Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blue text with double underlined words in Google Chrome

Started by jefekodo , Oct 07 2013 02:54 AM

  • Please log in to reply

#1
jefekodo
Posted 07 October 2013 - 02:54 AM

jefekodo

    New Member

  • Member
  • Pip
  • 5 posts
Hi, I noticed yesterday that I began having double underlined text in blue on every webpage in google chrome. Doesn't happen in internet explorer. just Chrome. I uninstalled and reinstalled chrome to no advantage.
I use GData Internet Security 2014. And its not detected anything.
I came across this site by just searching in google and have registered and downloaded the OTL... software. Here's the log file. Any help will do please, I'll be very grateful to have this resolved:

OTL logfile created on: 10/7/2013 9:19:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 69.27% Memory free
5.27 Gb Paging File | 4.33 Gb Available in Paging File | 82.15% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.97 Gb Total Space | 240.91 Gb Free Space | 82.23% Space Free | Partition Type: NTFS
Drive E: | 172.79 Gb Total Space | 93.44 Gb Free Space | 54.08% Space Free | Partition Type: NTFS
Drive F: | 6.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-AE3AC86A7F | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/07 08:47:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2013/08/01 17:29:52 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\user\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2013/04/24 02:41:59 | 002,096,456 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
PRC - [2013/03/22 10:13:36 | 001,957,840 | ---- | M] (G Data Software AG) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2013/03/22 04:04:17 | 001,444,304 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2013/03/22 03:55:34 | 001,854,928 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2013/03/22 03:50:20 | 002,362,744 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
PRC - [2013/02/25 13:59:46 | 000,696,808 | ---- | M] (G Data Software AG) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
PRC - [2013/02/25 03:15:25 | 000,635,344 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2012/11/15 16:41:08 | 000,277,744 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2012/11/15 16:32:18 | 003,795,160 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/05/18 16:56:08 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/12/07 18:28:06 | 000,579,384 | ---- | M] (Autodesk, Inc.) -- c:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe
PRC - [2010/01/21 01:18:38 | 000,226,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2008/04/14 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/13 16:28:14 | 000,032,768 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
PRC - [2007/02/13 16:26:46 | 000,049,152 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
PRC - [2005/05/16 20:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I091.EXE


========== Modules (No Company Name) ==========

MOD - [2013/10/05 14:30:23 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\da28f3d44be7def2d84269f1db5718d6\System.Runtime.Remoting.ni.dll
MOD - [2013/10/05 14:05:12 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
MOD - [2013/10/05 14:05:11 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
MOD - [2013/10/05 14:05:09 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
MOD - [2013/10/05 14:05:07 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
MOD - [2013/10/05 14:05:05 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
MOD - [2013/08/31 21:00:57 | 000,003,584 | ---- | M] () -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\autodeskdm_services\f924c671\35d0f680\App_global.asax.ao2lme8w.dll
MOD - [2013/07/18 12:11:37 | 001,356,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e61655423feec8cd2248d50d104d8a54\System.WorkflowServices.ni.dll
MOD - [2013/07/18 12:11:27 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8e597a2c933e04c3deb4a906083ff5c0\System.Web.Services.ni.dll
MOD - [2013/07/18 12:11:15 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\616fa195ca93638850a119a54171dac1\System.Web.ni.dll
MOD - [2013/07/18 12:11:09 | 001,706,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\adb072a3cfd246b2bb19dfde16e217ca\System.ServiceModel.Web.ni.dll
MOD - [2013/07/18 12:11:09 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8f3e54440f3742da409131428ad1bce1\System.ServiceProcess.ni.dll
MOD - [2013/07/18 12:09:39 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\79533103112291e81204ca24aed19890\System.Configuration.ni.dll
MOD - [2013/07/18 12:00:05 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6e9496df269e15c52c446881e0648e0e\SMDiagnostics.ni.dll
MOD - [2013/07/18 11:59:59 | 017,403,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d577c536166d7cd2ef47ad0896a18393\System.ServiceModel.ni.dll
MOD - [2013/07/18 11:59:47 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afbff0c4df2ddd1e111f9e594279cb19\System.Runtime.Serialization.ni.dll
MOD - [2013/07/18 10:42:07 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a1d221960bf7a0cbfd1f355595f77e83\System.Xml.ni.dll
MOD - [2013/07/18 10:42:04 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\efecb20c44117df86f2eb5f93592fdd8\System.Windows.Forms.ni.dll
MOD - [2013/07/18 10:41:53 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll
MOD - [2013/07/18 10:40:57 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll
MOD - [2013/07/18 10:40:52 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/07/18 10:40:27 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/07/18 10:40:27 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/18 10:40:26 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/07/18 10:40:26 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/07/18 10:40:23 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013/07/18 10:40:23 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2013/07/18 10:40:22 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
MOD - [2013/07/18 10:40:22 | 000,835,584 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
MOD - [2013/07/18 10:40:22 | 000,749,568 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
MOD - [2013/07/18 10:40:21 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013/07/18 10:37:19 | 005,967,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2013/07/18 10:37:18 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2012/11/18 23:04:47 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
MOD - [2012/11/18 21:50:51 | 000,884,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll
MOD - [2012/11/15 18:29:52 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2012/11/15 16:34:27 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\AddonsCondition.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/09/11 21:43:14 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/08/01 17:29:52 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/24 02:41:59 | 002,096,456 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2013/03/22 10:13:36 | 001,957,840 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2013/03/22 03:50:20 | 002,362,744 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2013/02/25 13:59:46 | 000,696,808 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2013/02/25 03:15:25 | 000,635,344 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2012/11/18 21:53:43 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2012/11/15 16:41:08 | 000,277,744 | ---- | M] (SpeedBit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/12/07 18:28:06 | 000,579,384 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- c:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/06/05 23:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2007/02/13 16:28:14 | 000,032,768 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch)
SRV - [2007/02/13 16:26:46 | 000,049,152 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe -- (Autodesk EDM Server)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/07/16 20:20:34 | 000,070,032 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2013/07/13 21:28:30 | 000,053,976 | ---- | M] (G Data Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2013/07/13 21:28:30 | 000,030,200 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc)
DRV - [2013/07/13 21:28:20 | 000,096,344 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2013/07/13 21:28:20 | 000,047,832 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2013/07/13 21:28:20 | 000,045,912 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2012/06/11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/03/26 19:37:12 | 000,126,976 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2011/03/26 19:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011/03/26 19:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011/03/26 19:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2011/01/25 19:54:04 | 006,321,768 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/09/29 21:10:21 | 000,173,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\Yandex: "URL" = http://yandex.ru/yan...t={searchTerms}

IE - HKCU\..\SearchScopes,DefaultScope = {387C4286-45BA-4A01-9202-73D2EF03074F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{387C4286-45BA-4A01-9202-73D2EF03074F}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/10/05 00:26:05 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DAP\daplinkchecker [2012/11/15 16:32:44 | 000,000,000 | ---D | M]

[2013/08/15 12:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions
[2013/08/15 12:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged
[2012/11/15 00:42:04 | 000,000,000 | ---D | M] (Яндекс.Бар) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected]
[2012/11/15 01:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/15 00:52:32 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DAP Link Checker = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: World Clocks = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej\4.9_0\
CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 18:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (saveensshare) - {FBB4D748-4C2C-7DF1-0B55-B9F4E054FB64} - C:\Documents and Settings\All Users\Application Data\saveensshare\n7.dll ()
O3 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O4 - HKLM..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [G Data AntiVirus Tray] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\user\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (Speedbit Ltd.)
O4 - HKCU..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Microsoft Download Manager ActiveX control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2D9F584-6661-4116-AA36-D3B064D18D77}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\g data\internetsecurity\avkkid\avkcks.exe) - c:\Program Files\G Data\InternetSecurity\AVKKid\AvkCKS.exe ()
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/15 00:31:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/01 15:01:14 | 000,000,647 | R--- | M] () - F:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2011/12/01 11:17:34 | 000,333,136 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/12/01 11:17:34 | 000,000,046 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4d5d2c10-2ebb-11e2-b176-f4716289099e}\Shell - "" = AutoRun
O33 - MountPoints2\{4d5d2c10-2ebb-11e2-b176-f4716289099e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d5d2c10-2ebb-11e2-b176-f4716289099e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4d5d2c14-2ebb-11e2-b176-f4716289099e}\Shell - "" = AutoRun
O33 - MountPoints2\{4d5d2c14-2ebb-11e2-b176-f4716289099e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d5d2c14-2ebb-11e2-b176-f4716289099e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ab1f8c61-2f8a-11e2-b17b-f6f8bf905d58}\Shell - "" = AutoRun
O33 - MountPoints2\{ab1f8c61-2f8a-11e2-b17b-f6f8bf905d58}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ab1f8c61-2f8a-11e2-b17b-f6f8bf905d58}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/12/01 11:17:34 | 000,333,136 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/07 08:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/10/07 08:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My Spiritual life
[2013/10/06 20:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio 2.7
[2013/10/06 20:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.7
[2013/10/05 21:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\WMTools Downloaded Files
[2013/10/05 15:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Inventor Master Project
[2013/10/05 01:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Autodesk,_Inc
[2013/10/05 00:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\GrantaGateway
[2013/10/05 00:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Autodesk
[2013/10/05 00:01:34 | 000,000,000 | ---D | C] -- C:\MITSI 2012 Temporary Files
[2013/10/05 00:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Autodesk
[2013/10/05 00:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Autodesk
[2013/10/05 00:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2013/10/04 20:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Thinstall
[2013/10/04 20:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Thinstall
[2013/09/17 12:33:00 | 000,000,000 | ---D | C] -- C:\tmp
[2013/09/15 22:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Nero
[2013/09/15 21:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2013/09/15 21:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2013/09/15 21:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2013/09/15 21:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2013/09/15 20:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\driveridentifier
[2013/09/15 20:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Identifier
[2013/09/15 20:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Identifier
[2013/09/15 19:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\001 HP PC Manual
[2013/09/14 18:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2013/09/14 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
[2013/09/14 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2013/09/14 18:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010
[2013/09/14 18:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\x86
[2013/09/14 18:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\en-US
[2013/09/14 17:55:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\Google Drive
[2013/09/14 17:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
[2013/09/12 16:43:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2013/09/11 21:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\STRUCTURAL_COMMON_DATA
[2013/09/11 21:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData
[2013/09/11 00:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\WinRAR
[2013/09/11 00:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\WinRAR
[2013/09/11 00:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2013/09/11 00:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/09/10 11:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Akamai
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/07 09:17:13 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/07 09:17:13 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Google Chrome.lnk
[2013/10/07 09:17:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/07 09:16:59 | 000,000,198 | ---- | M] () -- C:\WINDOWS\tasks\AutoKMS.job
[2013/10/07 09:16:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/07 09:16:46 | 3690,287,104 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/07 08:53:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/07 08:27:10 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/10/06 20:38:53 | 000,004,510 | ---- | M] () -- C:\Documents and Settings\user\Application Data\CamStudio.cfg
[2013/10/06 20:38:53 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\user\Application Data\CamShapes.ini
[2013/10/06 20:38:53 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\user\Application Data\CamLayout.ini
[2013/10/06 20:38:53 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Camdata.ini
[2013/10/06 20:37:19 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CamStudio.lnk
[2013/10/05 14:21:08 | 000,274,846 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Part002.adsk
[2013/10/05 14:16:34 | 000,275,063 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Part001.adsk
[2013/10/05 00:24:04 | 000,455,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/05 00:19:50 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Inventor Fusion 2012.lnk
[2013/10/05 00:18:25 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Vault 2012.lnk
[2013/10/05 00:16:35 | 000,001,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DWG TrueView 2012.lnk
[2013/10/05 00:04:58 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Inventor Professional 2012.lnk
[2013/10/04 23:30:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/03 21:37:14 | 000,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2013/10/02 20:23:47 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2013/10/01 20:43:13 | 000,002,371 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Music Player.lnk
[2013/09/26 20:23:24 | 000,071,790 | ---- | M] () -- C:\Documents and Settings\user\Desktop\BLOCK A 9 (1).pdf
[2013/09/19 22:45:42 | 000,288,509 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Print.pdf
[2013/09/19 22:39:08 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero Burning ROM 12.lnk
[2013/09/19 21:14:11 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/18 15:02:50 | 000,150,490 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Enhancements_List_RME_2012_UR2.pdf
[2013/09/17 16:39:54 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/09/17 15:25:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/15 20:28:48 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/14 18:57:28 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\user\Desktop\DVD Shrink 3.2.lnk
[2013/09/14 18:16:54 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2010 - English.lnk
[2013/09/14 17:55:03 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Google Drive.lnk
[2013/09/14 17:53:36 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Slides.lnk
[2013/09/14 17:53:36 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
[2013/09/14 17:53:36 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2013/09/13 12:05:04 | 001,406,305 | ---- | M] () -- C:\Documents and Settings\user\Desktop\storage_and_handling_of_chlorinated_solvents_4.pdf
[2013/09/12 16:50:36 | 000,272,961 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Gmail - SolidWorks 3D CAD and 3D Prototyping Seminar & Open Day.pdf
[2013/09/11 21:39:34 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Design Review 2012.lnk
[2013/09/11 01:01:30 | 000,046,614 | ---- | M] () -- C:\Documents and Settings\user\My Documents\autodesk_revit_mep_2012_system_requirements.pdf
[2013/09/10 13:09:15 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to 03 Revit Docs.lnk
[2013/09/10 10:50:40 | 000,552,388 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/10 10:50:40 | 000,106,940 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/08 04:29:58 | 000,847,012 | ---- | M] () -- C:\Documents and Settings\user\Desktop\AB210-4 Revit Collaboration-DOC.pdf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/07 08:27:10 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/10/06 20:38:53 | 000,004,510 | ---- | C] () -- C:\Documents and Settings\user\Application Data\CamStudio.cfg
[2013/10/06 20:38:53 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\user\Application Data\CamShapes.ini
[2013/10/06 20:38:53 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\user\Application Data\CamLayout.ini
[2013/10/06 20:38:53 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Camdata.ini
[2013/10/06 20:37:19 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CamStudio.lnk
[2013/10/05 14:21:08 | 000,274,846 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Part002.adsk
[2013/10/05 14:16:34 | 000,275,063 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Part001.adsk
[2013/10/05 00:19:50 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Inventor Fusion 2012.lnk
[2013/10/05 00:18:25 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Vault 2012.lnk
[2013/10/05 00:16:35 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DWG TrueView 2012.lnk
[2013/10/05 00:04:58 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Inventor Professional 2012.lnk
[2013/10/04 20:31:48 | 006,469,463 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Portable Magic FLAC to MP3 Converter 3.7.exe
[2013/09/26 20:23:24 | 000,071,790 | ---- | C] () -- C:\Documents and Settings\user\Desktop\BLOCK A 9 (1).pdf
[2013/09/19 22:45:08 | 000,288,509 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Print.pdf
[2013/09/18 15:02:30 | 000,150,490 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Enhancements_List_RME_2012_UR2.pdf
[2013/09/15 21:51:06 | 000,002,377 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero Burning ROM 12.lnk
[2013/09/14 18:57:28 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\user\Desktop\DVD Shrink 3.2.lnk
[2013/09/14 18:16:54 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2010 - English.lnk
[2013/09/14 17:55:03 | 000,001,473 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Google Drive.lnk
[2013/09/14 17:53:36 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Slides.lnk
[2013/09/14 17:53:36 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
[2013/09/14 17:53:36 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2013/09/13 12:02:04 | 001,406,305 | ---- | C] () -- C:\Documents and Settings\user\Desktop\storage_and_handling_of_chlorinated_solvents_4.pdf
[2013/09/12 16:50:36 | 000,272,961 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Gmail - SolidWorks 3D CAD and 3D Prototyping Seminar & Open Day.pdf
[2013/09/11 23:33:58 | 001,692,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1078081533-1972579041-1801674531-1003-0.dat
[2013/09/11 23:33:58 | 000,377,474 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/09/11 21:39:34 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Design Review 2012.lnk
[2013/09/11 01:01:30 | 000,046,614 | ---- | C] () -- C:\Documents and Settings\user\My Documents\autodesk_revit_mep_2012_system_requirements.pdf
[2013/09/10 13:09:15 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to 03 Revit Docs.lnk
[2013/09/08 04:29:44 | 000,847,012 | ---- | C] () -- C:\Documents and Settings\user\Desktop\AB210-4 Revit Collaboration-DOC.pdf
[2013/08/01 22:56:35 | 002,060,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/07/13 19:33:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/05/06 16:27:41 | 004,870,144 | ---- | C] () -- C:\Documents and Settings\user\NTUSER.rhk
[2013/02/06 09:24:34 | 000,000,135 | ---- | C] () -- C:\WINDOWS\AutoKMS.ini
[2012/11/22 23:38:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/18 22:33:50 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/18 21:32:52 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/11/15 18:33:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2012/11/15 18:29:53 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2012/11/15 18:29:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2012/11/15 16:32:42 | 000,109,256 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2012/11/15 16:32:42 | 000,090,824 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2012/11/15 00:44:03 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/11/15 00:44:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2012/11/15 00:44:02 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/11/15 00:44:02 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/11/15 00:44:02 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/11/15 00:43:49 | 000,000,146 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2012/11/15 00:43:46 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2012/11/15 00:43:42 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012/11/15 00:43:42 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012/11/15 00:37:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/11/15 00:29:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/11/14 16:26:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/11/14 16:25:15 | 000,455,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/11/18 21:41:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 18:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 18:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/08/03 20:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Allmyapps
[2013/10/05 01:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/11/15 01:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2013/07/13 22:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G Data
[2013/07/12 20:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2013/08/15 14:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/08/01 22:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2013/08/01 22:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2013/10/03 21:36:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2013/08/16 19:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\saveensshare
[2012/11/18 23:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2013/10/07 09:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/18 22:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ansys
[2013/10/05 01:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Autodesk
[2013/09/15 20:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\driveridentifier
[2013/02/24 15:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\EDrawings
[2013/02/05 15:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Foxit Software
[2013/07/14 19:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\G Data
[2012/11/15 18:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IGC
[2013/08/01 22:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nokia
[2012/11/15 00:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2013/09/22 19:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PC Suite
[2012/11/15 18:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\pdf995
[2013/10/04 20:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Thinstall
[2013/10/04 23:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent
[2013/10/03 17:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\XBMC

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 07 October 2013 - 10:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Download aswMBR.exe to your desktop.
Run aswMBR.exe (Vista or Win 7 => right click and Run As Administrator)

uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply




Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Please download Security Check by screen317 from here. BleepingComputer allows adds which mimic the download so be careful that you click on the Download Now @BleepingComputer button and not some adware's Download button
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.

Ron
  • 0

#3
jefekodo
Posted 10 October 2013 - 08:24 AM

jefekodo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks a lot Rob for seeing my message and for the help. I'm following the instructions. For Adware Cleaner, here's the log:

# AdwCleaner v3.007 - Report created 09/10/2013 at 17:33:35
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : user - USER-AE3AC86A7F
# Running from : C:\Documents and Settings\user\Desktop\Adware Removal tools\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\saveensshare

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js ]


-\\ Google Chrome v30.0.1599.69

[ File : C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1615 octets] - [09/10/2013 17:31:47]
AdwCleaner[S0].txt - [1554 octets] - [09/10/2013 17:33:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1614 octets] ##########


For Junkware removal tool, here's the log of the report.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Microsoft Windows XP x86
Ran by user on Wed 10/09/2013 at 17:39:00.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBB4D748-4C2C-7DF1-0B55-B9F4E054FB64}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FBB4D748-4C2C-7DF1-0B55-B9F4E054FB64}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FBB4D748-4C2C-7DF1-0B55-B9F4E054FB64}



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/09/2013 at 17:45:48.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


For ASWMBER, I didn't get any report. No log.
I ran OTL the 2nd time and pasted the code you showed me into the box. There were 2 logs. here they are:

OTL logfile created on: 10/9/2013 7:29:57 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\Desktop\Adware Removal tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 65.87% Memory free
5.27 Gb Paging File | 3.52 Gb Available in Paging File | 66.77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.97 Gb Total Space | 240.65 Gb Free Space | 82.14% Space Free | Partition Type: NTFS
Drive E: | 172.79 Gb Total Space | 93.44 Gb Free Space | 54.08% Space Free | Partition Type: NTFS
Drive F: | 6.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-AE3AC86A7F | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/09 17:30:05 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\user\Desktop\Adware Removal tools\aswmbr.exe
PRC - [2013/10/07 08:47:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\Adware Removal tools\OTL.exe
PRC - [2013/10/03 07:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/08/26 11:10:16 | 001,970,296 | ---- | M] (G Data Software AG) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2013/08/22 08:15:18 | 000,695,416 | ---- | M] (G Data Software AG) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
PRC - [2013/08/21 03:09:46 | 001,444,472 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2013/08/21 02:55:45 | 002,369,616 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
PRC - [2013/08/21 02:48:12 | 002,095,600 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
PRC - [2013/08/21 02:20:22 | 000,635,000 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2013/08/01 17:29:52 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\user\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2013/03/22 03:55:34 | 001,854,928 | ---- | M] (G Data Software AG) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012/11/15 16:41:08 | 000,277,744 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2012/11/15 16:32:18 | 003,795,160 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2011/05/18 16:56:08 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/12/07 18:28:06 | 000,579,384 | ---- | M] (Autodesk, Inc.) -- c:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe
PRC - [2010/01/21 01:18:38 | 000,226,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2008/04/14 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/13 16:28:14 | 000,032,768 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
PRC - [2007/02/13 16:26:46 | 000,049,152 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
PRC - [2005/05/16 20:00:00 | 000,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I091.EXE


========== Modules (No Company Name) ==========

MOD - [2013/10/09 17:38:06 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\YouTubeCom.dll
MOD - [2013/10/05 14:30:23 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\da28f3d44be7def2d84269f1db5718d6\System.Runtime.Remoting.ni.dll
MOD - [2013/10/05 14:05:12 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
MOD - [2013/10/05 14:05:11 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
MOD - [2013/10/05 14:05:09 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
MOD - [2013/10/05 14:05:07 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
MOD - [2013/10/05 14:05:05 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
MOD - [2013/10/03 07:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 07:03:04 | 013,611,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
MOD - [2013/10/03 07:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 07:02:12 | 000,698,832 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 07:02:11 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 07:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/08/31 21:00:57 | 000,003,584 | ---- | M] () -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\autodeskdm_services\f924c671\35d0f680\App_global.asax.ao2lme8w.dll
MOD - [2013/07/18 12:11:37 | 001,356,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e61655423feec8cd2248d50d104d8a54\System.WorkflowServices.ni.dll
MOD - [2013/07/18 12:11:27 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\8e597a2c933e04c3deb4a906083ff5c0\System.Web.Services.ni.dll
MOD - [2013/07/18 12:11:15 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\616fa195ca93638850a119a54171dac1\System.Web.ni.dll
MOD - [2013/07/18 12:11:09 | 001,706,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\adb072a3cfd246b2bb19dfde16e217ca\System.ServiceModel.Web.ni.dll
MOD - [2013/07/18 12:11:09 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8f3e54440f3742da409131428ad1bce1\System.ServiceProcess.ni.dll
MOD - [2013/07/18 12:09:39 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\79533103112291e81204ca24aed19890\System.Configuration.ni.dll
MOD - [2013/07/18 12:00:05 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6e9496df269e15c52c446881e0648e0e\SMDiagnostics.ni.dll
MOD - [2013/07/18 11:59:59 | 017,403,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d577c536166d7cd2ef47ad0896a18393\System.ServiceModel.ni.dll
MOD - [2013/07/18 11:59:47 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afbff0c4df2ddd1e111f9e594279cb19\System.Runtime.Serialization.ni.dll
MOD - [2013/07/18 10:42:07 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a1d221960bf7a0cbfd1f355595f77e83\System.Xml.ni.dll
MOD - [2013/07/18 10:42:04 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\efecb20c44117df86f2eb5f93592fdd8\System.Windows.Forms.ni.dll
MOD - [2013/07/18 10:41:53 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\82a53e923936d5f62d9af4cdfe50a4f8\System.Drawing.ni.dll
MOD - [2013/07/18 10:40:57 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\16562c54978851e92db8fec6f759bba1\System.ni.dll
MOD - [2013/07/18 10:40:52 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/07/18 10:40:27 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/07/18 10:40:27 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/18 10:40:26 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/07/18 10:40:26 | 002,052,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/07/18 10:40:23 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013/07/18 10:40:23 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2013/07/18 10:40:22 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
MOD - [2013/07/18 10:40:22 | 000,835,584 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
MOD - [2013/07/18 10:40:22 | 000,749,568 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
MOD - [2013/07/18 10:40:21 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013/07/18 10:37:19 | 005,967,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2013/07/18 10:37:18 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2012/11/18 23:04:47 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
MOD - [2012/11/18 21:50:51 | 000,884,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll
MOD - [2012/11/15 18:29:52 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2012/11/15 16:34:27 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SpeedBit\DAP\Plugins\AddonsCondition.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/04/14 18:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 18:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/09/11 21:43:14 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/08/26 11:10:16 | 001,970,296 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2013/08/22 08:15:18 | 000,695,416 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2013/08/21 02:55:45 | 002,369,616 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2013/08/21 02:48:12 | 002,095,600 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2013/08/21 02:20:22 | 000,635,000 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2013/08/01 17:29:52 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/18 21:53:43 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2012/11/15 16:41:08 | 000,277,744 | ---- | M] (SpeedBit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2012/06/11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/12/07 18:28:06 | 000,579,384 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- c:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/06/05 23:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2007/02/13 16:28:14 | 000,032,768 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch)
SRV - [2007/02/13 16:26:46 | 000,049,152 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe -- (Autodesk EDM Server)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\user\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/10/07 10:37:51 | 000,069,176 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2013/10/07 10:29:56 | 000,096,600 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2013/10/07 10:29:56 | 000,047,832 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2013/10/07 10:29:56 | 000,045,912 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2013/07/13 21:28:30 | 000,053,976 | ---- | M] (G Data Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2013/07/13 21:28:30 | 000,030,200 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc)
DRV - [2012/06/11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/03/26 19:37:12 | 000,126,976 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2011/03/26 19:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011/03/26 19:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011/03/26 19:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2011/01/25 19:54:04 | 006,321,768 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/09/29 21:10:21 | 000,173,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\Yandex: "URL" = http://yandex.ru/yan...t={searchTerms}

IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{387C4286-45BA-4A01-9202-73D2EF03074F}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/10/09 17:38:50 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DAP\daplinkchecker [2012/11/15 16:32:44 | 000,000,000 | ---D | M]

[2013/08/15 12:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions
[2013/08/15 12:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged
[2012/11/15 00:42:04 | 000,000,000 | ---D | M] (Яндекс.Бар) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected]
[2012/11/15 01:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/15 00:52:32 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DAP Link Checker = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.1.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: World Clocks = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej\4.9_0\
CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 18:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O4 - HKLM..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [G Data AntiVirus Tray] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\user\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (Speedbit Ltd.)
O4 - HKCU..\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Microsoft Download Manager ActiveX control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2D9F584-6661-4116-AA36-D3B064D18D77}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\g data\internetsecurity\avkkid\avkcks.exe) - c:\Program Files\G Data\InternetSecurity\AVKKid\AvkCKS.exe ()
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/15 00:31:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/01 15:01:14 | 000,000,647 | R--- | M] () - F:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2011/12/01 11:17:34 | 000,333,136 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/12/01 11:17:34 | 000,000,046 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4d5d2c10-2ebb-11e2-b176-f4716289099e}\Shell - "" = AutoRun
O33 - MountPoints2\{4d5d2c10-2ebb-11e2-b176-f4716289099e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d5d2c10-2ebb-11e2-b176-f4716289099e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4d5d2c14-2ebb-11e2-b176-f4716289099e}\Shell - "" = AutoRun
O33 - MountPoints2\{4d5d2c14-2ebb-11e2-b176-f4716289099e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d5d2c14-2ebb-11e2-b176-f4716289099e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ab1f8c61-2f8a-11e2-b17b-f6f8bf905d58}\Shell - "" = AutoRun
O33 - MountPoints2\{ab1f8c61-2f8a-11e2-b17b-f6f8bf905d58}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ab1f8c61-2f8a-11e2-b17b-f6f8bf905d58}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011/12/01 11:17:34 | 000,333,136 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {260FACEF-C889-636F-5DE2-3479B1193B74} - Offline Browsing Pack
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {4589C707-10D6-9312-CB95-369B080A5865} - NetShow
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {518D30D6-2440-2C20-4EC5-5099B5AAD1FE} - DirectAnimation
ActiveX: {57EA121D-8B17-204E-1DD0-14CED128704B} - Vector Graphics Rendering (VML)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {80DBB839-428D-9A57-18AA-EBFABA20CF45} - Vector Graphics Rendering (VML)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {8EE68544-94BD-3F9F-C49F-82F973BEA2E7} - Outlook Express
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {97CA8037-FE37-123C-49CF-CBD04208A83E} - Microsoft Windows Media Player
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB31EA19-7E63-B472-9C00-C14DB0250C51} - Vector Graphics Rendering (VML)
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DA35F9DF-F858-1A2A-804D-0F0FC1A38E79} - Vector Graphics Rendering (VML)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F35FF305-0FE5-6B10-B218-90452FDF61FC} - Dynamic HTML Data Binding for Java
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/09 17:38:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/09 17:31:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/09 17:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Adware Removal tools
[2013/10/07 18:51:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/07 10:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\G Data InternetSecurity 2014
[2013/10/07 08:27:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/10/07 08:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My Spiritual life
[2013/10/06 20:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio 2.7
[2013/10/06 20:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.7
[2013/10/05 21:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\WMTools Downloaded Files
[2013/10/05 15:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Inventor Master Project
[2013/10/05 01:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Autodesk,_Inc
[2013/10/05 00:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\GrantaGateway
[2013/10/05 00:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Autodesk
[2013/10/05 00:01:34 | 000,000,000 | ---D | C] -- C:\MITSI 2012 Temporary Files
[2013/10/05 00:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Autodesk
[2013/10/05 00:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Autodesk
[2013/10/05 00:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2013/10/04 20:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Thinstall
[2013/10/04 20:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Thinstall
[2013/09/17 12:33:00 | 000,000,000 | ---D | C] -- C:\tmp
[2013/09/15 22:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Nero
[2013/09/15 21:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2013/09/15 20:35:22 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxCoIn_v5420.dll
[2013/09/15 20:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\driveridentifier
[2013/09/15 20:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Identifier
[2013/09/15 20:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Identifier
[2013/09/15 19:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\001 HP PC Manual
[2013/09/14 18:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2013/09/14 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
[2013/09/14 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2013/09/14 18:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010
[2013/09/14 18:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\x86
[2013/09/14 18:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\en-US
[2013/09/14 17:55:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\Google Drive
[2013/09/14 17:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
[2013/09/12 16:43:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2013/09/11 21:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\STRUCTURAL_COMMON_DATA
[2013/09/11 21:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData
[2013/09/11 21:40:39 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2013/09/11 21:40:39 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2013/09/11 21:40:39 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2013/09/11 21:40:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2013/09/11 21:40:39 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2013/09/11 21:40:38 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2013/09/11 21:40:38 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2013/09/11 21:40:38 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2013/09/11 21:40:38 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2013/09/11 21:40:38 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2013/09/11 21:40:37 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2013/09/11 21:40:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2013/09/11 21:40:37 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2013/09/11 21:40:37 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2013/09/11 21:40:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2013/09/11 21:40:37 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2013/09/11 21:40:37 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2013/09/11 21:40:36 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2013/09/11 21:40:36 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2013/09/11 21:40:36 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2013/09/11 21:40:36 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2013/09/11 21:40:36 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2013/09/11 21:40:36 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2013/09/11 21:40:36 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2013/09/11 21:40:36 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2013/09/11 21:40:35 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2013/09/11 21:40:35 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2013/09/11 21:40:35 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2013/09/11 21:40:35 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2013/09/11 21:40:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2013/09/11 21:40:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2013/09/11 21:40:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2013/09/11 21:40:35 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2013/09/11 21:40:35 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2013/09/11 21:40:34 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2013/09/11 21:40:34 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2013/09/11 21:40:34 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2013/09/11 21:40:34 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2013/09/11 21:40:34 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2013/09/11 21:40:34 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2013/09/11 21:40:34 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2013/09/11 21:40:33 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2013/09/11 21:40:33 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2013/09/11 21:40:33 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2013/09/11 21:40:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2013/09/11 21:40:33 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2013/09/11 21:40:32 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2013/09/11 21:40:32 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2013/09/11 21:40:32 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2013/09/11 21:40:32 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2013/09/11 21:40:32 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2013/09/11 21:40:32 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2013/09/11 21:40:32 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2013/09/11 21:40:31 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2013/09/11 21:40:31 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2013/09/11 21:40:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2013/09/11 21:40:31 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2013/09/11 21:40:30 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2013/09/11 21:40:30 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2013/09/11 21:40:30 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2013/09/11 21:40:28 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2013/09/11 21:40:28 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2013/09/11 21:40:28 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2013/09/11 21:40:28 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2013/09/11 21:40:27 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2013/09/11 21:40:27 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2013/09/11 21:40:27 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2013/09/11 21:40:27 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2013/09/11 21:40:27 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2013/09/11 21:40:27 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2013/09/11 21:40:26 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2013/09/11 21:40:22 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2013/09/11 21:40:22 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2013/09/11 21:40:22 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2013/09/11 21:40:22 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2013/09/11 21:40:21 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2013/09/11 21:40:21 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2013/09/11 21:40:21 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2013/09/11 21:40:20 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2013/09/11 10:43:33 | 000,009,336 | ---- | C] (G Data Software AG) -- C:\WINDOWS\System32\GDScrSv.en.dll
[2013/09/11 00:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\WinRAR
[2013/09/11 00:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\WinRAR
[2013/09/11 00:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2013/09/11 00:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/09/10 11:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Akamai
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/09 19:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/09 17:35:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/09 17:35:21 | 000,000,198 | ---- | M] () -- C:\WINDOWS\tasks\AutoKMS.job
[2013/10/09 17:35:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/09 17:35:09 | 3690,287,104 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/07 20:21:44 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/07 18:43:59 | 000,002,371 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Music Player.lnk
[2013/10/07 10:37:52 | 000,016,048 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GdPhyMem.sys
[2013/10/07 10:37:51 | 000,069,176 | ---- | M] (G Data Software) -- C:\WINDOWS\System32\drivers\GRD.sys
[2013/10/07 10:30:12 | 000,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\G Data InternetSecurity 2014.lnk
[2013/10/07 10:29:56 | 000,096,600 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\MiniIcpt.sys
[2013/10/07 10:29:56 | 000,047,832 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\HookCentre.sys
[2013/10/07 10:29:56 | 000,045,912 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\drivers\GDBehave.sys
[2013/10/07 09:17:13 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/07 09:17:13 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Google Chrome.lnk
[2013/10/07 08:27:10 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/10/06 20:38:53 | 000,004,510 | ---- | M] () -- C:\Documents and Settings\user\Application Data\CamStudio.cfg
[2013/10/06 20:38:53 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\user\Application Data\CamShapes.ini
[2013/10/06 20:38:53 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\user\Application Data\CamLayout.ini
[2013/10/06 20:38:53 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Camdata.ini
[2013/10/06 20:37:19 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CamStudio.lnk
[2013/10/05 14:21:08 | 000,274,846 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Part002.adsk
[2013/10/05 14:16:34 | 000,275,063 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Part001.adsk
[2013/10/05 00:24:04 | 000,455,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/05 00:19:50 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Inventor Fusion 2012.lnk
[2013/10/05 00:18:25 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Vault 2012.lnk
[2013/10/05 00:16:35 | 000,001,866 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DWG TrueView 2012.lnk
[2013/10/05 00:04:58 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Inventor Professional 2012.lnk
[2013/10/04 23:30:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/03 21:37:14 | 000,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2013/10/02 20:23:47 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2013/09/26 20:23:24 | 000,071,790 | ---- | M] () -- C:\Documents and Settings\user\Desktop\BLOCK A 9 (1).pdf
[2013/09/19 22:45:42 | 000,288,509 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Print.pdf
[2013/09/18 15:02:50 | 000,150,490 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Enhancements_List_RME_2012_UR2.pdf
[2013/09/17 16:39:54 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/09/17 15:25:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/15 20:28:48 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/14 18:57:28 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\user\Desktop\DVD Shrink 3.2.lnk
[2013/09/14 18:16:54 | 000,001,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2010 - English.lnk
[2013/09/14 17:55:03 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Google Drive.lnk
[2013/09/14 17:53:36 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Slides.lnk
[2013/09/14 17:53:36 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
[2013/09/14 17:53:36 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2013/09/13 12:05:04 | 001,406,305 | ---- | M] () -- C:\Documents and Settings\user\Desktop\storage_and_handling_of_chlorinated_solvents_4.pdf
[2013/09/12 16:50:36 | 000,272,961 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Gmail - SolidWorks 3D CAD and 3D Prototyping Seminar & Open Day.pdf
[2013/09/11 21:39:34 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Design Review 2012.lnk
[2013/09/11 10:43:33 | 000,009,336 | ---- | M] (G Data Software AG) -- C:\WINDOWS\System32\GDScrSv.en.dll
[2013/09/11 01:01:30 | 000,046,614 | ---- | M] () -- C:\Documents and Settings\user\My Documents\autodesk_revit_mep_2012_system_requirements.pdf
[2013/09/10 13:09:15 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to 03 Revit Docs.lnk
[2013/09/10 10:50:40 | 000,552,388 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/10 10:50:40 | 000,106,940 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/07 08:27:10 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/10/06 20:38:53 | 000,004,510 | ---- | C] () -- C:\Documents and Settings\user\Application Data\CamStudio.cfg
[2013/10/06 20:38:53 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\user\Application Data\CamShapes.ini
[2013/10/06 20:38:53 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\user\Application Data\CamLayout.ini
[2013/10/06 20:38:53 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Camdata.ini
[2013/10/06 20:37:19 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CamStudio.lnk
[2013/10/05 14:21:08 | 000,274,846 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Part002.adsk
[2013/10/05 14:16:34 | 000,275,063 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Part001.adsk
[2013/10/05 00:19:50 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Inventor Fusion 2012.lnk
[2013/10/05 00:18:25 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Vault 2012.lnk
[2013/10/05 00:16:35 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DWG TrueView 2012.lnk
[2013/10/05 00:04:58 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Inventor Professional 2012.lnk
[2013/10/04 20:31:48 | 006,469,463 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Portable Magic FLAC to MP3 Converter 3.7.exe
[2013/09/26 20:23:24 | 000,071,790 | ---- | C] () -- C:\Documents and Settings\user\Desktop\BLOCK A 9 (1).pdf
[2013/09/19 22:45:08 | 000,288,509 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Print.pdf
[2013/09/18 15:02:30 | 000,150,490 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Enhancements_List_RME_2012_UR2.pdf
[2013/09/14 18:57:28 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\user\Desktop\DVD Shrink 3.2.lnk
[2013/09/14 18:16:54 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2010 - English.lnk
[2013/09/14 17:55:03 | 000,001,473 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Google Drive.lnk
[2013/09/14 17:53:36 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Slides.lnk
[2013/09/14 17:53:36 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
[2013/09/14 17:53:36 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
[2013/09/13 12:02:04 | 001,406,305 | ---- | C] () -- C:\Documents and Settings\user\Desktop\storage_and_handling_of_chlorinated_solvents_4.pdf
[2013/09/12 16:50:36 | 000,272,961 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Gmail - SolidWorks 3D CAD and 3D Prototyping Seminar & Open Day.pdf
[2013/09/11 23:33:58 | 001,692,194 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1078081533-1972579041-1801674531-1003-0.dat
[2013/09/11 23:33:58 | 000,377,474 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/09/11 21:39:34 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk Design Review 2012.lnk
[2013/09/11 01:01:30 | 000,046,614 | ---- | C] () -- C:\Documents and Settings\user\My Documents\autodesk_revit_mep_2012_system_requirements.pdf
[2013/09/10 13:09:15 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to 03 Revit Docs.lnk
[2013/08/01 22:56:35 | 002,060,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/07/13 19:33:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/05/06 16:27:41 | 004,870,144 | ---- | C] () -- C:\Documents and Settings\user\NTUSER.rhk
[2013/02/06 09:24:34 | 000,000,135 | ---- | C] () -- C:\WINDOWS\AutoKMS.ini
[2012/11/22 23:38:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/11/18 22:33:50 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/18 21:32:52 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/11/15 18:33:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2012/11/15 18:29:53 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2012/11/15 18:29:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2012/11/15 16:32:42 | 000,109,256 | ---- | C] () -- C:\WINDOWS\System32\EasyHook64.dll
[2012/11/15 16:32:42 | 000,090,824 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2012/11/15 00:44:03 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/11/15 00:44:03 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2012/11/15 00:44:02 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/11/15 00:44:02 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/11/15 00:44:02 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/11/15 00:43:49 | 000,000,146 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2012/11/15 00:43:46 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2012/11/15 00:43:42 | 000,982,240 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012/11/15 00:43:42 | 000,439,308 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012/11/15 00:37:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/11/15 00:29:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/11/14 16:26:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/11/14 16:25:15 | 000,455,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/11/18 21:41:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 18:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 18:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3500413AS
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 293.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 173.00GB
Starting Offset: 314575833600
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 17:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 17:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/11/15 17:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Adobe
[2012/11/18 22:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ansys
[2013/10/07 11:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Autodesk
[2013/09/15 20:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\driveridentifier
[2013/02/24 15:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\EDrawings
[2013/02/05 15:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Foxit Software
[2013/07/14 19:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\G Data
[2013/08/11 21:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Google
[2012/11/15 00:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Identities
[2012/11/15 18:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IGC
[2012/11/15 17:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Macromedia
[2013/02/05 17:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Media Player Classic
[2013/09/04 13:46:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\user\Application Data\Microsoft
[2012/11/15 00:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla
[2013/09/15 22:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nero
[2013/08/01 22:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nokia
[2012/11/15 00:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2013/09/22 19:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PC Suite
[2012/11/15 18:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\pdf995
[2013/08/01 17:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sun
[2013/10/04 20:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Thinstall
[2013/10/09 17:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent
[2013/09/11 00:40:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WinRAR
[2013/10/07 16:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\XBMC

< MD5 for: ATAPI.SYS >
[2008/04/14 18:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 18:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/14 18:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2008/04/14 18:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/20 17:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 17:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 18:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 18:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/14 18:00:00 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\dllcache\nwprovau.dll
[2008/04/14 18:00:00 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2008/04/14 18:00:00 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
[2008/04/14 18:00:00 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: RSVPSP.DLL >
[2008/04/14 18:00:00 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\dllcache\rsvpsp.dll
[2008/04/14 18:00:00 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\rsvpsp.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 18:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 18:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 18:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USER32.DLL >
[2008/04/14 18:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\user32.dll
[2008/04/14 18:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 18:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 18:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 18:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 18:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/04/14 18:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\dllcache\winrnr.dll
[2008/04/14 18:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is ACCA-D92A
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
07/18/2013 10:40 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
07/18/2013 10:40 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
08/31/2013 08:14 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
08/31/2013 08:19 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 258,349,154,304 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/03 07:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/03 07:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/03 07:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/10/03 07:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 23:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 23:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/03 07:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/03 07:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/03 07:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/10/03 07:03:07 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/06/07 19:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 23:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 23:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2008/04/14 18:00:00 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\dialer.exe
[2008/04/14 18:00:00 | 000,013,312 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\htrn_jis.dll
[2008/04/14 18:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\hypertrm.exe
[2009/11/20 12:14:51 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd6.wpc
[2010/12/21 13:51:53 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd8.wpc
[2010/07/12 13:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/11/20 12:14:50 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\write.wpc
[2008/04/14 18:00:00 | 000,003,947 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\FONT.DAT
[2008/04/14 18:00:00 | 000,928,700 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.DAT
[2008/04/14 18:00:00 | 000,281,088 | ---- | M] (Cinematronics) -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.EXE
[2008/04/14 18:00:00 | 000,108,607 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.MID
[2008/04/14 18:00:00 | 000,028,888 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL2.MID
[2008/04/14 18:00:00 | 000,055,490 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND1.WAV
[2008/04/14 18:00:00 | 000,001,226 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND104.WAV
[2008/04/14 18:00:00 | 000,001,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND105.WAV
[2008/04/14 18:00:00 | 000,007,754 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND108.WAV
[2008/04/14 18:00:00 | 000,000,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND111.WAV
[2008/04/14 18:00:00 | 000,000,824 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND112.WAV
[2008/04/14 18:00:00 | 000,004,296 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND12.WAV
[2008/04/14 18:00:00 | 000,008,034 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND13.WAV
[2008/04/14 18:00:00 | 000,001,290 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND131.WAV
[2008/04/14 18:00:00 | 000,019,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND136.WAV
[2008/04/14 18:00:00 | 000,003,002 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND14.WAV
[2008/04/14 18:00:00 | 000,001,046 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND16.WAV
[2008/04/14 18:00:00 | 000,002,090 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND17.WAV
[2008/04/14 18:00:00 | 000,003,986 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND18.WAV
[2008/04/14 18:00:00 | 000,027,472 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND181.WAV
[2008/04/14 18:00:00 | 000,005,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND19.WAV
[2008/04/14 18:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND20.WAV
[2008/04/14 18:00:00 | 000,009,194 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND21.WAV
[2008/04/14 18:00:00 | 000,007,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND22.WAV
[2008/04/14 18:00:00 | 000,012,106 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND24.WAV
[2008/04/14 18:00:00 | 000,014,600 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND240.WAV
[2008/04/14 18:00:00 | 000,020,712 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND243.WAV
[2008/04/14 18:00:00 | 000,025,704 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND25.WAV
[2008/04/14 18:00:00 | 000,007,306 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND26.WAV
[2008/04/14 18:00:00 | 000,020,242 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND27.WAV
[2008/04/14 18:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND28.WAV
[2008/04/14 18:00:00 | 000,010,364 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND29.WAV
[2008/04/14 18:00:00 | 000,022,858 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND3.WAV
[2008/04/14 18:00:00 | 000,022,570 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND30.WAV
[2008/04/14 18:00:00 | 000,001,520 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND34.WAV
[2008/04/14 18:00:00 | 000,019,498 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND35.WAV
[2008/04/14 18:00:00 | 000,033,848 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND36.WAV
[2008/04/14 18:00:00 | 000,013,024 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND38.WAV
[2008/04/14 18:00:00 | 000,028,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND39.WAV
[2008/04/14 18:00:00 | 000,016,626 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND4.WAV
[2008/04/14 18:00:00 | 000,029,140 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND42.WAV
[2008/04/14 18:00:00 | 000,022,796 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND43.WAV
[2008/04/14 18:00:00 | 000,009,770 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND45.WAV
[2008/04/14 18:00:00 | 000,001,876 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49.WAV
[2008/04/14 18:00:00 | 000,003,330 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49D.WAV
[2008/04/14 18:00:00 | 000,003,180 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND5.WAV
[2008/04/14 18:00:00 | 000,012,074 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND50.WAV
[2008/04/14 18:00:00 | 000,008,932 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND528.WAV
[2008/04/14 18:00:00 | 000,009,022 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND53.WAV
[2008/04/14 18:00:00 | 000,018,250 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND54.WAV
[2008/04/14 18:00:00 | 000,021,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND55.WAV
[2008/04/14 18:00:00 | 000,029,004 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND560.WAV
[2008/04/14 18:00:00 | 000,024,192 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND563.WAV
[2008/04/14 18:00:00 | 000,030,502 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND57.WAV
[2008/04/14 18:00:00 | 000,003,408 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND58.WAV
[2008/04/14 18:00:00 | 000,004,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND6.WAV
[2008/04/14 18:00:00 | 000,017,676 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND65.WAV
[2008/04/14 18:00:00 | 000,032,402 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND68.WAV
[2008/04/14 18:00:00 | 000,026,442 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND7.WAV
[2008/04/14 18:00:00 | 000,014,592 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND713.WAV
[2008/04/14 18:00:00 | 000,027,268 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND735.WAV
[2008/04/14 18:00:00 | 000,002,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND8.WAV
[2008/04/14 18:00:00 | 000,047,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND827.WAV
[2008/04/14 18:00:00 | 000,020,098 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND9.WAV
[2008/04/14 18:00:00 | 000,006,742 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND999.WAV
[2008/04/14 18:00:00 | 000,339,178 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\table.bmp
[2008/04/14 18:00:00 | 000,002,687 | R--- | M] () -- C:\Program Files\WINDOWS NT\Pinball\wavemix.inf

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879

< End of report >

The 2nd log for OTL is this:

OTL Extras logfile created on: 10/9/2013 7:29:57 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\Desktop\Adware Removal tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.44 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 65.87% Memory free
5.27 Gb Paging File | 3.52 Gb Available in Paging File | 66.77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.97 Gb Total Space | 240.65 Gb Free Space | 82.14% Space Free | Partition Type: NTFS
Drive E: | 172.79 Gb Total Space | 93.44 Gb Free Space | 54.08% Space Free | Partition Type: NTFS
Drive F: | 6.68 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-AE3AC86A7F | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- "%1" %*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.scr [@ = AutoCADScriptFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\user\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\user\Application Data\uTorrent\uTorrent.exe:*:Enabled:Torrent -- (BitTorrent Inc.)
"C:\Documents and Settings\user\Application Data\Allmyapps\Allmyapps.exe" = C:\Documents and Settings\user\Application Data\Allmyapps\Allmyapps.exe:*:Enabled:Allmyapps
"C:\Documents and Settings\user\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\user\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{04B83666-3A62-452B-85D3-70F8117F2329}_is1" = CamStudio version 2.7
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{207780D5-A515-4E79-B7C2-E4D32F8A6CA1}" = Eco Materials Adviser
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
"{25F61E72-AAA4-4607-95D2-1E5139C98FFB}" = Nokia_Multimedia_Common_Components_2_5
"{266597A9-1632-0000-0100-DCBF2B69166B}" = Autodesk Vault 2012 (Client) English Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView 2007
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1" = DriverIdentifier 4.2.7
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack
"{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Add-in
"{4FCB1267-7380-4EBA-9A6C-69809C6E8227}" = Nokia Music Player
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{5783F2D7-A028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2012
"{5C8281B1-B927-495A-A0FF-AB4BDFAE505C}" = Autodesk Revit MEP 2010
"{5E8ED61B-9027-4EA3-8E5B-BC2A9EE6B020}" = Autodesk Data Management Server 2008
"{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}" = saveensshare
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
"{6F411DB4-EC41-482B-AD46-384957928F69}" = AOEMView 2008
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7765322A-8601-47D3-AC60-B66677450D7B}" = G Data InternetSecurity 2014
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7F4DD591-1200-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2008
"{7F4DD591-1632-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2012
"{7F4DD591-1632-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2012 English Language Pack
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{6385178D-122C-446E-9893-E461F27F5DE1}" =
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{EA35370F-586C-45E1-AC6C-A4E275C6B762}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = Microsoft Office Visio 2007 Service Pack 1 (SP1)
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Visafone Hotspot
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B46DECD1-1632-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content)
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF526A26-1632-0000-0000-02E95019B628}" = Autodesk Vault 2012 (Client)
"{D25FF5C1-1632-469A-9794-69309387C193}" = Quick Uninstall Tool for Autodesk Inventor 2012
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097}" = Autodesk Vault 2008
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Alumasc_0" = Alumasc Drainage Calculators 1.07
"AOEMView 2008" = AOEMView 2008
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"Autodesk Data Management Server 2008" = Autodesk Data Management Server 2008
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion for Inventor 2012 Add-in" = Autodesk Inventor Fusion for Inventor 2012 Add-in
"Autodesk Inventor Professional 2012" = Autodesk Inventor Professional 2012 English
"Autodesk Revit MEP 2010" = Autodesk Revit MEP 2010
"Autodesk Vault 2008" = Autodesk Vault 2008
"Autodesk Vault 2012 (Client)" = Autodesk Vault 2012 (Client)
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DVD Shrink_is1" = DVD Shrink 3.2
"DWG TrueView 2012" = DWG TrueView 2012
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"EPSON Printer and Utilities" = EPSON Printer Software
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.7.0 (Full)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSNINST" = MSN
"Nokia PC Suite" = Nokia PC Suite
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pdf995" = Pdf995
"pepakura_designer3en" = Pepakura Designer 3
"PROSet" = Intel® Network Connections Drivers
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"VISPRO" = Microsoft Office Visio Professional 2007
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinDjView" = WinDjView 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Professional V5.9.1
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"uTorrent" = Torrent
"XBMC" = XBMC

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/7/2013 8:57:39 AM | Computer Name = USER-AE3AC86A7F | Source = Nokia Ovi Suite | ID = 100
Description = Timestamp: 10/7/2013 12:57:38 PM Message: HandlingInstanceID: a9894f9b-c208-4181-a403-94ebfa64f175
An
exception of type 'System.Net.WebException' occurred and was caught. -----------------------------------------------------------------------
10/07/2013
13:57:38 Type : System.Net.WebException, System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089 Message : The remote name could not be resolved:
'nds1.nokia.com' Source : System Help link : Status : NameResolutionFailure Response
: Data : System.Collections.ListDictionaryInternal TargetSite : System.Net.WebResponse
EndGetResponse(System.IAsyncResult) Stack Trace : at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult
asyncResult) at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult
result) at System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result)

Additional
Info: MachineName : USER-AE3AC86A7F TimeStamp : 10/7/2013 12:57:38 PM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a AppDomainName
: NokiaMusicPlayer.exe ThreadIdentity : WindowsIdentity : USER-AE3AC86A7F\user Category:
Error Priority: 0 EventId: 100 Severity: Error Title:Nokia Ovi Suite Machine: USER-AE3AC86A7F
App
Domain: NokiaMusicPlayer.exe ProcessId: 1756 Process Name: C:\Program Files\Nokia\Nokia
Music Player\NokiaMusicPlayer.exe Thread Name: Win32 ThreadId:2672 Extended Properties:
URL - http://nds1.nokia.co...nokia_music.xml


Error - 10/7/2013 1:20:53 PM | Computer Name = USER-AE3AC86A7F | Source = Nokia Ovi Suite | ID = 100
Description = Timestamp: 10/7/2013 5:20:53 PM Message: HandlingInstanceID: 343fb883-5811-4362-be80-0513797b19fc
An
exception of type 'System.Net.WebException' occurred and was caught. -----------------------------------------------------------------------
10/07/2013
18:20:53 Type : System.Net.WebException, System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089 Message : The remote name could not be resolved:
'nds1.nokia.com' Source : System Help link : Status : NameResolutionFailure Response
: Data : System.Collections.ListDictionaryInternal TargetSite : System.Net.WebResponse
EndGetResponse(System.IAsyncResult) Stack Trace : at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult
asyncResult) at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult
result) at System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result)

Additional
Info: MachineName : USER-AE3AC86A7F TimeStamp : 10/7/2013 5:20:53 PM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a AppDomainName
: NokiaMusicPlayer.exe ThreadIdentity : WindowsIdentity : USER-AE3AC86A7F\user Category:
Error Priority: 0 EventId: 100 Severity: Error Title:Nokia Ovi Suite Machine: USER-AE3AC86A7F
App
Domain: NokiaMusicPlayer.exe ProcessId: 1380 Process Name: C:\Program Files\Nokia\Nokia
Music Player\NokiaMusicPlayer.exe Thread Name: Win32 ThreadId:2780 Extended Properties:
URL - http://nds1.nokia.co...nokia_music.xml


Error - 10/7/2013 1:44:28 PM | Computer Name = USER-AE3AC86A7F | Source = Nokia Ovi Suite | ID = 100
Description = Timestamp: 10/7/2013 5:44:28 PM Message: HandlingInstanceID: 597087c5-1350-4396-9efc-5cc3df144785
An
exception of type 'System.Net.WebException' occurred and was caught. -----------------------------------------------------------------------
10/07/2013
18:44:28 Type : System.Net.WebException, System, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089 Message : The remote name could not be resolved:
'nds1.nokia.com' Source : System Help link : Status : NameResolutionFailure Response
: Data : System.Collections.ListDictionaryInternal TargetSite : System.Net.WebResponse
EndGetResponse(System.IAsyncResult) Stack Trace : at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult
asyncResult) at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult
result) at System.Net.WebClient.DownloadBitsResponseCallback(IAsyncResult result)

Additional
Info: MachineName : USER-AE3AC86A7F TimeStamp : 10/7/2013 5:44:28 PM FullName : Microsoft.Practices.EnterpriseLibrary.ExceptionHandling,
Version=3.1.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a AppDomainName
: NokiaMusicPlayer.exe ThreadIdentity : WindowsIdentity : USER-AE3AC86A7F\user Category:
Error Priority: 0 EventId: 100 Severity: Error Title:Nokia Ovi Suite Machine: USER-AE3AC86A7F
App
Domain: NokiaMusicPlayer.exe ProcessId: 2316 Process Name: C:\Program Files\Nokia\Nokia
Music Player\NokiaMusicPlayer.exe Thread Name: Win32 ThreadId:3048 Extended Properties:
URL - http://nds1.nokia.co...nokia_music.xml


Error - 10/7/2013 4:56:27 PM | Computer Name = USER-AE3AC86A7F | Source = Application Error | ID = 1000
Description = Faulting application dvd shrink 3.2.exe, version 3.2.0.15, faulting
module dvd shrink 3.2.exe, version 3.2.0.15, fault address 0x00026e15.

Error - 10/8/2013 1:52:23 PM | Computer Name = USER-AE3AC86A7F | Source = VSS | ID = 6004
Description = Sqllib error: Database KnowledgeVaultMaster is not simple.

Error - 10/8/2013 2:31:13 PM | Computer Name = USER-AE3AC86A7F | Source = VSS | ID = 6004
Description = Sqllib error: Database KnowledgeVaultMaster is not simple.

Error - 10/8/2013 2:38:07 PM | Computer Name = USER-AE3AC86A7F | Source = VSS | ID = 6004
Description = Sqllib error: Database KnowledgeVaultMaster is not simple.

Error - 10/8/2013 2:53:29 PM | Computer Name = USER-AE3AC86A7F | Source = VSS | ID = 6004
Description = Sqllib error: Database KnowledgeVaultMaster is not simple.

Error - 10/8/2013 2:58:23 PM | Computer Name = USER-AE3AC86A7F | Source = VSS | ID = 6004
Description = Sqllib error: Database KnowledgeVaultMaster is not simple.

Error - 10/8/2013 3:00:44 PM | Computer Name = USER-AE3AC86A7F | Source = VSS | ID = 6004
Description = Sqllib error: Database KnowledgeVaultMaster is not simple.

[ System Events ]
Error - 10/4/2013 1:34:25 PM | Computer Name = USER-AE3AC86A7F | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 10/4/2013 1:34:25 PM | Computer Name = USER-AE3AC86A7F | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 10/5/2013 9:17:20 AM | Computer Name = USER-AE3AC86A7F | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {61DD94EB-232F-48BE-B297-7DE6CC10AE7D}.
The
error: "%2" Happened while starting this command: C:\Program Files\Autodesk\Revit
MEP 2012\Program\LibWrapper.exe -Embedding

Error - 10/7/2013 5:13:59 AM | Computer Name = USER-AE3AC86A7F | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AVKProxy with
arguments "-Service" in order to run the server: {9CC0C66E-A7B9-4611-8792-EE9833277273}

Error - 10/7/2013 5:27:48 AM | Computer Name = USER-AE3AC86A7F | Source = Service Control Manager | ID = 7022
Description = The G Data Personal Firewall service hung on starting.

Error - 10/7/2013 5:29:09 AM | Computer Name = USER-AE3AC86A7F | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AVKProxy with
arguments "-Service" in order to run the server: {9CC0C66E-A7B9-4611-8792-EE9833277273}

Error - 10/7/2013 5:30:14 AM | Computer Name = USER-AE3AC86A7F | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service AVKWCtl with
arguments "-Service" in order to run the server: {BCB3CC02-761B-4C74-8B04-891A31034D19}

Error - 10/7/2013 5:33:44 AM | Computer Name = USER-AE3AC86A7F | Source = Service Control Manager | ID = 7022
Description = The G Data Personal Firewall service hung on starting.

Error - 10/7/2013 6:31:22 AM | Computer Name = USER-AE3AC86A7F | Source = Service Control Manager | ID = 7022
Description = The G Data Personal Firewall service hung on starting.

Error - 10/7/2013 11:22:05 AM | Computer Name = USER-AE3AC86A7F | Source = Service Control Manager | ID = 7022
Description = The G Data Personal Firewall service hung on starting.


< End of report >

And finally for Security Check, not much of a log: Just this:

UNSUPPORTED OPERATING SYSTEM! ABORTED!

Thanks a lot for any help. I'm still getting the double underlines.
  • 0

#4
RKinner
Posted 10 October 2013 - 09:32 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKLM\..\SearchScopes\Yandex: "URL" = http://yandex.ru/yan...t={searchTerms}
[2012/11/15 00:42:04 | 000,000,000 | ---D | M] (Яндекс.Бар) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected]
O3 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O33 - MountPoints2\{4d5d2c10-2ebb-11e2-b176-f4716289099e}\Shell - "" = AutoRun
O33 - MountPoints2\{4d5d2c10-2ebb-11e2-b176-f4716289099e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d5d2c10-2ebb-11e2-b176-f4716289099e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4d5d2c14-2ebb-11e2-b176-f4716289099e}\Shell - "" = AutoRun
O33 - MountPoints2\{4d5d2c14-2ebb-11e2-b176-f4716289099e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d5d2c14-2ebb-11e2-b176-f4716289099e}\Shell\AutoRun\command - "" = E:\AutoRun.exe

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.


Since you can't get a log from aswMBR try FRST:


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

I don't have much control over Chrome in OTL. (FRST can do better.) See if you get underlines in IE and Firefox (if installed).
  • 0

#5
jefekodo
Posted 11 October 2013 - 12:47 PM

jefekodo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Ron, thanks for replying so quick. I've carried out the actions you stated and here are the results

OTL didn't produce any log file after the RunFix with Custom Fix. The PC rebooted.
I ran it 3ce to make sure. NO LOG.

Then the Farbar Recovery Scan Tool produced 2 logs.

Here they are:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by user (administrator) on USER-AE3AC86A7F on 11-10-2013 19:04:02
Running from C:\Documents and Settings\user\Desktop\Adware Removal tools
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(Autodesk) C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
(Autodesk) C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Autodesk, Inc.) c:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(SpeedBit Ltd.) C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Speedbit Ltd.) C:\Program Files\DAP\DAP.EXE
(Akamai Technologies, Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Akamai Technologies, Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [20026472 2011-01-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [GDFirewallTray] - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [G Data AntiVirus Tray] - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)
HKLM\...\Run: [EPSON Stylus C48 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE [99840 2005-05-16] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NokiaMusic FastStart] - C:\Program Files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe [2193000 2011-10-21] (Nokia)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [UserFaultCheck] - %systemroot%\system32\dumprep 0 -u
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,c:\program files\g data\internetsecurity\avkkid\avkcks.exe
HKCU\...\Run: [DownloadAccelerator] - C:\Program Files\DAP\DAP.EXE [3795160 2012-11-15] (Speedbit Ltd.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\user\Local Settings\Application Data\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [EPSON Stylus C48 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE [99840 2005-05-16] (SEIKO EPSON CORPORATION)
MountPoints2: {ab1f8c61-2f8a-11e2-b17b-f6f8bf905d58} - F:\AutoRun.exe
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - Yandex URL = http://yandex.ru/yan...t={searchTerms}
SearchScopes: HKCU - Yandex URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SpeedBit Link Verification Helper - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab
Winsock: Catalog9 01 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [174832] (SPEEDbit)
Winsock: Catalog9 02 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [174832] (SPEEDbit)
Winsock: Catalog9 20 C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll [174832] (SPEEDbit)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\staged
FF Extension: G Data WebFilter - C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Extension: (Google Drive) - C:\DOCUME~1\user\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\user\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (DAP Link Checker) - C:\DOCUME~1\user\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.1.2_0
CHR Extension: (Google Search) - C:\DOCUME~1\user\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\user\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (World Clocks) - C:\DOCUME~1\user\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej\4.9_0
CHR Extension: (Gmail) - C:\DOCUME~1\user\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [bodfdknjhecmadheclfjkhhiofeagdbh] - C:\Program Files\DAP\daplinkchecker.crx

========================== Services (Whitelisted) =================

R2 Autodesk Data Management Job Dispatch; C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe [32768 2007-02-13] (Autodesk)
R2 Autodesk EDM Server; C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe [49152 2007-02-13] (Autodesk)
S3 Autodesk Network Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [1322648 2008-06-05] (Autodesk, Inc.)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2095600 2013-08-21] (G Data Software AG)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-09-11] (Flexera Software, Inc.)
R2 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2369616 2013-08-21] (G Data Software AG)
R2 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)
R2 mitsijm2012; c:\Program Files\Autodesk\Inventor 2012\Moldflow\bin\mitsijm.exe [579384 2010-12-07] (Autodesk, Inc.)
R2 MSSQL$AUTODESKVAULT; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [28933976 2007-02-13] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2007-02-13] (Microsoft Corporation)
R2 VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [277744 2012-11-15] (SpeedBit Ltd.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k5132.sys [173736 2010-09-29] (Intel Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [45912 2013-10-07] (G Data Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [96600 2013-10-07] (G Data Software AG)
R0 GDNdisIc; C:\Windows\System32\drivers\GDNdisIc.sys [30200 2013-07-13] (G Data Software AG)
R2 GDTdiInterceptor; C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [53976 2013-07-13] (G Data Software AG)
R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [69176 2013-10-07] (G Data Software)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [47832 2013-10-07] (G Data Software AG)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-03-26] (MBB Incorporated)
R3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [126976 2011-03-26] (ZTE Corporation)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-11 19:03 - 2013-10-11 19:03 - 00000000 ____D C:\FRST
2013-10-11 18:27 - 2013-10-11 18:27 - 00000000 ____D C:\_OTL
2013-10-09 17:38 - 2013-10-09 17:38 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-09 17:31 - 2013-10-09 17:33 - 00000000 ____D C:\AdwCleaner
2013-10-09 17:18 - 2013-10-11 18:42 - 00000000 ____D C:\Documents and Settings\user\Desktop\Adware Removal tools
2013-10-08 19:23 - 2013-10-08 19:23 - 00001687 _____ C:\Documents and Settings\user\My Documents\Home Carer Requirments.txt
2013-10-07 10:30 - 2013-10-07 10:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\G Data InternetSecurity 2014
2013-10-07 08:27 - 2013-10-07 08:27 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-10-07 08:27 - 2013-10-07 08:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-10-07 08:09 - 2013-10-07 08:10 - 00000000 ____D C:\Documents and Settings\user\My Documents\My Spiritual life
2013-10-06 20:38 - 2013-10-06 20:38 - 00004510 _____ C:\Documents and Settings\user\Application Data\CamStudio.cfg
2013-10-06 20:38 - 2013-10-06 20:38 - 00000408 _____ C:\Documents and Settings\user\Application Data\CamShapes.ini
2013-10-06 20:38 - 2013-10-06 20:38 - 00000408 _____ C:\Documents and Settings\user\Application Data\CamLayout.ini
2013-10-06 20:38 - 2013-10-06 20:38 - 00000046 _____ C:\Documents and Settings\user\Application Data\Camdata.ini
2013-10-06 20:37 - 2013-10-06 20:37 - 00000719 _____ C:\Documents and Settings\All Users\Desktop\CamStudio.lnk
2013-10-06 20:37 - 2013-10-06 20:37 - 00000000 ____D C:\Program Files\CamStudio 2.7
2013-10-06 20:37 - 2013-10-06 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio 2.7
2013-10-05 21:38 - 2013-10-05 21:38 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\WMTools Downloaded Files
2013-10-05 15:32 - 2013-10-05 15:49 - 00003927 _____ C:\WINDOWS\system32\plot.log
2013-10-05 15:24 - 2013-10-05 18:00 - 00000000 ____D C:\Documents and Settings\user\My Documents\Inventor Master Project
2013-10-05 14:21 - 2013-10-05 14:21 - 00274846 _____ C:\Documents and Settings\user\My Documents\Part002.adsk
2013-10-05 14:16 - 2013-10-05 14:16 - 00275063 _____ C:\Documents and Settings\user\My Documents\Part001.adsk
2013-10-05 01:18 - 2013-10-05 01:18 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Autodesk,_Inc
2013-10-05 00:49 - 2013-10-05 00:49 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\GrantaGateway
2013-10-05 00:19 - 2013-10-05 00:19 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Inventor Fusion 2012.lnk
2013-10-05 00:18 - 2013-10-05 00:18 - 00000926 _____ C:\Documents and Settings\All Users\Desktop\Autodesk Vault 2012.lnk
2013-10-05 00:16 - 2013-10-05 00:16 - 00001866 _____ C:\Documents and Settings\All Users\Desktop\DWG TrueView 2012.lnk
2013-10-05 00:06 - 2013-10-05 00:06 - 00000000 ____D C:\Documents and Settings\user\My Documents\Autodesk
2013-10-05 00:04 - 2013-10-05 00:04 - 00001964 _____ C:\Documents and Settings\All Users\Desktop\Autodesk Inventor Professional 2012.lnk
2013-10-05 00:01 - 2013-10-05 00:01 - 00000000 ____D C:\MITSI 2012 Temporary Files
2013-10-05 00:01 - 2013-10-05 00:01 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Autodesk
2013-10-05 00:00 - 2013-10-05 00:00 - 00000000 ____D C:\Program Files\Microsoft Chart Controls
2013-10-05 00:00 - 2013-10-05 00:00 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Autodesk
2013-10-04 20:32 - 2013-10-04 20:32 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Thinstall
2013-10-04 20:32 - 2013-10-04 20:32 - 00000000 ____D C:\Documents and Settings\user\Application Data\Thinstall
2013-10-04 20:31 - 2009-02-20 23:36 - 06469463 _____ () C:\Documents and Settings\user\Desktop\Portable Magic FLAC to MP3 Converter 3.7.exe
2013-09-17 12:33 - 2013-09-17 12:33 - 00000149 _____ C:\11.txt
2013-09-17 12:33 - 2013-09-17 12:33 - 00000000 ____D C:\tmp
2013-09-15 22:00 - 2013-09-15 22:00 - 00000000 ____D C:\Documents and Settings\user\Application Data\Nero
2013-09-15 21:50 - 2013-10-07 18:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Nero
2013-09-15 20:35 - 2013-03-13 18:57 - 00081920 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v5420.dll
2013-09-15 20:08 - 2013-09-15 20:08 - 00000000 ____D C:\Program Files\Driver Identifier
2013-09-15 20:08 - 2013-09-15 20:08 - 00000000 ____D C:\Documents and Settings\user\Application Data\driveridentifier
2013-09-15 20:08 - 2013-09-15 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Driver Identifier
2013-09-15 19:35 - 2013-09-15 20:10 - 00000000 ____D C:\Documents and Settings\user\My Documents\001 HP PC Manual
2013-09-14 18:57 - 2013-09-14 18:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DVD Shrink
2013-09-14 18:57 - 2013-09-14 18:57 - 00000670 _____ C:\Documents and Settings\user\Desktop\DVD Shrink 3.2.lnk
2013-09-14 18:57 - 2013-09-14 18:57 - 00000000 ____D C:\Program Files\DVD Shrink
2013-09-14 18:57 - 2013-09-14 18:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
2013-09-14 18:16 - 2013-09-14 18:16 - 00001690 _____ C:\Documents and Settings\All Users\Desktop\AutoCAD 2010 - English.lnk
2013-09-14 18:15 - 2013-09-14 18:19 - 00000000 ____D C:\Program Files\AutoCAD 2010
2013-09-14 18:04 - 2013-09-14 18:04 - 00000000 ____D C:\Program Files\x86
2013-09-14 18:04 - 2009-02-10 20:53 - 00000262 _____ C:\Program Files\MID.txt
2013-09-14 17:55 - 2013-09-17 11:29 - 00000000 ___RD C:\Documents and Settings\user\My Documents\Google Drive
2013-09-14 17:55 - 2013-09-14 17:55 - 00001473 _____ C:\Documents and Settings\user\Desktop\Google Drive.lnk
2013-09-14 17:53 - 2013-09-14 17:53 - 00001769 _____ C:\Documents and Settings\All Users\Desktop\Google Slides.lnk
2013-09-14 17:53 - 2013-09-14 17:53 - 00001765 _____ C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
2013-09-14 17:53 - 2013-09-14 17:53 - 00001753 _____ C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
2013-09-14 17:53 - 2013-09-14 17:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2013-09-12 16:43 - 2013-09-12 16:43 - 00000000 ___HD C:\WINDOWS\PIF
2013-09-12 12:31 - 2013-09-12 12:31 - 00001201 _____ C:\Documents and Settings\user\Desktop\MY Revit 2012 INI path locations.txt
2013-09-11 23:33 - 2013-10-07 14:52 - 01692194 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1078081533-1972579041-1801674531-1003-0.dat
2013-09-11 23:33 - 2013-10-07 14:52 - 00377474 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-09-11 21:44 - 2013-09-11 21:47 - 00065536 _____ C:\WINDOWS\system32\config\Autodesk.evt
2013-09-11 21:41 - 2013-09-11 21:41 - 00000000 ____D C:\Program Files\STRUCTURAL_COMMON_DATA
2013-09-11 21:40 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2013-09-11 21:40 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2013-09-11 21:40 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2013-09-11 21:40 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2013-09-11 21:40 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2013-09-11 21:40 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2013-09-11 21:40 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2013-09-11 21:40 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2013-09-11 21:40 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2013-09-11 21:40 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2013-09-11 21:40 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2013-09-11 21:40 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2013-09-11 21:40 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2013-09-11 21:40 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2013-09-11 21:40 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2013-09-11 21:40 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2013-09-11 21:40 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2013-09-11 21:40 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2013-09-11 21:40 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2013-09-11 21:40 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2013-09-11 21:40 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2013-09-11 21:40 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2013-09-11 21:40 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2013-09-11 21:40 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2013-09-11 21:40 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2013-09-11 21:40 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2013-09-11 21:40 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2013-09-11 21:40 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2013-09-11 21:40 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2013-09-11 21:40 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2013-09-11 21:40 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2013-09-11 21:40 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2013-09-11 21:40 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2013-09-11 21:40 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2013-09-11 21:40 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2013-09-11 21:40 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2013-09-11 21:40 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2013-09-11 21:40 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2013-09-11 21:40 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2013-09-11 21:40 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2013-09-11 21:40 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2013-09-11 21:40 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2013-09-11 21:40 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2013-09-11 21:40 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2013-09-11 21:40 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2013-09-11 21:40 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2013-09-11 21:40 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2013-09-11 21:40 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2013-09-11 21:40 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2013-09-11 21:40 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2013-09-11 21:40 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2013-09-11 21:40 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2013-09-11 21:40 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2013-09-11 21:40 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2013-09-11 21:40 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2013-09-11 21:40 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2013-09-11 21:40 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2013-09-11 21:40 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2013-09-11 21:40 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2013-09-11 21:40 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2013-09-11 21:40 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2013-09-11 21:40 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2013-09-11 21:40 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2013-09-11 21:40 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2013-09-11 21:40 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2013-09-11 21:40 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2013-09-11 21:40 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2013-09-11 21:40 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2013-09-11 21:40 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2013-09-11 21:40 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2013-09-11 21:40 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2013-09-11 21:40 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2013-09-11 21:40 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2013-09-11 21:40 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2013-09-11 21:40 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2013-09-11 21:40 - 2005-12-05 18:07 - 00061136 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput9_1_0.dll
2013-09-11 21:40 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2013-09-11 21:40 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2013-09-11 21:40 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2013-09-11 21:39 - 2013-09-11 21:39 - 00001844 _____ C:\Documents and Settings\All Users\Desktop\Autodesk Design Review 2012.lnk
2013-09-11 10:43 - 2013-09-11 10:43 - 00009336 ____N (G Data Software AG) C:\WINDOWS\system32\GDScrSv.en.dll
2013-09-11 00:40 - 2013-09-11 00:40 - 00000000 ____D C:\Documents and Settings\user\Application Data\WinRAR
2013-09-11 00:39 - 2013-09-11 00:39 - 00000000 ____D C:\Program Files\WinRAR
2013-09-11 00:39 - 2013-09-11 00:39 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\WinRAR
2013-09-11 00:39 - 2013-09-11 00:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR

==================== One Month Modified Files and Folders =======

2013-10-11 19:03 - 2013-10-11 19:03 - 00000000 ____D C:\FRST
2013-10-11 18:57 - 2012-11-15 00:31 - 01996839 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-11 18:56 - 2012-11-14 16:27 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-11 18:56 - 2012-11-14 16:27 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-11 18:55 - 2013-02-06 09:24 - 00000198 _____ C:\WINDOWS\Tasks\AutoKMS.job
2013-10-11 18:55 - 2012-11-15 00:44 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-11 18:55 - 2012-11-15 00:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-11 18:53 - 2012-11-15 00:44 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-11 18:45 - 2012-11-15 00:39 - 00000178 ___SH C:\Documents and Settings\user\ntuser.ini
2013-10-11 18:45 - 2012-11-15 00:38 - 00032612 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-11 18:42 - 2013-10-09 17:18 - 00000000 ____D C:\Documents and Settings\user\Desktop\Adware Removal tools
2013-10-11 18:27 - 2013-10-11 18:27 - 00000000 ____D C:\_OTL
2013-10-10 22:31 - 2013-08-01 22:56 - 02060008 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-10-10 18:37 - 2013-07-17 15:50 - 00000000 ____D C:\Documents and Settings\user\Application Data\XBMC
2013-10-10 15:37 - 2012-11-14 16:22 - 00000000 ____D C:\WINDOWS\repair
2013-10-10 15:31 - 2012-11-15 00:29 - 00000000 ____D C:\WINDOWS\Registration
2013-10-09 23:27 - 2012-11-15 18:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\pdf995
2013-10-09 23:26 - 2013-01-19 11:49 - 00000000 ____D C:\Documents and Settings\user\My Documents\01 Inventor Prints & Drawings
2013-10-09 23:26 - 2012-11-15 18:29 - 00000060 _____ C:\WINDOWS\wpd99.drv
2013-10-09 17:38 - 2013-10-09 17:38 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-09 17:33 - 2013-10-09 17:31 - 00000000 ____D C:\AdwCleaner
2013-10-09 17:29 - 2012-11-15 00:44 - 00000000 ____D C:\Documents and Settings\user\Application Data\uTorrent
2013-10-09 17:20 - 2012-11-14 16:25 - 00642737 _____ C:\WINDOWS\setupapi.log
2013-10-08 22:00 - 2012-11-18 21:30 - 00065536 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-10-08 19:23 - 2013-10-08 19:23 - 00001687 _____ C:\Documents and Settings\user\My Documents\Home Carer Requirments.txt
2013-10-08 00:04 - 2012-11-18 21:51 - 00000000 ____D C:\Documents and Settings\user\My Documents\Inventor
2013-10-07 21:47 - 2012-11-30 07:47 - 00000000 ____D C:\Documents and Settings\user\My Documents\Outlook Files
2013-10-07 20:21 - 2012-11-18 22:33 - 00096256 _____ C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-07 20:13 - 2013-05-06 16:22 - 00000000 ____D C:\Program Files\Wise Registry Cleaner
2013-10-07 18:51 - 2013-09-15 21:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Nero
2013-10-07 18:43 - 2013-08-01 22:51 - 00002371 _____ C:\Documents and Settings\All Users\Desktop\Nokia Music Player.lnk
2013-10-07 14:52 - 2013-09-11 23:33 - 01692194 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1078081533-1972579041-1801674531-1003-0.dat
2013-10-07 14:52 - 2013-09-11 23:33 - 00377474 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-10-07 11:48 - 2012-11-18 21:50 - 00000000 ____D C:\Documents and Settings\user\Application Data\Autodesk
2013-10-07 11:48 - 2012-11-18 21:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Autodesk
2013-10-07 10:37 - 2013-07-16 20:20 - 00016048 _____ (G Data Software) C:\WINDOWS\system32\Drivers\GdPhyMem.sys
2013-10-07 10:37 - 2012-11-15 16:59 - 00069176 _____ (G Data Software) C:\WINDOWS\system32\Drivers\GRD.sys
2013-10-07 10:30 - 2013-10-07 10:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\G Data InternetSecurity 2014
2013-10-07 10:30 - 2013-07-13 21:28 - 00001681 _____ C:\Documents and Settings\All Users\Desktop\G Data InternetSecurity 2014.lnk
2013-10-07 10:30 - 2012-11-15 00:52 - 00002046 _____ C:\WINDOWS\KB918997.log
2013-10-07 10:29 - 2012-11-15 00:52 - 00096600 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\MiniIcpt.sys
2013-10-07 10:29 - 2012-11-15 00:52 - 00047832 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\HookCentre.sys
2013-10-07 10:29 - 2012-11-15 00:52 - 00045912 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDBehave.sys
2013-10-07 10:29 - 2012-11-15 00:52 - 00000000 ____D C:\Program Files\Common Files\G Data
2013-10-07 08:27 - 2013-10-07 08:27 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-10-07 08:27 - 2013-10-07 08:27 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-10-07 08:26 - 2012-11-15 00:44 - 00000000 ____D C:\Program Files\Google
2013-10-07 08:10 - 2013-10-07 08:09 - 00000000 ____D C:\Documents and Settings\user\My Documents\My Spiritual life
2013-10-06 20:38 - 2013-10-06 20:38 - 00004510 _____ C:\Documents and Settings\user\Application Data\CamStudio.cfg
2013-10-06 20:38 - 2013-10-06 20:38 - 00000408 _____ C:\Documents and Settings\user\Application Data\CamShapes.ini
2013-10-06 20:38 - 2013-10-06 20:38 - 00000408 _____ C:\Documents and Settings\user\Application Data\CamLayout.ini
2013-10-06 20:38 - 2013-10-06 20:38 - 00000046 _____ C:\Documents and Settings\user\Application Data\Camdata.ini
2013-10-06 20:37 - 2013-10-06 20:37 - 00000719 _____ C:\Documents and Settings\All Users\Desktop\CamStudio.lnk
2013-10-06 20:37 - 2013-10-06 20:37 - 00000000 ____D C:\Program Files\CamStudio 2.7
2013-10-06 20:37 - 2013-10-06 20:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio 2.7
2013-10-05 21:38 - 2013-10-05 21:38 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\WMTools Downloaded Files
2013-10-05 18:00 - 2013-10-05 15:24 - 00000000 ____D C:\Documents and Settings\user\My Documents\Inventor Master Project
2013-10-05 15:49 - 2013-10-05 15:32 - 00003927 _____ C:\WINDOWS\system32\plot.log
2013-10-05 14:32 - 2012-11-18 21:41 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-05 14:21 - 2013-10-05 14:21 - 00274846 _____ C:\Documents and Settings\user\My Documents\Part002.adsk
2013-10-05 14:16 - 2013-10-05 14:16 - 00275063 _____ C:\Documents and Settings\user\My Documents\Part001.adsk
2013-10-05 01:18 - 2013-10-05 01:18 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Autodesk,_Inc
2013-10-05 00:49 - 2013-10-05 00:49 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\GrantaGateway
2013-10-05 00:49 - 2012-11-18 21:49 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Autodesk
2013-10-05 00:24 - 2012-11-14 16:25 - 00455656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-05 00:19 - 2013-10-05 00:19 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Inventor Fusion 2012.lnk
2013-10-05 00:19 - 2012-11-18 21:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
2013-10-05 00:19 - 2012-11-18 21:49 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-10-05 00:19 - 2012-11-18 21:49 - 00000000 ____D C:\Program Files\Autodesk
2013-10-05 00:18 - 2013-10-05 00:18 - 00000926 _____ C:\Documents and Settings\All Users\Desktop\Autodesk Vault 2012.lnk
2013-10-05 00:17 - 2012-11-15 18:20 - 00134944 _____ C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-05 00:16 - 2013-10-05 00:16 - 00001866 _____ C:\Documents and Settings\All Users\Desktop\DWG TrueView 2012.lnk
2013-10-05 00:06 - 2013-10-05 00:06 - 00000000 ____D C:\Documents and Settings\user\My Documents\Autodesk
2013-10-05 00:05 - 2012-11-15 00:38 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-05 00:04 - 2013-10-05 00:04 - 00001964 _____ C:\Documents and Settings\All Users\Desktop\Autodesk Inventor Professional 2012.lnk
2013-10-05 00:01 - 2013-10-05 00:01 - 00000000 ____D C:\MITSI 2012 Temporary Files
2013-10-05 00:01 - 2013-10-05 00:01 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Autodesk
2013-10-05 00:00 - 2013-10-05 00:00 - 00000000 ____D C:\Program Files\Microsoft Chart Controls
2013-10-05 00:00 - 2013-10-05 00:00 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\Autodesk
2013-10-05 00:00 - 2012-11-15 00:30 - 00000000 ____D C:\WINDOWS\system32\DirectX
2013-10-04 23:30 - 2008-04-14 18:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-04 20:32 - 2013-10-04 20:32 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Thinstall
2013-10-04 20:32 - 2013-10-04 20:32 - 00000000 ____D C:\Documents and Settings\user\Application Data\Thinstall
2013-10-04 20:15 - 2012-11-15 00:29 - 00017710 _____ C:\WINDOWS\wmsetup.log
2013-10-02 20:23 - 2013-07-25 21:26 - 00009662 _____ C:\WINDOWS\EPISME00.SWB
2013-09-22 19:26 - 2013-07-12 20:47 - 00000000 ____D C:\Documents and Settings\user\Application Data\PC Suite
2013-09-22 19:26 - 2012-11-14 16:25 - 00197547 _____ C:\WINDOWS\setupact.log
2013-09-20 22:25 - 2013-01-28 18:10 - 00000000 ____D C:\Documents and Settings\user\My Documents\Ikoyi House
2013-09-18 13:31 - 2012-11-15 17:32 - 00002315 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-09-17 16:39 - 2012-11-15 00:39 - 00000792 _____ C:\Documents and Settings\user\Start Menu\Programs\Windows Media Player.lnk
2013-09-17 15:25 - 2012-11-22 23:38 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-09-17 12:33 - 2013-09-17 12:33 - 00000149 _____ C:\11.txt
2013-09-17 12:33 - 2013-09-17 12:33 - 00000000 ____D C:\tmp
2013-09-17 11:29 - 2013-09-14 17:55 - 00000000 ___RD C:\Documents and Settings\user\My Documents\Google Drive
2013-09-16 15:26 - 2012-11-22 23:23 - 00000000 ____D C:\Documents and Settings\user\My Documents\My Revit Work
2013-09-15 22:00 - 2013-09-15 22:00 - 00000000 ____D C:\Documents and Settings\user\Application Data\Nero
2013-09-15 20:35 - 2012-11-15 00:43 - 00000000 ____D C:\Intel
2013-09-15 20:35 - 2012-11-15 00:42 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-09-15 20:28 - 2012-11-15 00:40 - 00000803 _____ C:\Documents and Settings\user\Start Menu\Programs\Internet Explorer.lnk
2013-09-15 20:10 - 2013-09-15 19:35 - 00000000 ____D C:\Documents and Settings\user\My Documents\001 HP PC Manual
2013-09-15 20:08 - 2013-09-15 20:08 - 00000000 ____D C:\Program Files\Driver Identifier
2013-09-15 20:08 - 2013-09-15 20:08 - 00000000 ____D C:\Documents and Settings\user\Application Data\driveridentifier
2013-09-15 20:08 - 2013-09-15 20:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Driver Identifier
2013-09-14 18:58 - 2013-09-14 18:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DVD Shrink
2013-09-14 18:57 - 2013-09-14 18:57 - 00000670 _____ C:\Documents and Settings\user\Desktop\DVD Shrink 3.2.lnk
2013-09-14 18:57 - 2013-09-14 18:57 - 00000000 ____D C:\Program Files\DVD Shrink
2013-09-14 18:57 - 2013-09-14 18:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
2013-09-14 18:19 - 2013-09-14 18:15 - 00000000 ____D C:\Program Files\AutoCAD 2010
2013-09-14 18:16 - 2013-09-14 18:16 - 00001690 _____ C:\Documents and Settings\All Users\Desktop\AutoCAD 2010 - English.lnk
2013-09-14 18:04 - 2013-09-14 18:04 - 00000000 ____D C:\Program Files\x86
2013-09-14 17:55 - 2013-09-14 17:55 - 00001473 _____ C:\Documents and Settings\user\Desktop\Google Drive.lnk
2013-09-14 17:53 - 2013-09-14 17:53 - 00001769 _____ C:\Documents and Settings\All Users\Desktop\Google Slides.lnk
2013-09-14 17:53 - 2013-09-14 17:53 - 00001765 _____ C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
2013-09-14 17:53 - 2013-09-14 17:53 - 00001753 _____ C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
2013-09-14 17:53 - 2013-09-14 17:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2013-09-14 17:53 - 2012-11-15 00:42 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Google
2013-09-14 17:46 - 2012-11-15 17:40 - 00000000 ____D C:\Documents and Settings\user\Local Settings\Application Data\Adobe
2013-09-12 16:43 - 2013-09-12 16:43 - 00000000 ___HD C:\WINDOWS\PIF
2013-09-12 12:31 - 2013-09-12 12:31 - 00001201 _____ C:\Documents and Settings\user\Desktop\MY Revit 2012 INI path locations.txt
2013-09-11 22:09 - 2012-11-18 23:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\FLEXnet
2013-09-11 21:47 - 2013-09-11 21:44 - 00065536 _____ C:\WINDOWS\system32\config\Autodesk.evt
2013-09-11 21:41 - 2013-09-11 21:41 - 00000000 ____D C:\Program Files\STRUCTURAL_COMMON_DATA
2013-09-11 21:39 - 2013-09-11 21:39 - 00001844 _____ C:\Documents and Settings\All Users\Desktop\Autodesk Design Review 2012.lnk
2013-09-11 10:43 - 2013-09-11 10:43 - 00009336 ____N (G Data Software AG) C:\WINDOWS\system32\GDScrSv.en.dll
2013-09-11 00:40 - 2013-09-11 00:40 - 00000000 ____D C:\Documents and Settings\user\Application Data\WinRAR
2013-09-11 00:39 - 2013-09-11 00:39 - 00000000 ____D C:\Program Files\WinRAR
2013-09-11 00:39 - 2013-09-11 00:39 - 00000000 ____D C:\Documents and Settings\user\Start Menu\Programs\WinRAR
2013-09-11 00:39 - 2013-09-11 00:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR

Files to move or delete:
====================
C:\Documents and Settings\user\Application Data\CamLayout.ini
C:\Documents and Settings\user\Application Data\CamShapes.ini


Some content of TEMP:
====================
C:\Documents and Settings\Guest\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\user\Local Settings\Temp\AcDeltree.exe
C:\Documents and Settings\user\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\user\Local Settings\Temp\cabex.dll
C:\Documents and Settings\user\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\user\Local Settings\Temp\ieframe.dll
C:\Documents and Settings\user\Local Settings\Temp\k9-webprotection-4.4.268.exe
C:\Documents and Settings\user\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\user\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\user\Local Settings\Temp\ResetDevice.exe
C:\Documents and Settings\user\Local Settings\Temp\RunWizards.exe
C:\Documents and Settings\user\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\user\Local Settings\Temp\svd_dap.exe
C:\Documents and Settings\user\Local Settings\Temp\Tsu2EDC75D2.dll
C:\Documents and Settings\user\Local Settings\Temp\Tsu4E82F811.dll
C:\Documents and Settings\user\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\user\Local Settings\Temp\{68B12743-C5E4-45E1-B3AB-F7DC07A96385}-23.0.1271.64_chrome_installer.exe
C:\Documents and Settings\user\Local Settings\Temp\{6AEBF4E6-7859-47C2-9658-E84E1D439346}-GoogleUpdateSetup.exe
C:\Documents and Settings\user\Local Settings\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll
C:\Documents and Settings\user\Local Settings\Temp\{A17B0454-7E58-4E57-B690-024AF5C20315}-GoogleUpdateSetup.exe
C:\Documents and Settings\user\Local Settings\Temp\{CE49D053-CBDE-4B8A-98DF-E1C31EA28202}-GoogleUpdateSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

The second log is this:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by user at 2013-10-11 19:08:09
Running from C:\Documents and Settings\user\Desktop\Adware Removal tools
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: G Data InternetSecurity 2014 (Disabled - Up to date) {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: G Data Personal Firewall (Disabled) {6E6F4BA6-C07D-443F-A130-0A57DA59A082}

==================== Installed Programs ======================

Torrent (HKCU Version: 3.3.1.30017)
7-Zip 9.20 (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Reader XI (Version: 11.0.00)
Akamai NetSession Interface
Alumasc Drainage Calculators 1.07 (Version: 1.07)
AOEMView 2008 (Version: 17.1.45.0)
AutoCAD 2010 - English (Version: 18.0.55.0)
AutoCAD 2010 Language Pack - English (Version: 18.0.55.0)
Autodesk Data Management Server 2008 (Version: 12.0.123.0)
Autodesk Design Review 2012 (Version: 12.0.0.93)
Autodesk Inventor Content Center Libraries 2012 (Desktop Content) (Version: 16.0.16000.0000)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79)
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79)
Autodesk Inventor Fusion for Inventor 2012 Add-in (Version: 1.0.0.18)
Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack (Version: 1.0.0.18)
Autodesk Inventor Professional 2008 (Version: 12.0.0000.25400)
Autodesk Inventor Professional 2012 (Version: 16.0.16000.0000)
Autodesk Inventor Professional 2012 English (Version: 16.0.16000.0000)
Autodesk Inventor Professional 2012 English Language Pack (Version: 16.0.16000.0000)
Autodesk Material Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Low Resolution Image Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Medium Resolution Image Library 2012 (Version: 2.5.0.8)
Autodesk Revit MEP 2010 (Version: 09.03.17211)
Autodesk Vault 2008 (Version: 12.0.123.0)
Autodesk Vault 2012 (Client) (Version: 16.0.56.200)
Autodesk Vault 2012 (Client) English Language Pack (Version: 16.0.56.200)
CamStudio version 2.7 (Version: 2.7)
Download Accelerator Plus (DAP) (Version: 10043 (Build 2489))
DriverIdentifier 4.2.7
DVD Shrink 3.2
DWG TrueView 2007 (Version: 17.0.54.190)
DWG TrueView 2012 (Version: 18.2.51.0)
Eco Materials Adviser (Version: 1.32.0.0)
EPSON Printer Software
FARO LS 1.1.406.58 (Version: 4.6.58.2)
G Data InternetSecurity 2014 (Version: 24.0.3.2)
Google Chrome (Version: 30.0.1599.69)
Google Drive (Version: 1.11.4865.2530)
Google Earth Plug-in (Version: 7.1.1.1888)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.5420)
Intel® Network Connections Drivers (Version: 15.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
K-Lite Codec Pack 6.7.0 (Full) (Version: 6.7.0)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (Version: 3.5.0.0)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook Connector (Version: 14.0.6123.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Visio 2007 Service Pack 1 (SP1)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6215.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6215.1000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.4734.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT) (Version: 9.1.2047.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.1.2047.00)
Microsoft SQL Server Native Client (Version: 9.00.2047.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.2047.00)
Microsoft SQL Server VSS Writer (Version: 9.00.2047.00)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSN
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
Nokia Connectivity Cable Driver (Version: 7.1.78.0)
Nokia Music Player (Version: 2.5.11021)
Nokia PC Suite (Version: 7.1.180.94)
Nokia_Multimedia_Common_Components_2_5 (Version: 2.7.69)
PC Connectivity Solution (Version: 12.0.27.0)
Pdf995
Pepakura Designer 3
Quick Uninstall Tool for Autodesk Inventor 2012 (Version: 16.0.16000.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.6299)
saveensshare (Version: 1.2.0.1190)
SpeedBit Video Accelerator (Version: 3367(build_3039))
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VBA (2627.01) (Version: 6.03.00.9402)
Visafone Hotspot (Version: 1.0.0.1)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (Version: 9.0.30729.177)
WebFldrs XP (Version: 9.50.7523)
WinDjView 1.0.3 (Version: 1.0.3)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (Version: 02/25/2011 4.7)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9)
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
WinRAR 5.00 (32-bit) (Version: 5.00.0)
Wise Registry Cleaner Professional V5.9.1 (Version: 5.9.1)
XBMC

==================== Restore Points =========================

27-07-2013 10:56:52 Software Distribution Service 3.0
27-07-2013 19:20:33 System Checkpoint
28-07-2013 19:35:51 System Checkpoint
30-07-2013 06:43:17 System Checkpoint
01-08-2013 16:29:49 Installed Java 7 Update 25
01-08-2013 21:32:12 Installed Windows XP Wudf01000.
01-08-2013 21:59:10 Installed Windows XP Wudf01009.
03-08-2013 20:28:57 System Checkpoint
05-08-2013 11:08:37 System Checkpoint
07-08-2013 14:25:12 System Checkpoint
08-08-2013 19:33:04 System Checkpoint
09-08-2013 20:04:03 System Checkpoint
11-08-2013 19:42:21 Restore Operation
12-08-2013 20:14:06 System Checkpoint
13-08-2013 20:33:33 System Checkpoint
14-08-2013 21:12:59 System Checkpoint
16-08-2013 16:49:09 System Checkpoint
17-08-2013 19:24:50 System Checkpoint
19-08-2013 11:05:51 System Checkpoint
21-08-2013 19:54:53 System Checkpoint
23-08-2013 17:18:04 System Checkpoint
25-08-2013 18:59:19 System Checkpoint
26-08-2013 19:35:48 System Checkpoint
29-08-2013 11:13:17 System Checkpoint
30-08-2013 20:28:40 System Checkpoint
31-08-2013 20:36:25 System Checkpoint
02-09-2013 12:38:17 System Checkpoint
03-09-2013 14:14:26 System Checkpoint
05-09-2013 20:37:57 System Checkpoint
07-09-2013 18:27:54 System Checkpoint
09-09-2013 14:19:02 System Checkpoint
10-09-2013 10:49:57 Installed Akamai NetSession Interface
11-09-2013 13:38:13 System Checkpoint
11-09-2013 20:30:41 Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
11-09-2013 20:40:09 Installed DirectX
13-09-2013 19:20:29 System Checkpoint
14-09-2013 17:13:21 Installed DirectX
14-09-2013 21:09:58 Unsigned driver install
15-09-2013 20:50:42 Installed Nero BurningROM 12.
17-09-2013 11:19:26 Installed Windows Media Player 11
18-09-2013 12:55:00 System Checkpoint
19-09-2013 13:29:54 System Checkpoint
20-09-2013 17:50:50 System Checkpoint
21-09-2013 19:34:40 System Checkpoint
23-09-2013 19:00:07 System Checkpoint
27-09-2013 19:43:09 System Checkpoint
28-09-2013 20:59:41 System Checkpoint
29-09-2013 21:22:41 System Checkpoint
01-10-2013 13:35:49 System Checkpoint
02-10-2013 19:48:53 System Checkpoint
03-10-2013 19:49:41 System Checkpoint
04-10-2013 20:25:23 System Checkpoint
04-10-2013 22:57:39 Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
04-10-2013 23:00:31 Installed DirectX
06-10-2013 19:59:31 System Checkpoint
07-10-2013 07:04:59 Removed Google Chrome
07-10-2013 17:50:58 Removed Nero BurningROM 12.
08-10-2013 19:16:55 System Checkpoint
09-10-2013 18:33:28 OTL Restore Point - 10/9/2013 7:33:26 PM
10-10-2013 20:41:07 System Checkpoint

==================== Hosts content: ==========================

2008-04-14 18:00 - 2008-04-14 18:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-15 18:29 - 2012-11-15 18:29 - 00036864 _____ () C:\WINDOWS\system32\pdf995mon.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-31 21:00 - 2013-08-31 21:00 - 00003584 _____ () C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\autodeskdm_services\f924c671\35d0f680\App_global.asax.ao2lme8w.dll
2013-07-18 10:25 - 2013-10-10 15:07 - 00011776 _____ () C:\Documents and Settings\All Users\Application Data\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\fivegiganet.dll
2013-07-17 10:07 - 2013-10-10 15:07 - 00010240 _____ () C:\Documents and Settings\All Users\Application Data\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\MegaUploadCom.dll
2013-07-18 10:25 - 2013-10-10 15:07 - 00012800 _____ () C:\Documents and Settings\All Users\Application Data\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\SpdFileCom.dll
2013-07-17 10:07 - 2013-10-10 15:07 - 00012800 _____ () C:\Documents and Settings\All Users\Application Data\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\XSevenTo.dll
2013-07-17 10:07 - 2013-10-10 15:07 - 00010752 _____ () C:\Documents and Settings\All Users\Application Data\Speedbit\DAP\Plugins\189AE673-13C1-4133-A470-8C4DDD1ACB8C\1.0.1.3_0\zsharenet.dll
2012-11-15 16:34 - 2012-11-15 16:34 - 00009216 _____ () C:\Documents and Settings\All Users\Application Data\Speedbit\DAP\Plugins\AddonsCondition.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:56E2E879

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Nokia E63
Description: Nokia E63
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/11/2013 06:24:08 PM) (Source: Application Error) (User: )
Description: Fault bucket -479747111.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (10/11/2013 06:18:33 PM) (Source: Application Error) (User: )
Description: Faulting application AVKProxy.exe, version 1.5.13238.730, faulting module AVKProxy.exe, version 1.5.13238.730, fault address 0x000d7a92.
Error in creating result PEAP-TLV in response to received PEAP-TLV (AVKProxy.exe!ld!)

Error: (10/10/2013 04:56:51 PM) (Source: Autodesk Data Management Job Dispatch) (User: )
Description: JobService.ExecuteJob() failure. JobTimer Id: d313d634-da61-4d7e-b750-cb07e20998e9
The operation has timed out

Error: (10/10/2013 04:54:54 PM) (Source: Application Error) (User: )
Description: Faulting application AVKProxy.exe, version 1.5.13238.730, faulting module AVKProxy.exe, version 1.5.13238.730, fault address 0x000d7a92.
Processing media-specific event for [AVKProxy.exe!ws!]

Error: (10/10/2013 03:37:13 PM) (Source: VSS) (User: )
Description: Sqllib error: Database KnowledgeVaultMaster is not simple.

Error: (10/10/2013 03:36:46 PM) (Source: VSS) (User: )
Description: Sqllib error: Database KnowledgeVaultMaster is not simple.

Error: (10/10/2013 03:31:10 PM) (Source: VSS) (User: )
Description: Sqllib error: Database KnowledgeVaultMaster is not simple.

Error: (10/08/2013 08:00:44 PM) (Source: VSS) (User: )
Description: Sqllib error: Database KnowledgeVaultMaster is not simple.

Error: (10/08/2013 07:58:23 PM) (Source: VSS) (User: )
Description: Sqllib error: Database KnowledgeVaultMaster is not simple.

Error: (10/08/2013 07:53:29 PM) (Source: VSS) (User: )
Description: Sqllib error: Database KnowledgeVaultMaster is not simple.


System errors:
=============
Error: (10/11/2013 06:57:48 PM) (Source: Service Control Manager) (User: )
Description: The G Data Personal Firewall service hung on starting.

Error: (10/11/2013 06:48:37 PM) (Source: Service Control Manager) (User: )
Description: The G Data Personal Firewall service hung on starting.

Error: (10/11/2013 06:37:04 PM) (Source: Service Control Manager) (User: )
Description: The G Data Personal Firewall service hung on starting.

Error: (10/11/2013 06:31:42 PM) (Source: Service Control Manager) (User: )
Description: The G Data Personal Firewall service hung on starting.

Error: (10/11/2013 06:20:17 PM) (Source: Service Control Manager) (User: )
Description: The G Data Personal Firewall service hung on starting.

Error: (10/10/2013 05:01:59 PM) (Source: Service Control Manager) (User: )
Description: The G Data Personal Firewall service hung on starting.

Error: (10/10/2013 03:08:19 PM) (Source: Service Control Manager) (User: )
Description: The G Data Personal Firewall service hung on starting.

Error: (10/09/2013 05:37:34 PM) (Source: Service Control Manager) (User: )
Description: The G Data Personal Firewall service hung on starting.

Error: (10/09/2013 04:36:57 PM) (Source: Service Control Manager) (User: )
Description: The G Data Personal Firewall service hung on starting.

Error: (10/08/2013 06:39:42 PM) (Source: Service Control Manager) (User: )
Description: The G Data Personal Firewall service hung on starting.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 3519.26 MB
Available physical RAM: 2582.64 MB
Total Pagefile: 5401.31 MB
Available Pagefile: 4440.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.97 GB) (Free:240.39 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (2nd Partition) (Fixed) (Total:172.79 GB) (Free:93.44 GB) NTFS
Drive f: (Visafone Hotspot) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: D20DD20D)
Partition 1: (Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=173 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#6
RKinner
Posted 11 October 2013 - 02:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that

Are you still getting underlined words?

You are getting a lot of errors from G-Data. Probably should download a new copy then uninstall, reboot and reinstall.
  • 0

#7
jefekodo
Posted 11 October 2013 - 03:04 PM

jefekodo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks once again Ron,
Here's the log for FRST after I downloaded the Fixlog you gave me.

Here's the log file created:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by user at 2013-10-11 21:56:32 Run:1
Running from C:\Documents and Settings\user\Desktop\Adware Removal tools
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - Yandex URL = http://yandex.ru/yan...t={searchTerms}
SearchScopes: HKCU - Yandex URL =
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ ()
S4 IntelIde; No ImagePath
C:\Documents and Settings\user\Application Data\CamLayout.ini
C:\Documents and Settings\user\Application Data\CamShapes.ini
C:\Documents and Settings\Guest\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\user\Local Settings\Temp\AcDeltree.exe
C:\Documents and Settings\user\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\user\Local Settings\Temp\cabex.dll
C:\Documents and Settings\user\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\user\Local Settings\Temp\ieframe.dll
C:\Documents and Settings\user\Local Settings\Temp\k9-webprotection-4.4.268.exe
C:\Documents and Settings\user\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\user\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\user\Local Settings\Temp\ResetDevice.exe
C:\Documents and Settings\user\Local Settings\Temp\RunWizards.exe
C:\Documents and Settings\user\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\user\Local Settings\Temp\svd_dap.exe
C:\Documents and Settings\user\Local Settings\Temp\Tsu2EDC75D2.dll
C:\Documents and Settings\user\Local Settings\Temp\Tsu4E82F811.dll
C:\Documents and Settings\user\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\user\Local Settings\Temp\{68B12743-C5E4-45E1-B3AB-F7DC07A96385}-23.0.1271.64_chrome_installer.exe
C:\Documents and Settings\user\Local Settings\Temp\{6AEBF4E6-7859-47C2-9658-E84E1D439346}-GoogleUpdateSetup.exe
C:\Documents and Settings\user\Local Settings\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll
C:\Documents and Settings\user\Local Settings\Temp\{A17B0454-7E58-4E57-B690-024AF5C20315}-GoogleUpdateSetup.exe
C:\Documents and Settings\user\Local Settings\Temp\{CE49D053-CBDE-4B8A-98DF-E1C31EA28202}-GoogleUpdateSetup.exe



*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Yandex => Key deleted successfully.
HKCR\Wow6432Node\CLSID\Yandex => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Yandex => Key deleted successfully.
HKCR\Wow6432Node\CLSID\Yandex => Key not found.
HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1 => Key deleted successfully.
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS\ () not found.
IntelIde => Service deleted successfully.
C:\Documents and Settings\user\Application Data\CamLayout.ini => Moved successfully.
C:\Documents and Settings\user\Application Data\CamShapes.ini => Moved successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\NEventMessages.dll => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\AcDeltree.exe => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\AskSLib.dll => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\cabex.dll => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\DataCard_Setup.exe => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\ieframe.dll => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\k9-webprotection-4.4.268.exe => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\NEventMessages.dll => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\ResetDevice.exe => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\RunWizards.exe => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\setup_wm.exe => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\svd_dap.exe => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\Tsu2EDC75D2.dll => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\Tsu4E82F811.dll => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\vcredist_x86.exe => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\{68B12743-C5E4-45E1-B3AB-F7DC07A96385}-23.0.1271.64_chrome_installer.exe => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\{6AEBF4E6-7859-47C2-9658-E84E1D439346}-GoogleUpdateSetup.exe => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\{7014E919-2EAA-4158-AB8A-7483300316F4}.dll => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\{A17B0454-7E58-4E57-B690-024AF5C20315}-GoogleUpdateSetup.exe => Moved successfully.
C:\Documents and Settings\user\Local Settings\Temp\{CE49D053-CBDE-4B8A-98DF-E1C31EA28202}-GoogleUpdateSetup.exe => Moved successfully.

==== End of Fixlog ====

As for double underlined words, still seeing them. Strange enough only in Chrome.
See attached file jpeg.

I'll do the reinstall of GData. Could take a while - slow internet.

Thanks
  • 0

#8
RKinner
Posted 12 October 2013 - 09:35 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Don't see the attached file. How did the reinstall go?

Since the blue lines are now only in Chrome:

Temporarily disable all extensions in Chrome:

See Temporarily disable extensions on
https://support.goog...er/187443?hl=en

Restart Chrome. Do you get the blue lines? IF not it was one of your extensions that you disabled. Go back in and turn on a couple and restart Chrome and see if they come back. Try to isolate it to a single extension.
  • 1

#9
jefekodo
Posted 12 October 2013 - 02:29 PM

jefekodo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Ron, I did as you said.
I checked my Chrome extensions. There was 2. DAPLink checker and Google Clocks.
I disabled both of them and restarted Chrome.

...

The lines are gone!!!! Hurray!. No more double underline.

...
However, I'm not going to enable those extensions whatever. I've just deleted them. Not too important.

A Great big THANK YOU for your support. ... I don't know what to say.
  • 0

#10
RKinner
Posted 12 October 2013 - 04:30 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Unless you see other problems I think we are done and can clean up

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.

If we ran Combofix:
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.



OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP