Jump to content

fenderplayer946

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

Reputation

0 Neutral
  1. fenderplayer946
    Thank you soo much, you guys provide the best service on the web, i cannot thank you enough. I hope you continue to provide your excellent help to others for the foreseeable future thank you
  2. fenderplayer946
    Thank you kindly, results as follows: Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! AVG Anti-Virus Free Edition 2012 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 DH Driver Cleaner Professional Edition Java 6 Update 35 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.2 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe AVG avgtray.exe Malwarebytes' Anti-Malware mbamscheduler.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm zatray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 8% ````````````````````End of Log``````````````````````
  3. fenderplayer946
    hello, the results of adwcleaner: # AdwCleaner v2.304 - Logfile created 07/04/2013 at 12:38:17 # Updated 03/07/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Jordan Eastwood - YASSAH # Boot Mode : Normal # Running from : C:\Users\Jordan Eastwood\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\Tarma Installer ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1A03F196-9617-4CA0-842B-A83CEECB022B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Registry is clean. -\\ Mozilla Firefox v [unable to get version] File : C:\Users\Jordan Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\vu5bl2e9.default\prefs.js Deleted : user_pref("browser.search.order.1", "Ask.com"); -\\ Opera v12.15.1748.0 File : C:\Users\Jordan Eastwood\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [2458 octets] - [04/07/2013 08:47:56] AdwCleaner[s1].txt - [2433 octets] - [04/07/2013 12:38:17] ########## EOF - C:\AdwCleaner[s1].txt - [2493 octets] ########## But I'm unable to download the security check for some reason. Sorry about attaching the last one, that post was posted off my tablet so i was unable to post it rather than attach it thanks again
  4. fenderplayer946
    Did that, brought up a dhcp problem, but it fixed it, looks like its back online for now
  5. fenderplayer946
    Yep, it was fine last night, just not this morning, tried the usual reboot reconnect but nothing off the net
  6. fenderplayer946
    Before I ran the cleaner, I fired it up earlier to download and run it but it just wouldnt connect to the net, it found and connected to the local network fineand I know there isn't a problem with.......shall I still try and restore it??
  7. fenderplayer946
    Hello, Ive ran the software but I now cannot connect to the internet strangely, but I can off my tablet sadly I think we are not out of the woods yet...... log file attached. Thanks again and sorry about the wait AdwCleanerR1.txt
  8. fenderplayer946
    done! and the read out is as as follows: ComboFix 13-07-03.01 - Jordan Eastwood 03/07/2013 20:36:38.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3070.1420 [GMT 1:00] Running from: c:\users\Jordan Eastwood\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\frapsvid.dll c:\windows\SysWow64\muzapp.exe c:\windows\UNWISE.EXE . . ((((((((((((((((((((((((( Files Created from 2013-06-03 to 2013-07-03 ))))))))))))))))))))))))))))))) . . 2013-07-04 02:34 . 2013-07-04 02:34 -------- d-----w- C:\FRST 2013-07-03 19:49 . 2013-07-03 19:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-07-03 19:49 . 2013-07-03 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-03 18:31 . 2013-07-03 18:51 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-07-03 13:12 . 2013-07-03 13:12 -------- d-----w- c:\users\Jordan Eastwood\AppData\Roaming\Malwarebytes 2013-07-03 13:12 . 2013-07-03 13:12 -------- d-----w- c:\programdata\Malwarebytes 2013-07-03 13:12 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-03 13:12 . 2013-07-03 13:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-07-03 08:26 . 2013-07-03 08:26 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2013-06-26 18:50 . 2013-06-28 10:57 -------- d-----w- c:\users\Jordan Eastwood\AppData\Local\Arma 3 2013-06-21 20:01 . 2013-06-21 20:41 -------- d-----w- c:\program files (x86)\TARS 2013-06-20 10:40 . 2013-06-20 10:40 -------- d-----w- c:\users\Jordan Eastwood\AppData\Local\Programs 2013-06-13 10:54 . 2013-06-13 10:54 -------- d-----w- c:\program files (x86)\Easy Monitor Configurator 2013-06-11 13:34 . 2013-06-11 13:34 -------- d-----w- c:\program files (x86)\Gadrocs Workshop 2013-06-04 20:32 . 2013-06-04 20:32 -------- d-----w- c:\users\Jordan Eastwood\AppData\Roaming\.mono . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-19 18:18 . 2012-01-27 09:23 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-06-19 18:18 . 2012-01-25 21:03 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-06-19 18:17 . 2012-01-25 21:03 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-06-13 11:27 . 2012-04-01 17:42 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-13 11:27 . 2012-01-26 20:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-16 17:52 . 2012-01-25 21:03 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2013-04-11 02:18 . 2013-04-11 02:18 384800 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-01-29 14:18 . 2012-01-29 14:11 519643 ----a-w- c:\program files (x86)\UninstalEurope.exe . <pre>c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal WOPII B-17 .exe</pre>. ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-06-06 1641896] "OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2012-02-22 3325952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-18 73360] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [N/A] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MRV6X64P;Vista 64-bits Native WiFi Driver;c:\windows\system32\DRIVERS\MRVW13C.sys;c:\windows\SYSNATIVE\DRIVERS\MRVW13C.sys [x] R3 RDID1104;ME-25;c:\windows\system32\Drivers\rdwm1104.sys;c:\windows\SYSNATIVE\Drivers\rdwm1104.sys [x] R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys;c:\windows\SYSNATIVE\DRIVERS\RTL85n64.sys [x] R3 SaiH0762;SaiH0762;c:\windows\system32\DRIVERS\SaiH0762.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH0762.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys;c:\windows\SYSNATIVE\drivers\XENfiltv.sys [x] R4 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x] S2 SaiDOutput;Saitek DirectOutput;c:\program files\Saitek\DirectOutput\DirectOutputService.exe;c:\program files\Saitek\DirectOutput\DirectOutputService.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsfiltera.sys [x] S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys;c:\windows\SYSNATIVE\DRIVERS\wg111v2.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 11:27] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 1125504] "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208] "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000 TCP: Interfaces\{C5D4AF59-38C9-4B9C-A41C-EF5CF3DEF53E}: NameServer = 212.50.160.100,213.249.130.100 . - - - - ORPHANS REMOVED - - - - . AddRemove-A2A Accusim for the Wings of POWER 3 Razorback - c:\windows\UNWISE.EXE AddRemove-A2A Wings of POWER 3 P47 Razorback - c:\windows\UNWISE.EXE AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3401181016-511546575-3093917072-1000\Software\SecuROM\License information*] "datasecu"=hex:58,ce,3f,ae,2e,ff,42,7e,32,b7,cd,e7,d2,fc,2b,07,0a,95,d4,6d,63, 07,a7,21,01,30,a3,55,58,e5,77,55,45,58,7f,ba,38,d7,4f,b0,3b,db,20,fe,b5,1e,\ "rkeysecu"=hex:10,77,97,ae,bb,8b,64,6d,40,f0,99,e3,e8,1c,e7,c2 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG16.00.00.01PROFESSIONAL"="5EF7B186F721FDB2739EFC04F76E85336794DF3B1E5F38892A50B6D61D41F051DBFDCB918894820F7D7C62056551F101EAE3190792B2FB892B279B9BFAA2F2A20738226E9AA2E0687945C065D3D5052A6C810B3C92919914C50181B6C1FBED663DA553DB8FC3CD3B14136E440260395C073F607B5AE47127A18A096B4CDFC80B566994DD7FD3D487EE225307E3B4E047C71357A9DBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407FEBC9E127BECC74CC038D530D6EB34529DB7CE019D40AA5C19DFF795551B8ACFFE8B82C6CB1F3EA3BA21A501C3992D330D5F11EB9787B75DD34B734A1B8D949381A809BCE31A6C7C3D444BC6A3550AE9770B1F309363199C26F221316E71735985B1786B7B9900CC6649BFBBA791214193DCF952B2AB3521C7599AA0E5A823CBA7F0999861D3F4BD5D5E9C327779907EB307ABD013236C6C4ED47AE7B7A9E24B697F38FD87948D2BAB057E72DC4DB91C0A0E4321FA9B60B6B812DF48437BB669B14EA5C902B74FA4C08F88B646DDC3C6ACCDD3A9CF7FF8E9E58D6E74883EE7F0C7A0B59E0C31026F6EA85F2EC79518DF1972F2479FC8E0A3991BCE972CA003D9591042120407B285EB4DACFB976D65FD2E7EBBCA188908377DE1AC4D76695656F906A6AD6B533411D1CC1E3710759C69AE46CC770F64A12B1E5C37A85571F7489C43C4F0E6C49AF3A0CC656A3151F420427648847A14A3BA6BD721ACD9A63EC71B5C014CC29C3FC2394639941EB6E853740A569F786249D339F924D2B888C621B43843266BB13FC5E28551A99C73B569B455A0E6C7B01397C037F908C9AD71D20913F758716EFBF8472BEC1018E45E7BD57B55F0CC73C35E1F5BE22E8BC061101D7B12328D511A0E752DCCA3A07E285710F728C28EB26132520524999D7C80415C5703F4186C03E8DF5337B2E6C81EFC7F974F5BB98BB8D14026021446B2F80292DCC6D68F6563A1DC3AF57F42DC8E24217D85289D2C57AEB107CA59EC4A3CA2F117578115F72E842653D541AEEC0AB5D99D088FAE5A12F0D241CD1C9E3AFD240FE736926FF01693DA6228A4CBB968CDF1439C67046EFEF13344DE7F0E92B640E382681C88331682FC02C3C7D99BC2BF130C86FC5A547940C8D2D49E8DF1A161CD6D76A5EC346A3AF21D82BC42FDF611CDE89311920DA09FEA040B84980E40280E85EC28CF8094D68775C00C0EDF2979952010D52E2B578555C0E1B2C9B1D6E5C97A5C1187B35A28E89FE1AF6DD4BDE740CA4F745658441C2AC9BD9EE3B8EBA40B5059C38B81C3B329844A1733035E7E0B592808D7D0D443EC318432CA164D9FBF5DFC95FC309D32406063A5D527FA90158AF5222064368C85DDA3C9874D894437CF63501B1AF98F06459AB06F8F45A9E0F395" "OODEFRAG12.00.00.01PROFESSIONAL"="4F52FDC983131C5B4DD5A44432E45C03F297415AE343084CDD1268CC6A778D0449394F3C883E903C2E96F9BAC1F1E6A633FAA76D68C284026D3D1E4290F61C917081382E3F44A2A731A34E00F93B98C3B31B68C79B36A8B90CFD46C2006111EAAE11AC647558E21515E213E210C10EAA27FB91DDB70F3CBA819D288E96BB0271018F528951ABD11DAB7EEB170D0B554BD46A640DC9C37C71A927C448098DF6AA7968062B4AF9677E5AE131B1CD9FF03E98F2551433D098ED7669CEF9DBE1FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407FEBC9E127BECC74CC038D530D6EB34529DB7CE019D40AA5C2D06A13407913D8BC0BE3F95FA0D509F11D3659822BE206AC44149978D8D303ECA775C039BC2E8903C418BA13FC07DC383BC585A93C0A7F5DA6CAF963FA6AE6E99C8A030A766410F50735A6D79F29AE034EAFB137CC2FEA3DD58380134E081F853EAC26056129F1964BF91611403259A5A5DED0CA30EE847F13F5520B10FD103276F297D8CC1B2C45430AE272BB571989D3860D184D1FCB9AA7D0E81B0E71B37B80C4F36DCD3FB2CF0F5C12F94B125861AC69733CF1D295713177CF45D8430431D1E45FC928DD1F07D63EDAB5406BB936374EC456767AA81A9AFCE1197E4B3D7E2232D88AA955CB1B1726D9427228274FBD1CCDFE387969CDF13C5ADF469202A85BEBFD0D6761B193B3E0BA579D91FDF5E94BA1F90BD54111BAEB969BDDA4176F937C5167C22DECE3805285CEE66859276954AE26D291FCA371494246D6137F6A677A0D9B468CD02BDAD38FC5D6481CBA65125CFACD0883D7F795483368D7970E78E43E24D03E166D2BDC38D50D232CDC2E8094E379D7259B9388B71FA50CDA60AB0B43A480C6832F462E7DA8517896294A14789285B951B984EDE1A55805263523290AD5A85039F93EAD2F2EFF950D35963C4724E3EFDFCC75E8BEE115878F4778F06506D4FA76D134B4A2936A69E7241BBF9BCAE5A0A7F642D5DA4AF76032D24E757F89FB2215FCA9BA61532ADE490725C75617EA86F2902A53735E4DC8DE077FCDCC0425B0C3A86985491F20565080498D71B2C07348124550FDC1A72026A0437020659D8DACA862053BC3B84B63305EAD6EBD437359447EEF09DEA8123A6D09F456A219CD1DD00B7B67B0166C4F176EDBB174DDE2273D84679BB283805F7D9673A5505808D46990728746E4ECCA64B65E2A31D85FEB439D65B41D5A811C38EDF086FA6BEF8DB6FD8E31263BE623B6EB43EDF7E99236E403FDC7B2E4B02734FFE6B28DC76D7F8921F3A84F1A06C1ABBE453D9E26E39BDB83F58FA1C77EAF5F562B1B12FAABE7B066B0FBE5FBFA5340622BB676C36C2C35DBEBC1540ECB03BCB473E015E44974742F7D9F6274D1CF990BE" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-07-03 21:04:31 ComboFix-quarantined-files.txt 2013-07-03 20:04 . Pre-Run: 82,014,203,904 bytes free Post-Run: 83,004,940,288 bytes free . - - End Of File - - 9C18B6E954DAD5AA61848438C43F2F71 8F558EB6672622401DA993E1E865C861thanks!
  9. fenderplayer946
    thank you so much, you guys are fantastic!!! its gone and i can't thank you enough.... I've attached the logs only thing now is its running rather slow, any reconnmendations out of interest?? also the antirootkit found nothing interestingly thanks again mbar-log-2013-07-03 (19-31-41).txt system-log.txt Fixlog.txt
  10. fenderplayer946
    Sorry about the wait, here it is Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2013 02 Ran by SYSTEM on 03-07-2013 18:50:51 Running from F:\ Windows 7 Professional (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden" [1125504 2011-11-03] (Check Point Software Technologies) HKLM\...\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [158208 2010-07-29] (Saitek) HKLM\...\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-29] (Saitek) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x] HKLM-x32\...\Winlogon: [shell] C:\PROGRA~3\uaxybikueibyrbkqdfh.bat [x ] () HKLM-x32\...\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73360 2011-12-18] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [x] HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-06-28] (LogMeIn Inc.) HKU\Jordan Eastwood\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1641896 2013-06-06] (Valve Corporation) HKU\Jordan Eastwood\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [x] HKU\Jordan Eastwood\...\Run: [OscarEditor] "C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe" Minimum [3325952 2012-02-21] () Startup: C:\ProgramData\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Users\Jordan Eastwood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk ShortcutTarget: regmonstd.lnk -> C:\Users\JORDAN~1\AppData\Local\Temp\hfdqkbrybieukibyxau.bfg (Microsoft Corporation) BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart ==================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-01] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-13] (AVG Technologies CZ, s.r.o.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [53248 2013-05-16] () S4 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [827520 2011-11-03] (Check Point Software Technologies) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-29] (Microsoft Corporation) S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-04-16] () S2 SaiDOutput; C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe [241152 2008-04-04] (Saitek) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-29] (Microsoft Corporation) S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2420616 2011-12-18] (Check Point Software Technologies LTD) ==================== Drivers (Whitelisted) ==================== S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-09] (AVG Technologies CZ, s.r.o. ) S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. ) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. ) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-07] (AVG Technologies CZ, s.r.o.) S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-10] (AVG Technologies CZ, s.r.o.) S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2011-11-03] (Check Point Software Technologies) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] () S3 RDID1104; C:\Windows\System32\Drivers\rdwm1104.sys [197888 2009-09-30] (Roland Corporation) S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [340992 2007-12-25] (NETGEAR Inc.) S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek) S3 SaiH0762; C:\Windows\System32\DRIVERS\SaiH0762.sys [178560 2008-04-04] (Saitek) S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-10] (Saitek) S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-10] (Saitek) S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD) S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.) S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x] S4 LMIRfsClientNP; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-03 18:34 - 2013-07-03 18:34 - 00000000 ____D C:\FRST 2013-07-03 05:12 - 2013-07-03 05:12 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-03 05:12 - 2013-07-03 05:12 - 00000000 ____D C:\Users\Jordan Eastwood\AppData\Roaming\Malwarebytes 2013-07-03 05:12 - 2013-07-03 05:12 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-03 05:12 - 2013-07-03 05:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-03 05:12 - 2013-04-04 05:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-07-03 04:53 - 2013-07-03 04:53 - 00000165 ____A C:\ProgramData\uaxybikueibyrbkqdfh.reg 2013-07-03 04:53 - 2013-07-03 04:53 - 00000070 ____A C:\ProgramData\uaxybikueibyrbkqdfh.bat 2013-07-03 01:06 - 2013-07-03 01:09 - 156514496 ____A (NVIDIA Corporation) C:\Users\Jordan Eastwood\Downloads\320.49-desktop-winxp-32bit-international-whql.exe 2013-07-03 01:04 - 2013-07-03 01:04 - 04396440 ____A (Piriform Ltd) C:\Users\Jordan Eastwood\Downloads\ccsetup403.exe 2013-07-03 01:04 - 2013-07-03 01:04 - 02817354 ____A C:\Users\Jordan Eastwood\Downloads\dcprosetup_15.zip 2013-07-03 00:26 - 2013-07-03 00:26 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-06-28 13:23 - 2013-06-28 13:23 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\Batumi - Tbilisi Radar Run 2013-06-26 10:50 - 2013-06-28 02:57 - 00000000 ____D C:\Users\Jordan Eastwood\AppData\Local\Arma 3 2013-06-26 10:50 - 2013-06-26 11:16 - 00000000 ____D C:\Users\Jordan Eastwood\Documents\Arma 3 2013-06-22 05:17 - 2013-06-22 05:17 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\DCS UH-1H Flight Manual SiTh v15 2013-06-22 05:16 - 2013-06-22 05:17 - 13939865 ____A C:\Users\Jordan Eastwood\Downloads\DCS UH-1H Flight Manual SiTh v15.zip 2013-06-21 12:01 - 2013-06-21 12:41 - 00000920 ____A C:\Users\Public\Desktop\TARS Control Panel.lnk 2013-06-21 12:01 - 2013-06-21 12:41 - 00000000 ____D C:\Program Files (x86)\TARS 2013-06-21 12:00 - 2013-06-21 12:00 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\TARS_1.0.2.4 2013-06-21 11:59 - 2013-06-21 12:00 - 03011262 ____A C:\Users\Jordan Eastwood\Downloads\TARS_1.0.2.4.zip 2013-06-20 04:57 - 2013-06-20 04:57 - 00000776 ____A C:\Users\Public\Desktop\DCS World.lnk 2013-06-20 04:57 - 2013-06-20 04:57 - 00000776 ____A C:\Users\Public\Desktop\DCS World Multiplayer.lnk 2013-06-20 04:46 - 2013-06-20 04:46 - 00000830 ____A C:\Users\Public\Desktop\ DCS Black Shark 2 Multiplayer.lnk 2013-06-20 04:46 - 2013-06-20 04:46 - 00000821 ____A C:\Users\Public\Desktop\ DCS Black Shark 2.lnk 2013-06-20 04:18 - 2013-06-20 04:18 - 00000790 ____A C:\Users\Public\Desktop\DCS A-10C Multiplayer.lnk 2013-06-20 04:18 - 2013-06-20 04:18 - 00000781 ____A C:\Users\Public\Desktop\DCS A-10C.lnk 2013-06-20 03:59 - 2013-06-20 03:59 - 00000734 ____A C:\Users\Public\Desktop\DCS Black Shark.lnk 2013-06-20 03:59 - 2013-06-20 03:59 - 00000562 ____A C:\Users\Public\Desktop\DCS Black Shark multiplayer.lnk 2013-06-14 03:37 - 2013-06-14 03:37 - 02495709 ____A C:\Users\Jordan Eastwood\Downloads\High_Stakes_v1.01.zip 2013-06-13 06:09 - 2013-06-13 06:09 - 01054466 ____A C:\Users\Jordan Eastwood\Downloads\Gadrocs BS 0.2.zip 2013-06-13 05:27 - 2013-06-13 05:28 - 09697417 ____A C:\Users\Jordan Eastwood\Downloads\Helios.zip 2013-06-13 02:54 - 2013-06-13 02:54 - 00002721 ____A C:\Users\Public\Desktop\Easy Monitor Configurator.lnk 2013-06-13 02:54 - 2013-06-13 02:54 - 00000000 ____D C:\Program Files (x86)\Easy Monitor Configurator 2013-06-13 02:53 - 2013-06-13 02:53 - 07757658 ____A C:\Users\Jordan Eastwood\Downloads\EMC_Setup.rar 2013-06-11 05:40 - 2013-06-11 05:40 - 14360401 ____A C:\Users\Jordan Eastwood\Downloads\Loz SM v2.1.rar 2013-06-11 05:36 - 2013-06-16 04:57 - 00000000 ____D C:\Users\Jordan Eastwood\Documents\Helios 2013-06-11 05:34 - 2013-06-11 05:34 - 00000000 ____D C:\Program Files (x86)\Gadrocs Workshop 2013-06-11 05:33 - 2013-06-11 05:33 - 06973823 ____A C:\Users\Jordan Eastwood\Downloads\HeliosSetup-Stable-1.3.190.zip 2013-06-07 06:10 - 2013-06-07 06:10 - 05865174 ____A C:\Users\Jordan Eastwood\Downloads\Batumi - Tbilisi Radar Run.zip 2013-06-07 03:03 - 2013-06-07 03:03 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\Kosmos_SSPP_R4.32 2013-06-07 03:01 - 2013-06-07 03:03 - 84707260 ____A C:\Users\Jordan Eastwood\Downloads\Kosmos_SSPP_R4.32.zip 2013-06-06 05:27 - 2013-06-06 05:28 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\B9-Aerospace-Pack-R3c 2013-06-06 05:27 - 2013-06-06 05:27 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\RemoteTech1 2013-06-06 05:25 - 2013-06-06 05:25 - 24507974 ____A C:\Users\Jordan Eastwood\Downloads\RemoteTech1.zip 2013-06-06 05:24 - 2013-06-06 05:25 - 64462361 ____A C:\Users\Jordan Eastwood\Downloads\B9-Aerospace-Pack-R3c.zip 2013-06-05 03:48 - 2013-06-05 03:48 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\MechJeb2-2.0.8.0 2013-06-05 03:43 - 2013-06-05 03:43 - 01383615 ____A C:\Users\Jordan Eastwood\Downloads\MechJeb2-2.0.8.0.zip 2013-06-04 12:32 - 2013-06-04 12:32 - 00000000 ____D C:\Users\Jordan Eastwood\AppData\Roaming\.mono 2013-06-04 12:28 - 2013-06-04 12:28 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\ksp-win-0-20-2 2013-06-04 12:16 - 2013-06-04 12:28 - 441632972 ____A C:\Users\Jordan Eastwood\Downloads\ksp-win-0-20-2.zip 2013-06-04 04:02 - 2013-06-04 04:08 - 248306803 ____A C:\Users\Jordan Eastwood\Downloads\KSP_demo_win.zip ==================== One Month Modified Files and Folders ======= 2013-07-03 18:34 - 2013-07-03 18:34 - 00000000 ____D C:\FRST 2013-07-03 09:15 - 2009-07-13 21:13 - 00870670 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-03 09:12 - 2012-02-25 13:00 - 00000000 ____D C:\Users\Jordan Eastwood\AppData\Local\LogMeIn Hamachi 2013-07-03 06:25 - 2012-02-18 05:51 - 00000000 ____D C:\Program Files (x86)\Steam 2013-07-03 06:24 - 2012-11-09 02:15 - 00004248 ____A C:\Windows\PFRO.log 2013-07-03 06:24 - 2012-11-05 10:08 - 00030920 ____A C:\Windows\setupact.log 2013-07-03 06:24 - 2012-01-26 13:12 - 00000000 ____D C:\ProgramData\NVIDIA 2013-07-03 06:24 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-03 05:12 - 2013-07-03 05:12 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-03 05:12 - 2013-07-03 05:12 - 00000000 ____D C:\Users\Jordan Eastwood\AppData\Roaming\Malwarebytes 2013-07-03 05:12 - 2013-07-03 05:12 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-03 05:12 - 2013-07-03 05:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-03 05:00 - 2012-01-24 10:23 - 01903232 ____A C:\Windows\WindowsUpdate.log 2013-07-03 04:53 - 2013-07-03 04:53 - 00000165 ____A C:\ProgramData\uaxybikueibyrbkqdfh.reg 2013-07-03 04:53 - 2013-07-03 04:53 - 00000070 ____A C:\ProgramData\uaxybikueibyrbkqdfh.bat 2013-07-03 04:53 - 2013-05-23 05:15 - 00000000 ____D C:\Program Files (x86)\Opera 2013-07-03 04:50 - 2009-07-13 20:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-03 04:50 - 2009-07-13 20:45 - 00013472 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-03 01:09 - 2013-07-03 01:06 - 156514496 ____A (NVIDIA Corporation) C:\Users\Jordan Eastwood\Downloads\320.49-desktop-winxp-32bit-international-whql.exe 2013-07-03 01:04 - 2013-07-03 01:04 - 04396440 ____A (Piriform Ltd) C:\Users\Jordan Eastwood\Downloads\ccsetup403.exe 2013-07-03 01:04 - 2013-07-03 01:04 - 02817354 ____A C:\Users\Jordan Eastwood\Downloads\dcprosetup_15.zip 2013-07-03 00:28 - 2012-01-24 12:44 - 00000000 ____D C:\Windows\System32\Drivers\AVG 2013-07-03 00:27 - 2012-07-31 10:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-03 00:26 - 2013-07-03 00:26 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-06-29 14:04 - 2012-01-28 09:53 - 00000000 ____D C:\Users\Jordan Eastwood\AppData\Roaming\TS3Client 2013-06-28 13:23 - 2013-06-28 13:23 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\Batumi - Tbilisi Radar Run 2013-06-28 02:57 - 2013-06-26 10:50 - 00000000 ____D C:\Users\Jordan Eastwood\AppData\Local\Arma 3 2013-06-26 11:16 - 2013-06-26 10:50 - 00000000 ____D C:\Users\Jordan Eastwood\Documents\Arma 3 2013-06-26 10:50 - 2013-05-20 04:51 - 00000000 ____D C:\ProgramData\Bohemia Interactive 2013-06-22 05:17 - 2013-06-22 05:17 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\DCS UH-1H Flight Manual SiTh v15 2013-06-22 05:17 - 2013-06-22 05:16 - 13939865 ____A C:\Users\Jordan Eastwood\Downloads\DCS UH-1H Flight Manual SiTh v15.zip 2013-06-21 12:41 - 2013-06-21 12:01 - 00000920 ____A C:\Users\Public\Desktop\TARS Control Panel.lnk 2013-06-21 12:41 - 2013-06-21 12:01 - 00000000 ____D C:\Program Files (x86)\TARS 2013-06-21 12:00 - 2013-06-21 12:00 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\TARS_1.0.2.4 2013-06-21 12:00 - 2013-06-21 11:59 - 03011262 ____A C:\Users\Jordan Eastwood\Downloads\TARS_1.0.2.4.zip 2013-06-20 04:57 - 2013-06-20 04:57 - 00000776 ____A C:\Users\Public\Desktop\DCS World.lnk 2013-06-20 04:57 - 2013-06-20 04:57 - 00000776 ____A C:\Users\Public\Desktop\DCS World Multiplayer.lnk 2013-06-20 04:46 - 2013-06-20 04:46 - 00000830 ____A C:\Users\Public\Desktop\ DCS Black Shark 2 Multiplayer.lnk 2013-06-20 04:46 - 2013-06-20 04:46 - 00000821 ____A C:\Users\Public\Desktop\ DCS Black Shark 2.lnk 2013-06-20 04:19 - 2012-11-07 10:30 - 00267001 ____A C:\Windows\DirectX.log 2013-06-20 04:18 - 2013-06-20 04:18 - 00000790 ____A C:\Users\Public\Desktop\DCS A-10C Multiplayer.lnk 2013-06-20 04:18 - 2013-06-20 04:18 - 00000781 ____A C:\Users\Public\Desktop\DCS A-10C.lnk 2013-06-20 04:03 - 2013-01-27 05:43 - 00000000 ____D C:\Program Files (x86)\Eagle Dynamics 2013-06-20 03:59 - 2013-06-20 03:59 - 00000734 ____A C:\Users\Public\Desktop\DCS Black Shark.lnk 2013-06-20 03:59 - 2013-06-20 03:59 - 00000562 ____A C:\Users\Public\Desktop\DCS Black Shark multiplayer.lnk 2013-06-19 10:18 - 2012-01-27 01:23 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2013-06-19 10:18 - 2012-01-25 13:03 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2013-06-19 10:17 - 2012-01-25 13:03 - 00281520 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2013-06-19 10:04 - 2012-04-10 05:23 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins 2013-06-19 09:58 - 2012-04-10 04:41 - 00000000 ____D C:\Users\Jordan Eastwood\AppData\Roaming\Origin 2013-06-19 09:58 - 2012-04-10 04:41 - 00000000 ____D C:\Users\Jordan Eastwood\AppData\Local\Origin 2013-06-19 09:58 - 2012-04-10 04:40 - 00000000 ____D C:\ProgramData\Origin 2013-06-19 09:57 - 2012-04-10 04:39 - 00000000 ____D C:\Program Files (x86)\Origin 2013-06-16 04:57 - 2013-06-11 05:36 - 00000000 ____D C:\Users\Jordan Eastwood\Documents\Helios 2013-06-14 03:37 - 2013-06-14 03:37 - 02495709 ____A C:\Users\Jordan Eastwood\Downloads\High_Stakes_v1.01.zip 2013-06-13 06:09 - 2013-06-13 06:09 - 01054466 ____A C:\Users\Jordan Eastwood\Downloads\Gadrocs BS 0.2.zip 2013-06-13 05:28 - 2013-06-13 05:27 - 09697417 ____A C:\Users\Jordan Eastwood\Downloads\Helios.zip 2013-06-13 03:27 - 2012-04-01 09:42 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-13 03:27 - 2012-01-26 12:42 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-13 02:54 - 2013-06-13 02:54 - 00002721 ____A C:\Users\Public\Desktop\Easy Monitor Configurator.lnk 2013-06-13 02:54 - 2013-06-13 02:54 - 00000000 ____D C:\Program Files (x86)\Easy Monitor Configurator 2013-06-13 02:53 - 2013-06-13 02:53 - 07757658 ____A C:\Users\Jordan Eastwood\Downloads\EMC_Setup.rar 2013-06-11 05:40 - 2013-06-11 05:40 - 14360401 ____A C:\Users\Jordan Eastwood\Downloads\Loz SM v2.1.rar 2013-06-11 05:34 - 2013-06-11 05:34 - 00000000 ____D C:\Program Files (x86)\Gadrocs Workshop 2013-06-11 05:33 - 2013-06-11 05:33 - 06973823 ____A C:\Users\Jordan Eastwood\Downloads\HeliosSetup-Stable-1.3.190.zip 2013-06-07 06:10 - 2013-06-07 06:10 - 05865174 ____A C:\Users\Jordan Eastwood\Downloads\Batumi - Tbilisi Radar Run.zip 2013-06-07 03:03 - 2013-06-07 03:03 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\Kosmos_SSPP_R4.32 2013-06-07 03:03 - 2013-06-07 03:01 - 84707260 ____A C:\Users\Jordan Eastwood\Downloads\Kosmos_SSPP_R4.32.zip 2013-06-06 05:28 - 2013-06-06 05:27 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\B9-Aerospace-Pack-R3c 2013-06-06 05:27 - 2013-06-06 05:27 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\RemoteTech1 2013-06-06 05:25 - 2013-06-06 05:25 - 24507974 ____A C:\Users\Jordan Eastwood\Downloads\RemoteTech1.zip 2013-06-06 05:25 - 2013-06-06 05:24 - 64462361 ____A C:\Users\Jordan Eastwood\Downloads\B9-Aerospace-Pack-R3c.zip 2013-06-05 03:48 - 2013-06-05 03:48 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\MechJeb2-2.0.8.0 2013-06-05 03:43 - 2013-06-05 03:43 - 01383615 ____A C:\Users\Jordan Eastwood\Downloads\MechJeb2-2.0.8.0.zip 2013-06-04 13:27 - 2012-02-05 07:23 - 00000000 ____D C:\Users\Jordan Eastwood\AppData\Roaming\Skype 2013-06-04 12:32 - 2013-06-04 12:32 - 00000000 ____D C:\Users\Jordan Eastwood\AppData\Roaming\.mono 2013-06-04 12:28 - 2013-06-04 12:28 - 00000000 ____D C:\Users\Jordan Eastwood\Downloads\ksp-win-0-20-2 2013-06-04 12:28 - 2013-06-04 12:16 - 441632972 ____A C:\Users\Jordan Eastwood\Downloads\ksp-win-0-20-2.zip 2013-06-04 04:08 - 2013-06-04 04:02 - 248306803 ____A C:\Users\Jordan Eastwood\Downloads\KSP_demo_win.zip Files to move or delete: ==================== C:\ProgramData\uaxybikueibyrbkqdfh.bat C:\ProgramData\uaxybikueibyrbkqdfh.reg ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3070.49 MB Available physical RAM: 2483.1 MB Total Pagefile: 3068.64 MB Available Pagefile: 2471.14 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:335.34 GB) (Free:68.84 GB) NTFS (Disk=1 Partition=1) ==>[Drive with boot components (obtained from BCD)] Drive f: (MOT MOT MOT) (Removable) (Total:0.97 GB) (Free:0.11 GB) FAT (Disk=2 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:37.27 GB) (Free:7.18 GB) NTFS (Disk=0 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: A004A004) Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 335 GB) (Disk ID: A93AA93A) Partition 1: (Active) - (Size=335 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 990 MB) (Disk ID: 00E10E80) Partition 1: (Active) - (Size=990 MB) - (Type=06) LastRegBack: 2013-07-02 03:56 ==================== End Of Log ============================ I hope you find it! whatever it may be..... man i wish i knew how to do this lol thanks again
  11. fenderplayer946
    Edit, got it working,
  12. fenderplayer946
    Many thanks for the reply, Im struggling to get it to recognise the memory stick, I can get to the command prompt part but no futher
  13. fenderplayer946
    Hello, I was doing the usual net surfing, had a couple of ad pop ups in opera then a few minutes later I get lockedout of my computer by, what I now believe it to be after looking on the net, to be that fbi moneypak scam. Ive tried doing a mmalwarebytes antimalware scan, it detected something and removed it but the problem still persists and I have no idea how to remove it, any helpis greatly appreciated Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.