After the email issue, I immediately deep scanned with all resources. No detections except Antivir did not complete. I re-ran and still did not finish. Same thing on a networked Win7 laptop. Today, Antivir completed with 1 detection (TR/Patched.Ren.Gen) Reading up, sources indicate that this is unlikely to be managed by normal defenses. The detection is quarantined.
Both computers do appear now to be functional, with no outward symptoms. I have the OTL attached as instructed. Don77 bailed me out back in about '06 and I can't express how much it helped. I just hope this round is easier for all of us.
Thank you for your consideration,
Wes
OTL logfile created on: 10/7/2013 2:47:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wes Net\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 32.92% Memory free
6.20 Gb Paging File | 3.81 Gb Available in Paging File | 61.46% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.93 Gb Total Space | 181.98 Gb Free Space | 62.99% Space Free | Partition Type: NTFS
Drive D: | 9.16 Gb Total Space | 0.94 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
Drive F: | 74.51 Gb Total Space | 61.89 Gb Free Space | 83.07% Space Free | Partition Type: FAT32
Drive G: | 7.46 Gb Total Space | 4.13 Gb Free Space | 55.40% Space Free | Partition Type: FAT32
Computer Name: WESNET-PC | User Name: Wes Net | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/07 14:47:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wes Net\Desktop\OTL.exe
PRC - [2013/10/07 08:51:21 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/10/07 08:51:15 | 000,431,688 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/10/07 08:51:14 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/10/07 08:51:13 | 000,681,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/10/07 08:51:12 | 000,661,064 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
PRC - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
PRC - [2012/01/24 16:06:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
PRC - [2010/05/18 16:41:50 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/05/06 05:32:28 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2009/11/26 18:02:46 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaRegistry.exe
PRC - [2009/11/26 18:02:44 | 001,643,808 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 22:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007/07/10 13:28:48 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\ACFXAU32.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/03 02:03:05 | 000,415,184 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 02:03:04 | 013,611,984 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
MOD - [2013/10/03 02:03:03 | 004,055,504 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 02:02:12 | 000,698,832 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 02:02:11 | 000,099,792 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 02:02:09 | 001,604,560 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2009/11/26 18:02:44 | 000,918,816 | ---- | M] () -- C:\Program Files\Ralink\Common\RaWLAPI.dll
========== Services (SafeList) ==========
SRV - [2013/10/07 08:51:21 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/10/07 08:51:14 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2010/05/06 05:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/11/26 18:02:46 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/10 13:28:48 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\ACFXAU32.exe -- (XAudioService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLVsp.sys -- (PTUMLVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLRMNET.sys -- (PTUMLRMNET)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLNVsp.sys -- (PTUMLNVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLNET.sys -- (PTUMLNET)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLMdm.sys -- (PTUMLMdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLCVsp.sys -- (PTUMLCVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLBUS.sys -- (PTUMLBUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\WESNET~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/10/07 08:51:22 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/10/07 08:51:22 | 000,089,376 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/10/07 08:51:22 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/02/06 14:19:14 | 001,690,784 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2870.sys -- (rt2870)
DRV - [2012/12/20 10:20:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/09/19 11:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/19 11:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010/12/15 14:38:30 | 000,203,008 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV - [2010/12/15 14:38:30 | 000,157,440 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (SWMX00)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/08 16:35:46 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/03/18 05:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 05:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 05:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 05:01:44 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010/03/18 05:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/11/26 18:02:34 | 000,822,272 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/09/10 04:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 04:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/08/10 12:08:48 | 000,024,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/07/10 13:28:38 | 000,028,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ACFDCP32.sys -- (dgcfltr)
DRV - [2007/07/10 13:28:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACFXAU32.sys -- (XAudio)
DRV - [2007/06/29 15:54:46 | 000,086,656 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ACFVA32.sys -- (acfva)
DRV - [2007/03/15 15:07:34 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACFSDK32.sys -- (mdmxsdk)
DRV - [2007/02/06 17:12:18 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiUSBXp.sys -- (SIUSBXP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toast.net/start/
IE - HKLM\..\SearchScopes,DefaultScope = {DA24BD83-F7E9-47B2-B85F-B646372EC06A}
IE - HKLM\..\SearchScopes\{A1203603-65D4-4425-B4CE-B537D7DAAF9A}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{DA24BD83-F7E9-47B2-B85F-B646372EC06A}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {DA24BD83-F7E9-47B2-B85F-B646372EC06A}
IE - HKCU\..\SearchScopes\{7FACEF8D-3875-4693-8C40-5090E2FDE828}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{A1203603-65D4-4425-B4CE-B537D7DAAF9A}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{DA24BD83-F7E9-47B2-B85F-B646372EC06A}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.5.9
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wes Net\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wes Net\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/10 15:45:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/16 23:26:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/03/14 13:58:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/12/15 21:09:34 | 000,000,000 | ---D | M]
[2012/03/10 14:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Extensions
[2010/09/04 10:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/03/16 22:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\o8xqpqe8.default\extensions
[2012/03/10 13:43:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions
[2011/06/07 08:50:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/03/10 13:43:31 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/10 22:11:19 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(35)
[2011/02/09 11:31:32 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(6)
[2012/03/06 10:22:53 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2012/03/10 13:43:27 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\[email protected]
[2013/03/16 22:19:31 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\o8xqpqe8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/02/29 22:48:44 | 000,007,936 | ---- | M] () (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\[email protected]\chrome\content\view_expiry.js
[2012/07/21 17:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[1999/12/31 17:00:00 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Wes Net\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Analytics Opt-out Add-on (by Google) = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012/03/09 14:23:50 | 000,440,678 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15173 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Display] C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: download.microsoft ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52B64376-08C4-4964-8C0A-E7B6CE5D16EF}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/17 14:25:37 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/07 14:47:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wes Net\Desktop\OTL.exe
[2013/10/03 07:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Revo Uninstaller
[2013/09/14 09:14:00 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/09/14 09:14:00 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/14 09:14:00 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/09/14 09:14:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2013/09/14 09:13:59 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/14 09:13:59 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/09/14 09:13:59 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/09/14 09:13:59 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/14 09:13:59 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/14 09:13:59 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/14 09:12:47 | 002,049,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/07 15:06:43 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\PCPE Setup.exe
[2013/05/07 15:06:43 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\Wes Net\mfc80u.dll
[2013/05/07 15:06:43 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Wes Net\msvcr80.dll
[2013/05/07 15:06:43 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\pt_res.dll
[2013/05/07 15:06:43 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\en_res.dll
[2013/05/07 15:06:43 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\ru_res.dll
[2013/05/07 15:06:43 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\jp_res.dll
[2013/05/07 15:06:42 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\grm_res.dll
[2013/05/07 15:06:42 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\fr_res.dll
[2013/05/07 15:06:42 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\it_res.dll
[2013/05/07 15:06:42 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\es_res.dll
[2013/05/07 15:06:42 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\zh_res.dll
[2009/10/09 08:43:29 | 001,024,149 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\pchuteres.dll
[2009/10/09 08:43:29 | 000,839,827 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\res.dll
[2009/10/09 08:43:29 | 000,209,016 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\Display.exe
[2009/10/09 08:43:29 | 000,155,770 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\worksafe.exe
[2009/10/09 08:43:28 | 000,467,067 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\PowerChute.exe
[2009/10/09 08:43:28 | 000,413,816 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\apcsystray.exe
[2009/10/09 08:43:28 | 000,278,654 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\UpsControl.dll
[2009/10/09 08:43:28 | 000,262,268 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\UpsDevice.dll
[2009/10/09 08:43:28 | 000,249,974 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\MsgDll.dll
[2009/10/09 08:43:28 | 000,245,885 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\pdcdll.dll
[2009/10/09 08:43:28 | 000,233,592 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\drvutil.dll
[2009/10/09 08:43:28 | 000,155,770 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\mainserv.exe
[2009/10/09 08:43:28 | 000,155,764 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\force.exe
[2009/10/09 08:43:28 | 000,135,296 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\EventViewer.exe
[2009/10/09 08:43:28 | 000,061,440 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\ntutil.dll
[2009/10/09 08:43:28 | 000,049,152 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\ExecuteProcess.exe
========== Files - Modified Within 30 Days ==========
[2013/10/07 14:53:30 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 14:53:30 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 14:47:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wes Net\Desktop\OTL.exe
[2013/10/07 14:24:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3521371533-283708137-4137571409-1000UA.job
[2013/10/07 10:06:21 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8DB810DF-66F8-49A9-B2A3-59C87D2E4CF3}.job
[2013/10/07 08:55:42 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013/10/07 08:53:43 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/10/07 08:53:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/07 08:53:19 | 3209,879,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/07 08:51:22 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/10/07 08:51:22 | 000,089,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013/10/07 08:51:22 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013/10/07 00:34:35 | 002,532,628 | ---- | M] () -- C:\Users\Wes Net\Desktop\Intelligent_Zoned_Comfort_Control.pdf
[2013/10/07 00:33:15 | 002,532,628 | ---- | M] () -- C:\Users\Wes Net\Desktop\Intelligent_Zoned_Comfort_Control (1).pdf
[2013/10/07 00:24:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3521371533-283708137-4137571409-1000Core.job
[2013/10/06 12:53:56 | 000,326,723 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\census.cache
[2013/10/06 12:53:48 | 000,215,882 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\ars.cache
[2013/10/04 23:25:19 | 000,002,060 | ---- | M] () -- C:\Users\Wes Net\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/04 23:25:19 | 000,002,058 | ---- | M] () -- C:\Users\Wes Net\Desktop\Google Chrome.lnk
[2013/09/14 09:44:39 | 000,390,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013/10/07 00:34:35 | 002,532,628 | ---- | C] () -- C:\Users\Wes Net\Desktop\Intelligent_Zoned_Comfort_Control.pdf
[2013/10/07 00:33:11 | 002,532,628 | ---- | C] () -- C:\Users\Wes Net\Desktop\Intelligent_Zoned_Comfort_Control (1).pdf
[2013/06/10 20:22:10 | 000,326,723 | ---- | C] () -- C:\Users\Wes Net\AppData\Local\census.cache
[2013/06/10 20:21:41 | 000,215,882 | ---- | C] () -- C:\Users\Wes Net\AppData\Local\ars.cache
[2013/06/10 20:07:26 | 000,000,036 | ---- | C] () -- C:\Users\Wes Net\AppData\Local\housecall.guid.cache
[2013/05/07 15:06:45 | 013,338,112 | ---- | C] () -- C:\Users\Wes Net\PCPE_3.0.1.msi
[2013/05/07 15:06:43 | 000,018,808 | ---- | C] () -- C:\Users\Wes Net\ResourceReader.dll
[2013/01/15 18:49:48 | 000,014,172 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2013/01/13 14:40:39 | 000,147,456 | ---- | C] () -- C:\Windows\System32\DiagFunc.dll
[2013/01/13 14:40:39 | 000,000,516 | ---- | C] () -- C:\Windows\System32\DiagFunc.ini
[2013/01/13 14:40:39 | 000,000,072 | ---- | C] () -- C:\Windows\System32\RaCertMgr.ini
[2012/10/20 15:26:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/10/20 15:24:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/09 12:12:28 | 000,000,680 | -H-- | C] () -- C:\Users\Wes Net\AppData\Local\d3d9caps.dat
[2012/02/16 15:45:46 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2011/04/06 19:02:29 | 000,021,863 | -H-- | C] () -- C:\Users\Wes Net\Tacoma Driving.csv
[2010/09/05 12:28:22 | 000,000,000 | -H-- | C] () -- C:\Users\Wes Net\ipconfig
[2009/10/09 08:43:29 | 000,080,252 | ---- | C] () -- C:\Program Files\APC PCPE for 98.chm
[2009/10/09 08:43:29 | 000,073,786 | ---- | C] () -- C:\Program Files\APC PCPE for XP.chm
[2009/10/09 08:43:29 | 000,000,130 | ---- | C] () -- C:\Program Files\AllowStandby.reg
[2009/10/09 08:43:28 | 000,010,300 | ---- | C] () -- C:\Program Files\eventlog.dat
[2009/10/09 08:43:28 | 000,006,993 | ---- | C] () -- C:\Program Files\apc_pcp1.cat
[2009/10/09 08:43:28 | 000,002,465 | ---- | C] () -- C:\Program Files\ehib.exe
[2009/10/09 08:43:28 | 000,001,046 | ---- | C] () -- C:\Program Files\ApcUps.inf
[2009/10/09 08:43:28 | 000,000,257 | ---- | C] () -- C:\Program Files\DisableSplashScreen.reg
[2009/10/09 08:43:28 | 000,000,255 | ---- | C] () -- C:\Program Files\EnableSplashScreen.reg
[2009/10/09 08:43:28 | 000,000,135 | ---- | C] () -- C:\Program Files\Enable ADS.reg
[2009/10/09 08:43:28 | 000,000,135 | ---- | C] () -- C:\Program Files\Disable ADS.reg
[2008/08/31 09:46:48 | 000,011,264 | ---- | C] () -- C:\Users\Wes Net\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/29 15:20:20 | 000,004,744 | ---- | C] () -- C:\Users\Wes Net\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Files - Unicode (All) ==========
[2013/10/02 10:05:19 | 098,743,931 | ---- | M] ()(C:\Windows\System32\???) -- C:\Windows\System32\梯윍᭄
[2013/10/02 10:05:19 | 098,743,931 | ---- | C] ()(C:\Windows\System32\???) -- C:\Windows\System32\梯윍᭄
[2013/09/04 16:15:24 | 095,956,132 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\ꉡ螃᭄
[2013/09/04 07:58:06 | 095,956,132 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\ꉡ螃᭄
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >