Incredibar, not to sure if I've removed it all

Solved
By tedus987
Jan 31, 2013
Topic Status:
Not open for further replies.
  1. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    OK, I'll post the logs as soon as I get them once I do the steps tomorrow.
  2. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ok, tried the ComboFix script in normal only for combo fix to freeze at stage 4 again. ran it in safe mode and I got it to run. in safe mode I think I moved CFScript.txt over ComboFix not to sure what I did notice is the CFScript.txt file disapeared after it was done. here's the log.

    ComboFix 13-01-31.03 - Luke 02/02/2013 15:02:01.3.6 - x64 MINIMAL
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.32738.30442 [GMT 0:00]
    Running from: c:\users\Luke\Desktop\ComboFix.exe
    Command switches used :: c:\users\Luke\Desktop\CFScript.txt
    AV: ZoneAlarm Free Firewall Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
    FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: ZoneAlarm Free Firewall Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-02 15:04 . 2013-02-02 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-01 07:14 . 2013-01-15 02:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73CC9823-B21A-4D93-A125-B05F2FAFE9F6}\mpengine.dll
    2013-01-30 17:28 . 2013-01-30 17:28 -------- d-----w- c:\program files\Paint.NET
    2013-01-29 17:27 . 2013-01-29 17:27 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-29 17:27 . 2013-01-29 17:27 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-29 17:27 . 2013-01-29 17:27 -------- d-----w- c:\windows\SysWow64\Macromed
    2013-01-29 17:27 . 2013-01-29 17:27 -------- d-----w- c:\windows\system32\Macromed
    2013-01-29 17:16 . 2013-01-29 17:16 450 ----a-w- C:\user.js
    2013-01-27 21:01 . 2013-01-27 21:01 -------- d-----w- c:\program files (x86)\Common Files\BioWare
    2013-01-27 21:00 . 2013-01-27 21:00 -------- d-----w- c:\users\hedev
    2013-01-27 18:37 . 2013-01-29 15:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2013-01-27 18:34 . 2013-01-27 18:34 -------- d-----w- c:\programdata\AVG Secure Search
    2013-01-27 18:33 . 2013-01-30 16:09 37720 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-01-27 18:33 . 2013-01-30 16:10 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2013-01-27 18:33 . 2013-01-30 16:09 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2013-01-27 18:24 . 2013-01-27 18:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-01-27 18:24 . 2013-01-27 18:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2013-01-27 18:19 . 2013-01-27 18:19 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-27 18:19 . 2013-01-27 18:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-01-27 18:19 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-27 18:10 . 2012-11-15 21:06 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
    2013-01-27 18:10 . 2012-11-15 21:06 611160 ----a-w- c:\windows\system32\drivers\klif.sys
    2013-01-27 18:05 . 2013-01-27 18:05 -------- d-----w- c:\program files (x86)\DoNotTrackPlus
    2013-01-27 17:39 . 2013-01-27 17:39 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2013-01-27 17:23 . 2013-01-27 17:23 -------- d-----w- c:\program files\CheckPoint
    2013-01-27 17:21 . 2013-01-27 17:21 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
    2013-01-27 17:21 . 2013-01-27 17:23 -------- d-----w- c:\program files (x86)\CheckPoint
    2013-01-27 17:21 . 2013-01-27 17:21 -------- d-----w- c:\programdata\CheckPoint
    2013-01-25 22:53 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2013-01-25 22:53 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2013-01-25 22:53 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2013-01-25 22:51 . 2013-01-25 22:51 -------- d-----w- c:\users\Public\Creative
    2013-01-25 22:46 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-01-25 22:46 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
    2013-01-25 22:46 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
    2013-01-25 22:46 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
    2013-01-25 22:46 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2013-01-25 22:46 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2013-01-25 22:46 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2013-01-25 22:46 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2013-01-25 22:46 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2013-01-25 22:43 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
    2013-01-25 22:43 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    2013-01-25 22:43 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-25 22:43 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-25 22:43 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
    2013-01-25 22:43 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2013-01-25 22:43 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2013-01-25 22:43 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2013-01-25 22:43 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2013-01-25 22:42 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
    2013-01-25 22:42 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
    2013-01-25 22:42 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2013-01-25 22:42 . 2013-01-25 22:42 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2013-01-25 22:42 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
    2013-01-25 22:42 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2013-01-25 22:40 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
    2013-01-25 22:40 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    2013-01-25 22:40 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2013-01-25 22:40 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
    2013-01-25 22:40 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
    2013-01-25 22:40 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2013-01-25 22:40 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2013-01-25 22:40 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
    2013-01-25 22:40 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2013-01-25 22:40 . 2013-01-25 22:40 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2013-01-25 22:39 . 2013-01-25 22:41 -------- d-----w- c:\program files (x86)\Google
    2013-01-25 22:35 . 2013-01-25 22:35 -------- d-----w- c:\windows\SysWow64\Wat
    2013-01-25 22:35 . 2013-01-25 22:35 -------- d-----w- c:\windows\system32\Wat
    2013-01-25 22:23 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2013-01-25 22:23 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2013-01-25 22:23 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2013-01-25 22:23 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2013-01-25 22:23 . 2012-12-16 17:31 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-25 22:18 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
    2013-01-25 22:14 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2013-01-25 22:12 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
    2013-01-25 22:09 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
    2013-01-25 22:08 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2013-01-25 22:07 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2013-01-25 22:07 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2013-01-25 21:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2013-01-25 21:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2013-01-25 21:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2013-01-25 21:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2013-01-25 21:58 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2013-01-25 21:58 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2013-01-25 21:58 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2013-01-25 21:58 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2013-01-25 21:58 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2013-01-25 21:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2013-01-25 21:48 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
    2013-01-25 21:48 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2013-01-25 21:48 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2013-01-25 21:48 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2013-01-25 21:48 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2013-01-25 21:47 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
    2013-01-25 07:15 . 2013-01-24 15:36 -------- d-----w- c:\windows\Panther
    2013-01-24 18:02 . 2013-01-24 18:02 -------- d-----w- c:\users\Public\CyberLink
    2013-01-24 17:44 . 2012-07-11 13:18 23664 ----a-w- c:\windows\SysWow64\lgfwunis.exe
    2013-01-24 17:44 . 2001-08-29 21:00 59904 ----a-w- c:\windows\SysWow64\wbemdisp.tlb
    2013-01-24 17:44 . 1998-07-22 00:00 102912 ----a-w- c:\windows\SysWow64\Vb6stkit.dll
    2013-01-24 17:44 . 1998-07-22 00:00 102160 ----a-w- c:\windows\SysWow64\VB6KO.DLL
    2013-01-24 17:44 . 1998-06-24 00:00 115016 ----a-w- c:\windows\SysWow64\MSINET.OCX
    2013-01-24 17:44 . 2013-01-31 20:00 -------- d-----w- c:\program files (x86)\lg_fwupdate
    2013-01-24 17:42 . 2013-01-24 17:42 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
    2013-01-24 17:42 . 2013-01-24 17:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-01-24 17:42 . 2013-01-24 17:42 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2013-01-24 17:38 . 2013-01-24 17:45 -------- d-----w- c:\programdata\install_clap
    2013-01-24 17:37 . 2013-01-24 17:45 -------- d-----w- c:\program files (x86)\CyberLink
    2013-01-24 17:37 . 2013-01-24 17:37 -------- d-----w- c:\programdata\CLSK
    2013-01-24 17:37 . 2013-01-24 18:02 -------- d-----w- c:\programdata\CyberLink
    2013-01-24 16:34 . 2013-01-25 22:49 -------- d-----w- c:\programdata\Creative
    2013-01-24 16:28 . 2000-05-11 01:00 90112 ------w- c:\windows\Updreg.EXE
    2013-01-24 16:28 . 2013-01-24 16:28 466520 ----a-w- c:\windows\system32\wrap_oal.dll
    2013-01-24 16:28 . 2013-01-24 16:28 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2013-01-24 16:28 . 2013-01-24 16:28 123480 ----a-w- c:\windows\system32\OpenAL32.dll
    2013-01-24 16:28 . 2013-01-24 16:28 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2013-01-24 16:28 . 2011-11-14 15:23 1943040 ------w- c:\windows\system32\Sens_oal.dll
    2013-01-24 16:20 . 2013-01-24 16:21 -------- d-----w- c:\program files (x86)\EVGA Precision X
    2013-01-24 16:15 . 2013-02-02 09:06 -------- d-----w- c:\programdata\NVIDIA
    2013-01-24 16:15 . 2013-01-25 22:53 -------- d-----w- c:\users\UpdatusUser
    2013-01-24 16:13 . 2013-01-24 16:13 -------- d-----w- C:\NVIDIA
    2013-01-24 16:11 . 2013-01-24 16:11 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2013-01-24 16:10 . 2013-01-24 16:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-17 01:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
    2012-12-13 11:49 . 2012-12-13 11:49 450136 ----a-w- c:\windows\system32\drivers\vsdatant.sys
    2012-11-30 04:45 . 2013-01-25 22:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2013-01-30 16:09 1883824 ----a-w- c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll" [2013-01-30 1883824]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Steam"="d:\installed games\Steam\Steam.exe" [2013-01-27 1354736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "Sound Blaster Recon3D PCIe Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" [2011-11-14 880128]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]
    "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-09 78312]
    "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2012-04-17 223096]
    "LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-12 27760]
    "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-23 73832]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-01-30 1101488]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
    R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
    R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/01/24 17:43;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-05-09 242664]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 CtHdaSvc;Sound Blaster Service;c:\windows\sysWow64\CtHdaSvc.exe [2013-01-10 103424]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
    R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 828072]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-30 945328]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-01-24 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-01-24 79360]
    R3 cthda;Sound Blaster HDAudio;c:\windows\system32\drivers\cthda.sys [2013-01-10 1044400]
    R3 CTHDB;SB Recon3D PCIe Audio Bus Filter;c:\windows\system32\DRIVERS\CtHDb.sys [2013-01-10 28592]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
    R3 NTIOLib_1_0_C;NTIOLib_1_0_C;E:\NTIOLib_X64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-25 1255736]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-30 37720]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-25 22:41 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-29 17:27]
    .
    2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 22:39]
    .
    2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 22:39]
    .
    2013-02-02 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
    - c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-30 16:09]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.co.uk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
    FF - ProfilePath - c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78e869ac9e4c414492955dce15e3def5-43e00dc797ad58ef813020547ab1305aab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33&v=14.0.2.14&pid=avg&sg=&sap=hp
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78e869ac9e4c414492955dce15e3def5-43e00dc797ad58ef813020547ab1305aab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
    FF - ExtSQL: 2013-01-27 17:23; ffxtlbr@zonealarm.com; c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\ffxtlbr@zonealarm.com
    FF - ExtSQL: 2013-01-27 17:23; donottrack@checkpoint.com; c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\donottrack@checkpoint.com
    FF - ExtSQL: 2013-01-27 18:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - ExtSQL: 2013-01-27 18:34; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\14.0.2.14
    FF - user.js: extensions.zonealarm_i.hmpg - true
    FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
    FF - user.js: extensions.zonealarm.dfltSrch - true
    FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
    FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
    FF - user.js: extensions.zonealarm_i.dnsErr - true
    FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
    FF - user.js: extensions.zonealarm.autoRvrt - false
    FF - user.js: extensions.zonealarm_i.newTab - false
    FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=97be6726efb44bfba75cc672272c65bf&tu=10GpG006K2B000s&sku=&tstsId=&ver=&&q=
    FF - user.js: extensions.zonealarm.id - 9c17b2130000000000008c89a588ce82
    FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
    FF - user.js: extensions.zonealarm.instlDay - 15732
    FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
    FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
    FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1618:05
    FF - user.js: extensions.zonealarm.prtnrId - checkpoint
    FF - user.js: extensions.zonealarm.prdct - zonealarm
    FF - user.js: extensions.zonealarm.aflt - 1043
    FF - user.js: extensions.zonealarm_i.smplGrp - none
    FF - user.js: extensions.zonealarm.tlbrId - base2013
    FF - user.js: extensions.zonealarm.instlRef - ZLN116573865866699-1001
    FF - user.js: extensions.zonealarm.dfltLng - en
    FF - user.js: extensions.zonealarm.excTlbr - false
    FF - user.js: extensions.zonealarm.admin - false
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oz1LE6ej6&loc=IB_TB&I=26&search=
    FF - user.js: extensions.incredibar_i.id - 9c17b2130000000000008c89a588ce82
    FF - user.js: extensions.incredibar_i.instlDay - 15734
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:16
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6Oz1LE6ej6
    FF - user.js: extensions.incredibar_i.upn2n - 92262881519060488
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10678
    FF - user.js: extensions.incredibar_i.ppd - 111
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-02-02 15:06:17
    ComboFix-quarantined-files.txt 2013-02-02 15:06
    ComboFix2.txt 2013-01-31 19:55
    .
    Pre-Run: 910,275,862,528 bytes free
    Post-Run: 909,841,690,624 bytes free
    .
    - - End Of File - - 56390610E218C5DE2C8D9D3964B5EBF1
  3. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Mind if I ask what Combofix was suppose to do/or did when I moved that txt file over it?
  4. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ok, here's the adware scan

    -----------------------------------------

    # AdwCleaner v2.109 - Logfile created 02/02/2013 at 16:42:14
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Luke - LUKE-PC-BUILD2
    # Boot Mode : Normal
    # Running from : C:\Users\Luke\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\user.js
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Users\Luke\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Luke\AppData\LocalLow\AVG Secure Search

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\IB Updater
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.1 (en-GB)

    File : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\prefs.js

    C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\user.js ... Deleted !

    Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.0.2.14")[...]
    Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb185?a=6Oz1LE6ej6&I=26");
    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124BDE9[...]
    Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
    Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
    Deleted : user_pref("extensions.incredibar_i.did", "10678");
    Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
    Deleted : user_pref("extensions.incredibar_i.id", "9c17b2130000000000008c89a588ce82");
    Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
    Deleted : user_pref("extensions.incredibar_i.instlDay", "15734");
    Deleted : user_pref("extensions.incredibar_i.instlRef", "");
    Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
    Deleted : user_pref("extensions.incredibar_i.newTab", false);
    Deleted : user_pref("extensions.incredibar_i.ppd", "111");
    Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
    Deleted : user_pref("extensions.incredibar_i.productid", "26");
    Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
    Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
    Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
    Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6Oz1LE6ej6&loc=IB[...]
    Deleted : user_pref("extensions.incredibar_i.upn2", "6Oz1LE6ej6");
    Deleted : user_pref("extensions.incredibar_i.upn2n", "92262881519060488");
    Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
    Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1417:16:34");
    Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
    Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&m[...]

    -\\ Google Chrome v24.0.1312.56

    File : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124B[...]
    Deleted [l.44] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
    Deleted [l.47] : keyword = "isearch.avg.com",
    Deleted [l.50] : search_url = "hxxp://isearch.avg.com/search?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78[...]
    Deleted [l.1874] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124BDE9[...]

    *************************

    AdwCleaner[S1].txt - [9000 octets] - [02/02/2013 16:42:14]

    ########## EOF - C:\AdwCleaner[S1].txt - [9060 octets] ##########
  5. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ok, sound out why combofix was getting stuck on stage 5, seams turning of the firewall and virus in zone alarm dosn't actually turn them off and you have to close the app completly. anyway I have the JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.5.8 (01.31.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Luke on 02/02/2013 at 17:19:03.75
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Luke\AppData\Roaming\mozilla\firefox\profiles\eosqmyzk.default\minidumps [6 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 02/02/2013 at 17:27:10.91
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    So, next step?
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That didn't seem to work for ComboFix, but let's do the following next:

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.



    Then, do the same with AdwCleaner and Junkware Removal Tool, and post logs please. :)
  8. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ok, what do you mean 'Then, do the same with AdwCleaner and Junkware Removal Tool, and post logs please.' I already ran them and posted the logs.
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I'd like you to run them again like earlier, please. I'd like to see if there are remnants of Incredibar before we finish up. :)
  10. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ah, OK, I think AdwCleaner removed most of the stuff in Mozilla that combo fix couldn't.

    so once we finish up my PC should be clean of both incredible and anything else it put on my new system?
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hopefully, yes.
     
  12. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    So there's no 100% garentee?
  13. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ok, I have two options that arn't on your image.

    repair file associations (has a drop down menu.)
    repair windows safe mode

    do I tick them or untick them?
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Don't do either.
  15. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    OK, leave them un-ticked, fair enough.
  16. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Do you need the logs from windows all in one, if so were would I find it?
  17. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ok, logs for adware remover and JRT are done

    --------------------------------------------------------------------

    # AdwCleaner v2.109 - Logfile created 02/03/2013 at 03:39:24
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Luke - LUKE-PC-BUILD2
    # Boot Mode : Normal
    # Running from : C:\Users\Luke\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.1 (en-GB)

    File : C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v24.0.1312.56

    File : C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [9115 octets] - [02/02/2013 16:42:14]
    AdwCleaner[S2].txt - [943 octets] - [03/02/2013 03:39:24]

    ########## EOF - C:\AdwCleaner[S2].txt - [1002 octets] ##########


    ---------------------------------------------------------------------------------------------

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.5.8 (01.31.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Luke on 03/02/2013 at 3:42:46.44
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Luke\AppData\Roaming\mozilla\firefox\profiles\eosqmyzk.default\minidumps [3 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 03/02/2013 at 3:51:20.40
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  18. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Do you need the windows all in one logs? if so where do I find them?
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    No, I don't need the repair tool logs...

    What other issues are to be dealt with?
  20. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Well spybots immunize tool keeps telling me that one or two things are not immune over the last few days but I want to see if it's like that tomorow. and one of the things that didn't start till the infection was the 'realteck audio manager' kept detecting something being pluged in to the front panel. I've never plugged anything in to that port nor will I be since I have a sound card as a separe component to the motherboard.

    finally I want to ask if you know if it's posible to get winrar for windows 7.

    if so were do I go?

    -------------------------------------

    the immunity could be down to all the scans and fixes done over the last week. if it says everythings immune tomorrow then that's probably the cause.
  21. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    OK, when I turn my new PC on tomorrow I'll check spybot immunization before updating, it should tell me I'm immune since that's the most recent database it has and I immunized this morning.
  22. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ok, spybots showing full imunization, so that's stopped happening. I think thats about it. all the problems seem to have gone.
  23. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    Ok, so what do I do now?
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advanced System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create


    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  25. tedus987

    tedus987 TechSpot Enthusiast Topic Starter Posts: 168

    OK, I'll run that tomorrow when I get up.
    DragonMaster Jay likes this.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.