jstatham
-
Posts
24 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by jstatham
-
-
I manually deleted the 0 key and it finally works. Now my big question is how in the world did those get added in. Thanks again for all your help.
-
The registry script would not run it I get an error. But I manually removed it and I found a bunch more that I think need removed. I exported them out into the attached regfile. It looks like to me all the paths need removed.
-
I disabled all startup items and disabled all services. When I rebooted into windows I still get the same error. I was wondering what would happen if I booted in safe mode and disabled the group policy client what would happen. Here is the event viewer log when i click on the Malewarebytes icon. I guess the big question is how do we find the rule? It looks like there is a policy on the path and not the exe. If I rename the Malwarebytes folder it works. Strange,
Access to C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {3036cfcf-7c01-4800-a2ca-e6a7873107d2} placed on path C:\Program Files (x86)\Malwarebytes' Anti-Malware.
-
-
SHA256: ba01b5c7dd7937ff6cec89f47a6213b1328a0bea4683ef66bf0d47be15cc038b SHA1: cd514a9a366f32c18275e85747bd634d9da210b7 MD5: 5f56064d4f9334fa619f7ba9df2a57d0 File size: 577.9 KB ( 591760 bytes ) File name: 3A4F502390EDB5B3077D09CAAA9BDA00EC0AD3CA.exe File type: Win32 EXE Tags: signed Detection ratio: 3 / 41 Analysis date: 2011-05-23 02:51:11 UTC ( 1 year, 6 months ago )
0
0
More details
Antivirus Result Update AhnLab-V3 - 20110522 AntiVir - 20110523 Antiy-AVL - 20110523 Avast - 20110522 Avast5 - 20110522 AVG Win32/Heur 20110522 BitDefender - 20110523 CAT-QuickHeal (Suspicious) - DNAScan 20110522 ClamAV - 20110523 Commtouch - 20110522 Comodo - 20110523 DrWeb - 20110523 eSafe - 20110522 eTrust-Vet - 20110520 F-Prot - 20110522 Fortinet - 20110522 GData - 20110523 Ikarus - 20110523 Jiangmin - 20110522 K7AntiVirus - 20110520 Kaspersky - 20110523 McAfee - 20110523 McAfee-GW-Edition - 20110522 Microsoft - 20110522 NOD32 - 20110523 Norman - 20110522 nProtect - 20110522 Panda - 20110522 PCTools - 20110519 Prevx - 20110523 Rising Suspicious 20110522 Sophos - 20110523 SUPERAntiSpyware - 20110523 Symantec - 20110523 TheHacker - 20110520 TrendMicro - 20110522 TrendMicro-HouseCall - 20110523 VBA32 - 20110520 VIPRE - 20110523 ViRobot - 20110523 VirusBuster -
-
I will but the inquiero.exe is a remote control app we use for remote adminsitration that I have been running for years.
-
It will run in safe mode. Here is the log.
-
Nothing in Group Policy Editor
-
Still gives the error.
-
=============== Repairing permissions... ===============
Analyzing security setting differences (This may take several minutes)... Done. Log saved to: "C:\CAT-Logs\11-20-2012 - 21.48.14.111\SECEDIT - 21.49.08.674.log"
Applying default security settings (This may take several minutes)... Done.
============= Permissions Repair Complete ==============
=============== Repairing explorer shell ===============
Registering acelpdec.ax... Success.
Registering actxprxy.dll... Success.
Registering asctrls.ocx... Success.
Registering daxctle.ocx... Success.
Registering dhtmled.ocx... Success.
Registering hhctrl.ocx... Success.
Registering lcodecx.ax... Success.
Registering licmgr.dll... Success.
Registering mpgds.ax... Success.
Registering msdxm.ocx... Success.
Registering plugin.ocx... Success.
Registering proctexe.ocx... Success.
Registering tdc.ocx... Success.
Registering wshom.ocx... Unable to determine result.
Registering access.cpl... Success.
Registering appwiz.cpl... Success.
Registering desk.cpl... Success.
Registering firewall.cpl... Success.
Registering hdwwiz.cpl... Success.
Registering inetcpl.cpl... Success.
Registering intl.cpl... Success.
Registering nusrmgr.cpl... Success.
Registering netsetup.cpl... Success.
Registering powercfg.cpl... Success.
Registering timedate.cpl... Success.
Registering wuau.cpl... Success.
Registering quartz.dll... Success.
Registering danim.dll... Success.
Registering dxmasf.dll... Success.
Registering dxtmsft.dll... Success.
Registering dxtrans.dll... Success.
Registering sbe.dll... Success.
Registering dxva.dll... Success.
Registering dxmrtp.dll... Success.
Registering dxdiagn.dll... Success.
Registering atl.dll... Success.
Registering corpol.dll... Success.
Registering dispex.dll... Success.
Registering jscript.dll... Success.
Registering scrrun.dll... Success.
Registering scrobj.dll... Success.
Registering vbscript.dll... Success.
Registering wshext.dll... Success.
Registering activeds.dll... Success.
Registering audiodev.dll... Success.
Registering browseui.dll... Success.
Registering browsewm.dll... Success.
Registering cabview.dll... Success.
Registering cdfview.dll... Success.
Registering clbcatex.dll... Success.
Registering clbcatq.dll... Success.
Registering comcat.dll... Success.
Registering cscui.dll... Success.
Registering credui.dll... Success.
Registering datime.dll... Success.
Registering devmgr.dll... Success.
Registering dfsshlex.dll... Unable to determine result.
Registering dmdlgs.dll... Success.
Registering dmdeskmgr.dll... Success.
Registering dmocx.dll... Success.
Registering dmview.ocx... Unable to determine result.
Registering dsuiext.dll... Success.
Registering dsquery.dll... Success.
Registering dskquoiu.dll... Success.
Registering els.dll... Success.
Registering es.dll... Success.
Registering fontext.dll... Success.
Registering hlink.dll... Success.
Registering hnetcfg.dll... Success.
Registering iedkcs.dll... Success.
Registering iepeers.dll... Success.
Registering iesetup.dll... Success.
Registering ils.dll... Success.
Registering imgutil.dll... Success.
Registering inetcfg.dll... Success.
Registering inetcomm.dll... Success.
Registering inseng.dll... Success.
Registering laprxy.dll... Success.
Registering lmrt.dll... Success.
Registering mlang.dll... Success.
Registering mmcndmgr.dll... Unable to determine result.
Registering mmcshext.dll... Success.
Registering mscoree.dll... Success.
Registering mshhtml.dll... Success.
Registering msieftp.dll... Success.
Registering msoe.dll... Success.
Registering msoeacct.dll... Success.
Registering msrc.dll... Success.
Registering msrating.dll... Success.
Registering mydocs.dll... Success.
Registering mstime.dll... Success.
Registering netcfgx.dll... Success.
Registering netplwiz.dll... Success.
Registering netman.dll... Success.
Registering netshell.dll... Success.
Registering ntmsevt.dll... Success.
Registering ntmsmgr.dll... Success.
Registering ntmssvc.dll... Success.
Registering occache.dll... Success.
Registering ole.dll... Success.
Registering oleaut.dll... Success.
Registering oleacc.dll... Success.
Registering olepro.dll... Success.
Registering photowiz.dll... Success.
Registering pngfilt.dll... Success.
Registering remotepg.dll... Success.
Registering rpcrt.dll... Success.
Registering rshx.dll... Success.
Registering sendmail.dll... Success.
Registering slayerxp.dll... Success.
Registering shdocvw.dll... Success.
Registering shsvcs.dll... Success.
Registering srclient.dll... Success.
Registering stobject.dll... Success.
Registering themeui.dll... Success.
Registering twext.dll... Success.
Registering urlmon.dll... Success.
Registering userenv.dll... Success.
Registering webcheck.dll... Success.
Registering webvw.dll... Success.
Registering winhttp.dll... Success.
Registering wininet.dll... Success.
Registering zipfldr.dll... Success.
Registering msdadc.dll... Success.
Registering nsdaenum.dll... Success.
Registering msdaer.dll... Success.
Registering msdaipp.dll... Success.
Registering msdaora.dll... Success.
Registering msdaosp.dll... Success.
Registering msdaps.dll... Success.
Registering msdasc.dll... Success.
Registering msdasql.dll... Success.
Registering msdatt.dll... Success.
Registering msdaurl.dll... Success.
Registering msdmeng.dll... Success.
Registering msdmine.dll... Success.
Registering msjtor.dll... Success.
Registering msmdbc.dll... Success.
Registering msmdgd.dll... Success.
Registering msolap.dll... Success.
Registering msolui.dll... Success.
Registering msxactps.dll... Success.
Registering oledb.dll... Success.
Registering oledbr.dll... Success.
Registering sqloledb.dll... Success.
Registering sqlxmlx.dll... Success.
Writing to registry: "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonShell"... Successful.
Deleting registry key "HKLM\Software\Policies\Microsoft\Explorer\GeneralTab"... Key/Value does not exist.
Deleting registry key "HKLM\Software\Policies\Microsoft\Explorer\ProgramsTab"... Key/Value does not exist.
Deleting registry key "HKLM\Software\Policies\Microsoft\Explorer\SecurityTab"... Key/Value does not exist.
Deleting registry key "HKLM\Software\Policies\Microsoft\Explorer\ContentTab"... Key/Value does not exist.
Deleting registry key "HKLM\Software\Policies\Microsoft\Explorer\PrivacyTab"... Key/Value does not exist.
Deleting registry key "HKLM\Software\Policies\Microsoft\Explorer\AdvancedTab"... Key/Value does not exist.
Deleting registry key "HKLM\Software\Policies\Microsoft\Explorer\ConnectionsTab"... Key/Value does not exist.
Deleting registry key "HKCU\Software\Policies\Microsoft\Explorer\GeneralTab"... Key/Value does not exist.
Deleting registry key "HKCU\Software\Policies\Microsoft\Explorer\ProgramsTab"... Key/Value does not exist.
Deleting registry key "HKCU\Software\Policies\Microsoft\Explorer\SecurityTab"... Key/Value does not exist.
Deleting registry key "HKCU\Software\Policies\Microsoft\Explorer\ContentTab"... Key/Value does not exist.
Deleting registry key "HKCU\Software\Policies\Microsoft\Explorer\PrivacyTab"... Key/Value does not exist.
Deleting registry key "HKCU\Software\Policies\Microsoft\Explorer\AdvancedTab"... Key/Value does not exist.
Deleting registry key "HKCU\Software\Policies\Microsoft\Explorer\ConnectionsTab"... Key/Value does not exist.
Killing Explorer shell... Done.
Restarting Explorer shell... Done.
============ Explorer Shell Repair Complete ============
-
Here you go. still get the error.
-
-
I did everything listed above and when I restarted I get the same error? The only way I can get the group policy error to not show is in safe mode.
-
I killed all the process and the services. TO my knowlede all spot bot stuff was shut down. I do not see any app ctrl policies or software restriction policies. I have attached screen shots.
-
I have attached the screen shots and the errors and log file. I still have the same error.
-
Ok i did as instructed and I had to remove Malwarebytes in safe mode. When I ran the utility and then installed I got the same group policy error when it tried to start. I then ran the eset scan and it tool forever. I have attached the log. Please let me know what to do next.
-
After reboot I still get the error trying to run malwarebytes.
-
-
oop it did not upload
-
Here is the log running combox fix now.
-
Here
I need another diagnostic log before we begin, please run the following:
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
DRIVES
CREATERESTOREPOINT - Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Here you go. Thanks
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
-
I download a program call beyond repair from CNET 2 days ago and my system has not been the same since. I believe I have removed all the infections using Malwarebytes(in safe mode) Hijackthis, cccleaner,rkill,spybot, etc. I have googled and tried everything I could find but here is the current state of my machine. If I try and run MalwareBytes I get an error staying that "This Program is Blocked by Group Policy" I then check the event viewer and see this "
Access to C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {3036cfcf-7c01-4800-a2ca-e6a7873107d2} placed on path C:\Program Files (x86)\Malwarebytes' Anti-Malware.
I have googled and looked and I cannot find anywhere on my system where I have a group policy. I know for a fact I did not add one. I also get the same error when I try and start the avira control panel. If I go rename the C:\Program Files (x86)\Malwarebytes' Anti-Malware to C:\Program Files (x86)\Malwarebytes' Anti-Malware1 and run the exe it runs fine and does not find or detect anything. It also works in safe mode. I also found online a command option to reset all your group policys back to default and I still get the error. I am not a member of a domain. Whatever virus or spyware that was on my system found I was running Malwarebytes and Avira and added a rule somehwere that I cannot remove. I have also tried the Avira rescue disk as well as loaded Avast and peformed a boot scan and found nothing. I am not sure what to try next any help will be greatly appericated. I attached my hijackthis log and screen shots. My user is the Administrator and I also get the same error if I login and use the Windows Default Admin Account.
I did try a system restore and uninstall and reinstall of both and got same results. Malwarebytes will only run in safe mode or in regular windows if I rename the directory. AVIRA will not run reguardless because the the group policy. Anyway here is the log. Thanks again for your help and I hope you see something. Oh I almost forgot I ran sys file checker and everything came back clean.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012
Ran by SYSTEM at 16-11-2012 08:20:06
Running from J:\
Windows 7 Ultimate N (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16329760 2009-06-16] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [93728 2009-06-16] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-09] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START [105632 2010-03-18] (Corel)
HKLM-x32\...\Run: [Firebird] C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe -a [81920 2009-07-22] (Firebird Project)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler [2073976 2012-03-14] (Flexera Software LLC.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask)
HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3821592 2012-10-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKU\Administrator\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-05-07] (Google Inc.)
HKU\justin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-05-07] (Google Inc.)
HKU\justin\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [4321112 2011-01-05] (AOL Inc.)
HKU\justin\...\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe -scheduler [2073976 2012-03-14] (Flexera Software LLC.)
HKU\justin\...\Run: [cdloader] "C:\Users\justin\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2010-12-03] (magicJack L.P.)
HKU\justin\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.28.1.120 10.22.1.29
AppInit_DLLs: C:\Windows\System32\AMInit64.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NTRglobal Console.lnk
ShortcutTarget: NTRglobal Console.lnk -> C:\Program Files (x86)\NTR global\Console\_inquiero.exe (NTR)
==================== Services (Whitelisted) ===================
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
4 AeXNSClient; C:\Program Files (x86)\Altiris\Altiris Agent\aexnsagent.exe [1401640 2010-03-28] (Altiris, Inc.)
4 AltirisAgentProvider; "C:\Program Files (x86)\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe" [614400 2009-04-22] (Altiris, Inc.)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
4 awhost32; "C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe" [136568 2010-01-04] (Symantec Corporation)
2 FirebirdGuardianDefaultInstance; "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe" -s DefaultInstance [98304 2010-09-17] (Firebird Project)
3 FirebirdServerDefaultInstance; "C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe" -s DefaultInstance [3735552 2010-09-17] (Firebird Project)
3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [44576 2010-05-10] (NOS Microsystems Ltd.)
2 Iap; "C:\Program Files\Dell\OpenManage\Client\Iap.exe" [613288 2010-03-23] (Dell Inc.)
2 MSSQL$SQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSERVER\MSSQL\Binn\sqlservr.exe" -sSQLSERVER [61916000 2011-04-23] (Microsoft Corporation)
2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.)
3 oad; C:\PROGRA~2\Borland\vbroker\bin\oad.exe [1781248 1998-03-12] ()
3 osagent; C:\PROGRA~2\Borland\vbroker\bin\osagent.exe [193536 1998-03-12] ()
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1100320 2012-10-24] (Safer-Networking Ltd.)
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1367576 2012-10-24] (Safer-Networking Ltd.)
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-10-24] (Safer-Networking Ltd.)
2 softOSD; C:\Program Files (x86)\softOSD\softOSD.exe [284728 2009-12-15] (EnTech Taiwan)
4 SQLAgent$SQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i SQLSERVER [428384 2011-04-23] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe [244736 2010-03-09] (IDT, Inc.)
2 UltiDev Web Server Pro; "C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe" [64512 2012-02-25] (UltiDev LLC)
2 UWS HiPriv Services; "C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe" [48128 2012-02-25] (UltiDev LLC)
2 UWS LoPriv Services; "C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe" [44032 2012-02-25] (UltiDev LLC)
==================== Drivers (Whitelisted) =====================
3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)
1 awecho; C:\Windows\SysWow64\drivers\awechomd.sys [16432 2009-12-02] (Symantec Corporation)
1 AW_HOST; C:\Windows\SysWow64\drivers\aw_host5.sys [23864 2007-03-30] (Symantec Corporation)
3 ISRegFlt; \??\C:\Program Files (x86)\InstallShield\2012\System\ISRegFlt64.sys [39576 2011-08-11] (Flexera Software)
1 omci; C:\Windows\System32\Drivers\omci.sys [26624 2010-03-08] (Dell Inc.)
1 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
1 se64a; C:\Windows\SysWow64\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]
3 xpvcom; C:\Windows\System32\Drivers\xpvcom.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-11-15 09:04 - 2012-11-15 09:04 - 00002981 ____A C:\Users\justin\Desktop\HiJackThis.lnk
2012-11-15 09:04 - 2012-11-15 09:04 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-11-15 07:49 - 2012-11-16 04:53 - 00003622 _RASH C:\Users\All Users\ntuser.pol
2012-11-15 06:13 - 2012-11-15 06:27 - 01056768 ____A C:\Users\justin\defltbase.sdb
2012-11-15 04:25 - 2012-11-15 04:25 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-15 04:25 - 2012-11-15 04:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-15 04:25 - 2012-09-29 16:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-14 19:00 - 2012-11-16 04:51 - 00000392 ____A C:\Windows\setupact.log
2012-11-14 18:56 - 2012-11-14 18:56 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-11-14 18:56 - 2012-11-14 18:56 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2012-11-14 18:56 - 2012-10-30 15:51 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-11-14 18:56 - 2012-10-30 15:51 - 00370288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-11-14 18:56 - 2012-10-30 15:51 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-11-14 18:56 - 2012-10-30 15:51 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-11-14 18:56 - 2012-10-15 08:59 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-11-14 18:55 - 2012-11-14 18:55 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-11-14 18:55 - 2012-11-14 18:55 - 00000000 ____D C:\Program Files\AVAST Software
2012-11-14 18:55 - 2012-11-14 18:55 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-11-14 18:55 - 2012-10-30 15:51 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-11-14 18:55 - 2012-10-30 15:51 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-11-14 18:55 - 2012-10-30 15:50 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-11-14 18:55 - 2012-10-30 15:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-11-14 13:42 - 2012-11-14 14:14 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-11-14 13:42 - 2012-11-14 13:42 - 00002177 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2012-11-14 13:42 - 2012-11-14 13:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-11-14 13:42 - 2009-01-25 10:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2012-11-14 04:46 - 2012-11-15 07:22 - 00007554 ____A C:\Windows\PFRO.log
2012-11-14 04:46 - 2012-11-14 04:46 - 00000000 ____A C:\Windows\setuperr.log
2012-11-13 19:49 - 2012-11-13 19:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Google
2012-11-13 19:49 - 2012-11-13 19:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2012-11-13 19:48 - 2012-11-13 19:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2012-11-13 19:48 - 2012-11-13 19:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2012-11-13 19:48 - 2012-11-13 19:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2012-11-13 19:46 - 2012-11-13 19:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\TSVNCache
2012-11-13 19:46 - 2012-11-13 19:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2012-11-13 19:46 - 2012-11-13 19:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Subversion
2012-11-13 19:46 - 2012-11-13 19:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2012-11-13 19:46 - 2012-11-13 19:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\ntr
2012-11-13 19:46 - 2012-11-13 19:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2012-11-13 19:45 - 2012-11-13 19:45 - 00000020 __ASH C:\Users\Administrator\ntuser.ini
2012-11-13 19:45 - 2012-11-13 19:45 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2012-11-13 19:45 - 2012-11-13 19:45 - 00000000 ____D C:\users\Administrator
2012-11-13 19:45 - 2012-03-07 13:17 - 00000000 ____D C:\Users\Administrator\Documents\Visual Studio 2008
2012-11-13 19:45 - 2012-03-07 05:09 - 00000000 ____D C:\Users\Administrator\Documents\Visual Studio 2010
2012-11-13 19:45 - 2012-03-06 05:01 - 00000000 ____D C:\Users\Administrator\Documents\Visual Studio 2005
2012-11-13 19:45 - 2012-03-06 05:01 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2012-11-13 19:45 - 2010-05-07 11:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2012-11-13 19:23 - 2012-11-13 19:23 - 00001021 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-13 18:04 - 2012-11-14 13:34 - 00000808 ____A C:\rkill.log
2012-11-13 17:54 - 2012-11-13 18:46 - 00000000 ____D C:\Windows\erdnt
2012-11-13 17:34 - 2012-11-16 05:14 - 00000000 ____D C:\removaltools
2012-11-13 17:34 - 2012-11-13 17:34 - 00000000 ____D C:\Users\justin\Documents\My Weblog Posts
2012-11-13 13:25 - 2012-11-13 13:25 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\justin\Downloads\mbam-setup-1.65.1.1000.exe
2012-11-13 08:36 - 2012-11-13 08:36 - 00000000 ____D C:\Users\justin\AppData\Roaming\Scooter Software
2012-11-13 08:36 - 2012-11-13 08:36 - 00000000 ____D C:\Users\justin\AppData\Roaming\Claro
2012-11-13 08:35 - 2012-11-13 08:35 - 05869768 ____A (Scooter Software ) C:\Users\justin\Downloads\BCompare-3.3.5.15075.exe
2012-11-13 08:35 - 2012-11-13 08:35 - 00000000 ____D C:\Users\All Users\Browser Manager
2012-11-13 07:29 - 2012-11-13 07:29 - 04693333 ____A (FileZilla Project) C:\Users\justin\Downloads\FileZilla_3.6.0_win32-setup.exe
2012-11-12 08:06 - 2012-11-12 08:08 - 00000000 ____D C:\medicalplan
2012-11-08 06:38 - 2012-11-08 06:38 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-11-08 06:38 - 2012-11-08 06:38 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-11-08 06:34 - 2012-11-08 06:34 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-11-08 06:34 - 2012-08-21 10:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-11-08 06:32 - 2012-11-08 06:34 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-08 06:32 - 2012-11-08 06:34 - 00000000 ____D C:\Program Files\iTunes
2012-11-08 06:32 - 2012-11-08 06:32 - 00000000 ____D C:\Program Files\iPod
2012-11-06 07:51 - 2012-11-06 07:51 - 00000000 ____D C:\Users\justin\AppData\Roaming\smkits
2012-11-05 08:59 - 2012-11-05 08:59 - 00079360 ____A (WANGXUEFENG, CHANGZHOU,JIANGSU province) C:\Windows\System32\dxdiinfo64.dll
2012-10-30 12:00 - 2012-10-30 12:00 - 00000000 ____D C:\Users\justin\Documents\host[1]
2012-10-25 00:12 - 2012-10-25 00:12 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-10-25 00:12 - 2012-10-25 00:12 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-10-23 10:43 - 2012-10-23 12:36 - 00000533 ____A C:\Users\justin\Desktop\QESettings.xml
2012-10-17 08:30 - 2012-10-17 08:30 - 00002758 ____A C:\Users\justin\Desktop\Microsoft SQL Server 2012 Update for Developers Training Kit.lnk
2012-10-17 08:29 - 2012-10-17 08:30 - 00000000 ____D C:\SQL2012UpdateForDevsTrainingKit
==================== One Month Modified Files and Folders =======
2012-11-16 08:19 - 2012-11-16 08:19 - 00000000 ____D C:\FRST
2012-11-16 05:16 - 2012-04-05 04:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-16 05:16 - 2010-08-03 09:59 - 00000000 ____D C:\Users\justin\AppData\Local\TSVNCache
2012-11-16 05:16 - 2010-04-23 05:33 - 01311694 ____A C:\Windows\WindowsUpdate.log
2012-11-16 05:14 - 2012-11-13 17:34 - 00000000 ____D C:\removaltools
2012-11-16 05:13 - 2009-07-13 20:50 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-16 05:13 - 2009-07-13 20:50 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-16 05:12 - 2010-12-29 08:34 - 00105472 ____A C:\Users\justin\Documents\JustinProgressChart.xls
2012-11-16 05:11 - 2009-07-13 21:12 - 00984700 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-16 05:00 - 2010-05-07 09:52 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-16 04:53 - 2012-11-15 07:49 - 00003622 _RASH C:\Users\All Users\ntuser.pol
2012-11-16 04:51 - 2012-11-14 19:00 - 00000392 ____A C:\Windows\setupact.log
2012-11-16 04:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-15 13:28 - 2011-09-27 07:16 - 00000000 ____D C:\Users\All Users\firebird
2012-11-15 12:47 - 2010-05-07 09:52 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-15 09:04 - 2012-11-15 09:04 - 00002981 ____A C:\Users\justin\Desktop\HiJackThis.lnk
2012-11-15 09:04 - 2012-11-15 09:04 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-11-15 07:57 - 2011-10-18 08:16 - 00000000 ____D C:\7.6
2012-11-15 07:54 - 2012-06-28 11:47 - 00000000 ____D C:\7.7
2012-11-15 07:22 - 2012-11-14 04:46 - 00007554 ____A C:\Windows\PFRO.log
2012-11-15 07:10 - 2010-12-13 12:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-15 06:27 - 2012-11-15 06:13 - 01056768 ____A C:\Users\justin\defltbase.sdb
2012-11-15 06:13 - 2010-04-23 05:33 - 00000000 ____D C:\users\justin
2012-11-15 04:25 - 2012-11-15 04:25 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-15 04:25 - 2012-11-15 04:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-14 18:56 - 2012-11-14 18:56 - 00001958 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-11-14 18:56 - 2012-11-14 18:56 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2012-11-14 18:55 - 2012-11-14 18:55 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-11-14 18:55 - 2012-11-14 18:55 - 00000000 ____D C:\Program Files\AVAST Software
2012-11-14 18:55 - 2012-11-14 18:55 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-11-14 14:14 - 2012-11-14 13:42 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-11-14 13:42 - 2012-11-14 13:42 - 00002177 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2012-11-14 13:42 - 2012-11-14 13:42 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-11-14 13:34 - 2012-11-13 18:04 - 00000808 ____A C:\rkill.log
2012-11-14 12:22 - 2010-06-12 13:39 - 00000000 ____D C:\Users\justin\AppData\Local\Apps\2.0
2012-11-14 12:22 - 2009-07-13 20:50 - 00578032 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-14 07:07 - 2010-12-14 12:43 - 00000000 ____D C:\spywaretools
2012-11-14 04:46 - 2012-11-14 04:46 - 00000000 ____A C:\Windows\setuperr.log
2012-11-14 02:40 - 2011-01-27 05:58 - 00000000 ____D C:\Program Files (x86)\IdentaFone Software
2012-11-13 19:56 - 2012-11-13 19:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\TSVNCache
2012-11-13 19:49 - 2012-11-13 19:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Google
2012-11-13 19:49 - 2012-11-13 19:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\Macromedia
2012-11-13 19:49 - 2012-11-13 19:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2012-11-13 19:49 - 2012-11-13 19:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2012-11-13 19:49 - 2012-11-13 19:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2012-11-13 19:48 - 2012-11-13 19:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2012-11-13 19:46 - 2012-11-13 19:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Subversion
2012-11-13 19:46 - 2012-11-13 19:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2012-11-13 19:46 - 2012-11-13 19:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\ntr
2012-11-13 19:46 - 2012-11-13 19:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2012-11-13 19:45 - 2012-11-13 19:45 - 00000020 __ASH C:\Users\Administrator\ntuser.ini
2012-11-13 19:45 - 2012-11-13 19:45 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2012-11-13 19:45 - 2012-11-13 19:45 - 00000000 ____D C:\users\Administrator
2012-11-13 19:25 - 2010-10-04 12:19 - 00000000 ____D C:\Users\justin\AppData\Roaming\FileZilla
2012-11-13 19:24 - 2010-04-23 09:15 - 00000000 ____D C:\Windows\Panther
2012-11-13 19:23 - 2012-11-13 19:23 - 00001021 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-13 19:23 - 2010-12-14 12:48 - 00000000 ____D C:\Program Files (x86)\CCleaner
2012-11-13 18:54 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-11-13 18:46 - 2012-11-13 17:54 - 00000000 ____D C:\Windows\erdnt
2012-11-13 18:37 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-11-13 17:34 - 2012-11-13 17:34 - 00000000 ____D C:\Users\justin\Documents\My Weblog Posts
2012-11-13 17:34 - 2011-10-20 05:22 - 00000000 ____D C:\Users\justin\AppData\Local\Windows Live Writer
2012-11-13 14:41 - 2010-11-03 12:49 - 00000000 ____D C:\8.0
2012-11-13 13:25 - 2012-11-13 13:25 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\justin\Downloads\mbam-setup-1.65.1.1000.exe
2012-11-13 09:29 - 2012-05-21 04:19 - 00000000 ____D C:\8.0 NET
2012-11-13 08:36 - 2012-11-13 08:36 - 00000000 ____D C:\Users\justin\AppData\Roaming\Scooter Software
2012-11-13 08:36 - 2012-11-13 08:36 - 00000000 ____D C:\Users\justin\AppData\Roaming\Claro
2012-11-13 08:35 - 2012-11-13 08:35 - 05869768 ____A (Scooter Software ) C:\Users\justin\Downloads\BCompare-3.3.5.15075.exe
2012-11-13 08:35 - 2012-11-13 08:35 - 00000000 ____D C:\Users\All Users\Browser Manager
2012-11-13 07:29 - 2012-11-13 07:29 - 04693333 ____A (FileZilla Project) C:\Users\justin\Downloads\FileZilla_3.6.0_win32-setup.exe
2012-11-13 07:29 - 2010-10-04 12:19 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2012-11-12 08:08 - 2012-11-12 08:06 - 00000000 ____D C:\medicalplan
2012-11-12 06:02 - 2010-05-10 06:49 - 00000000 ____D C:\tempsp
2012-11-09 05:07 - 2011-09-01 11:52 - 00000000 ____D C:\calls
2012-11-08 13:36 - 2011-07-07 05:33 - 00000000 ____D C:\justin
2012-11-08 08:07 - 2012-02-16 07:31 - 00000600 ____A C:\Users\justin\AppData\Roaming\winscp.rndx
2012-11-08 07:55 - 2012-09-11 08:10 - 00000000 ____D C:\aaa
2012-11-08 07:17 - 2012-02-13 12:06 - 00000000 ____D C:\iphonejailbreak
2012-11-08 06:38 - 2012-11-08 06:38 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-11-08 06:38 - 2012-11-08 06:38 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-11-08 06:34 - 2012-11-08 06:34 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-11-08 06:34 - 2012-11-08 06:32 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-08 06:34 - 2012-11-08 06:32 - 00000000 ____D C:\Program Files\iTunes
2012-11-08 06:34 - 2012-07-16 08:01 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-11-08 06:32 - 2012-11-08 06:32 - 00000000 ____D C:\Program Files\iPod
2012-11-07 08:51 - 2010-04-28 07:25 - 00175272 ____A C:\Users\justin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-07 07:39 - 2010-06-15 05:33 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-07 05:48 - 2012-09-12 04:21 - 00002378 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-11-06 07:51 - 2012-11-06 07:51 - 00000000 ____D C:\Users\justin\AppData\Roaming\smkits
2012-11-05 08:59 - 2012-11-05 08:59 - 00079360 ____A (WANGXUEFENG, CHANGZHOU,JIANGSU province) C:\Windows\System32\dxdiinfo64.dll
2012-11-01 11:45 - 2012-04-09 05:08 - 00025088 ____A C:\Users\justin\Documents\daddyloangood.xls
2012-10-31 10:20 - 2010-05-14 05:21 - 00000000 ____D C:\Users\justin\AppData\Local\Downloaded Installations
2012-10-31 05:46 - 2010-07-28 06:20 - 00000000 ____D C:\mitchell
2012-10-30 15:51 - 2012-11-14 18:56 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-10-30 15:51 - 2012-11-14 18:56 - 00370288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-10-30 15:51 - 2012-11-14 18:56 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-10-30 15:51 - 2012-11-14 18:56 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-10-30 15:51 - 2012-11-14 18:55 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-10-30 15:51 - 2012-11-14 18:55 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-10-30 15:50 - 2012-11-14 18:55 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-10-30 15:50 - 2012-11-14 18:55 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-10-30 12:00 - 2012-10-30 12:00 - 00000000 ____D C:\Users\justin\Documents\host[1]
2012-10-30 11:30 - 2010-05-10 06:49 - 00000000 ____D C:\Program Files (x86)\napa
2012-10-26 11:39 - 2012-04-27 06:11 - 18722816 ____A C:\Users\justin\Documents\tracs7.6blank.mdb
2012-10-25 00:12 - 2012-10-25 00:12 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-10-25 00:12 - 2012-10-25 00:12 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-10-24 11:55 - 2010-05-12 04:50 - 00000000 ____D C:\Delphi DevEnv
2012-10-23 12:36 - 2012-10-23 10:43 - 00000533 ____A C:\Users\justin\Desktop\QESettings.xml
2012-10-23 12:36 - 2010-06-15 05:43 - 00000000 ____D C:\Users\justin\Documents\SQL Server Management Studio
2012-10-23 04:44 - 2010-08-19 11:54 - 00000000 ____D C:\bob hammer
2012-10-17 08:30 - 2012-10-17 08:30 - 00002758 ____A C:\Users\justin\Desktop\Microsoft SQL Server 2012 Update for Developers Training Kit.lnk
2012-10-17 08:30 - 2012-10-17 08:29 - 00000000 ____D C:\SQL2012UpdateForDevsTrainingKit
2012-10-17 06:02 - 2012-02-28 05:33 - 00000000 ____D C:\recovermyfiles
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-10-30 06:00:06
Restore point made on: 2012-10-30 06:01:14
Restore point made on: 2012-10-30 06:02:30
Restore point made on: 2012-10-30 06:04:35
Restore point made on: 2012-11-07 07:35:49
Restore point made on: 2012-11-13 16:24:18
Restore point made on: 2012-11-15 09:03:55
Restore point made on: 2012-11-16 04:59:13
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8179.89 MB
Available physical RAM: 7310.24 MB
Total Pagefile: 8178.04 MB
Available Pagefile: 7298.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:465.66 GB) (Free:51.27 GB) NTFS
7 Drive j: () (Removable) (Total:0.94 GB) (Free:0.03 GB) FAT
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 967 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy
=========================================================
Partitions of Disk 5:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 966 MB 764 KB
==================================================================================
Disk: 5
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J FAT Removable 966 MB Healthy
=========================================================
Last Boot: 2012-11-06 06:39
==================== End Of Log =============================
-
I download a program call beyond repair from CNET 2 days ago and my system has not been the same since. I believe I have removed all the infections using Malwarebytes(in safe mode) Hijackthis, cccleaner,rkill,spybot, etc. I have googled and tried everything I could find but here is the current state of my machine. If I try and run MalwareBytes I get an error staying that "This Program is Blocked by Group Policy" I then check the event viewer and see this "
Access to C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe has been restricted by your Administrator by location with policy rule {3036cfcf-7c01-4800-a2ca-e6a7873107d2} placed on path C:\Program Files (x86)\Malwarebytes' Anti-Malware.
I have googled and looked and I cannot find anywhere on my system where I have a group policy. I know for a fact I did not add one. I also get the same error when I try and start the avira control panel. If I go rename the C:\Program Files (x86)\Malwarebytes' Anti-Malware to C:\Program Files (x86)\Malwarebytes' Anti-Malware1 and run the exe it runs fine and does not find or detect anything. It also works in safe mode. I also found online a command option to reset all your group policys back to default and I still get the error. I am not a member of a domain. Whatever virus or spyware that was on my system found I was running Malwarebytes and Avira and added a rule somehwere that I cannot remove. I have also tried the Avira rescue disk as well as loaded Avast and peformed a boot scan and found nothing. I am not sure what to try next any help will be greatly appericated. I attached my hijackthis log and screen shots. My user is the Administrator and I also get the same error if I login and use the Windows Default Admin Account.
HELP! Virus or Malware Added Group Policy and cannot find it
in Resolved Malware Removal Logs
Posted
Here is the report. I think all the malware is going but sometime IE is showing page cannot be displayed.
2012-11-18 16:09:59 . 2012-11-18 16:09:59 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-11-17 03:11:58 . 2012-11-17 03:11:58 766 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Octoshape add-in for Adobe Flash Player.reg.dat
2012-11-17 03:11:58 . 2012-11-17 03:11:58 652 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Connect Add-in.reg.dat
2012-11-17 03:11:58 . 2012-11-17 03:11:58 1,342 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Connect 9 Add-in.reg.dat
2012-11-17 03:07:26 . 2012-11-18 16:18:26 17,707 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-11-17 02:58:35 . 2012-11-18 16:08:45 102 ----a-w- C:\Qoobox\Quarantine\catchme.log