|
bad virus not sure how to remove it
|
|
Senior Member
|
15. March 2014 @ 15:18 |
Link to this message
|
the other day i got a virus called "flash pop up virus" i've been trying to remove it and nothing seems to work.
symptoms it hijacks website pages with a popup saying you need to update flash and takes you to a dodgey site,it also lets trogens on to the pc and renames files or deletes them.
I've tried various scanners,i reset my router and changed the password, today i reformatted.
i've had some luck in the fact firefox is stopping my pages from being redirected, but the virus is still on my system and i have no idea how to get rid of,virus scanners don't pick it up.tried adware,junkware,malwarebytes,avast 2014 free version,hitman,
also had another issues ,i have an external hard drive with a few thousand video and music files on it and after reformatting i wasn't able to access the music and video files i had to manually change ownership and permission on the files and i can use them,any quick ways to change them all instead of doing it 1 by 1 which will take hours.
custom built gaming pc from early 2010,ps2 with 15 games all original,ps3 500gbs with 5 games all original,yamaha amp and 5.1channel surround sound speakers,46inch sony lcd smart tv.
|
Advertisement
|
|
|
AfterDawn Addict
|
15. March 2014 @ 19:21 |
Link to this message
|
Originally posted by xboxdvl2: virus scanners don't pick it up.tried adware,junkware,malwarebytes,avast 2014 free version,hitman,
You have a lot of stuff on your computer that can cause problems, xboxdvl2...
Let's see if we can find something causing this problem with a deep scan using OTL:
b]--OTL--[/b]
Please download OTL by OldTimer to your Desktop.
If you already have a copy of OTL, delete it and use this version.
Double click OTL.exe to launch the program.
Check the following.
Scan all users.
Standard Output.
Lop check.
Purity check.
Under Extra Registry section, select Use SafeList
Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
When finished it will produce two logs.
OTL.txt (open on your desktop).
Extras.txt (minimized in your taskbar)
Please post me both logs
2oG
|
Senior Member
|
15. March 2014 @ 19:37 |
Link to this message
|
OTL log
OTL logfile created on: 3/16/2014 9:57:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GREG\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.89% Memory free
8.00 Gb Paging File | 5.92 Gb Available in Paging File | 74.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 425.58 Gb Free Space | 91.39% Space Free | Partition Type: NTFS
Drive D: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 100.00 Mb Total Space | 61.85 Mb Free Space | 61.85% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 909.12 Gb Free Space | 48.80% Space Free | Partition Type: NTFS
Computer Name: GREG-PC | User Name: GREG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2014/03/16 09:55:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GREG\Downloads\OTL.exe
PRC - [2014/03/16 06:00:18 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/03/16 06:00:18 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/03/16 03:23:51 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2014/02/13 11:06:25 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2014/03/16 06:00:20 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/03/16 03:23:50 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/02/13 11:06:40 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:64bit: - [2014/03/16 06:00:18 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/14 12:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/02/13 11:06:33 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/06/11 07:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2014/03/16 06:00:26 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/03/16 06:00:26 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/03/16 06:00:26 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/03/16 06:00:26 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/03/16 06:00:26 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/03/16 06:00:26 | 000,065,776 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/03/16 06:00:25 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2009/07/14 12:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 12:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 12:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 12:17:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 12:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 08:29:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/20 12:39:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/20 12:39:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/11 07:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 11:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-165555205-1945987488-1438750615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-165555205-1945987488-1438750615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-165555205-1945987488-1438750615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 5E C8 39 68 40 CF 01 [binary data]
IE - HKU\S-1-5-21-165555205-1945987488-1438750615-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-165555205-1945987488-1438750615-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-165555205-1945987488-1438750615-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2013.75
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/03/16 06:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014/03/16 03:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GREG\AppData\Roaming\Mozilla\Extensions
[2014/03/16 03:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/16 03:06:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/16 06:00:31 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
O1 HOSTS File: ([2009/06/11 07:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.82.207.26 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{458EB26C-1747-4442-8B80-2CD7EE32E57A}: DhcpNameServer = 74.82.207.26 8.8.8.8
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/14 19:59:38 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2011/04/06 20:01:59 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 23:26:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2014/03/16 20:08:02 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2014/03/16 19:12:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/03/16 19:10:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014/03/16 06:14:03 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Electronic_Arts_Inc
[2014/03/16 06:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2014/03/16 06:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2014/03/16 06:01:35 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\AVAST Software
[2014/03/16 06:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/03/16 06:00:54 | 000,080,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/03/16 06:00:51 | 001,038,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/03/16 06:00:51 | 000,421,704 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/03/16 06:00:48 | 000,078,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/03/16 06:00:46 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/03/16 06:00:40 | 000,334,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/03/16 06:00:24 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/16 05:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/03/16 05:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/03/16 05:26:13 | 000,000,000 | ---D | C] -- C:\Users\GREG\.swt
[2014/03/16 05:25:53 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\Azureus
[2014/03/16 05:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2014/03/16 05:25:51 | 000,000,000 | ---D | C] -- C:\Users\GREG\Documents\Vuze Downloads
[2014/03/16 03:25:31 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\Macromedia
[2014/03/16 03:25:31 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Macromedia
[2014/03/16 03:25:31 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\Adobe
[2014/03/16 03:23:51 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/16 03:23:51 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/16 03:23:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2014/03/16 03:23:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014/03/16 03:21:30 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Adobe
[2014/03/16 03:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/03/16 03:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/03/16 03:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/16 03:13:15 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/03/16 03:13:10 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/03/16 03:13:10 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/03/16 03:13:10 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/03/16 03:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/16 03:13:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/03/16 03:07:09 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\Mozilla
[2014/03/16 03:07:09 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Mozilla
[2014/03/16 03:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/03/16 03:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/03/16 03:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/16 02:58:41 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Skype
[2014/03/16 02:58:22 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\Skype
[2014/03/16 02:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/16 02:58:15 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/03/16 02:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/03/16 02:58:09 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2014/03/16 02:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/03/16 02:54:50 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Diagnostics
[2014/03/16 02:28:33 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/03/16 02:28:32 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/03/16 02:28:32 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/03/16 02:28:08 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/03/16 02:28:08 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/03/16 02:23:39 | 000,000,000 | R--D | C] -- C:\Users\GREG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/03/16 02:23:39 | 000,000,000 | R--D | C] -- C:\Users\GREG\Searches
[2014/03/16 02:23:39 | 000,000,000 | R--D | C] -- C:\Users\GREG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/03/16 02:23:39 | 000,000,000 | -H-D | C] -- C:\Users\GREG\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/03/16 02:23:29 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\Identities
[2014/03/16 02:23:26 | 000,000,000 | R--D | C] -- C:\Users\GREG\Contacts
[2014/03/16 02:23:24 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\VirtualStore
[2014/03/16 02:22:57 | 000,000,000 | --SD | C] -- C:\Users\GREG\AppData\Roaming\Microsoft
[2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Videos
[2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Saved Games
[2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Pictures
[2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Music
[2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Links
[2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Favorites
[2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Downloads
[2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Documents
[2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Desktop
[2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\AppData\Local\Temporary Internet Files
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Templates
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Start Menu
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\SendTo
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Recent
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\PrintHood
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\NetHood
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Documents\My Videos
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Documents\My Pictures
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Documents\My Music
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\My Documents
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Local Settings
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\AppData\Local\History
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Cookies
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Application Data
[2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\AppData\Local\Application Data
[2014/03/16 02:22:57 | 000,000,000 | -H-D | C] -- C:\Users\GREG\AppData
[2014/03/16 02:22:57 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Temp
[2014/03/16 02:22:57 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Microsoft
[2014/03/16 02:22:57 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\Media Center Programs
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2014/03/16 19:42:52 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/16 19:15:20 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/03/16 19:15:20 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/03/16 19:12:44 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2014/03/16 19:12:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat
[2014/03/16 09:55:54 | 000,013,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/16 09:55:54 | 000,013,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/16 06:27:13 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/16 06:27:13 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/16 06:27:13 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/16 06:11:13 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2014/03/16 06:01:31 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/03/16 06:00:26 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/03/16 06:00:26 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/03/16 06:00:26 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/03/16 06:00:26 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/03/16 06:00:26 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/03/16 06:00:26 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/03/16 06:00:26 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/03/16 06:00:25 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/03/16 06:00:24 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/03/16 05:26:02 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2014/03/16 05:26:02 | 000,001,848 | ---- | M] () -- C:\Users\GREG\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2014/03/16 03:23:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/16 03:23:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/03/16 03:13:06 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/03/16 03:13:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/03/16 03:13:06 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/03/16 03:13:05 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/03/16 03:07:00 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/03/16 02:58:16 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/16 02:34:15 | 000,001,437 | ---- | M] () -- C:\Users\GREG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/16 02:22:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/16 02:21:56 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2014/03/16 19:14:56 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014/03/16 19:14:46 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2014/03/16 19:12:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/03/16 19:12:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2014/03/16 19:09:15 | 3220,480,000 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/16 06:11:13 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2014/03/16 06:01:31 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/03/16 06:00:52 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/03/16 06:00:52 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/03/16 05:26:02 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2014/03/16 05:26:02 | 000,001,848 | ---- | C] () -- C:\Users\GREG\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2014/03/16 05:26:02 | 000,001,848 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2014/03/16 03:07:00 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/03/16 03:07:00 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/03/16 02:58:16 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/16 02:34:15 | 000,001,437 | ---- | C] () -- C:\Users\GREG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/16 02:23:50 | 000,001,409 | ---- | C] () -- C:\Users\GREG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014/03/16 02:23:44 | 000,001,443 | ---- | C] () -- C:\Users\GREG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/03/16 02:22:57 | 000,000,290 | ---- | C] () -- C:\Users\GREG\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/03/16 02:22:57 | 000,000,272 | ---- | C] () -- C:\Users\GREG\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009/07/14 15:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 12:11:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 11:46:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 11:45:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2014/03/16 06:01:35 | 000,000,000 | ---D | M] -- C:\Users\GREG\AppData\Roaming\AVAST Software
[2014/03/16 07:47:36 | 000,000,000 | ---D | M] -- C:\Users\GREG\AppData\Roaming\Azureus
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
ext
OTL Extras logfile created on: 3/16/2014 9:57:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GREG\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.89% Memory free
8.00 Gb Paging File | 5.92 Gb Available in Paging File | 74.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 425.58 Gb Free Space | 91.39% Space Free | Partition Type: NTFS
Drive D: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 100.00 Mb Total Space | 61.85 Mb Free Space | 61.85% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 909.12 Gb Free Space | 48.80% Space Free | Partition Type: NTFS
Computer Name: GREG-PC | User Name: GREG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-165555205-1945987488-1438750615-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1224871C-9FFB-4AC5-9123-0D3483C2271C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{139D793D-5DD0-4063-B903-3BB5722852D7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{140D4ABE-15A4-4F48-A7F8-3BA0E62758B9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{218389F5-F97C-49F9-B1F1-55808E4B4A9D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2187001D-73D6-4AC1-9842-522C3FDBBEB4}" = rport=445 | protocol=6 | dir=out | app=system |
"{2A1291F3-270D-4C9C-8EAE-0488D6E1C5F5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3B04E1D2-7C9F-48DE-88E3-AEE065ED2B54}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BDC89C4-476C-4D66-92A3-B5279A0C1EC0}" = lport=139 | protocol=6 | dir=in | app=system |
"{6757B8E4-AF32-4C39-AA63-DCB3FA7A9B1C}" = lport=445 | protocol=6 | dir=in | app=system |
"{7E8F8F46-51FB-466E-A81A-3FC2A50C0695}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8ADB047F-B5F6-4B7D-82CD-9820E848DE68}" = lport=138 | protocol=17 | dir=in | app=system |
"{8FB50C3A-1DDE-4128-A7F4-64256A50737E}" = rport=138 | protocol=17 | dir=out | app=system |
"{AD860E60-9A27-412F-8E7A-346A16455949}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C64202FE-0E09-46E6-A689-4099D86A3C78}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7079728-C8BF-4489-9857-BDCB1372A3D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D1D4D501-AB7E-4709-8011-CB9474AC8167}" = rport=139 | protocol=6 | dir=out | app=system |
"{D5750E85-1CE8-433A-8FA3-B8B9C3EC1721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7C56C1E-3FE6-4008-96BC-FCA8E8A895E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{DB9C4F23-0549-413D-889A-DBBC15568200}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E659376C-9306-4067-97AD-62D01BF1C395}" = lport=137 | protocol=17 | dir=in | app=system |
"{F9205B27-B664-4EFE-8615-86727FEB7E04}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E738E9-7709-4BD1-BF71-C5B2BBAC7F32}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{09633074-0CAC-4ABB-A8B9-0AFD446FF539}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{09F22F14-9817-4C25-9826-3CE56DA59E71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{114FAF18-C7A6-463B-B6F9-C3D6283760F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23CEC35A-822E-4AA7-82F1-1D713CF56DD6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2A2B3792-CAC4-4DE2-A390-548D150D7546}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{36AE6735-75F6-49C5-A309-6991851F97D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4BC0F34E-EAA3-4E84-9E5D-27164796308B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75855B4E-1221-4D2A-8AF9-9601CB85F83B}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{7A5CDB91-C11E-4CD0-B7DC-1CF8CFDF670E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{866B9F03-74A5-485F-A18A-7B962205D263}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96643F53-7B05-4BF7-9096-669057B050AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9E0E8550-C9B8-4EF3-A88D-0E865F8A6A47}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A447AAB0-8E53-4EFF-B188-0EFA82D152CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AFDE9220-4C68-46D1-AD34-EFD931262D60}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BFEBF711-B6EC-4AC1-BA25-4A1C6E9934AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4975D17-5E5D-4E56-809B-8F20A151312D}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{D7AB5B9F-D54E-4832-B577-6ABB33A646E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DEC67DF4-DF03-401E-9512-9F6E640B7249}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBAD8F40-E92D-4240-88A5-DE1EDA33B032}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F07C71A8-1ED9-4451-A5A9-311BDA80A952}" = protocol=6 | dir=out | app=system |
"{F81716C6-E090-4D49-BAC2-0965FA4800A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype? 6.14
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed? World
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Avast" = avast! Free Antivirus
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 3/15/2014 3:29:44 PM | Computer Name = GREG-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary syolthep. System Error: The system cannot find the file specified. .
[ System Events ]
Error - 3/16/2014 5:11:10 AM | Computer Name = GREG-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-2147467243.
Error - 3/15/2014 12:36:13 PM | Computer Name = GREG-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.
< End of report >
custom built gaming pc from early 2010,ps2 with 15 games all original,ps3 500gbs with 5 games all original,yamaha amp and 5.1channel surround sound speakers,46inch sony lcd smart tv.
|
AfterDawn Addict
|
15. March 2014 @ 20:34 |
Link to this message
|
Originally posted by xboxdvl2: I've tried various scanners,i reset my router and changed the password, today i reformatted.
This log is clean ?? You say you ran scanners and reformatted, did you reinstall your operating system?
|
Senior Member
|
15. March 2014 @ 21:49 |
Link to this message
|
Originally posted by 2oldGeek: Originally posted by xboxdvl2: I've tried various scanners,i reset my router and changed the password, today i reformatted.
This log is clean ?? You say you ran scanners and reformatted, did you reinstall your operating system?
yes i used windows 7 home premium disc and reinstall it (used setting custom install).
The pop up still pops up sometimes also getting ssl error (mainly on facebook and youtube). Also had a few sites try to redirect me (firefox blocked it).
if its not an actually virus or spyware what could it be?????even with add-ons disabled get same pop up sometimes.
custom built gaming pc from early 2010,ps2 with 15 games all original,ps3 500gbs with 5 games all original,yamaha amp and 5.1channel surround sound speakers,46inch sony lcd smart tv.
|
AfterDawn Addict
|
15. March 2014 @ 22:05 |
Link to this message
|
Quote: if its not an actually virus or spyware what could it be????
At this point in time, I have no idea.....
Let?s try Combofix to see if it can turn something up?.
Before you run Combofix you will need you to turn off any security software you have running.
Combofix may need to reboot your computer more than once to do its job this is normal.
You can download Combofix from one of these links. Please save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.
"information and logs"
In your next post I need the following
Log from Combofix
2oG
|
Senior Member
|
16. March 2014 @ 02:33 |
Link to this message
|
ComboFix 14-03-13.01 - GREG 16/03/2014 16:44:07.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4095.2982 [GMT 10.5:30]
Running from: c:\users\GREG\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-02-16 to 2014-03-16 )))))))))))))))))))))))))))))))
.
.
2014-03-16 09:38 . 2014-03-15 15:50 -------- d-----w- c:\windows\Panther
2014-03-16 08:42 . 2014-03-16 08:42 0 ----a-w- c:\windows\ativpsrm.bin
2014-03-16 06:20 . 2014-03-16 06:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-16 04:59 . 2014-03-16 04:59 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-16 04:59 . 2014-03-16 04:59 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-03-16 02:58 . 2014-03-16 02:58 -------- d-----w- c:\program files (x86)\ImgBurn
2014-03-16 02:33 . 2014-03-16 02:33 -------- d-----w- c:\program files\Movie Maker
2014-03-16 02:30 . 2014-03-16 02:30 -------- d-----w- c:\program files (x86)\Bejeweled 3
2014-03-16 02:25 . 2014-03-16 02:25 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2014-03-16 02:24 . 2014-03-16 02:24 -------- d-----w- C:\gameplay
2014-03-16 01:23 . 2014-03-16 01:23 -------- d-----w- c:\program files (x86)\Chuzzle Deluxe
2014-03-16 00:17 . 2014-03-16 00:17 -------- d-----w- c:\program files (x86)\EA Games
2014-03-15 19:41 . 2014-03-15 19:41 -------- d-----w- c:\programdata\Electronic Arts
2014-03-15 19:41 . 2014-03-15 19:41 -------- d-----w- c:\program files (x86)\Electronic Arts
2014-03-15 19:30 . 2014-03-15 19:30 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-15 19:30 . 2014-03-15 19:30 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-15 19:30 . 2014-03-15 19:30 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-15 19:30 . 2014-03-15 19:30 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-15 19:30 . 2014-03-15 19:30 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-15 19:30 . 2014-03-15 19:30 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-15 19:30 . 2014-03-15 19:30 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-15 19:30 . 2014-03-15 19:30 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-15 19:30 . 2014-03-15 19:30 43152 ----a-w- c:\windows\avastSS.scr
2014-03-15 19:29 . 2014-03-15 19:29 -------- d-----w- c:\program files\AVAST Software
2014-03-15 19:28 . 2014-03-15 19:28 -------- d-----w- c:\programdata\AVAST Software
2014-03-15 18:55 . 2014-03-15 18:56 -------- d-----w- c:\program files (x86)\Vuze
2014-03-15 16:53 . 2014-03-15 16:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-15 16:53 . 2014-03-15 16:53 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-15 16:53 . 2014-03-15 16:53 -------- d-----w- c:\windows\SysWow64\Macromed
2014-03-15 16:53 . 2014-03-15 16:53 -------- d-----w- c:\windows\system32\Macromed
2014-03-15 16:43 . 2014-03-15 16:43 -------- d-----w- c:\programdata\Oracle
2014-03-15 16:43 . 2014-03-15 16:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-03-15 16:43 . 2014-03-15 16:43 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-15 16:43 . 2014-03-15 16:43 -------- d-----w- c:\program files (x86)\Java
2014-03-15 16:36 . 2014-03-15 16:37 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-03-15 16:28 . 2014-03-15 16:28 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-15 16:28 . 2014-03-15 16:28 -------- d-----r- c:\program files (x86)\Skype
2014-03-15 16:28 . 2014-03-15 19:42 -------- d-sh--w- c:\windows\Installer
2014-03-15 16:28 . 2014-03-15 16:28 -------- d-----w- c:\programdata\Skype
2014-03-15 16:13 . 2014-02-16 16:02 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7D6B453-9240-49CB-BC4A-A8705CE506C1}\mpengine.dll
2014-03-15 16:13 . 2014-02-03 02:50 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-15 16:08 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2014-03-15 16:08 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2014-03-15 16:08 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2014-03-15 16:08 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2014-03-15 16:08 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-03-15 16:08 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-03-15 15:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2014-03-15 15:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2014-03-15 15:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2014-03-15 15:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2014-03-15 15:58 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2014-03-15 15:58 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2014-03-15 15:58 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2014-03-15 15:58 . 2012-06-02 04:49 186752 ----a-w- c:\windows\system32\wuwebv.dll
2014-03-15 15:58 . 2012-06-02 04:45 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-03-15 15:52 . 2014-03-15 18:56 -------- d-----w- c:\users\GREG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-16 06:22 . 2014-03-16 06:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7D6B453-9240-49CB-BC4A-A8705CE506C1}\offreg.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20924576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-15 3767096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWRVRT
*NewlyCreated* - ASWSP
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-15 19:30 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 74.82.207.26 8.8.8.8
FF - ProfilePath - c:\users\GREG\AppData\Roaming\Mozilla\Firefox\Profiles\d5pn84z0.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-16 16:55:55
ComboFix-quarantined-files.txt 2014-03-16 06:25
.
Pre-Run: 455,860,822,016 bytes free
Post-Run: 455,768,203,264 bytes free
.
- - End Of File - - 46E4EC5D626560B7A976A13011E2802C
A36C5E4F47E84449FF07ED3517B43A31
custom built gaming pc from early 2010,ps2 with 15 games all original,ps3 500gbs with 5 games all original,yamaha amp and 5.1channel surround sound speakers,46inch sony lcd smart tv.
|
AfterDawn Addict
|
16. March 2014 @ 13:43 |
Link to this message
|
I can't tell if that did any good. Give me a run down on how it's acting and if that did anything for it.
xboxdvl2, I just realized that you used the Custom install and not the Upgrade install so,
you may have lost a lot of your settings. all these logs look ok so ?????
This message has been edited since posting. Last time this message was edited on 16. March 2014 @ 13:53
|
ddp
Moderator
|
16. March 2014 @ 18:59 |
Link to this message
|
xboxdvl2, in the custom install, i presume you deleted the partitions(100meg plus os) of win7, made new partitions, formated os partition & installed win7 into os partition?
|
AfterDawn Addict
|
16. March 2014 @ 19:30 |
Link to this message
|
As far as I know, a custom install is not a repair install and will loose all of the installed programs and settings.. an Upgrade install is a repair install of the OS, does not loose programs or settings but only repairs the OS and does nothing for removing malware..
A system restore or an image backup would be the way to go.. Looks like a lot of work ahead.
|
Senior Member
|
17. March 2014 @ 00:19 |
Link to this message
|
Originally posted by ddp: xboxdvl2, in the custom install, i presume you deleted the partitions(100meg plus os) of win7, made new partitions, formated os partition & installed win7 into os partition?
i have never reformatted before.when i did the reformat i had 2 partions, c: and e:(system) i installed the os into c: then deleted a file called windows:old after it was done.
I lost a lot of software but i can get it all again,all my pics & movies and music were backed up.
atm youtube gets blocked with a message saying it tried to redirect me, everything else seems fine for now.If youtube doesn't get blocked i get the message in middle of the screen that says i need to update flash that i can't get rid of and i cant access youtube.
custom built gaming pc from early 2010,ps2 with 15 games all original,ps3 500gbs with 5 games all original,yamaha amp and 5.1channel surround sound speakers,46inch sony lcd smart tv.
This message has been edited since posting. Last time this message was edited on 17. March 2014 @ 00:23
|
AfterDawn Addict
|
17. March 2014 @ 01:24 |
Link to this message
|
Originally posted by xboxdvl2: atm youtube gets blocked with a message saying it tried to redirect me, everything else seems fine for now.If youtube doesn't get blocked i get the message in middle of the screen that says i need to update flash that i can't get rid of and i cant access youtube.
Just guessing but maybe your Flash got messed up or exploited.
Try uninstalling it and download a new copy.
|
ddp
Moderator
|
17. March 2014 @ 11:44 |
Link to this message
|
xboxdvl2, you didn't delete & make new partitions before you formated, did you?
|
Senior Member
|
17. March 2014 @ 14:42 |
Link to this message
|
Originally posted by ddp: xboxdvl2, you didn't delete & make new partitions before you formated, did you?
no i didn't i don't know how to .
custom built gaming pc from early 2010,ps2 with 15 games all original,ps3 500gbs with 5 games all original,yamaha amp and 5.1channel surround sound speakers,46inch sony lcd smart tv.
|
ddp
Moderator
|
17. March 2014 @ 17:02 |
Link to this message
|
when doing custom install, click on options so can now delete partitions, make new partitions then just format the c: partition not the other one. this explains why you still have virus\malware issue.
|
AfterDawn Addict
|
17. March 2014 @ 17:04 |
Link to this message
|
Originally posted by ddp: when doing custom install, click on options so can now delete partitions, make new partitions then just format the c: partition not the other one. this explains why you still have virus\malware issue.
good call, ddp
|
Senior Member
|
18. March 2014 @ 00:55 |
Link to this message
|
Originally posted by ddp: when doing custom install, click on options so can now delete partitions, make new partitions then just format the c: partition not the other one. this explains why you still have virus\malware issue.
ok i will remember that and try it if i reformat in future.
apart from a few websites trying to redirect (which is blocked) and some ssl errors everything seems to be ok.
ddp you might be able to help me with another issues i encountered.I had a bunch of locked empty folders on an external hard drive, i deleted the folders before the reformat and disconnected the drive now i dont have permission to access the files.I can go through the security takes and manually take owner ship of them and access them,is there an easier way to fix it???
custom built gaming pc from early 2010,ps2 with 15 games all original,ps3 500gbs with 5 games all original,yamaha amp and 5.1channel surround sound speakers,46inch sony lcd smart tv.
|
ddp
Moderator
|
18. March 2014 @ 12:31 |
Link to this message
|
files are in the open part of the drive or in other folders?
|
Senior Member
|
18. March 2014 @ 16:44 |
Link to this message
|
@ xboxdvl2:
Hello there.
I had a similar situation before. when I get a new returned PC (Open box) for half the price. It took me 3 re-formations to make it work like new.
For the Fake Flush update on YouTube:
Using Firefox or Tor:
Just download the add-on: YouTube Flash to HTML5 & it fix it right after. (sometimes need a refresh tho)
Live Free or Die.
The rule above all the rules is: Survive !
Capitalism: Funnel most of the $$$ to the already rich.
This message has been edited since posting. Last time this message was edited on 18. March 2014 @ 16:51
|
Advertisement
|
|
|
Senior Member
|
19. March 2014 @ 01:45 |
Link to this message
|
Originally posted by ddp: files are in the open part of the drive or in other folders?
files are in folders in open part of the drive.
@Mrguss
ty youtube seems to work now.
custom built gaming pc from early 2010,ps2 with 15 games all original,ps3 500gbs with 5 games all original,yamaha amp and 5.1channel surround sound speakers,46inch sony lcd smart tv.
This message has been edited since posting. Last time this message was edited on 19. March 2014 @ 01:54
|
|