Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/Patched.Ren.Gen


  • This topic is locked This topic is locked

#1
Sparky131

Sparky131

    Member

  • Member
  • PipPip
  • 18 posts
First Indication of infection: When signing in to email, the first or second keystroke popped up a small "run" window. It said: "type the name of a program, doc, folder, or Inet resource, & Windows will find it for you". That is not normal, and I was immediately on alert. I was careful not to enter anything and was even hesitant to click to close. Then data entry all over the place produced unexpected results...browsers popping up, keys not working and sometimes not inserting the correct character. I use Avira, Malwarebytes, SpywareBlaster, and Trend Micro's Housecall. I keep versions and definitions up to date and scan regularly.

After the email issue, I immediately deep scanned with all resources. No detections except Antivir did not complete. I re-ran and still did not finish. Same thing on a networked Win7 laptop. Today, Antivir completed with 1 detection (TR/Patched.Ren.Gen) Reading up, sources indicate that this is unlikely to be managed by normal defenses. The detection is quarantined.

Both computers do appear now to be functional, with no outward symptoms. I have the OTL attached as instructed. Don77 bailed me out back in about '06 and I can't express how much it helped. I just hope this round is easier for all of us.

Thank you for your consideration,

Wes

OTL logfile created on: 10/7/2013 2:47:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wes Net\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 32.92% Memory free
6.20 Gb Paging File | 3.81 Gb Available in Paging File | 61.46% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.93 Gb Total Space | 181.98 Gb Free Space | 62.99% Space Free | Partition Type: NTFS
Drive D: | 9.16 Gb Total Space | 0.94 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
Drive F: | 74.51 Gb Total Space | 61.89 Gb Free Space | 83.07% Space Free | Partition Type: FAT32
Drive G: | 7.46 Gb Total Space | 4.13 Gb Free Space | 55.40% Space Free | Partition Type: FAT32

Computer Name: WESNET-PC | User Name: Wes Net | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/07 14:47:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wes Net\Desktop\OTL.exe
PRC - [2013/10/07 08:51:21 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/10/07 08:51:15 | 000,431,688 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/10/07 08:51:14 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/10/07 08:51:13 | 000,681,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/10/07 08:51:12 | 000,661,064 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
PRC - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
PRC - [2012/01/24 16:06:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
PRC - [2010/05/18 16:41:50 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/05/06 05:32:28 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2009/11/26 18:02:46 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaRegistry.exe
PRC - [2009/11/26 18:02:44 | 001,643,808 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 22:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007/07/10 13:28:48 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\ACFXAU32.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/03 02:03:05 | 000,415,184 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 02:03:04 | 013,611,984 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
MOD - [2013/10/03 02:03:03 | 004,055,504 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 02:02:12 | 000,698,832 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 02:02:11 | 000,099,792 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 02:02:09 | 001,604,560 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2009/11/26 18:02:44 | 000,918,816 | ---- | M] () -- C:\Program Files\Ralink\Common\RaWLAPI.dll


========== Services (SafeList) ==========

SRV - [2013/10/07 08:51:21 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/10/07 08:51:14 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2010/05/06 05:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/11/26 18:02:46 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/10 13:28:48 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\ACFXAU32.exe -- (XAudioService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLVsp.sys -- (PTUMLVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLRMNET.sys -- (PTUMLRMNET)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLNVsp.sys -- (PTUMLNVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLNET.sys -- (PTUMLNET)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLMdm.sys -- (PTUMLMdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLCVsp.sys -- (PTUMLCVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLBUS.sys -- (PTUMLBUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\WESNET~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/10/07 08:51:22 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/10/07 08:51:22 | 000,089,376 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/10/07 08:51:22 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/02/06 14:19:14 | 001,690,784 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2870.sys -- (rt2870)
DRV - [2012/12/20 10:20:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/09/19 11:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/19 11:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010/12/15 14:38:30 | 000,203,008 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV - [2010/12/15 14:38:30 | 000,157,440 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (SWMX00)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/08 16:35:46 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/03/18 05:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 05:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 05:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 05:01:44 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010/03/18 05:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/11/26 18:02:34 | 000,822,272 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/09/10 04:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 04:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/08/10 12:08:48 | 000,024,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/07/10 13:28:38 | 000,028,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ACFDCP32.sys -- (dgcfltr)
DRV - [2007/07/10 13:28:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACFXAU32.sys -- (XAudio)
DRV - [2007/06/29 15:54:46 | 000,086,656 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ACFVA32.sys -- (acfva)
DRV - [2007/03/15 15:07:34 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACFSDK32.sys -- (mdmxsdk)
DRV - [2007/02/06 17:12:18 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiUSBXp.sys -- (SIUSBXP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toast.net/start/
IE - HKLM\..\SearchScopes,DefaultScope = {DA24BD83-F7E9-47B2-B85F-B646372EC06A}
IE - HKLM\..\SearchScopes\{A1203603-65D4-4425-B4CE-B537D7DAAF9A}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{DA24BD83-F7E9-47B2-B85F-B646372EC06A}: "URL" = http://search.yahoo....ing}&fr=hp-psdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {DA24BD83-F7E9-47B2-B85F-B646372EC06A}
IE - HKCU\..\SearchScopes\{7FACEF8D-3875-4693-8C40-5090E2FDE828}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{A1203603-65D4-4425-B4CE-B537D7DAAF9A}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{DA24BD83-F7E9-47B2-B85F-B646372EC06A}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.5.9
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wes Net\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wes Net\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/10 15:45:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/16 23:26:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/03/14 13:58:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/12/15 21:09:34 | 000,000,000 | ---D | M]

