also @ TechSpot: First Qualcomm Snapdragon 800 benchmarks hit the web

Incredibar, not to sure if I've removed it all

Discussion in 'Virus and Malware Removal' started by tedus987, Jan 31, 2013.

Page 2 of 4

  1. Jay Pfoutz Malware Helper Posts: 4,286   +49

    All these tools can run normally, as long as the system boots fine in Normal Mode.
    Jay Pfoutz, Feb 1, 2013
    #21
    tedus987 likes this.

  2. tedus987 TechSpot Enthusiast Posts: 123

    Combo Fix got stuck in normal mode, plus Zone alarm can be a pain to turn off in Normal mode.
    tedus987, Feb 1, 2013
    #22

  3. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Give it a try in Normal Mode. If no joy, then Safe Mode is best option. :)
    Jay Pfoutz, Feb 1, 2013
    #23
    tedus987 likes this.

  4. tedus987 TechSpot Enthusiast Posts: 123

    Ok, will do.
    tedus987, Feb 1, 2013
    #24

  5. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. Will wait for info.
    Jay Pfoutz, Feb 1, 2013
    #25

  6. tedus987 TechSpot Enthusiast Posts: 123

    OK, I'll post the logs as soon as I get them once I do the steps tomorrow.
    tedus987, Feb 1, 2013
    #26
     

  7. tedus987 TechSpot Enthusiast Posts: 123

    Ok, tried the ComboFix script in normal only for combo fix to freeze at stage 4 again. ran it in safe mode and I got it to run. in safe mode I think I moved CFScript.txt over ComboFix not to sure what I did notice is the CFScript.txt file disapeared after it was done. here's the log.

    ComboFix 13-01-31.03 - Luke 02/02/2013 15:02:01.3.6 - x64 MINIMAL
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.32738.30442 [GMT 0:00]
    Running from: c:\users\Luke\Desktop\ComboFix.exe
    Command switches used :: c:\users\Luke\Desktop\CFScript.txt
    AV: ZoneAlarm Free Firewall Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
    FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: ZoneAlarm Free Firewall Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-02 15:04 . 2013-02-02 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-01 07:14 . 2013-01-15 02:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73CC9823-B21A-4D93-A125-B05F2FAFE9F6}\mpengine.dll
    2013-01-30 17:28 . 2013-01-30 17:28 -------- d-----w- c:\program files\Paint.NET
    2013-01-29 17:27 . 2013-01-29 17:27 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-29 17:27 . 2013-01-29 17:27 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-29 17:27 . 2013-01-29 17:27 -------- d-----w- c:\windows\SysWow64\Macromed
    2013-01-29 17:27 . 2013-01-29 17:27 -------- d-----w- c:\windows\system32\Macromed
    2013-01-29 17:16 . 2013-01-29 17:16 450 ----a-w- C:\user.js
    2013-01-27 21:01 . 2013-01-27 21:01 -------- d-----w- c:\program files (x86)\Common Files\BioWare
    2013-01-27 21:00 . 2013-01-27 21:00 -------- d-----w- c:\users\hedev
    2013-01-27 18:37 . 2013-01-29 15:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2013-01-27 18:34 . 2013-01-27 18:34 -------- d-----w- c:\programdata\AVG Secure Search
    2013-01-27 18:33 . 2013-01-30 16:09 37720 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-01-27 18:33 . 2013-01-30 16:10 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2013-01-27 18:33 . 2013-01-30 16:09 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2013-01-27 18:24 . 2013-01-27 18:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-01-27 18:24 . 2013-01-27 18:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2013-01-27 18:19 . 2013-01-27 18:19 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-27 18:19 . 2013-01-27 18:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-01-27 18:19 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-27 18:10 . 2012-11-15 21:06 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
    2013-01-27 18:10 . 2012-11-15 21:06 611160 ----a-w- c:\windows\system32\drivers\klif.sys
    2013-01-27 18:05 . 2013-01-27 18:05 -------- d-----w- c:\program files (x86)\DoNotTrackPlus
    2013-01-27 17:39 . 2013-01-27 17:39 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2013-01-27 17:23 . 2013-01-27 17:23 -------- d-----w- c:\program files\CheckPoint
    2013-01-27 17:21 . 2013-01-27 17:21 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
    2013-01-27 17:21 . 2013-01-27 17:23 -------- d-----w- c:\program files (x86)\CheckPoint
    2013-01-27 17:21 . 2013-01-27 17:21 -------- d-----w- c:\programdata\CheckPoint
    2013-01-25 22:53 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2013-01-25 22:53 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2013-01-25 22:53 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2013-01-25 22:51 . 2013-01-25 22:51 -------- d-----w- c:\users\Public\Creative
    2013-01-25 22:46 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-01-25 22:46 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
    2013-01-25 22:46 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
    2013-01-25 22:46 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
    2013-01-25 22:46 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2013-01-25 22:46 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2013-01-25 22:46 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2013-01-25 22:46 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2013-01-25 22:46 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2013-01-25 22:43 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
    2013-01-25 22:43 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    2013-01-25 22:43 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-25 22:43 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-25 22:43 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
    2013-01-25 22:43 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2013-01-25 22:43 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2013-01-25 22:43 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-01-25 22:43 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2013-01-25 22:42 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
    2013-01-25 22:42 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
    2013-01-25 22:42 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2013-01-25 22:42 . 2013-01-25 22:42 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2013-01-25 22:42 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-01-25 22:42 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2013-01-25 22:40 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
    2013-01-25 22:40 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    2013-01-25 22:40 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2013-01-25 22:40 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2013-01-25 22:40 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
    2013-01-25 22:40 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2013-01-25 22:40 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2013-01-25 22:40 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2013-01-25 22:40 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2013-01-25 22:40 . 2013-01-25 22:40 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2013-01-25 22:39 . 2013-01-25 22:41 -------- d-----w- c:\program files (x86)\Google
    2013-01-25 22:35 . 2013-01-25 22:35 -------- d-----w- c:\windows\SysWow64\Wat
    2013-01-25 22:35 . 2013-01-25 22:35 -------- d-----w- c:\windows\system32\Wat
    2013-01-25 22:23 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-01-25 22:23 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2013-01-25 22:23 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2013-01-25 22:23 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2013-01-25 22:23 . 2012-12-16 17:31 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-25 22:18 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
    2013-01-25 22:14 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2013-01-25 22:12 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
    2013-01-25 22:09 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
    2013-01-25 22:08 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2013-01-25 22:07 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2013-01-25 22:07 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2013-01-25 21:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2013-01-25 21:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2013-01-25 21:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2013-01-25 21:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2013-01-25 21:58 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2013-01-25 21:58 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2013-01-25 21:58 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2013-01-25 21:58 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2013-01-25 21:58 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2013-01-25 21:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2013-01-25 21:48 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
    2013-01-25 21:48 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2013-01-25 21:48 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2013-01-25 21:48 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2013-01-25 21:48 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2013-01-25 21:47 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
    2013-01-25 07:15 . 2013-01-24 15:36 -------- d-----w- c:\windows\Panther
    2013-01-24 18:02 . 2013-01-24 18:02 -------- d-----w- c:\users\Public\CyberLink
    2013-01-24 17:44 . 2012-07-11 13:18 23664 ----a-w- c:\windows\SysWow64\lgfwunis.exe
    2013-01-24 17:44 . 2001-08-29 21:00 59904 ----a-w- c:\windows\SysWow64\wbemdisp.tlb
    2013-01-24 17:44 . 1998-07-22 00:00 102912 ----a-w- c:\windows\SysWow64\Vb6stkit.dll
    2013-01-24 17:44 . 1998-07-22 00:00 102160 ----a-w- c:\windows\SysWow64\VB6KO.DLL
    2013-01-24 17:44 . 1998-06-24 00:00 115016 ----a-w- c:\windows\SysWow64\MSINET.OCX
    2013-01-24 17:44 . 2013-01-31 20:00 -------- d-----w- c:\program files (x86)\lg_fwupdate
    2013-01-24 17:42 . 2013-01-24 17:42 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
    2013-01-24 17:42 . 2013-01-24 17:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-01-24 17:42 . 2013-01-24 17:42 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2013-01-24 17:38 . 2013-01-24 17:45 -------- d-----w- c:\programdata\install_clap
    2013-01-24 17:37 . 2013-01-24 17:45 -------- d-----w- c:\program files (x86)\CyberLink
    2013-01-24 17:37 . 2013-01-24 17:37 -------- d-----w- c:\programdata\CLSK
    2013-01-24 17:37 . 2013-01-24 18:02 -------- d-----w- c:\programdata\CyberLink
    2013-01-24 16:34 . 2013-01-25 22:49 -------- d-----w- c:\programdata\Creative
    2013-01-24 16:28 . 2000-05-11 01:00 90112 ------w- c:\windows\Updreg.EXE
    2013-01-24 16:28 . 2013-01-24 16:28 466520 ----a-w- c:\windows\system32\wrap_oal.dll
    2013-01-24 16:28 . 2013-01-24 16:28 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2013-01-24 16:28 . 2013-01-24 16:28 123480 ----a-w- c:\windows\system32\OpenAL32.dll
    2013-01-24 16:28 . 2013-01-24 16:28 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2013-01-24 16:28 . 2011-11-14 15:23 1943040 ------w- c:\windows\system32\Sens_oal.dll
    2013-01-24 16:20 . 2013-01-24 16:21 -------- d-----w- c:\program files (x86)\EVGA Precision X
    2013-01-24 16:15 . 2013-02-02 09:06 -------- d-----w- c:\programdata\NVIDIA
    2013-01-24 16:15 . 2013-01-25 22:53 -------- d-----w- c:\users\UpdatusUser
    2013-01-24 16:13 . 2013-01-24 16:13 -------- d-----w- C:\NVIDIA
    2013-01-24 16:11 . 2013-01-24 16:11 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2013-01-24 16:10 . 2013-01-24 16:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-17 01:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
    2012-12-13 11:49 . 2012-12-13 11:49 450136 ----a-w- c:\windows\system32\drivers\vsdatant.sys
    2012-11-30 04:45 . 2013-01-25 22:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2013-01-30 16:09 1883824 ----a-w- c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll" [2013-01-30 1883824]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Steam"="d:\installed games\Steam\Steam.exe" [2013-01-27 1354736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "Sound Blaster Recon3D PCIe Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" [2011-11-14 880128]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]
    "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-09 78312]
    "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2012-04-17 223096]
    "LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-12 27760]
    "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-23 73832]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-01-30 1101488]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
    R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
    R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/01/24 17:43;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-05-09 242664]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 CtHdaSvc;Sound Blaster Service;c:\windows\sysWow64\CtHdaSvc.exe [2013-01-10 103424]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
    R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 828072]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-30 945328]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-01-24 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-01-24 79360]
    R3 cthda;Sound Blaster HDAudio;c:\windows\system32\drivers\cthda.sys [2013-01-10 1044400]
    R3 CTHDB;SB Recon3D PCIe Audio Bus Filter;c:\windows\system32\DRIVERS\CtHDb.sys [2013-01-10 28592]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
    R3 NTIOLib_1_0_C;NTIOLib_1_0_C;E:\NTIOLib_X64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-25 1255736]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-30 37720]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-25 22:41 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-29 17:27]
    .
    2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 22:39]
    .
    2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 22:39]
    .
    2013-02-02 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
    - c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-30 16:09]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.co.uk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
    FF - ProfilePath - c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78e869ac9e4c414492955dce15e3def5-43e00dc797ad58ef813020547ab1305aab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33&v=14.0.2.14&pid=avg&sg=&sap=hp
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78e869ac9e4c414492955dce15e3def5-43e00dc797ad58ef813020547ab1305aab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
    FF - ExtSQL: 2013-01-27 17:23; ffxtlbr@zonealarm.com; c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\ffxtlbr@zonealarm.com
    FF - ExtSQL: 2013-01-27 17:23; donottrack@checkpoint.com; c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\donottrack@checkpoint.com
    FF - ExtSQL: 2013-01-27 18:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - ExtSQL: 2013-01-27 18:34; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\14.0.2.14
    FF - user.js: extensions.zonealarm_i.hmpg - true
    FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
    FF - user.js: extensions.zonealarm.dfltSrch - true
    FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
    FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
    FF - user.js: extensions.zonealarm_i.dnsErr - true
    FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
    FF - user.js: extensions.zonealarm.autoRvrt - false
    FF - user.js: extensions.zonealarm_i.newTab - false
    FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=97be6726efb44bfba75cc672272c65bf&tu=10GpG006K2B000s&sku=&tstsId=&ver=&&q=
    FF - user.js: extensions.zonealarm.id - 9c17b2130000000000008c89a588ce82
    FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
    FF - user.js: extensions.zonealarm.instlDay - 15732
    FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
    FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
    FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1618:05
    FF - user.js: extensions.zonealarm.prtnrId - checkpoint
    FF - user.js: extensions.zonealarm.prdct - zonealarm
    FF - user.js: extensions.zonealarm.aflt - 1043
    FF - user.js: extensions.zonealarm_i.smplGrp - none
    FF - user.js: extensions.zonealarm.tlbrId - base2013
    FF - user.js: extensions.zonealarm.instlRef - ZLN116573865866699-1001
    FF - user.js: extensions.zonealarm.dfltLng - en
    FF - user.js: extensions.zonealarm.excTlbr - false
    FF - user.js: extensions.zonealarm.admin - false
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oz1LE6ej6&loc=IB_TB&I=26&search=
    FF - user.js: extensions.incredibar_i.id - 9c17b2130000000000008c89a588ce82
    FF - user.js: extensions.incredibar_i.instlDay - 15734
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:16
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6Oz1LE6ej6
    FF - user.js: extensions.incredibar_i.upn2n - 92262881519060488
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10678
    FF - user.js: extensions.incredibar_i.ppd - 111
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-02 15:06:17
    ComboFix-quarantined-files.txt 2013-02-02 15:06
    ComboFix2.txt 2013-01-31 19:55
    .
    Pre-Run: 910,275,862,528 bytes free
    Post-Run: 909,841,690,624 bytes free
    .
    - - End Of File - - 56390610E218C5DE2C8D9D3964B5EBF1
    tedus987, Feb 2, 2013
    #27

  8. tedus987 TechSpot Enthusiast Posts: 123

    Mind if I ask what Combofix was suppose to do/or did when I moved that txt file over it?
    tedus987, Feb 2, 2013
    #28

  9. tedus987 TechSpot Enthusiast Posts: 123

    Ok, here's the adware scan

    -----------------------------------------

    # AdwCleaner v2.109 - Logfile created 02/02/2013 at 16:42:14
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Luke - LUKE-PC-BUILD2
    # Boot Mode : Normal
    # Running from : C:\Users\Luke\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\user.js
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Users\Luke\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Luke\AppData\LocalLow\AVG Secure Search

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\IB Updater
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.1 (en-GB)

    File : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\prefs.js

    C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\user.js ... Deleted !

    Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.0.2.14")[...]
    Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb185?a=6Oz1LE6ej6&I=26");
    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124BDE9[...]
    Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
    Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
    Deleted : user_pref("extensions.incredibar_i.did", "10678");
    Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
    Deleted : user_pref("extensions.incredibar_i.id", "9c17b2130000000000008c89a588ce82");
    Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
    Deleted : user_pref("extensions.incredibar_i.instlDay", "15734");
    Deleted : user_pref("extensions.incredibar_i.instlRef", "");
    Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
    Deleted : user_pref("extensions.incredibar_i.newTab", false);
    Deleted : user_pref("extensions.incredibar_i.ppd", "111");
    Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
    Deleted : user_pref("extensions.incredibar_i.productid", "26");
    Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
    Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
    Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
    Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6Oz1LE6ej6&loc=IB[...]
    Deleted : user_pref("extensions.incredibar_i.upn2", "6Oz1LE6ej6");
    Deleted : user_pref("extensions.incredibar_i.upn2n", "92262881519060488");
    Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
    Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1417:16:34");
    Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
    Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&m[...]

    -\\ Google Chrome v24.0.1312.56

    File : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124B[...]
    Deleted [l.44] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
    Deleted [l.47] : keyword = "isearch.avg.com",
    Deleted [l.50] : search_url = "hxxp://isearch.avg.com/search?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78[...]
    Deleted [l.1874] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124BDE9[...]

    *************************

    AdwCleaner[S1].txt - [9000 octets] - [02/02/2013 16:42:14]

    ########## EOF - C:\AdwCleaner[S1].txt - [9060 octets] ##########
    tedus987, Feb 2, 2013
    #29

  10. tedus987 TechSpot Enthusiast Posts: 123

    Ok, sound out why combofix was getting stuck on stage 5, seams turning of the firewall and virus in zone alarm dosn't actually turn them off and you have to close the app completly. anyway I have the JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.5.8 (01.31.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Luke on 02/02/2013 at 17:19:03.75
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Luke\AppData\Roaming\mozilla\firefox\profiles\eosqmyzk.default\minidumps [6 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 02/02/2013 at 17:27:10.91
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    tedus987, Feb 2, 2013
    #30

  11. tedus987 TechSpot Enthusiast Posts: 123

    So, next step?
    tedus987, Feb 2, 2013
    #31

  12. Jay Pfoutz Malware Helper Posts: 4,286   +49

    That didn't seem to work for ComboFix, but let's do the following next:

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [IMG]


    Go to Start Repairs tab and click Start button.

    [IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [IMG]

    Click on box next to the Restart System when Finished. Then click on Start.



    Then, do the same with AdwCleaner and Junkware Removal Tool, and post logs please. :)
    Jay Pfoutz, Feb 2, 2013
    #32

  13. tedus987 TechSpot Enthusiast Posts: 123

    Ok, what do you mean 'Then, do the same with AdwCleaner and Junkware Removal Tool, and post logs please.' I already ran them and posted the logs.
    tedus987, Feb 2, 2013
    #33

  14. Jay Pfoutz Malware Helper Posts: 4,286   +49

    I'd like you to run them again like earlier, please. I'd like to see if there are remnants of Incredibar before we finish up. :)
    Jay Pfoutz, Feb 2, 2013
    #34

  15. tedus987 TechSpot Enthusiast Posts: 123

    Ah, OK, I think AdwCleaner removed most of the stuff in Mozilla that combo fix couldn't.

    so once we finish up my PC should be clean of both incredible and anything else it put on my new system?
    tedus987, Feb 2, 2013
    #35

  16. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hopefully, yes.
    Jay Pfoutz, Feb 2, 2013
    #36

  17. tedus987 TechSpot Enthusiast Posts: 123

    So there's no 100% garentee?
    tedus987, Feb 2, 2013
    #37

  18. tedus987 TechSpot Enthusiast Posts: 123

    Ok, I have two options that arn't on your image.

    repair file associations (has a drop down menu.)
    repair windows safe mode

    do I tick them or untick them?
    tedus987, Feb 2, 2013
    #38

  19. Jay Pfoutz Malware Helper Posts: 4,286   +49

    Don't do either.
    Jay Pfoutz, Feb 2, 2013
    #39

  20. tedus987 TechSpot Enthusiast Posts: 123

    OK, leave them un-ticked, fair enough.
    tedus987, Feb 2, 2013
    #40
Page 2 of 4
Topic Status:
Not open for further replies.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.