Ok, tried the ComboFix script in normal only for combo fix to freeze at stage 4 again. ran it in safe mode and I got it to run. in safe mode I think I moved CFScript.txt over ComboFix not to sure what I did notice is the
CFScript.txt file disapeared after it was done. here's the log.
ComboFix 13-01-31.03 - Luke 02/02/2013 15:02:01.3.6 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.32738.30442 [GMT 0:00]
Running from: c:\users\Luke\Desktop\ComboFix.exe
Command switches used :: c:\users\Luke\Desktop\CFScript.txt
AV: ZoneAlarm Free Firewall Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Free Firewall Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
.
.
2013-02-02 15:04 . 2013-02-02 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-01 07:14 . 2013-01-15 02:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73CC9823-B21A-4D93-A125-B05F2FAFE9F6}\mpengine.dll
2013-01-30 17:28 . 2013-01-30 17:28 -------- d-----w- c:\program files\Paint.NET
2013-01-29 17:27 . 2013-01-29 17:27 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-29 17:27 . 2013-01-29 17:27 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-29 17:27 . 2013-01-29 17:27 -------- d-----w- c:\windows\SysWow64\Macromed
2013-01-29 17:27 . 2013-01-29 17:27 -------- d-----w- c:\windows\system32\Macromed
2013-01-29 17:16 . 2013-01-29 17:16 450 ----a-w- C:\user.js
2013-01-27 21:01 . 2013-01-27 21:01 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2013-01-27 21:00 . 2013-01-27 21:00 -------- d-----w- c:\users\hedev
2013-01-27 18:37 . 2013-01-29 15:26 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-01-27 18:34 . 2013-01-27 18:34 -------- d-----w- c:\programdata\AVG Secure Search
2013-01-27 18:33 . 2013-01-30 16:09 37720 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-01-27 18:33 . 2013-01-30 16:10 -------- d-----w- c:\program files (x86)\AVG Secure Search
2013-01-27 18:33 . 2013-01-30 16:09 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-01-27 18:24 . 2013-01-27 18:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-27 18:24 . 2013-01-27 18:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-01-27 18:19 . 2013-01-27 18:19 -------- d-----w- c:\programdata\Malwarebytes
2013-01-27 18:19 . 2013-01-27 18:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-27 18:19 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-27 18:10 . 2012-11-15 21:06 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-01-27 18:10 . 2012-11-15 21:06 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2013-01-27 18:05 . 2013-01-27 18:05 -------- d-----w- c:\program files (x86)\DoNotTrackPlus
2013-01-27 17:39 . 2013-01-27 17:39 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2013-01-27 17:23 . 2013-01-27 17:23 -------- d-----w- c:\program files\CheckPoint
2013-01-27 17:21 . 2013-01-27 17:21 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
2013-01-27 17:21 . 2013-01-27 17:23 -------- d-----w- c:\program files (x86)\CheckPoint
2013-01-27 17:21 . 2013-01-27 17:21 -------- d-----w- c:\programdata\CheckPoint
2013-01-25 22:53 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2013-01-25 22:53 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2013-01-25 22:53 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-25 22:51 . 2013-01-25 22:51 -------- d-----w- c:\users\Public\Creative
2013-01-25 22:46 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-25 22:46 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-25 22:46 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-25 22:46 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-25 22:46 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-25 22:46 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-25 22:46 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-25 22:46 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-25 22:46 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-25 22:43 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-01-25 22:43 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-01-25 22:43 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-25 22:43 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-25 22:43 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2013-01-25 22:43 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-01-25 22:43 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-25 22:43 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-25 22:43 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-25 22:42 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2013-01-25 22:42 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-01-25 22:42 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-01-25 22:42 . 2013-01-25 22:42 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-01-25 22:42 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2013-01-25 22:42 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-01-25 22:40 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2013-01-25 22:40 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2013-01-25 22:40 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-01-25 22:40 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2013-01-25 22:40 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2013-01-25 22:40 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2013-01-25 22:40 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2013-01-25 22:40 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2013-01-25 22:40 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2013-01-25 22:40 . 2013-01-25 22:40 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-01-25 22:39 . 2013-01-25 22:41 -------- d-----w- c:\program files (x86)\Google
2013-01-25 22:35 . 2013-01-25 22:35 -------- d-----w- c:\windows\SysWow64\Wat
2013-01-25 22:35 . 2013-01-25 22:35 -------- d-----w- c:\windows\system32\Wat
2013-01-25 22:23 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-25 22:23 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-25 22:23 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-01-25 22:23 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-25 22:23 . 2012-12-16 17:31 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-25 22:18 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-01-25 22:14 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-25 22:12 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2013-01-25 22:09 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-01-25 22:08 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-01-25 22:07 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-01-25 22:07 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-01-25 21:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-01-25 21:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-01-25 21:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-01-25 21:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-01-25 21:58 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-01-25 21:58 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-01-25 21:58 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-01-25 21:58 . 2012-06-02 15:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-25 21:58 . 2012-06-02 15:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-01-25 21:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-01-25 21:48 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-01-25 21:48 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2013-01-25 21:48 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2013-01-25 21:48 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2013-01-25 21:48 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2013-01-25 21:47 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-01-25 07:15 . 2013-01-24 15:36 -------- d-----w- c:\windows\Panther
2013-01-24 18:02 . 2013-01-24 18:02 -------- d-----w- c:\users\Public\CyberLink
2013-01-24 17:44 . 2012-07-11 13:18 23664 ----a-w- c:\windows\SysWow64\lgfwunis.exe
2013-01-24 17:44 . 2001-08-29 21:00 59904 ----a-w- c:\windows\SysWow64\wbemdisp.tlb
2013-01-24 17:44 . 1998-07-22 00:00 102912 ----a-w- c:\windows\SysWow64\Vb6stkit.dll
2013-01-24 17:44 . 1998-07-22 00:00 102160 ----a-w- c:\windows\SysWow64\VB6KO.DLL
2013-01-24 17:44 . 1998-06-24 00:00 115016 ----a-w- c:\windows\SysWow64\MSINET.OCX
2013-01-24 17:44 . 2013-01-31 20:00 -------- d-----w- c:\program files (x86)\lg_fwupdate
2013-01-24 17:42 . 2013-01-24 17:42 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2013-01-24 17:42 . 2013-01-24 17:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-01-24 17:42 . 2013-01-24 17:42 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-24 17:38 . 2013-01-24 17:45 -------- d-----w- c:\programdata\install_clap
2013-01-24 17:37 . 2013-01-24 17:45 -------- d-----w- c:\program files (x86)\CyberLink
2013-01-24 17:37 . 2013-01-24 17:37 -------- d-----w- c:\programdata\CLSK
2013-01-24 17:37 . 2013-01-24 18:02 -------- d-----w- c:\programdata\CyberLink
2013-01-24 16:34 . 2013-01-25 22:49 -------- d-----w- c:\programdata\Creative
2013-01-24 16:28 . 2000-05-11 01:00 90112 ------w- c:\windows\Updreg.EXE
2013-01-24 16:28 . 2013-01-24 16:28 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2013-01-24 16:28 . 2013-01-24 16:28 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-01-24 16:28 . 2013-01-24 16:28 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2013-01-24 16:28 . 2013-01-24 16:28 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-01-24 16:28 . 2011-11-14 15:23 1943040 ------w- c:\windows\system32\Sens_oal.dll
2013-01-24 16:20 . 2013-01-24 16:21 -------- d-----w- c:\program files (x86)\EVGA Precision X
2013-01-24 16:15 . 2013-02-02 09:06 -------- d-----w- c:\programdata\NVIDIA
2013-01-24 16:15 . 2013-01-25 22:53 -------- d-----w- c:\users\UpdatusUser
2013-01-24 16:13 . 2013-01-24 16:13 -------- d-----w- C:\NVIDIA
2013-01-24 16:11 . 2013-01-24 16:11 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-01-24 16:10 . 2013-01-24 16:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 01:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2012-12-13 11:49 . 2012-12-13 11:49 450136 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2012-11-30 04:45 . 2013-01-25 22:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-30 16:09 1883824 ----a-w- c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll" [2013-01-30 1883824]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="d:\installed games\Steam\Steam.exe" [2013-01-27 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Sound Blaster Recon3D PCIe Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3D PCIe\Sound Blaster Recon3D PCIe Control Panel\SBRnPCIe.exe" [2011-11-14 880128]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-09 78312]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2012-04-17 223096]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-12 27760]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-23 73832]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-01-30 1101488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/01/24 17:43;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-05-09 242664]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CtHdaSvc;Sound Blaster Service;c:\windows\sysWow64\CtHdaSvc.exe [2013-01-10 103424]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 828072]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-30 945328]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-01-24 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-01-24 79360]
R3 cthda;Sound Blaster HDAudio;c:\windows\system32\drivers\cthda.sys [2013-01-10 1044400]
R3 CTHDB;SB Recon3D PCIe Audio Bus Filter;c:\windows\system32\DRIVERS\CtHDb.sys [2013-01-10 28592]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;E:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-25 1255736]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-30 37720]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 44672]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-25 22:41 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-29 17:27]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 22:39]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 22:39]
.
2013-02-02 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
- c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-30 16:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://
www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78e869ac9e4c414492955dce15e3def5-43e00dc797ad58ef813020547ab1305aab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33&v=14.0.2.14&pid=avg&sg=&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={774FCFAC-D94E-4521-9039-D124BDE98A07}&mid=78e869ac9e4c414492955dce15e3def5-43e00dc797ad58ef813020547ab1305aab3e79c6&lang=en&ds=avgab0&pr=sa&d=2013-01-27 18:33&pid=avg&sg=&v=14.0.2.14&sap=ku&q=
FF - ExtSQL: 2013-01-27 17:23;
ffxtlbr@zonealarm.com; c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\
ffxtlbr@zonealarm.com
FF - ExtSQL: 2013-01-27 17:23;
donottrack@checkpoint.com; c:\users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\eosqmyzk.default\extensions\
donottrack@checkpoint.com
FF - ExtSQL: 2013-01-27 18:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-01-27 18:34; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\14.0.2.14
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=en&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=base2013&Lan=en&gu=97be6726efb44bfba75cc672272c65bf&tu=10G90006K2B000s&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=97be6726efb44bfba75cc672272c65bf&tu=10GpG006K2B000s&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 9c17b2130000000000008c89a588ce82
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15732
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1618:05
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1043
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN116573865866699-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oz1LE6ej6&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - 9c17b2130000000000008c89a588ce82
FF - user.js: extensions.incredibar_i.instlDay - 15734
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1417:16
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6Oz1LE6ej6
FF - user.js: extensions.incredibar_i.upn2n - 92262881519060488
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10678
FF - user.js: extensions.incredibar_i.ppd - 111
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-02 15:06:17
ComboFix-quarantined-files.txt 2013-02-02 15:06
ComboFix2.txt 2013-01-31 19:55
.
Pre-Run: 910,275,862,528 bytes free
Post-Run: 909,841,690,624 bytes free
.
- - End Of File - - 56390610E218C5DE2C8D9D3964B5EBF1