Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer is slower than usual [Closed] [Solved]


  • This topic is locked This topic is locked

#31
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Hello GTech,
That cidox rootkit may have opened ports that we don't want open. While your computer was running ok now, I bet that cidox would have brought in some unwelcome friends in the near future.

I recommend that you restore your firewall to default settings. This will also remove any custom settings you may have made.
Then let's take one more look just to be sure.

Step 1
This OTL fix will reset your firewall:

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    :files
    netsh advfirewall reset /C
    :commands
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Please post the log this creates

In your next reply I would like to see:
  • OTL fix log
  • OTL quick scan log

  • 0

Advertisements


#32
GTech

GTech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
OTL Fix Log


Files\Folders moved on Reboot...
File\Folder C:\Users\GTech\AppData\Local\Temp\fla29F2.tmp not found!
File\Folder C:\Users\GTech\AppData\Local\Temp\fla3057.tmp not found!
File\Folder C:\Users\GTech\AppData\Local\Temp\fla38B4.tmp not found!
File\Folder C:\Users\GTech\AppData\Local\Temp\fla7A6C.tmp not found!
File\Folder C:\Users\GTech\AppData\Local\Temp\fla891C.tmp not found!
File\Folder C:\Users\GTech\AppData\Local\Temp\fla900B.tmp not found!
File\Folder C:\Users\GTech\AppData\Local\Temp\flaAE49.tmp not found!
File\Folder C:\Users\GTech\AppData\Local\Temp\flaBC2F.tmp not found!
File\Folder C:\Users\GTech\AppData\Local\Temp\flaD607.tmp not found!
File\Folder C:\Users\GTech\AppData\Local\Temp\flaFCD8.tmp not found!
File move failed. C:\Users\GTech\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIV8EN6E\1390149076[1].htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIV8EN6E\ac[1].aspx moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIV8EN6E\atids[1].htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIV8EN6E\faq[1].htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIV8EN6E\ifAQOBEOVS.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIV8EN6E\museosans-900italic-webfont[1].eot moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZIV8EN6E\museosans_700-webfont[1].eot moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHQ67BTG\1875226435_dpmp4lo_0[1].mp4 not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHQ67BTG\click[2].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHQ67BTG\getSegment[1].htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHQ67BTG\how-to-decorate-a-snowman-on-a-cupcake[1].mp4 moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHQ67BTG\how-to-feed-your-kids-the-healthy-way[2].mp4 moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHQ67BTG\if1LE6NI2O.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHQ67BTG\ifD4L8QRSY.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHQ67BTG\ifL5FYBI0Z.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHQ67BTG\ifOOLJVFQ7.htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHQ67BTG\iframe!t=1221![1].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHQ67BTG\statstracker[1].htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHQ67BTG\usermatchSV15L9YR.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XHQ67BTG\usermatchWOXH417W.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDP085HT\apiRUOX7H2I.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TDP085HT\apiUSLW68BR.htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GS9KH7CR\cs[1].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GS9KH7CR\hcounter[1].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GS9KH7CR\if7SQCLSFR.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GS9KH7CR\likeAG8VKVRU.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GS9KH7CR\load[1].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GS9KH7CR\quentin-tarantino-be-django-unchained-106495[1].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GS9KH7CR\showad[1].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GS9KH7CR\usermatchTKIB0UZA.htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GS9KH7CR\visitormatch[6].htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL1DYYZX\htmlI2GELXJS.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL1DYYZX\if1SNAAS5C.htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL1DYYZX\if2HC43CPU.htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL1DYYZX\if2NAYSCZT.htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL1DYYZX\if3839MIKI.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL1DYYZX\iframe_placement[1].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL1DYYZX\like5CBDGGY7.htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL1DYYZX\ttT8XPL77U.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL1DYYZX\usermatchPJK8YTQZ.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4P1L55O\1390149610[1].htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4P1L55O\htmlBXGN02ZV.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4P1L55O\ifXF08MZPW.htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4P1L55O\view[2].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4P1L55O\xd_arbiter[1].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\B7938005[1].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\cptr[1].htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\if4TX4BZ0G.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\ifA322KOMX.htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\ifJ9M7Q4O7.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\ifM5YI9MA2.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\ifY04OU84Z.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\ifYKY7CHT0.htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\like3VGL0GTM.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\likeCNUWUME8.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\likeDZV9HMI6.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\mrrs-free-year-netflix-giveaway[1].htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\statstracker[3].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\statstracker[4].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\usermatchJYCS5MXK.htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9JGNQO0\usermatchMDC65D17.htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ1NR41R\1232-16532-000-macho[1].htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ1NR41R\ifWIUZH309.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ1NR41R\ifWQT23FU2.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ1NR41R\impsc[1].htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ1NR41R\top-10-greatest-dc-supervillains[1].htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\1390149466[1].htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\1390149612326[1].htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\1390149770[1].htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\adunit[2].htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\colin-firth-wants-kings-speech-sequel-106269[1].htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\context_sync[1].htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\ifOO2OYCFT.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\p-01-0VIaSjnOLgQGUXGLWP.gif moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\pd0YN25JC2.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\postmessageRelay[1].htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\stGQLG3URP moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\stNDQCLVA2 moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\ttSFK759DK.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\usermatchLPGKHR0R.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC1I4WRO\usermatchRF6OYVG8.htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NUQRC3T\affcmtoi_home[1].htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NUQRC3T\ddc[8].htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NUQRC3T\f[1].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NUQRC3T\html9ILFO38K.htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NUQRC3T\ifKYF03R80.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NUQRC3T\ifLUUB8ISS.htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NUQRC3T\macho[1].htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NUQRC3T\pixel[1].htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NUQRC3T\tt7V9TQ5GG.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NUQRC3T\usermatchEWH4F2SA.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NUQRC3T\zrt_lookup[1].htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JS5AL3Y\ads[1].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JS5AL3Y\hub[1].htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JS5AL3Y\ifLA0JDLNK.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JS5AL3Y\ifQJNYFMJ5.htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JS5AL3Y\IFR_IP_WEB[1].htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JS5AL3Y\ifU8C1MUX3.htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JS5AL3Y\statstracker[3].htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JS5AL3Y\swfobject[2].js moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JS5AL3Y\ttjLBPB2SKE.js not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JS5AL3Y\tweet_button.1389999802[2].htm moved successfully.
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6JS5AL3Y\usermatchWNGCIRMU.htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\691JFMUA\ai[1].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\691JFMUA\ifN8RTCVK1.htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\691JFMUA\ifQGR4440V.htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\691JFMUA\pd1OSMKAKA.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33FFSP3H\15[1].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33FFSP3H\ba282e5b[1].htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33FFSP3H\hub[1].htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33FFSP3H\if2M3VG53A.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33FFSP3H\if5CPCUULC.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33FFSP3H\ifBRLJ31C0.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33FFSP3H\ifNHIK1EXI.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33FFSP3H\pdHRZVLLH8.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33FFSP3H\ttU8VT8VLH.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\33FFSP3H\visitormatch[9].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GJR4SFG\ifE4TXIP5Q.htm not found!
C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GJR4SFG\likeQ5U0MH12.htm moved successfully.
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GJR4SFG\ttDWCHZ59I.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GJR4SFG\wpJnPu5hh91[1].htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2041Y4UX\if11S6DWNR.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2041Y4UX\if2ZEQRQLR.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2041Y4UX\ifBLRT80WB.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2041Y4UX\ifCKP7VDYV.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2041Y4UX\ifR7W0WFFO.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2041Y4UX\ifU36C3NI6.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2041Y4UX\ifUWU8O3WC.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2041Y4UX\ifWP38G2PH.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2041Y4UX\pdMXVX48NC.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2041Y4UX\pdPBRI476E.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2041Y4UX\ttR5AKPQN7.htm not found!
File\Folder C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2041Y4UX\xd_arbiter[1].htm not found!
File move failed. C:\Users\GTech\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== FILES ==========
< netsh advfirewall reset /C >
Ok.
C:\Users\GTech\Downloads\cmd.bat deleted successfully.
C:\Users\GTech\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 01252014_115708

OTL Quick Scan Log

OTL logfile created on: 25/01/2014 12:01:50 PM - Run 10
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GTech\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.24 Gb Available Physical Memory | 77.99% Memory free
15.99 Gb Paging File | 13.95 Gb Available in Paging File | 87.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 644.82 Gb Free Space | 69.23% Space Free | Partition Type: NTFS

Computer Name: GTECH-PC | User Name: GTech | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/21 16:43:13 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2013/04/26 15:31:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GTech\Downloads\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/10/21 22:32:02 | 000,641,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/08/17 02:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2009/07/17 12:47:44 | 000,322,088 | ---- | M] (Gigabyte) -- C:\Program Files (x86)\Gigabyte\UpdManager\RunUpd.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/21 16:43:13 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/01/12 21:56:56 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/12 21:03:12 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/06/17 04:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2013/12/21 16:43:13 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/10 23:05:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/11/25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/05/09 12:01:06 | 000,430,080 | ---- | M] (PowerUp Software, LLC) [Disabled | Stopped] -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/18 03:51:02 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/04/11 02:18:40 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/18 13:11:57 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/10 03:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/08 03:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/06 15:24:27 | 000,271,424 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 02:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/13 06:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/12 22:39:32 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/12 21:15:22 | 000,299,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/23 05:33:00 | 000,300,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/20 14:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/24 07:18:00 | 000,539,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\arusb_lhx.sys -- (arusb_lhx)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 9B 1B D6 3C 04 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GTech\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GTech\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/11/14 18:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/06 12:27:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/30 11:07:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/04/22 13:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GTech\AppData\Roaming\mozilla\Extensions
[2013/12/21 13:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GTech\AppData\Roaming\mozilla\firefox\Profiles\f00msbqa.default-1366935512666\Extensions
[2013/12/05 19:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GTech\AppData\Roaming\mozilla\firefox\Profiles\f00msbqa.default-1366935512666\Extensions\trash
[2013/12/16 18:59:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GTech\AppData\Roaming\mozilla\firefox\Profiles\mp7hovmx.default\extensions
[2013/12/21 16:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/21 16:43:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========


O1 HOSTS File: ([2013/12/21 15:02:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [GBTUpd] C:\Program Files (x86)\Gigabyte\UpdManager\PreRun.exe (PreRun)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Make ringtone with Clip Extractor - {0c00b393-e669-4cb2-8f65-8833356cd962} - C:\Program Files (x86)\Clip Extractor\Ringtone.lnk ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Download with Clip Extractor - {aae24073-cf39-4df1-9de1-1a5a1aeea8f9} - C:\Program Files (x86)\Clip Extractor\ClipExtractor.exe ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{687A485B-A39E-4A81-A7BC-AF0A393653F3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/19 12:07:50 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\GTech\Desktop\TDSSKiller.exe
[2014/01/05 18:02:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/12/26 19:00:42 | 000,000,000 | ---D | C] -- C:\Users\GTech\AppData\Roaming\Malwarebytes
[2013/12/26 19:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/26 19:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/26 19:00:20 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/26 19:00:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2014/01/25 12:05:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/25 11:59:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/25 11:59:09 | 2145,411,071 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/25 11:58:10 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/25 11:58:10 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/25 11:42:34 | 149,552,712 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2014/01/24 22:15:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1673298358-3336942171-3937336255-1000UA.job
[2014/01/18 18:15:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1673298358-3336942171-3937336255-1000Core.job
[2014/01/18 17:00:53 | 000,554,270 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2014/01/18 13:20:04 | 000,002,330 | ---- | M] () -- C:\Users\GTech\Desktop\Google Chrome.lnk
[2014/01/15 21:37:21 | 005,090,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/09 11:09:51 | 000,726,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/09 11:09:51 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/09 11:09:51 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/05 18:01:59 | 664,237,976 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/01/05 16:47:13 | 070,831,441 | ---- | M] () -- C:\Users\GTech\Desktop\The Furthest Thing-Pound Cake Music Video.mp4
[2014/01/03 23:12:45 | 006,763,143 | ---- | M] () -- C:\Users\GTech\Desktop\The Furthest Thing-Pound Cake Remix.mp3
[2013/12/31 00:02:22 | 010,096,849 | ---- | M] () -- C:\Users\GTech\Desktop\D-sciple - Drizzy Inst.mp3
[2013/12/28 18:50:24 | 010,015,372 | ---- | M] () -- C:\Users\GTech\Desktop\Sparks Will Fly Remix.mp3
[2013/12/28 18:11:14 | 013,924,335 | ---- | M] () -- C:\Users\GTech\Desktop\Tempted to Touch Remix Ft. Eyon & Kamela Singh (Final).mp3
[2013/12/28 17:24:18 | 007,978,866 | ---- | M] () -- C:\Users\GTech\Desktop\All That Matters Remix.mp3
[2013/12/26 19:08:52 | 005,006,697 | ---- | M] () -- C:\Users\GTech\Desktop\JCole ft Jhene Aiko - Sparks will fly (instrumental).mp3
[2013/12/26 19:00:21 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2014/01/05 18:57:12 | 010,096,849 | ---- | C] () -- C:\Users\GTech\Desktop\D-sciple - Drizzy Inst.mp3
[2014/01/05 18:01:59 | 664,237,976 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/01/05 16:47:11 | 070,831,441 | ---- | C] () -- C:\Users\GTech\Desktop\The Furthest Thing-Pound Cake Music Video.mp4
[2013/12/28 18:51:56 | 010,015,372 | ---- | C] () -- C:\Users\GTech\Desktop\Sparks Will Fly Remix.mp3
[2013/12/28 18:48:56 | 007,978,866 | ---- | C] () -- C:\Users\GTech\Desktop\All That Matters Remix.mp3
[2013/12/28 18:48:41 | 013,924,335 | ---- | C] () -- C:\Users\GTech\Desktop\Tempted to Touch Remix Ft. Eyon & Kamela Singh (Final).mp3
[2013/12/26 19:07:56 | 005,006,697 | ---- | C] () -- C:\Users\GTech\Desktop\JCole ft Jhene Aiko - Sparks will fly (instrumental).mp3
[2013/12/26 19:00:21 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/21 14:29:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/21 14:29:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/21 14:29:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/21 14:29:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/21 14:29:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/20 20:09:48 | 145,672,688 | ---- | C] () -- C:\Users\GTech\AppData\Local\ACCCx2_1_2_232.zip.aamdownload
[2013/09/20 20:09:48 | 000,001,817 | ---- | C] () -- C:\Users\GTech\AppData\Local\ACCCx2_1_2_232.zip.aamdownload.aamd
[2013/05/29 17:01:21 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/05/22 18:17:24 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013/05/14 18:44:22 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2013/02/21 02:08:26 | 000,000,131 | ---- | C] () -- C:\Users\GTech\webct_upload_applet.properties
[2013/01/22 13:43:15 | 000,171,881 | ---- | C] () -- C:\Windows\hpoins49.dat.temp
[2013/01/22 13:43:15 | 000,001,241 | ---- | C] () -- C:\Windows\hpomdl49.dat.temp
[2012/12/06 20:46:09 | 000,171,254 | ---- | C] () -- C:\Windows\hpoins49.dat
[2012/12/06 20:46:09 | 000,001,241 | ---- | C] () -- C:\Windows\hpomdl49.dat
[2012/10/25 10:56:28 | 000,009,216 | ---- | C] () -- C:\Users\GTech\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/04 17:41:31 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2006/06/17 09:19:12 | 000,060,634 | -H-- | C] () -- C:\Users\GTech\AppData\Roaming\GTechlog.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/25 12:04:25 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\AnvSoft
[2013/12/16 13:45:05 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\Audacity
[2011/10/12 05:42:01 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\AVG2012
[2012/04/07 20:29:07 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/01/22 15:35:05 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\DAEMON Tools Pro
[2013/03/16 12:34:57 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\FlvtoConverter
[2013/10/03 19:58:27 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\HandBrake
[2013/06/09 16:31:13 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\OpenOffice.org
[2013/05/14 18:44:22 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\PACE Anti-Piracy
[2013/05/04 17:06:11 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\Pavtube
[2013/04/26 16:21:45 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\PowerISO
[2011/12/07 14:27:53 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\PowerUp Software
[2012/05/16 22:12:45 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\Publish Providers
[2011/10/15 16:42:52 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\Sony
[2013/04/25 20:26:43 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\TuneUp Software
[2012/11/07 11:41:56 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\TuneUpMedia
[2014/01/25 12:00:04 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >
  • 0

#33
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Hi -
That log looks great to me.
Are you aware that you have utorent startng with your computer? I would not recommend that because of the risks of that program, I would suggest that you at very least don't have it starting up with your computer.


Otherwise your logs look clear to me so...

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Posted Image
Do you use Java If you do not use it, you are better off uninstalling it completely. Go to your Control Panel, Uninstall a Program, then find any instance of Java in the list and click on Uninstall - do this until there are no instances of Java in the list. If you do use Java....
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version



SPRING CLEAN

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent
Please intstall this program to ensure that the crypto ransomware malware does not take hold of your system.
Posted Image



Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read these two articles:
How did I get infected in the first place ?
So how did I get infectd in the first place

Keep safe :wave:
  • 0

#34
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP