DD-4C4E-A596-6CFD5EE7C1EE} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5BE1ED16-E6DD-4C4E-A596-6CFD5EE7C1EE} (PUP.LivingPlay) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|System32 (Trojan.Agent) -> Data: "C:\Users\Owner\AppData\Local\Temp\\installer.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 8
C:\Program Files (x86)\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 6
C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\2.bin\mwsoemon.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\Uncrypted.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

(end)

Hi richwnkc ,

That was quite some cleaning.

Let's take a look at any remaining issues.

Please download OTL by OldTimer.

• Save it to your desktop.
  
• Double click on the OTL icon on your desktop.
  
• Check the "Scan All Users" checkbox.
  
• Check the "Standard Output".
  
• Click Run Scan button.
  
• Two reports will open:
  
  • OTL.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
  
  
• Copy and paste OTL.txt and attach Extra.txt to your reply.

Yeah, that PC was in bad shape! Amazing the problems a teenage boy can cause!

Here's the output from the OTL.txt:

***UPDATE***
Sorry, realized I had posted the wrong output files. Here's the correct one.


OTL logfile created on: 2/3/2012 12:28:32 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.05 Gb Available Physical Memory | 67.66% Memory free
12.14 Gb Paging File | 10.27 Gb Available in Paging File | 84.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 594.12 Gb Total Space | 393.52 Gb Free Space | 66.24% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 0.22 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
Drive J: | 1.86 Gb Total Space | 1.38 Gb Free Space | 74.33% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - [2012/02/03 12:26:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2011/02/09 14:00:00 | 000,610,120 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2007/02/04 11:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/08 10:52:56 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009/09/29 23:01:25 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/09/29 23:01:25 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2009/09/29 23:01:25 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/08/04 18:48:30 | 000,410,624 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/07/27 12:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/12 04:56:50 | 000,342,288 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2011/07/12 04:56:36 | 000,042,768 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2011/07/12 04:47:06 | 002,077,456 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vsapint.sys -- (vsapint)
DRV:64bit: - [2010/02/03 14:56:56 | 000,033,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/09/29 23:01:29 | 000,339,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2009/09/29 23:01:29 | 000,200,720 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2009/09/29 23:01:29 | 000,107,536 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/06/18 11:54:10 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\F72B.tmp -- (MEMSWEEP2)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/05/05 03:31:38 | 000,313,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/05/05 02:40:20 | 007,172,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 01:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/10/18 12:33:34 | 001,513,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006/10/18 12:31:18 | 000,403,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2006/10/18 12:30:10 | 000,731,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/08/04 18:42:48 | 000,009,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/06/19 15:27:24 | 000,017,024 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110623,16492,0,16,0"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,205,0_0,StartPage,20110623,16494,0,16,0"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0
FF - prefs.js..extensions.enabledItems: toolbar@alot.com:2.4.9000
FF - prefs.js..extensions.enabledItems: textlinks@lplay.com:1.0.0
FF - prefs.js..extensions.enabledItems: {46d606b0-a645-11df-981c-0800200c9a66}:1.0.20
FF - prefs.js..extensions.enabledItems: {5835466c-49af-4cbe-b102-a8c8b6313749}:1.0.25
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.3.2
FF - prefs.js..keyword.URL: "http://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z072&partner_id=269&product_id=567&affiliate_id=&channel=Allods_TB&toolbar_id=24&toolbar_version=1.0.0.0&install_country=US&install_date=20110506&user_guid=C13E6212107E498B90C97594C1981D65&machine_id=2f433ff894094f780c3cd072046f695f&browser=FF&os=win&os_version=6.0-x64-SP1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/02 12:39:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/02 12:39:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme

[2010/03/14 12:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/02/02 12:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\svr68frc.default\extensions
[2010/09/20 17:54:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\svr68frc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/28 20:00:09 | 000,000,000 | ---D | M] (ShopToWin9) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\svr68frc.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}
[2011/06/01 21:25:59 | 000,000,000 | ---D | M] (ShopToWin2) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\svr68frc.default\extensions\{5835466c-49af-4cbe-b102-a8c8b6313749}
[2010/12/11 14:12:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\svr68frc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/06/01 21:27:01 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\svr68frc.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2011/05/06 14:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\svr68frc.default\extensions\{c0326c12-9f06-4344-aa25-60267226bb7d}
[2011/05/28 20:03:36 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\svr68frc.default\extensions\toolbar@alot.com
[2011/05/06 14:59:03 | 000,002,271 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\svr68frc.default\searchplugins\bing-zugo.xml
[2012/01/22 18:43:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/11 14:12:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/09 07:37:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/24 18:56:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/05/28 19:59:53 | 000,000,000 | ---D | M] (LivingPlay TextLinks) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@LPLAY.COM
[2011/09/01 05:25:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/04/24 18:56:13 | 000,609,688 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\maopdgeieiiiifooolcjjfmjdlkmhfdh\

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (LivingPlay Text) - {4A0BA746-D4D6-41a6-81EF-413E52B5F8D6} - C:\Program Files (x86)\LivingPlay\lplaytl.dll ()
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll File not found
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKU\.DEFAULT..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-18..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE5C0E3E-05B5-475F-A2B0-E55DA3A3FA38}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{55f6eff3-73c4-11de-8a21-001d099c8e2e}\Shell - "" = AutoRun
O33 - MountPoints2\{55f6eff3-73c4-11de-8a21-001d099c8e2e}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1766747594-2128106556-3595911938-1000..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 360 Days ==========

[2012/02/02 20:03:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/02/02 20:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/02 20:02:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/29 17:57:12 | 000,000,000 | ---D | C] -- C:\FRST
[2012/01/29 17:57:12 | 000,000,000 | ---D | C] -- \FRST
[2012/01/29 10:37:51 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/01/29 10:37:51 | 000,000,000 | ---D | C] -- \Kaspersky Rescue Disk 10.0
[2012/01/28 12:11:05 | 000,000,000 | ---D | C] -- C:\Windows\Standalone System Sweeper
[2012/01/22 19:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2012/01/22 19:05:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOT
[2011/12/21 23:03:16 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/12/21 23:03:16 | 000,000,000 | -HSD | C] -- \found.000
[2011/12/13 20:31:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\SC2-WingsOfLiberty-enUS-Installer
[2011/12/01 20:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/01 20:52:31 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011/12/01 20:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/01 20:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/12/01 20:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/11/22 21:35:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/17 13:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/06 20:20:32 | 1663,999,768 | ---- | C] (Epic Games, Inc.) -- C:\Users\Owner\Desktop\UDKInstall-2011-10-BETA.exe
[2011/10/06 20:31:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2011/09/12 16:30:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\SC2-WingsOfLiberty-enUS-Installer
[2011/08/30 23:05:04 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/08/30 23:05:04 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/08/19 15:05:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Games for Windows - LIVE Demos
[2011/08/19 15:02:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Spartan
[2011/08/19 14:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011/08/19 14:35:39 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/08/19 14:35:38 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011/08/19 14:35:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011/08/19 14:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011/08/19 14:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011/06/26 05:27:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\EB4B8AFD8186A915_MountPt
[2011/06/19 11:12:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Fighters
[2011/06/16 12:14:40 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/06/16 12:14:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/06/16 12:14:40 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/06/16 12:14:40 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/06/16 12:14:40 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/06/16 12:14:40 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/06/16 12:14:40 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/06/16 12:14:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/06/16 12:14:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/06/16 12:14:40 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/06/16 12:14:40 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/06/16 12:14:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/06/16 12:14:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/06/01 21:32:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\EpicBot
[2011/06/01 21:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2011/05/29 03:09:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Aversion_Media
[2011/05/29 01:32:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/29 01:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/29 01:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/05/28 20:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shop to Win 9
[2011/05/28 19:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LivingPlay
[2011/05/28 19:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Object
[2011/05/28 19:47:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Cod.Blk
[2011/05/22 19:51:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\WinZip
[2011/05/21 10:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photo Story 3 for Windows
[2011/05/16 19:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2011/05/14 21:07:36 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/05/14 21:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/05/14 21:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2011/05/08 16:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tales of Pirates II
[2011/05/08 16:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tales of Pirates II
[2011/05/06 20:01:01 | 000,000,000 | ---D | C] -- C:\gPotato.com
[2011/05/06 20:01:01 | 000,000,000 | ---D | C] -- \gPotato.com
[2011/05/06 14:59:09 | 000,000,000 | ---D | C] -- C:\PMB Files
[2011/05/06 14:59:09 | 000,000,000 | ---D | C] -- \PMB Files
[2011/05/06 14:59:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPotatoToolbar
[2011/05/02 16:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tales of Pirates Online
[2011/04/26 14:01:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011/04/26 14:01:10 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011/04/25 15:55:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\jagexlauncher
[2011/04/25 15:50:08 | 000,214,920 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2011/04/25 15:50:08 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2011/04/25 15:50:08 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2011/04/24 20:45:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Low
[2011/04/24 18:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sun
[2011/04/15 18:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2010
[2011/04/14 16:15:12 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/14 16:14:49 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/14 16:14:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/14 16:14:46 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/14 16:14:46 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/14 16:14:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/09 17:55:44 | 015,453,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xlive.dll
[2011/04/09 17:55:42 | 013,642,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xlivefnt.dll
[2011/03/29 14:48:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\GameTuts
[2011/03/29 14:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/03/29 14:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011/03/29 14:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011/03/28 17:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/28 17:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/27 17:41:29 | 000,000,000 | ---D | C] -- C:\telos_cache_32
[2011/03/27 17:41:29 | 000,000,000 | ---D | C] -- \telos_cache_32
[2011/03/27 17:40:07 | 000,000,000 | ---D | C] -- C:\runitedscapecache
[2011/03/27 17:40:07 | 000,000,000 | ---D | C] -- \runitedscapecache
[2011/03/27 17:34:10 | 000,000,000 | ---D | C] -- C:\ToxicPkzV4
[2011/03/27 17:34:10 | 000,000,000 | ---D | C] -- \ToxicPkzV4
[2011/03/27 16:45:35 | 000,000,000 | ---D | C] -- C:\cache614
[2011/03/27 16:45:35 | 000,000,000 | ---D | C] -- \cache614
[2011/03/27 14:56:31 | 000,000,000 | ---D | C] -- C:\riseabovetherest2
[2011/03/27 14:56:31 | 000,000,000 | ---D | C] -- \riseabovetherest2
[2011/03/09 04:00:51 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/09 04:00:50 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/03/09 04:00:49 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/09 04:00:49 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/09 04:00:49 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/09 04:00:49 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbeio.dll
[2011/02/27 12:52:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Quicken
[2011/02/27 12:44:17 | 003,523,872 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf300.dll
[2011/02/27 12:44:17 | 001,848,608 | ---- | C] (Apache Software Foundation) -- C:\Windows\SysWow64\acXMLParser.dll
[2011/02/27 12:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2009
[2011/02/27 12:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2011/02/23 03:05:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2011/02/23 03:05:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2011/02/23 03:03:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2011/02/23 03:03:09 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2011/02/23 03:03:09 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2011/02/23 03:03:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2011/02/23 03:03:01 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2011/02/23 03:03:01 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2011/02/23 03:03:01 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2011/02/23 03:03:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2011/02/23 03:03:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2011/02/23 03:03:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2011/02/23 03:03:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2011/02/23 03:02:57 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2011/02/23 03:02:57 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2011/02/23 03:02:57 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2011/02/23 03:02:57 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2011/02/23 03:02:57 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2011/02/15 18:57:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BoxRune 614
[2011/02/15 18:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BoxRune 614
[2011/02/14 20:45:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BoxRune 562 Client
[2011/02/14 20:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BoxRune 562 Client
[2011/02/09 23:03:02 | 000,000,000 | ---D | C] -- C:\.562_cache_32v4
[2011/02/09 23:03:02 | 000,000,000 | ---D | C] -- \.562_cache_32v4
[2011/02/09 22:59:56 | 000,000,000 | ---D | C] -- C:\Br317
[2011/02/09 22:59:56 | 000,000,000 | ---D | C] -- \Br317
[2011/02/09 22:16:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\sab317sab
[2009/08/07 02:01:17 | 001,172,472 | ---- | C] (Microsoft Corporation) -- C:\Users\Owner\AppData\Roaming\QQKZNWI5OQ.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\Owner\*.tmp files -> C:\Users\Owner\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2012/02/03 12:29:34 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2012/02/03 12:29:32 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2012/02/03 12:29:31 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/03 12:29:31 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/03 12:29:31 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/03 12:28:10 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 11:52:48 | 000,003,744 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 11:52:48 | 000,003,744 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/03 10:18:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/03 01:28:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/02 21:52:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/02 20:02:55 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/28 23:05:42 | 000,016,384 | ---- | M] () -- C:\BCD_Backup2
[2012/01/28 12:44:32 | 000,024,576 | ---- | M] () -- C:\BCD_Backup
[2012/01/22 19:01:54 | 000,000,632 | RHS- | M] () -- C:\Users\Owner\ntuser.pol
[2012/01/22 18:26:40 | 000,306,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/01 20:52:33 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/22 21:35:59 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/22 08:44:02 | 000,009,216 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/18 13:26:03 | 000,001,726 | ---- | M] () -- C:\Users\Owner\Documents\Default.rdp
[2011/11/17 13:30:18 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/06 20:23:12 | 1663,999,768 | ---- | M] (Epic Games, Inc.) -- C:\Users\Owner\Desktop\UDKInstall-2011-10-BETA.exe
[2011/10/09 18:50:11 | 000,069,632 | ---- | M] () -- C:\Users\Owner\Documents\mpdata_e000008b8d9438cd
[2011/10/09 18:32:30 | 000,012,800 | ---- | M] () -- C:\Windows\DCEBoot64.exe
[2011/09/19 16:01:46 | 000,000,129 | ---- | M] () -- C:\Users\Owner\jagex_runescape_preferences2.dat
[2011/09/19 16:01:46 | 000,000,046 | ---- | M] () -- C:\Users\Owner\jagex_runescape_preferences.dat
[2011/09/19 15:53:18 | 000,000,023 | ---- | M] () -- C:\Users\Owner\jagexappletviewer.preferences
[2011/08/30 23:05:32 | 000,096,104 | ---- | M] () -- C:\Windows\SysNative\dns-sd.exe
[2011/08/30 23:05:32 | 000,085,864 | ---- | M] () -- C:\Windows\SysNative\dnssd.dll
[2011/08/30 23:05:04 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/08/30 23:05:04 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/08/02 17:38:56 | 004,517,664 | ---- | M] () -- C:\Windows\SysNative\usbaaplrc.dll
[2011/08/02 17:38:56 | 000,051,712 | ---- | M] () -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2011/07/24 00:07:25 | 000,143,360 | ---- | M] () -- C:\Users\Owner\Documents\4D53085B.gpd Package
[2011/07/23 23:37:54 | 000,212,992 | ---- | M] () -- C:\Users\Owner\Documents\E0000BEF5A7D5E32
[2011/07/23 23:32:51 | 000,176,128 | ---- | M] () -- C:\Users\Owner\Documents\E00002CBAE1EEAAD
[2011/07/23 23:29:41 | 000,212,992 | ---- | M] () -- C:\Users\Owner\Documents\E0000152AE1EEAAD
[2011/07/23 23:13:25 | 001,093,632 | ---- | M] () -- C:\Users\Owner\Documents\ceqstlodoyaabab23emcczswxmfqjmgdaaaaaaaaa
[2011/07/23 23:07:16 | 011,694,080 | ---- | M] () -- C:\Users\Owner\Documents\E000010DFA793BE5
[2011/07/12 04:56:50 | 000,342,288 | ---- | M] () -- C:\Windows\SysNative\drivers\tmxpflt.sys
[2011/07/12 04:56:36 | 000,042,768 | ---- | M] () -- C:\Windows\SysNative\drivers\tmpreflt.sys
[2011/07/12 04:47:06 | 002,077,456 | ---- | M] () -- C:\Windows\SysNative\drivers\vsapint.sys
[2011/06/26 05:28:57 | 006,369,280 | ---- | M] () -- C:\Users\Owner\Documents\EB4B8AFD8186A915
[2011/06/08 14:18:13 | 000,110,236 | ---- | M] () -- C:\Users\Owner\Documents\RDR2MPSAVE.SAV
[2011/05/28 00:26:33 | 000,243,712 | ---- | M] () -- C:\Windows\SysNative\occache.dll
[2011/05/28 00:24:36 | 000,096,768 | ---- | M] () -- C:\Windows\SysNative\mshtmled.dll
[2011/05/28 00:24:33 | 000,710,656 | ---- | M] () -- C:\Windows\SysNative\msfeeds.dll
[2011/05/28 00:24:04 | 000,056,832 | ---- | M] () -- C:\Windows\SysNative\licmgr10.dll
[2011/05/28 00:23:47 | 001,538,560 | ---- | M] () -- C:\Windows\SysNative\inetcpl.cpl
[2011/05/28 00:23:30 | 000,219,136 | ---- | M] () -- C:\Windows\SysNative\ieui.dll
[2011/05/28 00:23:30 | 000,132,096 | ---- | M] () -- C:\Windows\SysNative\iesysprep.dll
[2011/05/28 00:23:29 | 000,077,312 | ---- | M] () -- C:\Windows\SysNative\iesetup.dll
[2011/05/28 00:23:29 | 000,072,192 | ---- | M] () -- C:\Windows\SysNative\iernonce.dll
[2011/05/28 00:23:28 | 000,252,416 | ---- | M] () -- C:\Windows\SysNative\iepeers.dll
[2011/05/28 00:07:19 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/05/28 00:04:59 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/05/28 00:04:30 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/05/28 00:04:17 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/05/28 00:04:03 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/05/28 00:04:03 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/05/28 00:04:03 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/05/28 00:04:02 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/05/28 00:04:02 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/05/27 23:33:37 | 000,479,232 | ---- | M] () -- C:\Windows\SysNative\html.iec
[2011/05/27 23:10:26 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/05/27 22:53:37 | 000,162,816 | ---- | M] () -- C:\Windows\SysNative\ieUnatt.exe
[2011/05/27 22:53:19 | 000,070,656 | ---- | M] () -- C:\Windows\SysNative\ie4uinit.exe
[2011/05/27 22:52:45 | 000,012,288 | ---- | M] () -- C:\Windows\SysNative\msfeedssync.exe
[2011/05/27 22:33:03 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/05/27 22:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/05/27 22:32:15 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/05/08 16:37:41 | 000,000,934 | ---- | M] () -- C:\Users\Owner\Desktop\top_d.exe - Shortcut.lnk
[2011/04/24 18:56:13 | 000,214,920 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2011/04/24 18:56:13 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2011/04/24 18:56:13 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2011/04/24 18:56:12 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2011/04/23 21:47:48 | 000,000,042 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\RSBot_Accounts.ini
[2011/04/20 09:16:49 | 000,450,048 | ---- | M] () -- C:\Windows\SysNative\winsrv.dll
[2011/04/20 09:11:39 | 000,085,504 | ---- | M] () -- C:\Windows\SysNative\csrsrv.dll
[2011/04/15 18:33:10 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2011/04/12 09:14:49 | 001,208,832 | ---- | M] () -- C:\Windows\SysNative\kernel32.dll
[2011/04/09 17:55:44 | 015,453,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xlive.dll
[2011/04/09 17:55:42 | 013,642,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xlivefnt.dll
[2011/04/09 17:55:28 | 000,179,261 | ---- | M] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/29 14:42:21 | 000,001,832 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/28 18:23:55 | 000,000,099 | ---- | M] () -- C:\Users\Owner\614_preferences2.dat
[2011/03/28 18:22:37 | 000,000,046 | ---- | M] () -- C:\Users\Owner\614_preferences.dat
[2011/03/27 17:44:21 | 000,000,000 | ---- | M] () -- C:\Users\Owner\preferences3.dat
[2011/03/27 17:13:50 | 000,000,000 | ---- | M] () -- C:\Users\Owner\cache.zip
[2011/03/10 10:30:11 | 001,360,384 | ---- | M] () -- C:\Windows\SysNative\mfc42u.dll
[2011/03/10 10:30:10 | 001,398,784 | ---- | M] () -- C:\Windows\SysNative\mfc42.dll
[2011/03/10 10:12:54 | 001,161,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/03/10 10:12:54 | 001,136,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/03/03 09:06:38 | 000,032,256 | ---- | M] () -- C:\Windows\SysNative\Apphlpdm.dll
[2011/03/03 08:56:40 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011/03/03 07:25:43 | 004,240,384 | ---- | M] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011/03/03 07:01:01 | 004,240,384 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011/03/02 09:10:38 | 000,221,184 | ---- | M] () -- C:\Windows\SysNative\dnsapi.dll
[2011/02/27 12:52:32 | 000,000,171 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2011/02/27 12:44:17 | 000,001,655 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2009.lnk
[2011/02/27 09:53:47 | 000,018,320 | ---- | M] () -- C:\Windows\SysNative\kdcom.dll
[2011/02/27 09:53:46 | 001,075,600 | ---- | M] () -- C:\Windows\SysNative\winload.efi
[2011/02/27 09:53:45 | 001,062,800 | ---- | M] () -- C:\Windows\SysNative\winload.exe
[2011/02/27 09:53:45 | 000,990,096 | ---- | M] () -- C:\Windows\SysNative\winresume.efi
[2011/02/27 09:53:45 | 000,979,344 | ---- | M] () -- C:\Windows\SysNative\winresume.exe
[2011/02/27 09:53:45 | 000,020,880 | ---- | M] () -- C:\Windows\SysNative\kdusb.dll
[2011/02/27 09:53:45 | 000,018,832 | ---- | M] () -- C:\Windows\SysNative\kd1394.dll
[2011/02/17 01:21:33 | 000,613,376 | ---- | M] () -- C:\Windows\SysNative\vbscript.dll
[2011/02/17 01:15:30 | 000,817,664 | ---- | M] () -- C:\Windows\SysNative\jscript.dll
[2011/02/17 00:19:43 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/16 09:36:20 | 000,048,128 | ---- | M] () -- C:\Windows\SysNative\atmlib.dll
[2011/02/16 09:29:56 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/02/16 07:44:38 | 000,367,616 | ---- | M] () -- C:\Windows\SysNative\atmfd.dll
[2011/02/16 07:24:56 | 000,292,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/09 22:49:48 | 000,000,004 | ---- | M] () -- C:\Users\Owner\cache.dat
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\Owner\*.tmp files -> C:\Users\Owner\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/02 20:02:55 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/02 20:02:54 | 000,023,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/28 23:05:42 | 000,016,384 | ---- | C] () -- C:\BCD_Backup2
[2012/01/28 23:05:42 | 000,016,384 | ---- | C] () -- \BCD_Backup2
[2012/01/28 12:44:32 | 000,024,576 | ---- | C] () -- C:\BCD_Backup
[2012/01/28 12:44:32 | 000,024,576 | ---- | C] () -- \BCD_Backup
[2012/01/22 18:59:33 | 000,000,632 | RHS- | C] () -- C:\Users\Owner\ntuser.pol
[2011/12/01 20:52:33 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/01 20:52:31 | 000,126,312 | ---- | C] () -- C:\Windows\SysNative\GEARAspi64.dll
[2011/12/01 20:52:31 | 000,034,152 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/11/17 13:30:18 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/10/09 18:50:11 | 000,069,632 | ---- | C] () -- C:\Users\Owner\Documents\mpdata_e000008b8d9438cd
[2011/10/09 18:31:39 | 000,012,800 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2011/09/20 09:22:28 | 002,077,456 | ---- | C] () -- C:\Windows\SysNative\drivers\vsapint.sys
[2011/09/20 09:22:28 | 000,342,288 | ---- | C] () -- C:\Windows\SysNative\drivers\tmxpflt.sys
[2011/09/20 09:22:28 | 000,042,768 | ---- | C] () -- C:\Windows\SysNative\drivers\tmpreflt.sys
[2011/08/30 23:05:32 | 000,096,104 | ---- | C] () -- C:\Windows\SysNative\dns-sd.exe
[2011/08/30 23:05:32 | 000,085,864 | ---- | C] () -- C:\Windows\SysNative\dnssd.dll
[2011/08/09 22:42:39 | 000,274,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011/08/02 17:38:56 | 004,517,664 | ---- | C] () -- C:\Windows\SysNative\usbaaplrc.dll
[2011/08/02 17:38:56 | 000,051,712 | ---- | C] () -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2011/07/24 00:07:22 | 000,143,360 | ---- | C] () -- C:\Users\Owner\Documents\4D53085B.gpd Package
[2011/07/23 23:31:17 | 000,176,128 | ---- | C] () -- C:\Users\Owner\Documents\E00002CBAE1EEAAD
[2011/07/23 23:26:51 | 000,212,992 | ---- | C] () -- C:\Users\Owner\Documents\E0000BEF5A7D5E32
[2011/07/23 23:09:07 | 001,093,632 | ---- | C] () -- C:\Users\Owner\Documents\ceqstlodoyaabab23emcczswxmfqjmgdaaaaaaaaa
[2011/07/23 23:07:42 | 000,212,992 | ---- | C] () -- C:\Users\Owner\Documents\E0000152AE1EEAAD
[2011/07/12 17:50:37 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2011/07/12 17:50:34 | 002,762,240 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011/07/12 17:50:32 | 000,450,048 | ---- | C] () -- C:\Windows\SysNative\winsrv.dll
[2011/07/12 17:50:32 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\csrsrv.dll
[2011/07/10 18:48:36 | 000,344,576 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2011/06/26 05:23:12 | 006,369,280 | ---- | C] () -- C:\Users\Owner\Documents\EB4B8AFD8186A915
[2011/06/16 12:15:00 | 000,847,872 | ---- | C] () -- C:\Windows\SysNative\oleaut32.dll
[2011/06/16 12:14:59 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011/06/16 12:14:59 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011/06/16 12:14:57 | 000,407,552 | ---- | C] () -- C:\Windows\SysNative\drivers\afd.sys
[2011/06/16 12:14:55 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011/06/16 12:14:55 | 000,105,984 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011/06/16 12:14:44 | 009,272,320 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011/06/16 12:14:43 | 012,477,440 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011/06/16 12:14:41 | 002,339,840 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011/06/16 12:14:41 | 001,488,384 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011/06/16 12:14:41 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011/06/16 12:14:41 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011/06/16 12:14:41 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011/06/16 12:14:41 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011/06/16 12:14:41 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011/06/16 12:14:41 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011/06/16 12:14:41 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2011/06/16 12:14:41 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011/06/16 12:14:41 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2011/06/16 12:14:41 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2011/06/16 12:14:41 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011/06/16 12:14:40 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011/06/16 12:14:40 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2011/06/16 12:14:40 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011/06/16 12:14:40 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2011/06/16 12:14:40 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2011/06/16 12:14:40 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2011/06/16 12:14:40 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2011/06/16 12:14:40 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2011/06/16 12:14:40 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2011/06/16 12:14:31 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\drivers\dfsc.sys
[2011/06/16 12:14:30 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011/06/08 14:18:12 | 000,110,236 | ---- | C] () -- C:\Users\Owner\Documents\RDR2MPSAVE.SAV
[2011/05/29 02:00:58 | 011,694,080 | ---- | C] () -- C:\Users\Owner\Documents\E000010DFA793BE5
[2011/05/21 10:37:46 | 000,001,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Story 3 for Windows.lnk
[2011/05/08 16:37:41 | 000,000,934 | ---- | C] () -- C:\Users\Owner\Desktop\top_d.exe - Shortcut.lnk
[2011/04/26 14:01:11 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2011/04/26 14:01:10 | 004,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011/04/25 15:56:19 | 000,000,023 | ---- | C] () -- C:\Users\Owner\jagexappletviewer.preferences
[2011/04/15 18:33:10 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2010.lnk
[2011/04/14 16:15:16 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2011/04/14 16:15:12 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2011/04/14 16:15:12 | 000,613,376 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll
[2011/04/14 16:15:08 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys
[2011/04/14 16:15:05 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi
[2011/04/14 16:15:05 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe
[2011/04/14 16:15:05 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi
[2011/04/14 16:15:05 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe
[2011/04/14 16:15:04 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll
[2011/04/14 16:15:04 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll
[2011/04/14 16:15:04 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll
[2011/04/14 16:14:49 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll
[2011/04/14 16:14:49 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll
[2011/04/14 16:14:46 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll
[2011/04/14 16:14:46 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll
[2011/04/14 16:14:43 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll
[2011/04/14 16:14:43 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll
[2011/04/14 16:14:43 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/29 14:42:21 | 000,001,832 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/27 17:44:21 | 000,000,000 | ---- | C] () -- C:\Users\Owner\preferences3.dat
[2011/03/27 17:44:20 | 000,000,099 | ---- | C] () -- C:\Users\Owner\614_preferences2.dat
[2011/03/27 17:41:30 | 000,000,046 | ---- | C] () -- C:\Users\Owner\614_preferences.dat
[2011/03/27 17:05:18 | 000,000,000 | ---- | C] () -- C:\Users\Owner\cache.zip
[2011/03/16 01:05:59 | 000,301,568 | ---- | C] () -- C:\Windows\SysNative\shsvcs.dll
[2011/03/09 04:00:51 | 002,424,320 | ---- | C] () -- C:\Windows\SysNative\mstscax.dll
[2011/03/09 04:00:51 | 000,730,624 | ---- | C] () -- C:\Windows\SysNative\mstsc.exe
[2011/03/09 04:00:49 | 000,560,128 | ---- | C] () -- C:\Windows\SysNative\EncDec.dll
[2011/03/09 04:00:49 | 000,416,768 | ---- | C] () -- C:\Windows\SysNative\sbe.dll
[2011/03/09 04:00:49 | 000,226,816 | ---- | C] () -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/09 04:00:49 | 000,210,944 | ---- | C] () -- C:\Windows\SysNative\sbeio.dll
[2011/02/27 12:44:16 | 000,001,655 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2009.lnk
[2011/02/27 12:42:48 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2011/02/23 03:03:16 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\winrsmgr.dll
[2011/02/23 03:03:14 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\wsmplpxy.dll
[2011/02/23 03:03:14 | 000,013,312 | ---- | C] () -- C:\Windows\SysNative\winrssrv.dll
[2011/02/23 03:03:05 | 000,053,760 | ---- | C] () -- C:\Windows\SysNative\pwrshplugin.dll
[2011/02/23 03:03:04 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\winrs.exe
[2011/02/23 03:03:04 | 000,024,064 | ---- | C] () -- C:\Windows\SysNative\winrshost.exe
[2011/02/23 03:03:04 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\wsmprovhost.exe
[2011/02/23 03:03:01 | 000,232,960 | ---- | C] () -- C:\Windows\SysNative\wecsvc.dll
[2011/02/23 03:03:01 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\wevtfwd.dll
[2011/02/23 03:03:01 | 000,113,152 | ---- | C] () -- C:\Windows\SysNative\wecutil.exe
[2011/02/23 03:03:01 | 000,084,992 | ---- | C] () -- C:\Windows\SysNative\wecapi.dll
[2011/02/23 03:03:01 | 000,054,272 | ---- | C] () -- C:\Windows\SysNative\WsmRes.dll
[2011/02/23 03:02:58 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2011/02/23 03:02:58 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2011/02/23 03:02:58 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2011/02/23 03:02:58 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2011/02/23 03:02:58 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2011/02/23 03:02:58 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2011/02/23 03:02:57 | 002,050,048 | ---- | C] () -- C:\Windows\SysNative\WsmSvc.dll
[2011/02/23 03:02:57 | 000,370,688 | ---- | C] () -- C:\Windows\SysNative\winrscmd.dll
[2011/02/23 03:02:57 | 000,352,768 | ---- | C] () -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2011/02/23 03:02:57 | 000,348,672 | ---- | C] () -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2011/02/23 03:02:57 | 000,310,272 | ---- | C] () -- C:\Windows\SysNative\WsmWmiPl.dll
[2011/02/23 03:02:57 | 000,180,736 | ---- | C] () -- C:\Windows\SysNative\WsmAuto.dll
[2011/02/09 22:49:48 | 000,000,004 | ---- | C] () -- C:\Users\Owner\cache.dat
[2011/02/08 13:12:46 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2011/02/08 13:12:45 | 000,454,144 | ---- | C] () -- C:\Windows\SysNative\shlwapi.dll
[2011/02/08 13:12:37 | 004,692,368 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/08 13:12:36 | 001,560,960 | ---- | C] () -- C:\Windows\SysNative\ntdll.dll
[2011/01/25 21:31:37 | 000,000,042 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\RSBot_Accounts.ini
[2010/12/05 12:06:30 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/04/02 17:09:21 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2010/03/14 12:06:50 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/13 19:16:29 | 000,126,204 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009/10/12 15:07:09 | 000,000,204 | ---- | C] () -- \Plugins
[2008/11/06 09:20:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/12 19:46:02 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/08/08 18:16:43 | 000,009,216 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/01 14:01:58 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/08/01 14:01:58 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/06/18 11:57:13 | 000,004,359 | R--- | C] () -- \dell.sdr
[2008/06/18 11:57:02 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2008/06/18 11:57:02 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2008/06/18 11:57:02 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/02/04 20:23:25 | 000,333,203 | RHS- | C] () -- \bootmgr
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 20:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/12/01 22:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >

This post has been edited by richwnkc: 03 February 2012 - 03:16 PM

It may be nothing but OTL created doubt about a file.

Please run FRST tool in normal mode.
Type the following in the edit box after "Search:".

userinit.exe

Click Search File(s) button and post the log it makes to your reply.

Here is the output from the FRST64 search:

Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-02-03 18:54:25
Running from J:\

================== Search: "userinit.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0025088 ____A (Microsoft Corporation) 0E135526E9785D085BCD9AEDE6FBCBF9

C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0028160 ____A (Microsoft Corporation) A0AB2BB9A92293D9CE66E252719AB5FE

C:\Windows\SysWOW64\userinit.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0025088 ____A (Microsoft Corporation) 0E135526E9785D085BCD9AEDE6FBCBF9

C:\Windows\System32\userinit.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0028160 ____A (Microsoft Corporation) A0AB2BB9A92293D9CE66E252719AB5FE

C:\FRST\Quarantine\system64\userinit.exe
[2010-11-20 02:10] - [2010-11-20 05:25] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53

====== End Of Search ======

That looks good, it was a false alarm.

• Run Command Prompt as administrator:
  
  • Click on Start button.
    
  • Type Cmd in the Start Search text box.
    
  • Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator.
    
  • Type the following in the command window and press Enter: netsh winsock reset
    
  • Restart.
  
  
• Please go to start => Computer => open C drive, right-click FRST folder and select delete to remove the entire FRST folder. This will move the FRST folder to the Recycle Bin. Don't empty the Recycle Bin at this time. We will empty the content of the Recycle Bin later on.
  
  
• Restart the computer and tell me how is the system running.

After rebooting from the netsh winsock reset command it couldn't grab a DHCP address, even after I did an ipconfig /release and /renew. I finally disabled and then enabled the network adapter and after that it worked.

I then moved the FRST folder to the Recycle bin and rebooted.

Other than Trend Micro still thinking the only drive in the PC is the CD-ROM drive it seems to be running great. I imagine an uninstall/reinstall may fix that issue.

The IP stack was still acting flaky after each reboot, so I did a "netsh int ip reset" and it is behaving much better.

Unless you can think of anything else I think we can call this good.

Thank you for all your help!

Well done.

Indeed Trend Micro should be reinstalled. But before that let's check another MS file that is reported unsigned by OTL. You don't need to to to the recovery environment and do the following in normal mode:

Run FRST64.
Type the following in the edit box after "Search:".

winsrv.dll;afd.sys

Note: The file names should be separated by semicolon (;)

Click Search File(s) button and post the log it makes to your reply.

OK, here's that output:

Farbar Recovery Scan Tool Version: 28-01-2012
Ran by Owner at 2012-02-04 09:32:08
Running from J:\

================== Search: "winsrv.dll;afd.sys" ===================

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6002.22628_none_14ffb2816aff87a1\winsrv.dll
[2011-07-12 17:50] - [2011-04-20 09:38] - 0450560 ____A (Microsoft Corporation) 33353C4E98C0CCF7E2A817536EB58985

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6002.18456_none_1453a37851fc0bd5\winsrv.dll
[2011-07-12 17:50] - [2011-04-20 10:03] - 0451072 ____A (Microsoft Corporation) E5E5E593D4850B0AA24CF58B552147F3

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6002.18005_none_1488ab3251d4722d\winsrv.dll
[2009-08-18 14:58] - [2009-04-11 01:11] - 0450560 ____A (Microsoft Corporation) 36F234FD1AA7BAE559BB1C483FC76286

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6001.22904_none_132adf496dcc953f\winsrv.dll
[2011-07-12 17:50] - [2011-04-20 08:59] - 0450048 ____A (Microsoft Corporation) CCCFC223E76D14E622D8F2BB5E90B58D

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6001.18638_none_1284d01654c3b456\winsrv.dll
[2011-07-12 17:50] - [2011-04-20 09:16] - 0450048 ____A (Microsoft Corporation) 2D94E4CE322F12061D3FA7DBE65E9AC5

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6001.18000_none_129d322654b2a6e1\winsrv.dll
[2008-01-20 20:49] - [2008-01-20 20:49] - 0450048 ____A (Microsoft Corporation) A9C654098A5CA39618DA9D022A6691B8

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys
[2011-06-16 12:14] - [2011-04-21 07:54] - 0405504 ____A (Microsoft Corporation) 7B8E5F3A0626CA83B706F0738830845F

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys
[2011-06-16 12:14] - [2011-04-21 08:20] - 0405504 ____A (Microsoft Corporation) 0CC146C4ADDEA45791B18B1E2659F4A9

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys
[2009-08-18 14:58] - [2009-04-10 23:44] - 0406016 ____A (Microsoft Corporation) 12415CCFD3E7CEC55B5184E67B039FE4

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys
[2011-06-16 12:14] - [2011-04-21 07:47] - 0408064 ____A (Microsoft Corporation) B53144D2EBB0843DD0436F5EA6953F65

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys
[2011-06-16 12:14] - [2011-04-21 07:42] - 0407552 ____A (Microsoft Corporation) 9BB97042FA331A0FB4BDD98B9280A50A

C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_3406de1616ca9086\afd.sys
[2008-01-20 20:48] - [2008-01-20 20:48] - 0408064 ____A (Microsoft Corporation) DB37041AB857ABC7E179E856D8E1582C

C:\Windows\System32\winsrv.dll
[2011-07-12 17:50] - [2011-04-20 10:03] - 0451072 ____A (Microsoft Corporation) E5E5E593D4850B0AA24CF58B552147F3

C:\Windows\System32\drivers\afd.sys
[2011-06-16 12:14] - [2011-04-21 08:20] - 0405504 ____A (Microsoft Corporation) 0CC146C4ADDEA45791B18B1E2659F4A9

C:\Windows\SoftwareDistribution\Download\11d386741a321c40de2774a3d212908a\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6002.22747_none_14e914456b10a353\winsrv.dll
[2012-02-04 03:00] - [2011-11-25 09:23] - 0451072 ____A (Microsoft Corporation) 4748B07819F01FE47CF1FA4B30D9286F

C:\Windows\SoftwareDistribution\Download\11d386741a321c40de2774a3d212908a\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.0.6002.18545_none_145d750051f4d3b4\winsrv.dll
[2012-02-04 03:00] - [2011-11-25 10:25] - 0451072 ____A (Microsoft Corporation) AA137104CDFC81818A309CDE32ABB74A

C:\$Recycle.Bin\S-1-5-21-1766747594-2128106556-3595911938-1000\$R6LIXC0\Quarantine\system64\winsrv.dll
[2011-07-12 17:50] - [2011-04-20 10:03] - 0451072 ____A (Microsoft Corporation) E5E5E593D4850B0AA24CF58B552147F3

C:\$Recycle.Bin\S-1-5-21-1766747594-2128106556-3595911938-1000\$R6LIXC0\Quarantine\system64\drivers\afd.sys
[2011-06-16 12:14] - [2011-04-21 08:20] - 0405504 ____A (Microsoft Corporation) 0CC146C4ADDEA45791B18B1E2659F4A9

====== End Of Search ======

Also forgot to ask, can I go ahead and empty the Recycle bin now?

Thanks!