[2012/03/10 14:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Extensions
[2010/09/04 10:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/03/16 22:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\o8xqpqe8.default\extensions
[2012/03/10 13:43:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions
[2011/06/07 08:50:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/03/10 13:43:31 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/10 22:11:19 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(35)
[2011/02/09 11:31:32 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(6)
[2012/03/06 10:22:53 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2012/03/10 13:43:27 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\[email protected]
[2013/03/16 22:19:31 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\o8xqpqe8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/02/29 22:48:44 | 000,007,936 | ---- | M] () (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\[email protected]\chrome\content\view_expiry.js
[2012/07/21 17:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[1999/12/31 17:00:00 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Wes Net\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Analytics Opt-out Add-on (by Google) = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/03/09 14:23:50 | 000,440,678 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15173 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Display] C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: download.microsoft ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52B64376-08C4-4964-8C0A-E7B6CE5D16EF}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/17 14:25:37 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/07 14:47:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wes Net\Desktop\OTL.exe
[2013/10/03 07:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Revo Uninstaller
[2013/09/14 09:14:00 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/09/14 09:14:00 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/14 09:14:00 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/09/14 09:14:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2013/09/14 09:13:59 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/14 09:13:59 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/09/14 09:13:59 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/09/14 09:13:59 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/14 09:13:59 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/14 09:13:59 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/14 09:12:47 | 002,049,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/07 15:06:43 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\PCPE Setup.exe
[2013/05/07 15:06:43 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\Wes Net\mfc80u.dll
[2013/05/07 15:06:43 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Wes Net\msvcr80.dll
[2013/05/07 15:06:43 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\pt_res.dll
[2013/05/07 15:06:43 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\en_res.dll
[2013/05/07 15:06:43 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\ru_res.dll
[2013/05/07 15:06:43 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\jp_res.dll
[2013/05/07 15:06:42 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\grm_res.dll
[2013/05/07 15:06:42 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\fr_res.dll
[2013/05/07 15:06:42 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\it_res.dll
[2013/05/07 15:06:42 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\es_res.dll
[2013/05/07 15:06:42 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\zh_res.dll
[2009/10/09 08:43:29 | 001,024,149 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\pchuteres.dll
[2009/10/09 08:43:29 | 000,839,827 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\res.dll
[2009/10/09 08:43:29 | 000,209,016 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\Display.exe
[2009/10/09 08:43:29 | 000,155,770 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\worksafe.exe
[2009/10/09 08:43:28 | 000,467,067 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\PowerChute.exe
[2009/10/09 08:43:28 | 000,413,816 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\apcsystray.exe
[2009/10/09 08:43:28 | 000,278,654 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\UpsControl.dll
[2009/10/09 08:43:28 | 000,262,268 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\UpsDevice.dll
[2009/10/09 08:43:28 | 000,249,974 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\MsgDll.dll
[2009/10/09 08:43:28 | 000,245,885 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\pdcdll.dll
[2009/10/09 08:43:28 | 000,233,592 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\drvutil.dll
[2009/10/09 08:43:28 | 000,155,770 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\mainserv.exe
[2009/10/09 08:43:28 | 000,155,764 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\force.exe
[2009/10/09 08:43:28 | 000,135,296 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\EventViewer.exe
[2009/10/09 08:43:28 | 000,061,440 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\ntutil.dll
[2009/10/09 08:43:28 | 000,049,152 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\ExecuteProcess.exe

========== Files - Modified Within 30 Days ==========

[2013/10/07 14:53:30 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 14:53:30 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 14:47:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wes Net\Desktop\OTL.exe
[2013/10/07 14:24:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3521371533-283708137-4137571409-1000UA.job
[2013/10/07 10:06:21 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8DB810DF-66F8-49A9-B2A3-59C87D2E4CF3}.job
[2013/10/07 08:55:42 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013/10/07 08:53:43 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/10/07 08:53:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/07 08:53:19 | 3209,879,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/07 08:51:22 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/10/07 08:51:22 | 000,089,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013/10/07 08:51:22 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013/10/07 00:34:35 | 002,532,628 | ---- | M] () -- C:\Users\Wes Net\Desktop\Intelligent_Zoned_Comfort_Control.pdf
[2013/10/07 00:33:15 | 002,532,628 | ---- | M] () -- C:\Users\Wes Net\Desktop\Intelligent_Zoned_Comfort_Control (1).pdf
[2013/10/07 00:24:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3521371533-283708137-4137571409-1000Core.job
[2013/10/06 12:53:56 | 000,326,723 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\census.cache
[2013/10/06 12:53:48 | 000,215,882 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\ars.cache
[2013/10/04 23:25:19 | 000,002,060 | ---- | M] () -- C:\Users\Wes Net\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/04 23:25:19 | 000,002,058 | ---- | M] () -- C:\Users\Wes Net\Desktop\Google Chrome.lnk
[2013/09/14 09:44:39 | 000,390,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/10/07 00:34:35 | 002,532,628 | ---- | C] () -- C:\Users\Wes Net\Desktop\Intelligent_Zoned_Comfort_Control.pdf
[2013/10/07 00:33:11 | 002,532,628 | ---- | C] () -- C:\Users\Wes Net\Desktop\Intelligent_Zoned_Comfort_Control (1).pdf
[2013/06/10 20:22:10 | 000,326,723 | ---- | C] () -- C:\Users\Wes Net\AppData\Local\census.cache
[2013/06/10 20:21:41 | 000,215,882 | ---- | C] () -- C:\Users\Wes Net\AppData\Local\ars.cache
[2013/06/10 20:07:26 | 000,000,036 | ---- | C] () -- C:\Users\Wes Net\AppData\Local\housecall.guid.cache
[2013/05/07 15:06:45 | 013,338,112 | ---- | C] () -- C:\Users\Wes Net\PCPE_3.0.1.msi
[2013/05/07 15:06:43 | 000,018,808 | ---- | C] () -- C:\Users\Wes Net\ResourceReader.dll
[2013/01/15 18:49:48 | 000,014,172 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2013/01/13 14:40:39 | 000,147,456 | ---- | C] () -- C:\Windows\System32\DiagFunc.dll
[2013/01/13 14:40:39 | 000,000,516 | ---- | C] () -- C:\Windows\System32\DiagFunc.ini
[2013/01/13 14:40:39 | 000,000,072 | ---- | C] () -- C:\Windows\System32\RaCertMgr.ini
[2012/10/20 15:26:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/10/20 15:24:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/09 12:12:28 | 000,000,680 | -H-- | C] () -- C:\Users\Wes Net\AppData\Local\d3d9caps.dat
[2012/02/16 15:45:46 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2011/04/06 19:02:29 | 000,021,863 | -H-- | C] () -- C:\Users\Wes Net\Tacoma Driving.csv
[2010/09/05 12:28:22 | 000,000,000 | -H-- | C] () -- C:\Users\Wes Net\ipconfig
[2009/10/09 08:43:29 | 000,080,252 | ---- | C] () -- C:\Program Files\APC PCPE for 98.chm
[2009/10/09 08:43:29 | 000,073,786 | ---- | C] () -- C:\Program Files\APC PCPE for XP.chm
[2009/10/09 08:43:29 | 000,000,130 | ---- | C] () -- C:\Program Files\AllowStandby.reg
[2009/10/09 08:43:28 | 000,010,300 | ---- | C] () -- C:\Program Files\eventlog.dat
[2009/10/09 08:43:28 | 000,006,993 | ---- | C] () -- C:\Program Files\apc_pcp1.cat
[2009/10/09 08:43:28 | 000,002,465 | ---- | C] () -- C:\Program Files\ehib.exe
[2009/10/09 08:43:28 | 000,001,046 | ---- | C] () -- C:\Program Files\ApcUps.inf
[2009/10/09 08:43:28 | 000,000,257 | ---- | C] () -- C:\Program Files\DisableSplashScreen.reg
[2009/10/09 08:43:28 | 000,000,255 | ---- | C] () -- C:\Program Files\EnableSplashScreen.reg
[2009/10/09 08:43:28 | 000,000,135 | ---- | C] () -- C:\Program Files\Enable ADS.reg
[2009/10/09 08:43:28 | 000,000,135 | ---- | C] () -- C:\Program Files\Disable ADS.reg
[2008/08/31 09:46:48 | 000,011,264 | ---- | C] () -- C:\Users\Wes Net\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/29 15:20:20 | 000,004,744 | ---- | C] () -- C:\Users\Wes Net\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2013/10/02 10:05:19 | 098,743,931 | ---- | M] ()(C:\Windows\System32\???) -- C:\Windows\System32\梯윍᭄
[2013/10/02 10:05:19 | 098,743,931 | ---- | C] ()(C:\Windows\System32\???) -- C:\Windows\System32\梯윍᭄
[2013/09/04 16:15:24 | 095,956,132 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\ꉡ螃᭄œ
[2013/09/04 07:58:06 | 095,956,132 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\ꉡ螃᭄œ

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Attached Files

  • Attached File  OTL.Txt   78.14KB   135 downloads

  • 0

Advertisements


#2
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello,Sparky131 and weclome to Geeks To Go!

I am nathdep and I will be helping you with your malware problems.

Here are some general steps to follow during the clean up procedure:


  • Please print these instructions as well as future instructions as you may have to boot in safe mode and will not be able to access this site via the internet. Another solution is saving these instructions by copying and pasting them into notebook and saving the file in a convenient location.
  • Please be patient as the malware removal process could be lengthy, complex, and at times frustrating. Your cooperation throughout the entire process will benefit you as it will expedite your removal time. Please keep this issue in this post and do not post this same issue on a different site. Doing so can be compared to a patient seeing two different doctors. If the two different doctors are not aware of what medication the other doctor is prescribing, the patient could be risking his life. This is synonymous to a computer's health.
  • Please read (and re-read) the instructions entirely as not following the instructions carefully can produce damaging results.
  • Please tell me how your computer is running in the beginning of each post. Tell me both recurring and new
    issues
    as this added information can shed even more light to the problems you are experiencing.

I have to get my first fix approved by my teacher. I will be back soon!
  • 0

#3
Sparky131

Sparky131

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thank you Nathdep for your interest. UPDATE: This AM CPU start-up was atypical, so I ran another Avira scan and it found TR/Patched.Ren.Gen again. It is quarantined again. Some items are missing from the status tray, (APC monitor) as well as Cap Locks and other machine related advisers. Computer does appear to be at least largely functional.

If you can handle this mission, I promise you I will do everything I can to make it as easy as humanly possible. I am good at following directions, and will not proceed recklessly. I totally appreciate the fact that there are those willing to share their unique abilities with those of us less capable and so much in need.

Thanks,

Wes
  • 0

#4
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello again! :)

I'm very sorry for the delay!

I know that it will be a pleasure working with you!

Please follow these instructions very carefully:

First,
Download aswMbr.exe by clicking here to your Desktop.
  • Run aswMBR.exe (Vista or Win 7 => right click and Run As Administrator)
  • Uncheck trace disk IO calls
  • Click the "Scan" button to start scan (Accept the Avast Engine)
  • On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
  • If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

Next, open OTL

  • Under the Extra Registry heading, make sure that the bubble next to Use SafeList is checked
  • Click the Run Scan button.
  • Allow the scan to run unhindered.
  • Two resulting logs shall appear. They should include OTL.txt and Extras.txt
  • Please include these in your next post.

Next,

Could you please show me the most recent Antivir log that you have?

If you do not know where the logs are located, please navigate here:

C:\ProgramData\Avira\AntiVir Desktop\LOGFILES

In your next post, be sure to include the following:

  • The aswMBR log
  • OTL.txt
  • Extras.txt
  • The Antivir log
  • A report on if you experienced any problems by following the instructions above.

  • 0

#5
Sparky131

Sparky131

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Is that really you Sergei? You are very well preserved!

Per your instructions:

aswMBR Log

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-10 17:42:35
-----------------------------
17:42:35.721 OS Version: Windows 6.0.6002 Service Pack 2
17:42:35.721 Number of processors: 2 586 0xF0D
17:42:35.723 ComputerName: WESNET-PC UserName: Wes Net
17:42:37.971 Initialize success
17:44:24.272 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-3
17:44:24.274 Disk 0 Vendor: Hitachi_HDP725032GLA380 GM3OA57A Size: 305245MB BusType: 3
17:44:24.377 Disk 0 MBR read successfully
17:44:24.380 Disk 0 MBR scan
17:44:24.383 Disk 0 unknown MBR code
17:44:24.386 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 295866 MB offset 63
17:44:24.421 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9376 MB offset 605934000
17:44:24.427 Disk 0 scanning sectors +625136400
17:44:24.503 Disk 0 scanning C:\Windows\system32\drivers
17:44:37.973 Service scanning
17:44:59.192 Modules scanning
17:45:08.334 Scan finished successfully
17:45:38.951 Disk 0 MBR has been saved successfully to "C:\Users\Wes Net\Desktop\MBR.dat"
17:45:38.953 The log file has been saved successfully to "C:\Users\Wes Net\Desktop\aswMBR.txt"

OTL Logs:
OTL Extras:

OTL logfile created on: 10/10/2013 5:46:37 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wes Net\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 52.41% Memory free
6.20 Gb Paging File | 4.10 Gb Available in Paging File | 66.16% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.93 Gb Total Space | 180.94 Gb Free Space | 62.62% Space Free | Partition Type: NTFS
Drive D: | 9.16 Gb Total Space | 1.01 Gb Free Space | 11.03% Space Free | Partition Type: NTFS
Drive F: | 74.51 Gb Total Space | 61.89 Gb Free Space | 83.07% Space Free | Partition Type: FAT32

Computer Name: WESNET-PC | User Name: Wes Net | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/10 17:42:17 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Wes Net\Desktop\aswmbr.exe
PRC - [2013/10/07 14:47:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wes Net\Desktop\OTL.exe
PRC - [2013/10/07 08:51:21 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/10/07 08:51:15 | 000,431,688 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/10/07 08:51:14 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/10/07 08:51:13 | 000,681,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
PRC - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
PRC - [2012/01/24 16:06:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
PRC - [2010/05/18 16:41:50 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/05/06 05:32:28 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2009/11/26 18:02:46 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaRegistry.exe
PRC - [2009/11/26 18:02:44 | 001,643,808 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/07/10 13:28:48 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\ACFXAU32.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 07:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [1999/03/18 01:38:10 | 008,798,260 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\WINWORD.EXE


========== Modules (No Company Name) ==========

MOD - [2013/10/03 02:03:05 | 000,415,184 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 02:03:04 | 013,611,984 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
MOD - [2013/10/03 02:03:03 | 004,055,504 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 02:02:12 | 000,698,832 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 02:02:11 | 000,099,792 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 02:02:09 | 001,604,560 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2009/11/26 18:02:44 | 000,918,816 | ---- | M] () -- C:\Program Files\Ralink\Common\RaWLAPI.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/10/07 08:51:21 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/10/07 08:51:14 | 000,440,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2010/05/06 05:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/11/26 18:02:46 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/10 13:28:48 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\ACFXAU32.exe -- (XAudioService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLVsp.sys -- (PTUMLVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLRMNET.sys -- (PTUMLRMNET)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLNVsp.sys -- (PTUMLNVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLNET.sys -- (PTUMLNET)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLMdm.sys -- (PTUMLMdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLCVsp.sys -- (PTUMLCVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMLBUS.sys -- (PTUMLBUS)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\PRSBDRVR.SYS -- (PRSBDRVR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pctnullport.sys -- (Nmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\DasBootF.SYS -- (DasBootF)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\DasBoot.SYS -- (DasBoot)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\WESNET~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\WESNET~1\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/10/07 08:51:22 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/10/07 08:51:22 | 000,089,376 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/10/07 08:51:22 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/06/12 14:10:56 | 000,031,848 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\DasPtct.SYS -- (DasPtct)
DRV - [2013/02/06 14:19:14 | 001,690,784 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2870.sys -- (rt2870)
DRV - [2012/12/20 10:20:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/09/19 11:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/19 11:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010/12/15 14:38:30 | 000,203,008 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00)
DRV - [2010/12/15 14:38:30 | 000,157,440 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (SWMX00)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/06/08 16:35:46 | 000,229,376 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/03/18 05:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/03/18 05:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/03/18 05:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/03/18 05:01:44 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2010/03/18 05:01:36 | 000,040,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009/11/26 18:02:34 | 000,822,272 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/09/10 04:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 04:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/08/10 12:08:48 | 000,024,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/07/10 13:28:38 | 000,028,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ACFDCP32.sys -- (dgcfltr)
DRV - [2007/07/10 13:28:32 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACFXAU32.sys -- (XAudio)
DRV - [2007/06/29 15:54:46 | 000,086,656 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ACFVA32.sys -- (acfva)
DRV - [2007/03/15 15:07:34 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACFSDK32.sys -- (mdmxsdk)
DRV - [2007/02/06 17:12:18 | 000,014,848 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiUSBXp.sys -- (SIUSBXP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toast.net/start/
IE - HKLM\..\SearchScopes,DefaultScope = {DA24BD83-F7E9-47B2-B85F-B646372EC06A}
IE - HKLM\..\SearchScopes\{A1203603-65D4-4425-B4CE-B537D7DAAF9A}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{DA24BD83-F7E9-47B2-B85F-B646372EC06A}: "URL" = http://search.yahoo....ing}&fr=hp-psdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {DA24BD83-F7E9-47B2-B85F-B646372EC06A}
IE - HKCU\..\SearchScopes\{7FACEF8D-3875-4693-8C40-5090E2FDE828}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{A1203603-65D4-4425-B4CE-B537D7DAAF9A}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{DA24BD83-F7E9-47B2-B85F-B646372EC06A}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.5.9
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wes Net\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wes Net\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/10 15:45:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/16 23:26:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/03/14 13:58:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/12/15 21:09:34 | 000,000,000 | ---D | M]

[2012/03/10 14:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Extensions
[2010/09/04 10:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/10/07 21:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\o8xqpqe8.default\extensions
[2013/10/07 21:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\o8xqpqe8.default\extensions\staged
[2012/03/10 13:43:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions
[2011/06/07 08:50:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/03/10 13:43:31 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/10 22:11:19 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(35)
[2011/02/09 11:31:32 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}(6)
[2012/03/06 10:22:53 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2012/03/10 13:43:27 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\[email protected]
[2013/03/16 22:19:31 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\o8xqpqe8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/10/07 21:02:05 | 000,534,729 | ---- | M] () (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\o8xqpqe8.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/02/29 22:48:44 | 000,007,936 | ---- | M] () (No name found) -- C:\Users\Wes Net\AppData\Roaming\Mozilla\Firefox\Profiles\qnwy449z.default\extensions\[email protected]\chrome\content\view_expiry.js
[2012/07/21 17:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[1999/12/31 17:00:00 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wes Net\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Disabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Wes Net\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Analytics Opt-out Add-on (by Google) = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Wes Net\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/03/09 14:23:50 | 000,440,678 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15173 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Display] C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: download.microsoft ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52B64376-08C4-4964-8C0A-E7B6CE5D16EF}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/17 14:25:37 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/10 17:42:13 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Wes Net\Desktop\aswmbr.exe
[2013/10/10 09:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/10/10 08:34:54 | 029,527,448 | ---- | C] (Panda Security ) -- C:\Users\Wes Net\Desktop\PandaCloudCleaner.exe
[2013/10/09 13:54:03 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/09 13:54:03 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/09 13:54:03 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/10/09 13:54:03 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/10/09 13:54:03 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/09 13:54:02 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/10/09 13:54:02 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/09 13:54:02 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/09 13:54:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2013/10/09 13:54:01 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/10/09 13:36:52 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/09 13:36:52 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/09 13:36:52 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/09 13:36:52 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/09 13:36:51 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/09 13:36:51 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/09 13:36:51 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/09 13:36:51 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/09 13:36:48 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/09 13:36:48 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/09 13:36:47 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/09 13:36:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/09 13:36:45 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/09 13:36:44 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 13:36:42 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/09 13:36:42 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/10/07 14:47:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wes Net\Desktop\OTL.exe
[2013/10/03 07:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\Revo Uninstaller
[2013/05/07 15:06:43 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\PCPE Setup.exe
[2013/05/07 15:06:43 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\Wes Net\mfc80u.dll
[2013/05/07 15:06:43 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Wes Net\msvcr80.dll
[2013/05/07 15:06:43 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\pt_res.dll
[2013/05/07 15:06:43 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\en_res.dll
[2013/05/07 15:06:43 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\ru_res.dll
[2013/05/07 15:06:43 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\jp_res.dll
[2013/05/07 15:06:42 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\grm_res.dll
[2013/05/07 15:06:42 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\fr_res.dll
[2013/05/07 15:06:42 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\it_res.dll
[2013/05/07 15:06:42 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\es_res.dll
[2013/05/07 15:06:42 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\Wes Net\zh_res.dll
[2009/10/09 08:43:29 | 001,024,149 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\pchuteres.dll
[2009/10/09 08:43:29 | 000,839,827 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\res.dll
[2009/10/09 08:43:29 | 000,209,016 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\Display.exe
[2009/10/09 08:43:29 | 000,155,770 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\worksafe.exe
[2009/10/09 08:43:28 | 000,467,067 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\PowerChute.exe
[2009/10/09 08:43:28 | 000,413,816 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\apcsystray.exe
[2009/10/09 08:43:28 | 000,278,654 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\UpsControl.dll
[2009/10/09 08:43:28 | 000,262,268 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\UpsDevice.dll
[2009/10/09 08:43:28 | 000,249,974 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\MsgDll.dll
[2009/10/09 08:43:28 | 000,245,885 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\pdcdll.dll
[2009/10/09 08:43:28 | 000,233,592 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\drvutil.dll
[2009/10/09 08:43:28 | 000,155,770 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\mainserv.exe
[2009/10/09 08:43:28 | 000,155,764 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\force.exe
[2009/10/09 08:43:28 | 000,135,296 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\EventViewer.exe
[2009/10/09 08:43:28 | 000,061,440 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\ntutil.dll
[2009/10/09 08:43:28 | 000,049,152 | ---- | C] (American Power Conversion Corporation) -- C:\Program Files\ExecuteProcess.exe

========== Files - Modified Within 30 Days ==========

[2013/10/10 17:45:38 | 000,000,512 | ---- | M] () -- C:\Users\Wes Net\Desktop\MBR.dat
[2013/10/10 17:42:17 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Wes Net\Desktop\aswmbr.exe
[2013/10/10 17:30:56 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3521371533-283708137-4137571409-1000UA.job
[2013/10/10 16:53:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/10 16:53:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/10 16:05:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/10 14:54:30 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013/10/10 14:53:38 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/10/10 14:52:59 | 3209,879,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/10 14:14:34 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8DB810DF-66F8-49A9-B2A3-59C87D2E4CF3}.job
[2013/10/10 09:35:38 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/10/10 08:34:58 | 029,527,448 | ---- | M] (Panda Security ) -- C:\Users\Wes Net\Desktop\PandaCloudCleaner.exe
[2013/10/09 18:30:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3521371533-283708137-4137571409-1000Core.job
[2013/10/09 14:39:17 | 000,640,408 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/09 14:39:17 | 000,118,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/09 14:31:53 | 000,390,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/09 14:25:50 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2013/10/07 14:47:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wes Net\Desktop\OTL.exe
[2013/10/07 08:51:22 | 000,137,208 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013/10/07 08:51:22 | 000,089,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013/10/07 08:51:22 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013/10/06 12:53:56 | 000,326,723 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\census.cache
[2013/10/06 12:53:48 | 000,215,882 | ---- | M] () -- C:\Users\Wes Net\AppData\Local\ars.cache
[2013/10/04 23:25:19 | 000,002,060 | ---- | M] () -- C:\Users\Wes Net\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/04 23:25:19 | 000,002,058 | ---- | M] () -- C:\Users\Wes Net\Desktop\Google Chrome.lnk
[2013/09/23 23:07:41 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/23 23:07:19 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/09/23 23:07:15 | 000,498,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/23 23:07:08 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/23 23:07:05 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/09/23 23:07:05 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/09/23 23:07:05 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/23 23:06:56 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2013/09/23 16:13:08 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/09/23 16:01:13 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files Created - No Company Name ==========

[2013/10/10 17:45:38 | 000,000,512 | ---- | C] () -- C:\Users\Wes Net\Desktop\MBR.dat
[2013/10/10 14:17:38 | 000,031,848 | ---- | C] () -- C:\Windows\System32\drivers\DasPtct.SYS
[2013/10/10 09:35:38 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2013/10/10 09:15:06 | 000,018,656 | ---- | C] () -- C:\Windows\System32\PCloudBroom.exe
[2013/06/10 20:22:10 | 000,326,723 | ---- | C] () -- C:\Users\Wes Net\AppData\Local\census.cache
[2013/06/10 20:21:41 | 000,215,882 | ---- | C] () -- C:\Users\Wes Net\AppData\Local\ars.cache
[2013/06/10 20:07:26 | 000,000,036 | ---- | C] () -- C:\Users\Wes Net\AppData\Local\housecall.guid.cache
[2013/05/07 15:06:45 | 013,338,112 | ---- | C] () -- C:\Users\Wes Net\PCPE_3.0.1.msi
[2013/05/07 15:06:43 | 000,018,808 | ---- | C] () -- C:\Users\Wes Net\ResourceReader.dll
[2013/01/15 18:49:48 | 000,014,172 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2013/01/13 14:40:39 | 000,147,456 | ---- | C] () -- C:\Windows\System32\DiagFunc.dll
[2013/01/13 14:40:39 | 000,000,516 | ---- | C] () -- C:\Windows\System32\DiagFunc.ini
[2013/01/13 14:40:39 | 000,000,072 | ---- | C] () -- C:\Windows\System32\RaCertMgr.ini
[2012/10/20 15:26:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/10/20 15:24:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/09 12:12:28 | 000,000,680 | -H-- | C] () -- C:\Users\Wes Net\AppData\Local\d3d9caps.dat
[2012/02/16 15:45:46 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2011/04/06 19:02:29 | 000,021,863 | -H-- | C] () -- C:\Users\Wes Net\Tacoma Driving.csv
[2010/09/05 12:28:22 | 000,000,000 | -H-- | C] () -- C:\Users\Wes Net\ipconfig
[2009/10/09 08:43:29 | 000,080,252 | ---- | C] () -- C:\Program Files\APC PCPE for 98.chm
[2009/10/09 08:43:29 | 000,073,786 | ---- | C] () -- C:\Program Files\APC PCPE for XP.chm
[2009/10/09 08:43:29 | 000,000,130 | ---- | C] () -- C:\Program Files\AllowStandby.reg
[2009/10/09 08:43:28 | 000,010,300 | ---- | C] () -- C:\Program Files\eventlog.dat
[2009/10/09 08:43:28 | 000,006,993 | ---- | C] () -- C:\Program Files\apc_pcp1.cat
[2009/10/09 08:43:28 | 000,002,465 | ---- | C] () -- C:\Program Files\ehib.exe
[2009/10/09 08:43:28 | 000,001,046 | ---- | C] () -- C:\Program Files\ApcUps.inf
[2009/10/09 08:43:28 | 000,000,257 | ---- | C] () -- C:\Program Files\DisableSplashScreen.reg
[2009/10/09 08:43:28 | 000,000,255 | ---- | C] () -- C:\Program Files\EnableSplashScreen.reg
[2009/10/09 08:43:28 | 000,000,135 | ---- | C] () -- C:\Program Files\Enable ADS.reg
[2009/10/09 08:43:28 | 000,000,135 | ---- | C] () -- C:\Program Files\Disable ADS.reg
[2008/08/31 09:46:48 | 000,011,264 | ---- | C] () -- C:\Users\Wes Net\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/29 15:20:20 | 000,004,744 | ---- | C] () -- C:\Users\Wes Net\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2013/10/02 10:05:19 | 098,743,931 | ---- | M] ()(C:\Windows\System32\???) -- C:\Windows\System32\梯윍᭄
[2013/10/02 10:05:19 | 098,743,931 | ---- | C] ()(C:\Windows\System32\???) -- C:\Windows\System32\梯윍᭄
[2013/09/04 16:15:24 | 095,956,132 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\ꉡ螃᭄œ
[2013/09/04 07:58:06 | 095,956,132 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\ꉡ螃᭄œ

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 10/10/2013 5:46:37 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wes Net\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 52.41% Memory free
6.20 Gb Paging File | 4.10 Gb Available in Paging File | 66.16% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.93 Gb Total Space | 180.94 Gb Free Space | 62.62% Space Free | Partition Type: NTFS
Drive D: | 9.16 Gb Total Space | 1.01 Gb Free Space | 11.03% Space Free | Partition Type: NTFS
Drive F: | 74.51 Gb Total Space | 61.89 Gb Free Space | 83.07% Space Free | Partition Type: FAT32

Computer Name: WESNET-PC | User Name: Wes Net | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032B7DBE-6CE4-4075-89AB-1CDAA3770869}" = lport=138 | protocol=17 | dir=in | app=system |
"{0C0CB4A5-DEC7-4CBE-9351-EE3EF90BB3D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{1C6CA8C6-4324-47E2-98BE-78516D39C007}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1F63870B-FDFE-4960-91CD-9304FA9A1805}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{208F82A5-48B0-4E57-B669-8CB27A5B9890}" = lport=137 | protocol=17 | dir=in | app=system |
"{2DA444DD-0233-4FB7-BAF5-669B4DA1B922}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2DD5B2C9-003E-454C-8E1D-9E0998396BE2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{39EB213D-D224-4D81-92F7-707EEA3380D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3AF8F6CC-F722-469D-9DB3-C7A15C3B8CD8}" = lport=445 | protocol=6 | dir=in | app=system |
"{445EBAC8-2322-4E42-9D76-F28CC10A7606}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5687F07A-D49F-4ED0-8A7E-9A29E37F45A5}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5BA2FE3B-9B30-4294-9460-E82AF4E71A88}" = rport=139 | protocol=6 | dir=out | app=system |
"{5F85B000-14CF-4416-A3FB-5EB56FC99A05}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6CD00EB2-6748-4B82-96A9-71AF6562D99F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{76C15847-E5C2-44F3-85AC-B41380F7C828}" = rport=137 | protocol=17 | dir=out | app=system |
"{793A935C-7E63-4042-8B3E-78921534FBCE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{992B8987-3FB3-4896-93DC-B668F397411E}" = rport=445 | protocol=6 | dir=out | app=system |
"{A0E919B8-61BA-469C-B740-EB98F21FCAF7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A58605C1-7F42-473E-99A0-AC532998E59D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B092D5DB-3F0D-4B10-863C-D96B4AC1C584}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B2CA4DA2-662B-444E-B027-4ABE17716571}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C7852925-147A-4936-A7D6-A45A05537A3A}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D2DABD4E-A24B-432D-A416-6276D94EC452}" = rport=138 | protocol=17 | dir=out | app=system |
"{DB214679-9B29-455C-A778-08CE1E1C7D02}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E08009D6-09A7-424C-91D8-AE608D31E481}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EACE6168-1220-4462-BE22-910C62A1D548}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F27B04D4-CB8A-4E17-95F4-9AA03EEFD00A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15317D31-F673-4DBC-B0C0-93A382D77808}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{22621394-40FA-40AD-A821-3DE75C88BA9B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{23040D49-1783-4E76-8EEA-D131E8A626C2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2F2FDD67-80C4-42A1-AD6F-8E35B911C2A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34251943-CE6A-4B4E-97C7-A75AACCFB0F7}" = protocol=58 | dir=out | [email protected],-28546 |
"{34DA112E-6E1D-4C7F-A170-1BFB720ECD79}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3D1DF19E-8066-48D2-B77F-8B9664C8B6D4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{49A597AA-AB86-4832-A5D0-8EC9AA5EF390}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51979638-C4A9-4AF6-8189-B8136546A879}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{51F28D71-8700-47C4-9E40-6B2AF98FB135}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F60A3B9-B78A-4C4A-B451-60D928A05B0B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D651FA1-2DFD-47AD-B87A-A0C7F2A25C37}" = protocol=1 | dir=in | [email protected],-28543 |
"{968BE969-2385-41E0-895F-863D1BF2BEE1}" = protocol=58 | dir=in | [email protected],-148 |
"{B1AEC005-3F83-45BD-BF4D-5B0FF4423A07}" = protocol=58 | dir=in | [email protected],-28545 |
"{BD581DF6-441A-42F8-99CD-3C453FB7BD79}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D33128AC-C575-4742-871C-84C291E64B10}" = protocol=17 | dir=in | app=c:\program files\discover\soan\soan.exe |
"{D7067976-C786-4A73-A40C-C02C4921D802}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DD8245AE-7863-47AD-A093-CC3D5114894C}" = protocol=1 | dir=out | [email protected],-28544 |
"{DEE746DA-A284-4D2C-9497-F400B0727AE6}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E2F7C427-3CED-4054-831A-27860D05E294}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EE40E4CF-B795-4289-AAEB-6C00136D656E}" = protocol=6 | dir=in | app=c:\program files\discover\soan\soan.exe |
"{F937DD62-443A-4219-B282-E67D86DC171B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{D30EAD10-4B89-48DF-9F0D-5622E61EC06A}C:\program files\media player classic - home cinema\mpc-hc.exe" = protocol=6 | dir=in | app=c:\program files\media player classic - home cinema\mpc-hc.exe |
"UDP Query User{BF1E1CC0-24E3-4BB4-85DD-18335130B074}C:\program files\media player classic - home cinema\mpc-hc.exe" = protocol=17 | dir=in | app=c:\program files\media player classic - home cinema\mpc-hc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D70917A-C58F-4220-9DB7-54309302881E}" = MasterCook Deluxe 8
"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D719053-5593-11D3-8F25-0060085C1758}" = Microsoft Streets and Trips 2001
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E7F5E50-6956-4446-87BF-F422A8736B7F}" = Secure Online Account Numbers
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{436F639D-D59B-455E-92FC-8346FEF8E571}_is1" = Firefox Backup Tool version 1.0
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.03
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf09
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7F2B6338-4C07-49A0-BDF0-AD92E3124A7E}" = Compaq Demo
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87AEED05-C717-47bc-93BB-F8E527D2690F}" = Canon D400-450
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E384B32-59C8-46EF-BEA6-4DC8F27CDB8E}" = InstallVC90Support
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A72BC4EA-DA4F-4F0D-97EE-AE92C9D33CBE}" = SecureZIP for Windows 12.20.0021
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AA18EE51-24A5-4748-A5E2-4B035C9A4AB2}" = Canon MP780
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B75BC01B-4586-43F8-9349-D250DB98F26F}" = SketchUp 2013
"{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1" = PDF-XChange Lite 4
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD4C5764-0DAF-4721-AF6E-6E556EA6E60A}" = ScanTool
"{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}" = SAMSUNG USB Driver for Mobile Phones V5.16.0.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4876FE6-1125-44C9-8C61-390DEBF4DCCF}" = MasterCook Betty Crocker
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.35
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"CNXT_MODEM_USB_ACF" = USB Modem
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{0D70917A-C58F-4220-9DB7-54309302881E}" = MasterCook Deluxe 8
"InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
"InstallShield_{C4876FE6-1125-44C9-8C61-390DEBF4DCCF}" = MasterCook Betty Crocker
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MasterCook 5: Cooking Light" = MasterCook 5: Cooking Light
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"MP Navigator 1.0" = Canon MP Navigator 1.0
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Revo Uninstaller" = Revo Uninstaller 1.94
"SP6" = Logitech SetPoint 6.1
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Visio Technical" = Visio Technical
"WildTangent hp Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"WONswap" = WONswap
"Wubi" = Ubuntu
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2013 3:58:36 PM | Computer Name = WesNet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8221

Error - 10/10/2013 3:58:37 PM | Computer Name = WesNet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/10/2013 3:58:37 PM | Computer Name = WesNet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9219

Error - 10/10/2013 3:58:37 PM | Computer Name = WesNet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9219

Error - 10/10/2013 3:58:38 PM | Computer Name = WesNet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/10/2013 3:58:38 PM | Computer Name = WesNet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10233

Error - 10/10/2013 3:58:38 PM | Computer Name = WesNet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10233

Error - 10/10/2013 3:58:39 PM | Computer Name = WesNet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/10/2013 3:58:39 PM | Computer Name = WesNet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11232

Error - 10/10/2013 3:58:39 PM | Computer Name = WesNet-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11232

[ System Events ]
Error - 10/10/2013 2:18:19 PM | Computer Name = WesNet-PC | Source = Print | ID = 72
Description = Windows could not initialize printer Journal Note Writer because the
print processor JournalPrint could not be found. Please obtain and install a new
version of the driver from the manufacturer (if available), or choose an alternate
driver that works with this print device.

Error - 10/10/2013 2:18:19 PM | Computer Name = WesNet-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer PDF-XChange 4.0 Lite with
shared resource name PDF-XChange 4.0 Lite. Error 2114. The printer cannot be used
by others on the network.

Error - 10/10/2013 2:20:03 PM | Computer Name = WesNet-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/10/2013 2:30:22 PM | Computer Name = WesNet-PC | Source = Print | ID = 72
Description = Windows could not initialize printer Journal Note Writer because the
print processor JournalPrint could not be found. Please obtain and install a new
version of the driver from the manufacturer (if available), or choose an alternate
driver that works with this print device.

Error - 10/10/2013 2:30:22 PM | Computer Name = WesNet-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer PDF-XChange 4.0 Lite with
shared resource name PDF-XChange 4.0 Lite. Error 2114. The printer cannot be used
by others on the network.

Error - 10/10/2013 2:31:31 PM | Computer Name = WesNet-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/10/2013 2:31:47 PM | Computer Name = WesNet-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 10/10/2013 2:53:37 PM | Computer Name = WesNet-PC | Source = Print | ID = 72
Description = Windows could not initialize printer Journal Note Writer because the
print processor JournalPrint could not be found. Please obtain and install a new
version of the driver from the manufacturer (if available), or choose an alternate
driver that works with this print device.

Error - 10/10/2013 2:53:37 PM | Computer Name = WesNet-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer PDF-XChange 4.0 Lite with
shared resource name PDF-XChange 4.0 Lite. Error 2114. The printer cannot be used
by others on the network.

Error - 10/10/2013 2:54:18 PM | Computer Name = WesNet-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Antivir Log:

Avira Free Antivirus
Report file date: Wednesday, October 09, 2013 09:27


The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista ™ Home Premium
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : WESNET-PC

Version information:
BUILD.DAT : 14.0.0.383 55392 Bytes 9/30/2013 11:01:00
AVSCAN.EXE : 14.0.0.383 968776 Bytes 10/7/2013 12:51:15
AVSCANRC.DLL : 14.0.0.225 52296 Bytes 10/7/2013 12:51:15
LUKE.DLL : 14.0.0.383 65096 Bytes 10/7/2013 12:51:21
AVSCPLR.DLL : 14.0.0.383 92232 Bytes 10/7/2013 12:51:15
AVREG.DLL : 14.0.0.383 250440 Bytes 10/7/2013 12:51:14
avlode.dll : 14.0.0.383 512584 Bytes 10/7/2013 12:51:14
avlode.rdf : 13.0.1.42 26846 Bytes 8/28/2013 14:26:47
VBASE000.VDF : 7.11.70.0 66736640 Bytes 4/4/2013 12:49:00
VBASE001.VDF : 7.11.74.226 2201600 Bytes 4/30/2013 11:12:09
VBASE002.VDF : 7.11.80.60 2751488 Bytes 5/28/2013 19:25:08
VBASE003.VDF : 7.11.85.214 2162688 Bytes 6/21/2013 12:50:22
VBASE004.VDF : 7.11.91.176 3903488 Bytes 7/23/2013 11:45:31
VBASE005.VDF : 7.11.98.186 6822912 Bytes 8/29/2013 11:34:39
VBASE006.VDF : 7.11.103.230 2293248 Bytes 9/24/2013 13:04:54
VBASE007.VDF : 7.11.103.231 2048 Bytes 9/24/2013 13:04:54
VBASE008.VDF : 7.11.103.232 2048 Bytes 9/24/2013 13:04:54
VBASE009.VDF : 7.11.103.233 2048 Bytes 9/24/2013 13:04:54
VBASE010.VDF : 7.11.103.234 2048 Bytes 9/24/2013 13:04:54
VBASE011.VDF : 7.11.103.235 2048 Bytes 9/24/2013 13:04:54
VBASE012.VDF : 7.11.103.236 2048 Bytes 9/24/2013 13:04:54
VBASE013.VDF : 7.11.103.237 2048 Bytes 9/24/2013 13:04:55
VBASE014.VDF : 7.11.104.123 282112 Bytes 9/26/2013 11:48:39
VBASE015.VDF : 7.11.104.237 359424 Bytes 9/28/2013 13:07:18
VBASE016.VDF : 7.11.105.103 195072 Bytes 10/2/2013 14:04:30
VBASE017.VDF : 7.11.105.243 571904 Bytes 10/7/2013 12:51:11
VBASE018.VDF : 7.11.106.91 185856 Bytes 10/8/2013 12:13:25
VBASE019.VDF : 7.11.106.167 183296 Bytes 10/9/2013 13:09:42
VBASE020.VDF : 7.11.106.168 2048 Bytes 10/9/2013 13:09:42
VBASE021.VDF : 7.11.106.169 2048 Bytes 10/9/2013 13:09:43
VBASE022.VDF : 7.11.106.170 2048 Bytes 10/9/2013 13:09:43
VBASE023.VDF : 7.11.106.171 2048 Bytes 10/9/2013 13:09:43
VBASE024.VDF : 7.11.106.172 2048 Bytes 10/9/2013 13:09:43
VBASE025.VDF : 7.11.106.173 2048 Bytes 10/9/2013 13:09:43
VBASE026.VDF : 7.11.106.174 2048 Bytes 10/9/2013 13:09:44
VBASE027.VDF : 7.11.106.175 2048 Bytes 10/9/2013 13:09:44
VBASE028.VDF : 7.11.106.176 2048 Bytes 10/9/2013 13:09:44
VBASE029.VDF : 7.11.106.177 2048 Bytes 10/9/2013 13:09:44
VBASE030.VDF : 7.11.106.178 2048 Bytes 10/9/2013 13:09:44
VBASE031.VDF : 7.11.106.194 55296 Bytes 10/9/2013 13:09:44
Engine version : 8.2.12.126
AEVDF.DLL : 8.1.3.4 102774 Bytes 6/13/2013 18:44:49
AESCRIPT.DLL : 8.1.4.154 512382 Bytes 10/2/2013 14:04:49
AESCN.DLL : 8.1.10.4 131446 Bytes 3/29/2013 02:28:54
AESBX.DLL : 8.2.16.26 1245560 Bytes 8/23/2013 12:36:06
AERDL.DLL : 8.2.0.128 688504 Bytes 6/13/2013 18:44:48
AEPACK.DLL : 8.3.2.30 749945 Bytes 10/2/2013 14:04:49
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 8/8/2013 17:38:00
AEHEUR.DLL : 8.1.4.676 6201722 Bytes 10/2/2013 14:04:48
AEHELP.DLL : 8.1.27.6 266617 Bytes 8/27/2013 13:05:56
AEGEN.DLL : 8.1.7.14 446839 Bytes 9/6/2013 11:45:10
AEEXP.DLL : 8.4.1.62 328055 Bytes 9/13/2013 12:17:41
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/10/2012 21:20:53
AECORE.DLL : 8.1.32.0 201081 Bytes 8/23/2013 12:35:58
AEBB.DLL : 8.1.1.4 53619 Bytes 11/5/2012 19:30:30
AVWINLL.DLL : 14.0.0.225 23624 Bytes 10/7/2013 12:50:46
AVPREF.DLL : 14.0.0.225 48712 Bytes 10/7/2013 12:51:14
AVREP.DLL : 14.0.0.225 175688 Bytes 10/7/2013 12:51:14
AVARKT.DLL : 14.0.0.225 257096 Bytes 10/7/2013 12:51:12
AVEVTLOG.DLL : 14.0.0.383 165960 Bytes 10/7/2013 12:51:13
SQLITE3.DLL : 3.7.0.1 397088 Bytes 9/19/2012 23:17:40
AVSMTP.DLL : 14.0.0.225 60488 Bytes 10/7/2013 12:51:15
NETNT.DLL : 14.0.0.225 13384 Bytes 10/7/2013 12:51:21
RCIMAGE.DLL : 14.0.0.225 4788808 Bytes 10/7/2013 12:50:46
RCTEXT.DLL : 14.0.0.225 66632 Bytes 10/7/2013 12:50:46

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Skipped files.......................: C:\Program Files\Microsoft Streets & Trips\Data\Usaarts.its, F:\DataKeeper Backup Of C\Program Files\Microsoft Streets & Trips\Data\Usaarts.its,
Deviating risk categories...........: +APPL,+JOKE,+PCK,+SPR,

Start of the scan: Wednesday, October 09, 2013 09:27

Start scanning boot sectors:
Boot sector 'HDD0(C:, D:)'
[INFO] No virus was found!
Boot sector 'HDD1(F:)'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'WINWORD.EXE' - '81' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '104' Module(s) have been scanned
Scan process 'avscan.exe' - '52' Module(s) have been scanned
Scan process 'avcenter.exe' - '77' Module(s) have been scanned
Scan process 'wuauclt.exe' - '40' Module(s) have been scanned
Scan process 'hphc_service.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '34' Module(s) have been scanned
Scan process 'alg.exe' - '21' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'taskeng.exe' - '48' Module(s) have been scanned
Scan process 'dataserv.exe' - '75' Module(s) have been scanned
Scan process 'ACFXAU32.exe' - '14' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '7' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'RaRegistry.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '31' Module(s) have been scanned
Scan process 'mainserv.exe' - '61' Module(s) have been scanned
Scan process 'avguard.exe' - '93' Module(s) have been scanned
Scan process 'armsvc.exe' - '24' Module(s) have been scanned
Scan process 'apcsystray.exe' - '34' Module(s) have been scanned
Scan process 'RaUI.exe' - '58' Module(s) have been scanned
Scan process 'avgnt.exe' - '80' Module(s) have been scanned
Scan process 'hpwuschd2.exe' - '16' Module(s) have been scanned
Scan process 'OSD.exe' - '18' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '39' Module(s) have been scanned
Scan process 'SetPoint.exe' - '56' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '13' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'sched.exe' - '59' Module(s) have been scanned
Scan process 'spoolsv.exe' - '92' Module(s) have been scanned
Scan process 'taskeng.exe' - '80' Module(s) have been scanned
Scan process 'Explorer.EXE' - '134' Module(s) have been scanned
Scan process 'Dwm.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '94' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '160' Module(s) have been scanned
Scan process 'svchost.exe' - '115' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '35' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '4975' files ).


Starting the file scan:

Begin scan in 'C:\' <COMPAQ>
C:\Files New\Downloads\GoogleSketchUpWEN.exe
[WARNING] The file could not be read!
Begin scan in 'D:\' <FACTORY_IMAGE>
Begin scan in 'F:\' <IOMEGA_HDD>


End of the scan: Wednesday, October 09, 2013 13:24
Used time: 3:56:52 Hour(s)

The scan has been done completely.

42339 Scanned directories
940706 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
940706 Files not concerned
24547 Archives were scanned
1 Warnings
0 Notes
903776 Objects were scanned with rootkit scan
0 Hidden objects were found

Notes: There were other Antivir scans that do not appear in the scan log. A scan was completed this AM (10/10/'13) with no detection. I downloaded Panda Cloud cleaner and it reported and disinfected 2 detections. It did not provide the names of the detections. This occurred after the clean Antivir scan.

I think I was able to accomplish the requested operations successfully...please advise if I have not.
  • 0

#6
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello again!

Is that really you Sergei? You are very well preserved!


Thanks :P

Sorry for the delay again! There was a complication with one of my posts.

Anyway, could you please attach the file MBR.dat to your next post? It should be on the Desktop.
  • 0

#7
Sparky131

Sparky131

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi again nathdep,

Here is the requested file.

Attached Files

  • Attached File  MBR.dat   512bytes   197 downloads

  • 0

#8
Sparky131

Sparky131

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hi, It's been over a week with no real progress, so regrettably I must move on. I appreciate what you do; it's just that I can't function with my system compromised.

Best wishes,

Sparky131
  • 0

#9
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
My sincere apologies for the delay Sparky131...

If you still wish assistance I am more than happy to continue providing such, merely let myself know either way, thank you. :)
  • 0

#10
Sparky131

Sparky131

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
No need to apologize...everyone knows there are more things to do than time to do them. I have started the process at another venue, and it would be counter productive to interact with that effort.

Thank you for the followup. I am very grateful for those willing to provide this most vital service.

Have a good day; one of many,

Wes
  • 0

#11
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Acknowledged and thank you for the courtesy of informing myself. :)

--------------

This topic is now closed.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP