the other day i got a virus called "flash pop up virus" i've been trying to remove it and nothing seems to work. symptoms it hijacks website pages with a popup saying you need to update flash and takes you to a dodgey site,it also lets trogens on to the pc and renames files or deletes them. I've tried various scanners,i reset my router and changed the password, today i reformatted. i've had some luck in the fact firefox is stopping my pages from being redirected, but the virus is still on my system and i have no idea how to get rid of,virus scanners don't pick it up.tried adware,junkware,malwarebytes,avast 2014 free version,hitman, also had another issues ,i have an external hard drive with a few thousand video and music files on it and after reformatting i wasn't able to access the music and video files i had to manually change ownership and permission on the files and i can use them,any quick ways to change them all instead of doing it 1 by 1 which will take hours.
You have a lot of stuff on your computer that can cause problems, xboxdvl2... Let's see if we can find something causing this problem with a deep scan using OTL: b]--OTL--[/b] Please download OTL by OldTimer to your Desktop. If you already have a copy of OTL, delete it and use this version. Double click OTL.exe to launch the program. Check the following. Scan all users. Standard Output. Lop check. Purity check. Under Extra Registry section, select Use SafeList Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins). When finished it will produce two logs. OTL.txt (open on your desktop). Extras.txt (minimized in your taskbar) Please post me both logs 2oG
OTL log OTL logfile created on: 3/16/2014 9:57:26 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GREG\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.89% Memory free 8.00 Gb Paging File | 5.92 Gb Available in Paging File | 74.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 425.58 Gb Free Space | 91.39% Space Free | Partition Type: NTFS Drive D: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 100.00 Mb Total Space | 61.85 Mb Free Space | 61.85% Space Free | Partition Type: NTFS Drive F: | 1863.01 Gb Total Space | 909.12 Gb Free Space | 48.80% Space Free | Partition Type: NTFS Computer Name: GREG-PC | User Name: GREG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/03/16 09:55:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GREG\Downloads\OTL.exe PRC - [2014/03/16 06:00:18 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2014/03/16 06:00:18 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2014/03/16 03:23:51 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe PRC - [2014/02/13 11:06:25 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ========== Modules (No Company Name) ========== MOD - [2014/03/16 06:00:20 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2014/03/16 03:23:50 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll MOD - [2014/02/13 11:06:40 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV:64bit: - [2014/03/16 06:00:18 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2009/07/14 12:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2014/02/13 11:06:33 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2009/06/11 07:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014/03/16 06:00:26 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2014/03/16 06:00:26 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2014/03/16 06:00:26 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2014/03/16 06:00:26 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm) DRV:64bit: - [2014/03/16 06:00:26 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2014/03/16 06:00:26 | 000,065,776 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2014/03/16 06:00:25 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2009/07/14 12:22:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/14 12:22:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 12:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 12:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 12:17:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 12:17:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009/07/14 12:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 08:29:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/06/20 12:39:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/06/20 12:39:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009/06/11 07:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/11 07:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/11 07:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/11 07:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009/07/14 11:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-165555205-1945987488-1438750615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp IE - HKU\S-1-5-21-165555205-1945987488-1438750615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au IE - HKU\S-1-5-21-165555205-1945987488-1438750615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 5E C8 39 68 40 CF 01 [binary data] IE - HKU\S-1-5-21-165555205-1945987488-1438750615-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-165555205-1945987488-1438750615-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-165555205-1945987488-1438750615-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2013.75 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/03/16 06:00:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/16 03:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GREG\AppData\Roaming\Mozilla\Extensions [2014/03/16 03:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2014/03/16 03:06:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014/03/16 06:00:31 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF O1 HOSTS File: ([2009/06/11 07:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.82.207.26 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{458EB26C-1747-4442-8B80-2CD7EE32E57A}: DhcpNameServer = 74.82.207.26 8.8.8.8 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/07/14 19:59:38 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2011/04/06 20:01:59 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ] O32 - AutoRun File - [2002/10/16 23:26:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/03/16 20:08:02 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2014/03/16 19:12:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2014/03/16 19:10:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2014/03/16 06:14:03 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Electronic_Arts_Inc [2014/03/16 06:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2014/03/16 06:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2014/03/16 06:01:35 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\AVAST Software [2014/03/16 06:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast [2014/03/16 06:00:54 | 000,080,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys [2014/03/16 06:00:51 | 001,038,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2014/03/16 06:00:51 | 000,421,704 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2014/03/16 06:00:48 | 000,078,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2014/03/16 06:00:46 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2014/03/16 06:00:40 | 000,334,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2014/03/16 06:00:24 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2014/03/16 05:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2014/03/16 05:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2014/03/16 05:26:13 | 000,000,000 | ---D | C] -- C:\Users\GREG\.swt [2014/03/16 05:25:53 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\Azureus [2014/03/16 05:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze [2014/03/16 05:25:51 | 000,000,000 | ---D | C] -- C:\Users\GREG\Documents\Vuze Downloads [2014/03/16 03:25:31 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\Macromedia [2014/03/16 03:25:31 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Macromedia [2014/03/16 03:25:31 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\Adobe [2014/03/16 03:23:51 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014/03/16 03:23:51 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014/03/16 03:23:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2014/03/16 03:23:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2014/03/16 03:21:30 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Adobe [2014/03/16 03:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2014/03/16 03:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2014/03/16 03:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2014/03/16 03:13:15 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014/03/16 03:13:10 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014/03/16 03:13:10 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014/03/16 03:13:10 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014/03/16 03:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014/03/16 03:13:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2014/03/16 03:07:09 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\Mozilla [2014/03/16 03:07:09 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Mozilla [2014/03/16 03:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2014/03/16 03:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2014/03/16 03:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014/03/16 02:58:41 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Skype [2014/03/16 02:58:22 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\Skype [2014/03/16 02:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2014/03/16 02:58:15 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2014/03/16 02:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2014/03/16 02:58:09 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2014/03/16 02:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2014/03/16 02:54:50 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Diagnostics [2014/03/16 02:28:33 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2014/03/16 02:28:32 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2014/03/16 02:28:32 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2014/03/16 02:28:08 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2014/03/16 02:28:08 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2014/03/16 02:23:39 | 000,000,000 | R--D | C] -- C:\Users\GREG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2014/03/16 02:23:39 | 000,000,000 | R--D | C] -- C:\Users\GREG\Searches [2014/03/16 02:23:39 | 000,000,000 | R--D | C] -- C:\Users\GREG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2014/03/16 02:23:39 | 000,000,000 | -H-D | C] -- C:\Users\GREG\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2014/03/16 02:23:29 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\Identities [2014/03/16 02:23:26 | 000,000,000 | R--D | C] -- C:\Users\GREG\Contacts [2014/03/16 02:23:24 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\VirtualStore [2014/03/16 02:22:57 | 000,000,000 | --SD | C] -- C:\Users\GREG\AppData\Roaming\Microsoft [2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Videos [2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Saved Games [2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Pictures [2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Music [2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Links [2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Favorites [2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Downloads [2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Documents [2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\Desktop [2014/03/16 02:22:57 | 000,000,000 | R--D | C] -- C:\Users\GREG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\AppData\Local\Temporary Internet Files [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Templates [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Start Menu [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\SendTo [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Recent [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\PrintHood [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\NetHood [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Documents\My Videos [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Documents\My Pictures [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Documents\My Music [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\My Documents [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Local Settings [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\AppData\Local\History [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Cookies [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\Application Data [2014/03/16 02:22:57 | 000,000,000 | -HSD | C] -- C:\Users\GREG\AppData\Local\Application Data [2014/03/16 02:22:57 | 000,000,000 | -H-D | C] -- C:\Users\GREG\AppData [2014/03/16 02:22:57 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Temp [2014/03/16 02:22:57 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Local\Microsoft [2014/03/16 02:22:57 | 000,000,000 | ---D | C] -- C:\Users\GREG\AppData\Roaming\Media Center Programs ========== Files - Modified Within 30 Days ========== [2014/03/16 19:42:52 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014/03/16 19:15:20 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2014/03/16 19:15:20 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2014/03/16 19:12:44 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2014/03/16 19:12:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiicdxx.dat [2014/03/16 09:55:54 | 000,013,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/03/16 09:55:54 | 000,013,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/03/16 06:27:13 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/03/16 06:27:13 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/03/16 06:27:13 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/03/16 06:11:13 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2014/03/16 06:01:31 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2014/03/16 06:00:26 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2014/03/16 06:00:26 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2014/03/16 06:00:26 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2014/03/16 06:00:26 | 000,207,904 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2014/03/16 06:00:26 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys [2014/03/16 06:00:26 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2014/03/16 06:00:26 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2014/03/16 06:00:25 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2014/03/16 06:00:24 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2014/03/16 05:26:02 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk [2014/03/16 05:26:02 | 000,001,848 | ---- | M] () -- C:\Users\GREG\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk [2014/03/16 03:23:51 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014/03/16 03:23:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014/03/16 03:13:06 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014/03/16 03:13:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014/03/16 03:13:06 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014/03/16 03:13:05 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014/03/16 03:07:00 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014/03/16 02:58:16 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2014/03/16 02:34:15 | 000,001,437 | ---- | M] () -- C:\Users\GREG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2014/03/16 02:22:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/03/16 02:21:56 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys ========== Files Created - No Company Name ========== [2014/03/16 19:14:56 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2014/03/16 19:14:46 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2014/03/16 19:12:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2014/03/16 19:12:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2014/03/16 19:09:15 | 3220,480,000 | -HS- | C] () -- C:\hiberfil.sys [2014/03/16 06:11:13 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk [2014/03/16 06:01:31 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2014/03/16 06:00:52 | 000,207,904 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2014/03/16 06:00:52 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2014/03/16 05:26:02 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk [2014/03/16 05:26:02 | 000,001,848 | ---- | C] () -- C:\Users\GREG\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk [2014/03/16 05:26:02 | 000,001,848 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk [2014/03/16 03:07:00 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2014/03/16 03:07:00 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2014/03/16 02:58:16 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2014/03/16 02:34:15 | 000,001,437 | ---- | C] () -- C:\Users\GREG\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2014/03/16 02:23:50 | 000,001,409 | ---- | C] () -- C:\Users\GREG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2014/03/16 02:23:44 | 000,001,443 | ---- | C] () -- C:\Users\GREG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2014/03/16 02:22:57 | 000,000,290 | ---- | C] () -- C:\Users\GREG\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2014/03/16 02:22:57 | 000,000,272 | ---- | C] () -- C:\Users\GREG\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk ========== ZeroAccess Check ========== [2009/07/14 15:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 12:11:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 11:46:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 11:45:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014/03/16 06:01:35 | 000,000,000 | ---D | M] -- C:\Users\GREG\AppData\Roaming\AVAST Software [2014/03/16 07:47:36 | 000,000,000 | ---D | M] -- C:\Users\GREG\AppData\Roaming\Azureus ========== Purity Check ========== < End of report > ext OTL Extras logfile created on: 3/16/2014 9:57:26 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GREG\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 49.89% Memory free 8.00 Gb Paging File | 5.92 Gb Available in Paging File | 74.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.66 Gb Total Space | 425.58 Gb Free Space | 91.39% Space Free | Partition Type: NTFS Drive D: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 100.00 Mb Total Space | 61.85 Mb Free Space | 61.85% Space Free | Partition Type: NTFS Drive F: | 1863.01 Gb Total Space | 909.12 Gb Free Space | 48.80% Space Free | Partition Type: NTFS Computer Name: GREG-PC | User Name: GREG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-165555205-1945987488-1438750615-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1224871C-9FFB-4AC5-9123-0D3483C2271C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{139D793D-5DD0-4063-B903-3BB5722852D7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{140D4ABE-15A4-4F48-A7F8-3BA0E62758B9}" = rport=10243 | protocol=6 | dir=out | app=system | "{218389F5-F97C-49F9-B1F1-55808E4B4A9D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2187001D-73D6-4AC1-9842-522C3FDBBEB4}" = rport=445 | protocol=6 | dir=out | app=system | "{2A1291F3-270D-4C9C-8EAE-0488D6E1C5F5}" = lport=10243 | protocol=6 | dir=in | app=system | "{3B04E1D2-7C9F-48DE-88E3-AEE065ED2B54}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4BDC89C4-476C-4D66-92A3-B5279A0C1EC0}" = lport=139 | protocol=6 | dir=in | app=system | "{6757B8E4-AF32-4C39-AA63-DCB3FA7A9B1C}" = lport=445 | protocol=6 | dir=in | app=system | "{7E8F8F46-51FB-466E-A81A-3FC2A50C0695}" = lport=2869 | protocol=6 | dir=in | app=system | "{8ADB047F-B5F6-4B7D-82CD-9820E848DE68}" = lport=138 | protocol=17 | dir=in | app=system | "{8FB50C3A-1DDE-4128-A7F4-64256A50737E}" = rport=138 | protocol=17 | dir=out | app=system | "{AD860E60-9A27-412F-8E7A-346A16455949}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C64202FE-0E09-46E6-A689-4099D86A3C78}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C7079728-C8BF-4489-9857-BDCB1372A3D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D1D4D501-AB7E-4709-8011-CB9474AC8167}" = rport=139 | protocol=6 | dir=out | app=system | "{D5750E85-1CE8-433A-8FA3-B8B9C3EC1721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D7C56C1E-3FE6-4008-96BC-FCA8E8A895E0}" = rport=137 | protocol=17 | dir=out | app=system | "{DB9C4F23-0549-413D-889A-DBBC15568200}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E659376C-9306-4067-97AD-62D01BF1C395}" = lport=137 | protocol=17 | dir=in | app=system | "{F9205B27-B664-4EFE-8615-86727FEB7E04}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03E738E9-7709-4BD1-BF71-C5B2BBAC7F32}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{09633074-0CAC-4ABB-A8B9-0AFD446FF539}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{09F22F14-9817-4C25-9826-3CE56DA59E71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{114FAF18-C7A6-463B-B6F9-C3D6283760F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{23CEC35A-822E-4AA7-82F1-1D713CF56DD6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2A2B3792-CAC4-4DE2-A390-548D150D7546}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{36AE6735-75F6-49C5-A309-6991851F97D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4BC0F34E-EAA3-4E84-9E5D-27164796308B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{75855B4E-1221-4D2A-8AF9-9601CB85F83B}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{7A5CDB91-C11E-4CD0-B7DC-1CF8CFDF670E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{866B9F03-74A5-485F-A18A-7B962205D263}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{96643F53-7B05-4BF7-9096-669057B050AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9E0E8550-C9B8-4EF3-A88D-0E865F8A6A47}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A447AAB0-8E53-4EFF-B188-0EFA82D152CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AFDE9220-4C68-46D1-AD34-EFD931262D60}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BFEBF711-B6EC-4AC1-BA25-4A1C6E9934AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D4975D17-5E5D-4E56-809B-8F20A151312D}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{D7AB5B9F-D54E-4832-B577-6ABB33A646E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DEC67DF4-DF03-401E-9512-9F6E640B7249}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EBAD8F40-E92D-4240-88A5-DE1EDA33B032}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F07C71A8-1ED9-4451-A5A9-311BDA80A952}" = protocol=6 | dir=out | app=system | "{F81716C6-E090-4D49-BAC2-0965FA4800A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skypeâ„¢ 6.14 "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speedâ„¢ World "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "8461-7759-5462-8226" = Vuze "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin "Avast" = avast! Free Antivirus "Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 3/15/2014 3:29:44 PM | Computer Name = GREG-PC | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary syolthep. System Error: The system cannot find the file specified. . [ System Events ] Error - 3/16/2014 5:11:10 AM | Computer Name = GREG-PC | Source = Service Control Manager | ID = 7024 Description = The Windows Search service terminated with service-specific error %%-2147467243. Error - 3/15/2014 12:36:13 PM | Computer Name = GREG-PC | Source = Schannel | ID = 36888 Description = The following fatal alert was generated: 10. The internal error state is 10. < End of report >
This log is clean ?? You say you ran scanners and reformatted, did you reinstall your operating system?
yes i used windows 7 home premium disc and reinstall it (used setting custom install). The pop up still pops up sometimes also getting ssl error (mainly on facebook and youtube). Also had a few sites try to redirect me (firefox blocked it). if its not an actually virus or spyware what could it be?????even with add-ons disabled get same pop up sometimes.
At this point in time, I have no idea..... Let’s try Combofix to see if it can turn something up…. Before you run Combofix you will need you to turn off any security software you have running. Combofix may need to reboot your computer more than once to do its job this is normal. You can download Combofix from one of these links. Please save it to the desktop and run it from there. Link 1 Link 2 Link 3 1. Close any open browsers or any other programs that are open. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer. "information and logs" In your next post I need the following Log from Combofix 2oG
ComboFix 14-03-13.01 - GREG 16/03/2014 16:44:07.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.4095.2982 [GMT 10.5:30] Running from: c:\users\GREG\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\CFLog c:\cflog\EPLog.txt F:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2014-02-16 to 2014-03-16 ))))))))))))))))))))))))))))))) . . 2014-03-16 09:38 . 2014-03-15 15:50 -------- d-----w- c:\windows\Panther 2014-03-16 08:42 . 2014-03-16 08:42 0 ----a-w- c:\windows\ativpsrm.bin 2014-03-16 06:20 . 2014-03-16 06:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-03-16 04:59 . 2014-03-16 04:59 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2014-03-16 04:59 . 2014-03-16 04:59 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2014-03-16 02:58 . 2014-03-16 02:58 -------- d-----w- c:\program files (x86)\ImgBurn 2014-03-16 02:33 . 2014-03-16 02:33 -------- d-----w- c:\program files\Movie Maker 2014-03-16 02:30 . 2014-03-16 02:30 -------- d-----w- c:\program files (x86)\Bejeweled 3 2014-03-16 02:25 . 2014-03-16 02:25 -------- d-----w- c:\program files (x86)\Common Files\Windows Live 2014-03-16 02:24 . 2014-03-16 02:24 -------- d-----w- C:\gameplay 2014-03-16 01:23 . 2014-03-16 01:23 -------- d-----w- c:\program files (x86)\Chuzzle Deluxe 2014-03-16 00:17 . 2014-03-16 00:17 -------- d-----w- c:\program files (x86)\EA Games 2014-03-15 19:41 . 2014-03-15 19:41 -------- d-----w- c:\programdata\Electronic Arts 2014-03-15 19:41 . 2014-03-15 19:41 -------- d-----w- c:\program files (x86)\Electronic Arts 2014-03-15 19:30 . 2014-03-15 19:30 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys 2014-03-15 19:30 . 2014-03-15 19:30 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-03-15 19:30 . 2014-03-15 19:30 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-03-15 19:30 . 2014-03-15 19:30 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys 2014-03-15 19:30 . 2014-03-15 19:30 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-03-15 19:30 . 2014-03-15 19:30 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-03-15 19:30 . 2014-03-15 19:30 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-03-15 19:30 . 2014-03-15 19:30 334136 ----a-w- c:\windows\system32\aswBoot.exe 2014-03-15 19:30 . 2014-03-15 19:30 43152 ----a-w- c:\windows\avastSS.scr 2014-03-15 19:29 . 2014-03-15 19:29 -------- d-----w- c:\program files\AVAST Software 2014-03-15 19:28 . 2014-03-15 19:28 -------- d-----w- c:\programdata\AVAST Software 2014-03-15 18:55 . 2014-03-15 18:56 -------- d-----w- c:\program files (x86)\Vuze 2014-03-15 16:53 . 2014-03-15 16:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-15 16:53 . 2014-03-15 16:53 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-15 16:53 . 2014-03-15 16:53 -------- d-----w- c:\windows\SysWow64\Macromed 2014-03-15 16:53 . 2014-03-15 16:53 -------- d-----w- c:\windows\system32\Macromed 2014-03-15 16:43 . 2014-03-15 16:43 -------- d-----w- c:\programdata\Oracle 2014-03-15 16:43 . 2014-03-15 16:43 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-03-15 16:43 . 2014-03-15 16:43 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-03-15 16:43 . 2014-03-15 16:43 -------- d-----w- c:\program files (x86)\Java 2014-03-15 16:36 . 2014-03-15 16:37 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2014-03-15 16:28 . 2014-03-15 16:28 -------- d-----w- c:\program files (x86)\Common Files\Skype 2014-03-15 16:28 . 2014-03-15 16:28 -------- d-----r- c:\program files (x86)\Skype 2014-03-15 16:28 . 2014-03-15 19:42 -------- d-sh--w- c:\windows\Installer 2014-03-15 16:28 . 2014-03-15 16:28 -------- d-----w- c:\programdata\Skype 2014-03-15 16:13 . 2014-02-16 16:02 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7D6B453-9240-49CB-BC4A-A8705CE506C1}\mpengine.dll 2014-03-15 16:13 . 2014-02-03 02:50 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-03-15 16:08 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll 2014-03-15 16:08 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll 2014-03-15 16:08 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2014-03-15 16:08 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll 2014-03-15 16:08 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2014-03-15 16:08 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2014-03-15 15:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2014-03-15 15:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2014-03-15 15:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2014-03-15 15:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2014-03-15 15:58 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2014-03-15 15:58 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2014-03-15 15:58 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2014-03-15 15:58 . 2012-06-02 04:49 186752 ----a-w- c:\windows\system32\wuwebv.dll 2014-03-15 15:58 . 2012-06-02 04:45 36864 ----a-w- c:\windows\system32\wuapp.exe 2014-03-15 15:52 . 2014-03-15 18:56 -------- d-----w- c:\users\GREG . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-16 06:22 . 2014-03-16 06:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7D6B453-9240-49CB-BC4A-A8705CE506C1}\offreg.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20924576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-01 254336] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-15 3767096] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWRVRT *NewlyCreated* - ASWSP . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-03-15 19:30 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 74.82.207.26 8.8.8.8 FF - ProfilePath - c:\users\GREG\AppData\Roaming\Mozilla\Firefox\Profiles\d5pn84z0.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-03-16 16:55:55 ComboFix-quarantined-files.txt 2014-03-16 06:25 . Pre-Run: 455,860,822,016 bytes free Post-Run: 455,768,203,264 bytes free . - - End Of File - - 46E4EC5D626560B7A976A13011E2802C A36C5E4F47E84449FF07ED3517B43A31
I can't tell if that did any good. Give me a run down on how it's acting and if that did anything for it. xboxdvl2, I just realized that you used the Custom install and not the Upgrade install so, you may have lost a lot of your settings. all these logs look ok so ?????
xboxdvl2, in the custom install, i presume you deleted the partitions(100meg plus os) of win7, made new partitions, formated os partition & installed win7 into os partition?
As far as I know, a custom install is not a repair install and will loose all of the installed programs and settings.. an Upgrade install is a repair install of the OS, does not loose programs or settings but only repairs the OS and does nothing for removing malware.. A system restore or an image backup would be the way to go.. Looks like a lot of work ahead.
i have never reformatted before.when i did the reformat i had 2 partions, c: and esystem) i installed the os into c: then deleted a file called windowsld after it was done. I lost a lot of software but i can get it all again,all my pics & movies and music were backed up. atm youtube gets blocked with a message saying it tried to redirect me, everything else seems fine for now.If youtube doesn't get blocked i get the message in middle of the screen that says i need to update flash that i can't get rid of and i cant access youtube.
Just guessing but maybe your Flash got messed up or exploited. Try uninstalling it and download a new copy.
when doing custom install, click on options so can now delete partitions, make new partitions then just format the c: partition not the other one. this explains why you still have virus\malware issue.
ok i will remember that and try it if i reformat in future. apart from a few websites trying to redirect (which is blocked) and some ssl errors everything seems to be ok. ddp you might be able to help me with another issues i encountered.I had a bunch of locked empty folders on an external hard drive, i deleted the folders before the reformat and disconnected the drive now i dont have permission to access the files.I can go through the security takes and manually take owner ship of them and access them,is there an easier way to fix it???
@ xboxdvl2: Hello there. I had a similar situation before. when I get a new returned PC (Open box) for half the price. It took me 3 re-formations to make it work like new. For the Fake Flush update on YouTube: Using Firefox or Tor: Just download the add-on: YouTube Flash to HTML5 & it fix it right after. (sometimes need a refresh tho)
