Solved Incredibar, not to sure if I've removed it all

[tedus987]

OK, I'll post the logs as soon as I get them once I do the steps tomorrow.

 

[tedus987]

Ok, tried the ComboFix script in normal only for combo fix to freeze at stage 4 again. ran it in safe mode and I got it to run. in safe mode I think I moved CFScript.txt over ComboFix not to sure what I did notice is the CFScript.txt file disapeared after it was done. here's the log.

ComboFix 13-01-31.03 - Luke 02/02/2013 15:02:01.3.6 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.32738.30442 [GMT 0:00]
Running from: c:\users\Luke\Desktop\ComboFix.exe
Command switches used :: c:\users\Luke\Desktop\CFScript.txt
AV: ZoneAlarm Free Firewall Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Free Firewall Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
.
.
2013-02-02 15:04 . 2013-02-02 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-01 07:14 . 2013-01-15 02:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73CC9823-B21A-4D93-A125-B05F2FAFE9F6}\mpengine.dll
2013-01-30 17:28 . 2013-01-30 17:28 -------- d-----w- c:\program files\Paint.NET
2013-01-29 17:27 . 2013-01-29 17:27 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-29 17:27 . 2013-01-29 17:27 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-29 17:27 . 2013-01-29 17:27 -------- d-----w- c:\windows\SysWow64\Macromed
2013-01-29 17:27 . 2013-01-29 17:27 -------- d-----w- c:\windows\system32\Macromed
2013-01-29 17:16 . 2013-01-29 17:16 450 ----a-w- C:\user.js
2013-01-27 21:01 . 2013-01-27 21:01 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2013-01-27 21:00 . 2013-01-27 21:00 -------- d-----w- c:\users\hedev
2013-01-27 18:37 . 2013-01-29 15:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-01-27 18:34 . 2013-01-27 18:34 -------- d-----w- c:\programdata\AVG Secure Search
2013-01-27 18:33 . 2013-01-30 16:09 37720 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-01-27 18:33 . 2013-01-30 16:10 -------- d-----w- c:\program files (x86)\AVG Secure Search
2013-01-27 18:33 . 2013-01-30 16:09 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-01-27 18:24 . 2013-01-27 18:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-27 18:24 . 2013-01-27 18:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-01-27 18:19 . 2013-01-27 18:19 -------- d-----w- c:\programdata\Malwarebytes
2013-01-27 18:19 . 2013-01-27 18:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-27 18:19 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-27 18:10 . 2012-11-15 21:06 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-01-27 18:10 . 2012-11-15 21:06 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2013-01-27 18:05 . 2013-01-27 18:05 -------- d-----w- c:\program files (x86)\DoNotTrackPlus
2013-01-27 17:39 . 2013-01-27 17:39 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2013-01-27 17:23 . 2013-01-27 17:23 -------- d-----w- c:\program files\CheckPoint
2013-01-27 17:21 . 2013-01-27 17:21 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
2013-01-27 17:21 . 2013-01-27 17:23 -------- d-----w- c:\program files (x86)\CheckPoint
2013-01-27 17:21 . 2013-01-27 17:21 -------- d-----w- c:\programdata\CheckPoint
2013-01-25 22:53 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2013-01-25 22:53 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2013-01-25 22:53 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-25 22:51 . 2013-01-25 22:51 -------- d-----w- c:\users\Public\Creative
2013-01-25 22:46 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-25 22:46 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-25 22:46 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-25 22:46 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-25 22:46 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-25 22:46 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-25 22:46 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-25 22:46 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-25 22:46 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-25 22:43 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-01-25 22:43 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-01-25 22:43 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-25 22:43 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-25 22:43 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2013-01-25 22:43 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-01-25 22:43 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-25 22:43 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-25 22:43 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-25 22:42 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2013-01-25 22:42 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-01-25 22:42 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-01-25 22:42 . 2013-01-25 22:42 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-01-25 22:42 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2013-01-25 22:42 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-01-25 22:40 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2013-01-25 22:40 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2013-01-25 22:40 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-01-25 22:40 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2013-01-25 22:40 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2013-01-25 22:40 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2013-01-25 22:40 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2013-01-25 22:40 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2013-01-25 22:40 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2013-01-25 22:40 . 2013-01-25 22:40 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-01-25 22:39 . 2013-01-25 22:41 -------- d-----w- c:\program files (x86)\Google
2013-01-25 22:35 . 2013-01-25 22:35 -------- d-----w- c:\windows\SysWow64\Wat
2013-01-25 22:35 . 2013-01-25 22:35 -------- d-----w- c:\windows\system32\Wat
2013-01-25 22:23 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-25 22:23 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-25 22:23 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-01-25 22:23 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-25 22:23 . 2012-12-16 17:31 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-25 22:18 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-01-25 22:14 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-25 22:12 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2013-01-25 22:09 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-01-25 22:08 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-01-25 22:07 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-01-25 22:07 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-01-25 21:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-01-25 21:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-01-25 21:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-01-25 21:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-01-25 21:58 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-01-25 21:58 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-01-25 21:58 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-01-25 21:58 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-25 21:58 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-01-25 21:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-01-25 21:48 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-01-25 21:48 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2013-01-25 21:48 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2013-01-25 21:48 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2013-01-25 21:48 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2013-01-25 21:47 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-01-25 07:15 . 2013-01-24 15:36 -------- d-----w- c:\windows\Panther
2013-01-24 18:02 . 2013-01-24 18:02 -------- d-----w- c:\users\Public\CyberLink
2013-01-24 17:44 . 2012-07-11 13:18 23664 ----a-w- c:\windows\SysWow64\lgfwunis.exe
2013-01-24 17:44 . 2001-08-29 21:00 59904 ----a-w- c:\windows\SysWow64\wbemdisp.tlb
2013-01-24 17:44 . 1998-07-22 00:00 102912 ----a-w- c:\windows\SysWow64\Vb6stkit.dll
2013-01-24 17:44 . 1998-07-22 00:00 102160 ----a-w- c:\windows\SysWow64\VB6KO.DLL
2013-01-24 17:44 . 1998-06-24 00:00 115016 ----a-w- c:\windows\SysWow64\MSINET.OCX
2013-01-24 17:44 . 2013-01-31 20:00 -------- d-----w- c:\program files (x86)\lg_fwupdate
2013-01-24 17:42 . 2013-01-24 17:42 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2013-01-24 17:42 . 2013-01-24 17:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-01-24 17:42 . 2013-01-24 17:42 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-24 17:38 . 2013-01-24 17:45 -------- d-----w- c:\programdata\install_clap
2013-01-24 17:37 . 2013-01-24 17:45 -------- d-----w- c:\program files (x86)\CyberLink
2013-01-24 17:37 . 2013-01-24 17:37 -------- d-----w- c:\programdata\CLSK
2013-01-24 17:37 . 2013-01-24 18:02 -------- d-----w- c:\programdata\CyberLink
2013-01-24 16:34 . 2013-01-25 22:49 -------- d-----w- c:\programdata\Creative
2013-01-24 16:28 . 2000-05-11 01:00 90112 ------w- c:\windows\Updreg.EXE
2013-01-24 16:28 . 2013-01-24 16:28 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2013-01-24 16:28 . 2013-01-24 16:28 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-01-24 16:28 . 2013-01-24 16:28 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2013-01-24 16:28 . 2013-01-24 16:28 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-01-24 16:28 . 2011-11-14 15:23 1943040 ------w- c:\windows\system32\Sens_oal.dll
2013-01-24 16:20 . 2013-01-24 16:21 -------- d-----w- c:\program files (x86)\EVGA Precision X
2013-01-24 16:15 . 2013-02-02 09:06 -------- d-----w- c:\programdata\NVIDIA
2013-01-24 16:15 . 2013-01-25 22:53 -------- d-----w- c:\users\UpdatusUser
2013-01-24 16:13 . 2013-01-24 16:13 -------- d-----w- C:\NVIDIA
2013-01-24 16:11 . 2013-01-24 16:11 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-01-24 16:10 . 2013-01-24 16:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 01:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2012-12-13 11:49 . 2012-12-13 11:49 450136 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2012-11-30 04:45 . 2013-01-25 22:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-30 16:09 1883824 ----a-w- c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll" [2013-01-30 1883824]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="d:\installed games\Steam\Steam.exe" [2013-01-27 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Sound Blaster Recon3D PCIe Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" [2011-11-14 880128]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-09 78312]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2012-04-17 223096]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-12 27760]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-23 73832]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-01-30 1101488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/01/24 17:43;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-05-09 242664]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CtHdaSvc;Sound Blaster Service;c:\windows\sysWow64\CtHdaSvc.exe [2013-01-10 103424]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 828072]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-30 945328]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-01-24 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-01-24 79360]
R3 cthda;Sound Blaster HDAudio;c:\windows\system32\drivers\cthda.sys [2013-01-10 1044400]
R3 CTHDB;SB Recon3D PCIe Audio Bus Filter;c:\windows\system32\DRIVERS\CtHDb.sys [2013-01-10 28592]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;E:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-25 1255736]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-30 37720]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-25 22:41 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-29 17:27]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 22:39]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 22:39]
.
2013-02-02 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-30 16:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78e869ac9e4c414492955dce15e3def5-43e00dc797ad58ef813020547ab1305aab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33&v=14.0.2.14&pid=avg&sg=&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78e869ac9e4c414492955dce15e3def5-43e00dc797ad58ef813020547ab1305aab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
FF - ExtSQL: 2013-01-27 17:23; ffxtlbr@zonealarm.com; c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\ffxtlbr@zonealarm.com
FF - ExtSQL: 2013-01-27 17:23; donottrack@checkpoint.com; c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\donottrack@checkpoint.com
FF - ExtSQL: 2013-01-27 18:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-01-27 18:34; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\14.0.2.14
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=97be6726efb44bfba75cc672272c65bf&tu=10GpG006K2B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 9c17b2130000000000008c89a588ce82
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15732
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1618:05
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1043
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN116573865866699-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oz1LE6ej6&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - 9c17b2130000000000008c89a588ce82
FF - user.js: extensions.incredibar_i.instlDay - 15734
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:16
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6Oz1LE6ej6
FF - user.js: extensions.incredibar_i.upn2n - 92262881519060488
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10678
FF - user.js: extensions.incredibar_i.ppd - 111
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-02 15:06:17
ComboFix-quarantined-files.txt 2013-02-02 15:06
ComboFix2.txt 2013-01-31 19:55
.
Pre-Run: 910,275,862,528 bytes free
Post-Run: 909,841,690,624 bytes free
.
- - End Of File - - 56390610E218C5DE2C8D9D3964B5EBF1

 

[tedus987]

Mind if I ask what Combofix was suppose to do/or did when I moved that txt file over it?

 

[tedus987]

Ok, here's the adware scan

-----------------------------------------

# AdwCleaner v2.109 - Logfile created 02/02/2013 at 16:42:14
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Luke - LUKE-PC-BUILD2
# Boot Mode : Normal
# Running from : C:\Users\Luke\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Luke\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Luke\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-GB)

File : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\prefs.js

C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\user.js ... Deleted !

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.0.2.14")[...]
Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb185?a=6Oz1LE6ej6&I=26");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124BDE9[...]
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10678");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "9c17b2130000000000008c89a588ce82");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15734");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "111");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6Oz1LE6ej6&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6Oz1LE6ej6");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92262881519060488");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1417:16:34");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&m[...]

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124B[...]
Deleted [l.44] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.47] : keyword = "isearch.avg.com",
Deleted [l.50] : search_url = "hxxp://isearch.avg.com/search?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78[...]
Deleted [l.1874] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124BDE9[...]

*************************

AdwCleaner[S1].txt - [9000 octets] - [02/02/2013 16:42:14]

########## EOF - C:\AdwCleaner[S1].txt - [9060 octets] ##########

 

[tedus987]

Ok, sound out why combofix was getting stuck on stage 5, seams turning of the firewall and virus in zone alarm dosn't actually turn them off and you have to close the app completly. anyway I have the JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.8 (01.31.2013:1)
OS: Windows 7 Ultimate x64
Ran by Luke on 02/02/2013 at 17:19:03.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Luke\AppData\Roaming\mozilla\firefox\profiles\eosqmyzk.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/02/2013 at 17:27:10.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[tedus987]

So, next step?

 

[Jay Pfoutz]

That didn't seem to work for ComboFix, but let's do the following next:

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Click on box next to the Restart System when Finished. Then click on Start.



Then, do the same with AdwCleaner and Junkware Removal Tool, and post logs please.

 

[tedus987]

Ok, what do you mean 'Then, do the same with AdwCleaner and Junkware Removal Tool, and post logs please.' I already ran them and posted the logs.

 

[Jay Pfoutz]

I'd like you to run them again like earlier, please. I'd like to see if there are remnants of Incredibar before we finish up.

 

[tedus987]

Ah, OK, I think AdwCleaner removed most of the stuff in Mozilla that combo fix couldn't.

so once we finish up my PC should be clean of both incredible and anything else it put on my new system?

 

[Jay Pfoutz]

Hopefully, yes.

 

[tedus987]

So there's no 100% garentee?

 

[tedus987]

Ok, I have two options that arn't on your image.

repair file associations (has a drop down menu.)
repair windows safe mode

do I tick them or untick them?

 

[Jay Pfoutz]

Don't do either.

 

[tedus987]

OK, leave them un-ticked, fair enough.

 

[tedus987]

Do you need the logs from windows all in one, if so were would I find it?

 

[tedus987]

Ok, logs for adware remover and JRT are done

--------------------------------------------------------------------

# AdwCleaner v2.109 - Logfile created 02/03/2013 at 03:39:24
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Luke - LUKE-PC-BUILD2
# Boot Mode : Normal
# Running from : C:\Users\Luke\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-GB)

File : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9115 octets] - [02/02/2013 16:42:14]
AdwCleaner[S2].txt - [943 octets] - [03/02/2013 03:39:24]

########## EOF - C:\AdwCleaner[S2].txt - [1002 octets] ##########


---------------------------------------------------------------------------------------------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.8 (01.31.2013:1)
OS: Windows 7 Ultimate x64
Ran by Luke on 03/02/2013 at 3:42:46.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Luke\AppData\Roaming\mozilla\firefox\profiles\eosqmyzk.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/02/2013 at 3:51:20.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[tedus987]

Do you need the windows all in one logs? if so where do I find them?

 

[Jay Pfoutz]

No, I don't need the repair tool logs...

What other issues are to be dealt with?

 

[tedus987]

Well spybots immunize tool keeps telling me that one or two things are not immune over the last few days but I want to see if it's like that tomorow. and one of the things that didn't start till the infection was the 'realteck audio manager' kept detecting something being pluged in to the front panel. I've never plugged anything in to that port nor will I be since I have a sound card as a separe component to the motherboard.

finally I want to ask if you know if it's posible to get winrar for windows 7.

if so were do I go?

-------------------------------------

the immunity could be down to all the scans and fixes done over the last week. if it says everythings immune tomorrow then that's probably the cause.

 

[tedus987]

OK, when I turn my new PC on tomorrow I'll check spybot immunization before updating, it should tell me I'm immune since that's the most recent database it has and I immunized this morning.

 

[tedus987]

Ok, spybots showing full imunization, so that's stopped happening. I think thats about it. all the problems seem to have gone.

 

[tedus987]

Ok, so what do I do now?

 

[Jay Pfoutz]

Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advanced System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Remove tools, temp files, old Restore Points

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  

  :files
  ipconfig /flushdns /c
  
  :commands
  [CREATERESTOREPOINT]
  [CLEARALLRESTOREPOINTS]
  [emptyflash]
  [emptytemp]
  [emptyjava]
  [reboot]

• Then click the Run Fix button at the top.
• Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
• It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[tedus987]

OK, I'll run that tomorrow when I get up.