Cannot start mbam.exe, blocked by group policy

ur798 · September 5, 2013

Computer was hit by 'Internet Security' last night. I rebooted in Safe Mode with Networking to use Malwarebytes to quick scan & clean the 'Internet Security'. It advises to do Full Scan when rebooted in normal.

However I cannot start mbam.exe when double-click the icon in desktop. It has a pop error : THE PROGRAM IS BLOCKED BY GROUP POLICY. FOR MORE INFO CHECK WITH YOUR SYSTEM ADMIN."

I searched the forum's 'PC Help' section and found a same heading and I followed the advice, 2 things are done & 3 files attached.

(1) mbam_check.exe ---> checkresult.txt

(2) DDS.SCR ---> DDS.txt, Attach.txt

Pls advise further re why cannot open Malwarebytes for full scan ...

FYI, I also has Ad Aware Free anti-virus and found CANNOT open

Windows Update

Windows Defender

Windows Firewall

Thanks

Raphael

attach.txt

CheckResults.txt

dds.txt

ur798 · September 5, 2013

As Malwarebytes cannot open, I just had Ad Aware to do 'full' scan, detected and delete. Then restart and first scan also a bunch detected.

I had downloaded Farber Recovery Scan Tool, open, scan to have below 2 files attach. Not yet click the "FiX" button in FRST after scan.

Addition.txt

FRST.txt

ur798 · September 6, 2013

Just went to Safe Mode and run

RKill - zeroaccess rootkit symptom found,

Malwarebytes Anti-Rootkit - scan and cleanup

Download again the Malwarebytes - update & full scan

AdwCleaner - scan and clean.

Restart normal to windows but the double-click Malwarebytes icon still cannot open the program ... with same error message THE PROGRAM IS BLOCKED BY GROUP POLICY. FOR MORE INFO CHECK WITH YOUR SYSTEM ADMIN."

Anyway I can get back

Windows Firewall

Windows Defender

Windows Update.

Maniac · September 6, 2013

Hello ur798 and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.
If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.
Please read:
Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.
Please let us know how you would like to proceed.

ur798 · September 6, 2013

Hi

Thanks for reply. I also downloaded Hitman Pro and ESET online scanner to scan the computer last night. It is getting cleaner and perform better.

First Windows Update since the last one dated July in last night.

Let get start and see if we can get the computer to its best health.

Maniac · September 7, 2013

Please generate a new fresh FRST log files and post them in your next reply.

ur798 · September 7, 2013

Here is a fresh FRST log file attd.

ur798 · September 7, 2013

FRST.txtOoops not attd in the last post ... here it is

Maniac · September 8, 2013

Take a look at my notes:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

ur798 · September 8, 2013

Sorry ... here it is

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2013 03
Ran by owner (administrator) on OWNER-PC on 07-09-2013 10:32:35
Running from C:\Users\owner\Desktop\New Folder\Malware folder
Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
() C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
() C:\WINDOWS\System32\spool\drivers\x64\3\WrtMon.exe
(Realtek Semiconductor) C:\WINDOWS\RAVCpl64.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvraidservice.exe
(Spotify Ltd) C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(Brother International) C:\Program Files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(NewSoft Technology Corporation) C:\WINDOWS\System32\spool\drivers\x64\3\WrtProc.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(Hewlett-Packard Company) C:\hp\kbd\kbd.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2007-07-18] ()
HKLM\...\Run: [DisplaySwitch] -
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NVRaidService] - C:\Windows\system32\nvraidservice.exe [315936 2008-04-28] (NVIDIA Corporation)
HKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [aunes] - "C:\Users\owner\AppData\Roaming\aunes.dll",BufferError
HKLM\...\Run: [scpscr] - "C:\Users\owner\AppData\Roaming\scpscr.dll",FromCComplex
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKCU\...\Run: [wjpimqnf] -
HKCU\...\Run: [spotify] -
HKCU\...\Run: [aruzext] -
HKCU\...\Run: [tdiijwzq] -
HKCU\...\Run: [spotify Web Helper] - C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-16] (Spotify Ltd)
HKCU\...\Run: [HPAdvisor] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume1\Users\owner\AppData\Local\Temp\svrrnss\snepmdf\wow.dll ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [brMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1085440 2008-05-29] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [DisplaySwitch] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [search Protection] - C:\ProgramData\Search Protection\SearchProtection.exe [x]
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [KBD] - C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM-x32\...\Run: [hpsysdrv] - c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [x]
HKLM-x32\...\Run: [GameServer33] - "C:\Users\owner\AppData\Roaming\InstallShield\WIN65B.exe" [x]
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSmobileSCAN II.lnk
ShortcutTarget: DSmobileSCAN II.lnk -> C:\Program Files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe (Brother International)
AlternateShell: C:\ProgramData\DisplaySwitch.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=08F83C610C3A9EF26F99DC521ED6D1A1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.facebook.com/
http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {9BF89253-FA46-4F95-B60F-EE08C9735609} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {BF5853A8-23B1-4204-B81F-82026B6B3243} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM-x32 - {9BF89253-FA46-4F95-B60F-EE08C9735609} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {BF5853A8-23B1-4204-B81F-82026B6B3243} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9BF89253-FA46-4F95-B60F-EE08C9735609} URL =
SearchScopes: HKCU - {BF5853A8-23B1-4204-B81F-82026B6B3243} URL =
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Arcadesafari BHO - {adff4c9a-4f49-4a1f-8885-360e107b7938} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - PasswordBox Toolbar - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======

CHR DefaultSearchURL: (SecureSearch) - http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR DefaultSuggestURL: (SecureSearch) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U38) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (PasswordBox - Log in with 1-Click) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgnnllmjadopdlmpplonojbfogkjlcl\1.11.1.1216_0
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmeemomfelpigklppifflheakfpkfjjg\background.html
CHR Extension: (Chrome In-App Payments service) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Lavasoft NewTab) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.12_0
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 ADBlockerSrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [279368 2012-11-13] ()
R2 asdsrv; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [742120 2013-08-12] (Anvisoft)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [346696 2013-07-30] (Verizon)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-08-16] (PasswordBox, Inc.)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [18768 2012-11-07] (Anvisoft)
R2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft)
R2 asdrs; C:\Windows\system32\DRIVERS\asdrs.sys [23376 2012-11-07] (Anvisoft)
R1 asdws; C:\Windows\System32\DRIVERS\asdws.sys [17232 2012-11-07] ()
R3 CAXHWBS3; C:\Windows\System32\DRIVERS\CAXHWBS3.sys [286208 2008-02-12] (Conexant Systems, Inc.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-08-29] (GFI Software)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-09-06] ()
R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1481216 2008-02-12] (Conexant Systems, Inc.)
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1003520 2009-11-16] (Ralink Technology Corp.)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [165408 2008-04-28] (NVIDIA Corporation)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S1 asdnet; \??\C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-06 05:30 - 2013-07-24 23:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-06 05:30 - 2013-07-24 23:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-06 05:30 - 2013-07-24 23:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-06 05:30 - 2013-07-24 23:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-06 05:30 - 2013-07-24 23:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-06 05:30 - 2013-07-24 23:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-06 05:30 - 2013-07-24 23:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-06 05:30 - 2013-07-24 23:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-06 05:30 - 2013-07-24 22:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-06 05:30 - 2013-07-24 22:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-06 05:30 - 2013-07-24 22:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-06 05:30 - 2013-07-24 22:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-06 05:30 - 2013-07-24 22:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-06 05:30 - 2013-07-24 22:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-06 05:30 - 2013-07-24 22:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-06 05:30 - 2013-07-24 22:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-06 05:30 - 2013-07-24 22:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-06 05:30 - 2013-07-24 22:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-06 05:29 - 2013-07-24 23:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-06 05:29 - 2013-07-24 23:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-06 05:29 - 2013-07-24 23:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-06 05:29 - 2013-07-24 23:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-06 05:29 - 2013-07-24 23:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-06 05:29 - 2013-07-24 23:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-06 05:29 - 2013-07-24 23:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-06 05:29 - 2013-07-24 23:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-06 05:29 - 2013-07-24 22:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-06 05:29 - 2013-07-24 22:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-06 05:29 - 2013-07-24 22:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-06 05:29 - 2013-07-24 22:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-06 05:29 - 2013-07-24 22:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-06 05:29 - 2013-07-24 22:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-06 05:25 - 2013-09-06 05:25 - 00000000 ____D C:\Users\owner\AppData\Local\Brother
2013-09-06 05:21 - 2013-09-06 05:21 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-09-06 01:26 - 2013-09-06 01:26 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-06 01:18 - 2013-09-06 01:18 - 00918016 _____ C:\Users\owner\Downloads\RogueKiller.exe
2013-09-06 01:15 - 2013-09-06 01:15 - 00002486 _____ C:\Windows\system32\.crusader
2013-09-06 01:04 - 2013-09-06 01:16 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-06 00:44 - 2013-09-06 01:18 - 00000000 ____D C:\Users\owner\Desktop\RK_Quarantine
2013-09-05 21:33 - 2013-09-05 21:37 - 00000000 ____D C:\AdwCleaner
2013-09-05 19:57 - 2013-09-05 19:56 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-05 19:56 - 2013-09-05 19:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-05 19:56 - 2013-09-05 19:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-05 19:56 - 2013-09-05 19:56 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-05 19:54 - 2013-08-02 10:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-09-05 19:54 - 2013-08-02 00:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-09-05 19:54 - 2013-07-10 05:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-09-05 19:54 - 2013-07-10 05:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-09-05 19:54 - 2013-07-09 08:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-05 19:54 - 2013-07-09 08:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-05 19:54 - 2013-07-08 00:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-05 19:54 - 2013-07-08 00:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-05 19:54 - 2013-07-08 00:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-05 19:54 - 2013-07-08 00:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-05 19:54 - 2013-07-08 00:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-05 19:54 - 2013-07-07 21:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-05 19:54 - 2013-07-07 21:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-05 19:54 - 2013-07-07 21:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-05 19:54 - 2013-07-05 00:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-05 19:54 - 2013-06-15 09:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-09-05 19:54 - 2013-06-15 07:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-09-05 19:53 - 2013-07-17 16:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-09-05 19:53 - 2013-07-17 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-09-05 19:53 - 2013-07-08 00:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-09-05 19:53 - 2013-07-08 00:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-09-05 19:53 - 2013-07-08 00:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-09-05 19:53 - 2013-07-08 00:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-09-05 19:53 - 2013-07-08 00:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-09-05 19:53 - 2013-07-08 00:12 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-09-05 19:53 - 2013-07-08 00:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-09-05 19:53 - 2013-07-08 00:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-09-05 19:43 - 2013-09-05 19:43 - 00000114 _____ C:\local.conf
2013-09-05 19:36 - 2013-09-05 19:36 - 12907592 _____ (Malwarebytes Corp.) C:\Users\owner\Downloads\mbar-1.07.0.1005 (1).exe
2013-09-05 17:56 - 2013-09-05 17:56 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup.exe
2013-09-05 17:41 - 2013-09-05 17:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-05 17:40 - 2013-09-05 19:36 - 00000000 ____D C:\Users\owner\Desktop\mbar
2013-09-05 17:40 - 2013-09-05 17:40 - 12907592 _____ (Malwarebytes Corp.) C:\Users\owner\Downloads\mbar-1.07.0.1005.exe
2013-09-05 17:35 - 2013-09-05 17:38 - 00004332 _____ C:\Users\owner\Desktop\Rkill.txt
2013-09-05 17:35 - 2013-09-05 17:35 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\iExplore.exe
2013-09-05 17:35 - 2013-09-05 17:35 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\iExplore64.exe
2013-09-05 17:35 - 2013-09-05 17:35 - 00000000 ____D C:\Users\owner\Desktop\rkill
2013-09-05 14:39 - 2013-09-05 14:39 - 00000000 ____D C:\FRST
2013-09-05 08:55 - 2013-09-05 19:22 - 00005847 _____ C:\Users\owner\Desktop\attach.txt
2013-09-05 08:55 - 2013-09-05 19:20 - 00012822 _____ C:\Users\owner\Desktop\dds.txt
2013-09-05 08:41 - 2013-09-05 19:31 - 00038154 _____ C:\Users\owner\Desktop\CheckResults.txt
2013-09-05 08:39 - 2013-09-05 08:39 - 00353352 _____ (Malwarebytes Corporation) C:\Users\owner\Downloads\mbam-check-2.0.0.1000.exe
2013-09-04 23:20 - 2013-09-04 23:20 - 00000052 _____ C:\Users\owner\AppData\Roaming\mbam.context.scan
2013-09-04 21:29 - 2013-09-04 21:29 - 00000617 _____ C:\Users\Public\Desktop\Internet Security 2013.lnk
2013-09-02 18:59 - 2013-09-06 21:00 - 00000310 ____H C:\Windows\Tasks\{A6AE2FA0-ABFC-4B7A-8749-EEC041AABB04}.job
2013-09-02 18:59 - 2013-09-04 23:35 - 00000000 ____D C:\Users\owner\AppData\Local\17b69110-8679-4434-9609-34594275da03ad
2013-09-02 18:59 - 2013-09-02 18:59 - 00003056 _____ C:\Windows\System32\Tasks\{A6AE2FA0-ABFC-4B7A-8749-EEC041AABB04}
2013-09-01 06:27 - 2009-08-19 23:50 - 00024416 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2013-08-31 22:37 - 2013-09-02 22:08 - 00000000 ____D C:\Windows\pss
2013-08-29 08:01 - 2013-04-11 11:06 - 00039504 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2013-08-29 01:39 - 2013-08-29 02:03 - 00003988 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-08-29 01:36 - 2013-08-29 02:01 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-08-29 01:34 - 2013-08-29 01:34 - 00000000 ____D C:\Users\owner\AppData\Roaming\LavasoftStatistics
2013-08-29 01:11 - 2013-08-29 01:11 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2013-08-29 01:07 - 2013-09-07 10:23 - 00001781 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-08-29 01:07 - 2013-08-29 08:01 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-08-29 01:07 - 2013-08-29 01:07 - 00000000 ____D C:\ProgramData\Lavasoft
2013-08-29 01:06 - 2013-08-29 01:06 - 00000000 ____D C:\Users\owner\AppData\Local\adawarebp
2013-08-29 01:06 - 2013-08-29 01:06 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-08-29 01:06 - 2013-08-29 01:06 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-08-29 01:06 - 2013-08-29 01:06 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-08-29 01:06 - 2013-08-29 01:06 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-08-29 01:05 - 2013-09-01 23:22 - 00000000 ____D C:\Users\owner\AppData\Roaming\Ad-Aware Antivirus
2013-08-29 01:05 - 2013-08-29 01:05 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-08-29 01:05 - 2012-09-20 05:40 - 00047496 _____ (GFI Software) C:\Windows\system32\sbbd.exe
2013-08-29 00:24 - 2009-08-19 23:50 - 00052568 _____ (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll
2013-08-26 18:59 - 2013-08-26 18:59 - 00001022 _____ C:\Users\Public\Desktop\Vz In-Home Agent.lnk
2013-08-26 17:11 - 2013-08-26 17:11 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-08-22 23:50 - 2013-08-22 23:50 - 00276872 _____ C:\Windows\Minidump\Mini082213-01.dmp
2013-08-20 17:39 - 2013-08-20 17:39 - 01440846 _____ C:\Users\owner\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-08-18 09:14 - 2013-08-18 09:14 - 00000913 _____ C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2013-08-18 09:14 - 2012-11-07 03:16 - 00023376 _____ (Anvisoft) C:\Windows\system32\Drivers\asdrs.sys
2013-08-18 09:14 - 2012-11-07 03:16 - 00018768 _____ (Anvisoft) C:\Windows\system32\Drivers\asdrm.sys
2013-08-18 09:14 - 2012-11-07 03:16 - 00017232 _____ C:\Windows\system32\Drivers\asdws.sys
2013-08-12 21:27 - 2013-08-20 17:05 - 00000000 ____D C:\ProgramData\FLEXnet
2013-08-12 20:40 - 2013-08-29 00:25 - 00001926 _____ C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
2013-08-09 08:55 - 2013-08-09 08:55 - 00000000 ____D C:\Windows\nvtmpinst
2013-08-09 08:52 - 2013-09-06 05:34 - 00000000 ____D C:\Windows\system32\MRT

==================== One Month Modified Files and Folders =======

2013-09-07 10:30 - 2013-07-09 21:29 - 00000464 _____ C:\Windows\Tasks\Arcadesafari.job
2013-09-07 10:29 - 2013-01-09 14:05 - 01888772 _____ C:\Windows\WindowsUpdate.log
2013-09-07 10:23 - 2013-08-29 01:07 - 00001781 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-09-07 10:23 - 2013-03-19 01:10 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-07 10:23 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-07 10:23 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-07 10:23 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-06 21:51 - 2006-11-02 11:42 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-06 21:37 - 2013-03-19 01:10 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-06 21:00 - 2013-09-02 18:59 - 00000310 ____H C:\Windows\Tasks\{A6AE2FA0-ABFC-4B7A-8749-EEC041AABB04}.job
2013-09-06 20:52 - 2013-01-20 14:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-06 09:14 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
2013-09-06 05:41 - 2006-11-02 08:46 - 00722030 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-06 05:38 - 2013-08-09 08:52 - 00000000 ____D C:\Windows\system32\MRT
2013-09-06 05:34 - 2006-11-02 08:35 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-06 05:25 - 2013-09-06 05:25 - 00000000 ____D C:\Users\owner\AppData\Local\Brother
2013-09-06 05:22 - 2006-11-02 11:21 - 00418392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-06 05:21 - 2013-09-06 05:21 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-09-06 02:05 - 2013-01-22 18:42 - 00001460 _____ C:\Users\owner\AppData\Local\d3d9caps64.dat
2013-09-06 01:26 - 2013-09-06 01:26 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-06 01:18 - 2013-09-06 01:18 - 00918016 _____ C:\Users\owner\Downloads\RogueKiller.exe
2013-09-06 01:18 - 2013-09-06 00:44 - 00000000 ____D C:\Users\owner\Desktop\RK_Quarantine
2013-09-06 01:16 - 2013-09-06 01:04 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-06 01:15 - 2013-09-06 01:15 - 00002486 _____ C:\Windows\system32\.crusader
2013-09-06 01:15 - 2013-01-20 13:12 - 00000000 ____D C:\Users\owner\AppData\Roaming\InstallShield
2013-09-06 01:15 - 2013-01-09 13:24 - 00000000 ___RD C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-06 01:15 - 2013-01-09 13:11 - 00000000 ____D C:\Users\owner
2013-09-05 21:37 - 2013-09-05 21:33 - 00000000 ____D C:\AdwCleaner
2013-09-05 19:56 - 2013-09-05 19:57 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-09-05 19:56 - 2013-09-05 19:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-09-05 19:56 - 2013-09-05 19:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-09-05 19:56 - 2013-09-05 19:56 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-09-05 19:56 - 2013-01-09 13:49 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-09-05 19:56 - 2013-01-09 13:49 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-09-05 19:56 - 2008-05-21 05:14 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-05 19:43 - 2013-09-05 19:43 - 00000114 _____ C:\local.conf
2013-09-05 19:39 - 2008-01-20 23:26 - 00187152 _____ C:\Windows\PFRO.log
2013-09-05 19:36 - 2013-09-05 19:36 - 12907592 _____ (Malwarebytes Corp.) C:\Users\owner\Downloads\mbar-1.07.0.1005 (1).exe
2013-09-05 19:36 - 2013-09-05 17:40 - 00000000 ____D C:\Users\owner\Desktop\mbar
2013-09-05 19:31 - 2013-09-05 08:41 - 00038154 _____ C:\Users\owner\Desktop\CheckResults.txt
2013-09-05 19:22 - 2013-09-05 08:55 - 00005847 _____ C:\Users\owner\Desktop\attach.txt
2013-09-05 19:20 - 2013-09-05 08:55 - 00012822 _____ C:\Users\owner\Desktop\dds.txt
2013-09-05 17:57 - 2013-02-28 05:37 - 00000950 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-05 17:57 - 2013-02-28 05:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-05 17:56 - 2013-09-05 17:56 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\owner\Downloads\mbam-setup.exe
2013-09-05 17:55 - 2013-09-05 17:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-05 17:40 - 2013-09-05 17:40 - 12907592 _____ (Malwarebytes Corp.) C:\Users\owner\Downloads\mbar-1.07.0.1005.exe
2013-09-05 17:38 - 2013-09-05 17:35 - 00004332 _____ C:\Users\owner\Desktop\Rkill.txt
2013-09-05 17:35 - 2013-09-05 17:35 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\iExplore.exe
2013-09-05 17:35 - 2013-09-05 17:35 - 01038464 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\iExplore64.exe
2013-09-05 17:35 - 2013-09-05 17:35 - 00000000 ____D C:\Users\owner\Desktop\rkill
2013-09-05 14:39 - 2013-09-05 14:39 - 00000000 ____D C:\FRST
2013-09-05 14:16 - 2013-03-16 14:48 - 00005053 _____ C:\Users\owner\AppData\Local\32b9e4b1-7009-4464-b6d1-71e789da12a0.crx
2013-09-05 09:36 - 2013-01-21 10:01 - 00000000 ____D C:\Users\owner\Documents\MEC
2013-09-05 08:41 - 2013-06-26 00:03 - 00000000 ____D C:\Users\owner\Desktop\New Folder
2013-09-05 08:39 - 2013-09-05 08:39 - 00353352 _____ (Malwarebytes Corporation) C:\Users\owner\Downloads\mbam-check-2.0.0.1000.exe
2013-09-04 23:45 - 2013-01-10 13:48 - 00002609 _____ C:\Users\owner\Desktop\Microsoft Office Excel 2007.lnk
2013-09-04 23:35 - 2013-09-02 18:59 - 00000000 ____D C:\Users\owner\AppData\Local\17b69110-8679-4434-9609-34594275da03ad
2013-09-04 23:20 - 2013-09-04 23:20 - 00000052 _____ C:\Users\owner\AppData\Roaming\mbam.context.scan
2013-09-04 21:29 - 2013-09-04 21:29 - 00000617 _____ C:\Users\Public\Desktop\Internet Security 2013.lnk
2013-09-04 21:00 - 2013-05-11 13:18 - 00000000 ____D C:\Users\owner\AppData\Local\CrashDumps
2013-09-04 00:19 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\LiveKernelReports
2013-09-03 23:42 - 2013-03-19 01:10 - 00002027 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-02 22:08 - 2013-08-31 22:37 - 00000000 ____D C:\Windows\pss
2013-09-02 21:54 - 2013-05-15 22:15 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify
2013-09-02 18:59 - 2013-09-02 18:59 - 00003056 _____ C:\Windows\System32\Tasks\{A6AE2FA0-ABFC-4B7A-8749-EEC041AABB04}
2013-09-02 16:03 - 2013-05-15 22:15 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify
2013-09-01 23:22 - 2013-08-29 01:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Ad-Aware Antivirus
2013-09-01 01:10 - 2013-02-07 20:26 - 00550855 _____ C:\Users\owner\Downloads\tla.xlsx
2013-08-29 08:01 - 2013-08-29 01:07 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-08-29 02:03 - 2013-08-29 01:39 - 00003988 _____ C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan
2013-08-29 02:01 - 2013-08-29 01:36 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-08-29 01:34 - 2013-08-29 01:34 - 00000000 ____D C:\Users\owner\AppData\Roaming\LavasoftStatistics
2013-08-29 01:11 - 2013-08-29 01:11 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2013-08-29 01:07 - 2013-08-29 01:07 - 00000000 ____D C:\ProgramData\Lavasoft
2013-08-29 01:06 - 2013-08-29 01:06 - 00000000 ____D C:\Users\owner\AppData\Local\adawarebp
2013-08-29 01:06 - 2013-08-29 01:06 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-08-29 01:06 - 2013-08-29 01:06 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-08-29 01:06 - 2013-08-29 01:06 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner
2013-08-29 01:06 - 2013-08-29 01:06 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-08-29 01:05 - 2013-08-29 01:05 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2013-08-29 00:25 - 2013-08-12 20:40 - 00001926 _____ C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk
2013-08-26 22:16 - 2013-02-28 05:37 - 00000000 ____D C:\Users\owner\AppData\Roaming\Malwarebytes
2013-08-26 18:59 - 2013-08-26 18:59 - 00001022 _____ C:\Users\Public\Desktop\Vz In-Home Agent.lnk
2013-08-26 18:59 - 2013-01-24 23:14 - 00000000 ____D C:\Program Files (x86)\Verizon
2013-08-26 17:11 - 2013-08-26 17:11 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-08-26 17:04 - 2013-03-19 01:10 - 00000000 ____D C:\Users\owner\AppData\Local\Google
2013-08-26 17:04 - 2013-03-19 01:10 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-23 04:08 - 2013-03-16 16:02 - 00000000 ____D C:\Users\owner\AppData\Roaming\Anvisoft
2013-08-22 23:50 - 2013-08-22 23:50 - 00276872 _____ C:\Windows\Minidump\Mini082213-01.dmp
2013-08-22 23:50 - 2013-07-04 00:15 - 00000000 ____D C:\Windows\Minidump
2013-08-22 23:50 - 2013-07-04 00:14 - 585904708 _____ C:\Windows\MEMORY.DMP
2013-08-20 17:39 - 2013-08-20 17:39 - 01440846 _____ C:\Users\owner\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-08-20 17:14 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\Msdtc
2013-08-20 17:13 - 2006-11-02 08:33 - 71827456 _____ C:\Windows\system32\config\software_previous
2013-08-20 17:13 - 2006-11-02 08:33 - 56360960 _____ C:\Windows\system32\config\components_previous
2013-08-20 17:13 - 2006-11-02 08:33 - 17825792 _____ C:\Windows\system32\config\system_previous
2013-08-20 17:13 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-08-20 17:13 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-08-20 17:13 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\default_previous
2013-08-20 17:05 - 2013-08-12 21:27 - 00000000 ____D C:\ProgramData\FLEXnet
2013-08-20 17:05 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\spool
2013-08-20 17:05 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\registration
2013-08-19 20:01 - 2013-01-10 11:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-18 13:35 - 2013-01-27 17:26 - 00000000 ____D C:\Users\owner\Documents\Recipe
2013-08-18 09:14 - 2013-08-18 09:14 - 00000913 _____ C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2013-08-13 09:10 - 2013-01-09 13:43 - 00000000 ____D C:\Users\owner\AppData\Roaming\Adobe
2013-08-13 09:09 - 2013-01-09 13:14 - 00000000 ____D C:\Users\owner\AppData\Local\Adobe
2013-08-12 21:26 - 2013-03-16 16:00 - 00000000 ____D C:\Users\owner\Documents\Download Internet
2013-08-12 20:58 - 2013-01-09 13:22 - 00112640 _____ C:\Users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-12 20:44 - 2013-01-09 13:14 - 00000000 ____D C:\ProgramData\Adobe
2013-08-12 20:37 - 2013-03-19 01:09 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-10 00:21 - 2008-05-21 05:02 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-09 08:55 - 2013-08-09 08:55 - 00000000 ____D C:\Windows\nvtmpinst

Files to move or delete:
====================
C:\Users\owner\AppData\Local\Temp\1363853535.exe
C:\Users\owner\AppData\Local\Temp\1579.exe
C:\Users\owner\AppData\Local\Temp\2BF5.exe
C:\Users\owner\AppData\Local\Temp\6A7B.exe
C:\Users\owner\AppData\Local\Temp\6bIk0k.exe
C:\Users\owner\AppData\Local\Temp\6d765e57-3539-4eaa-a378-d1d1e063af98.exe
C:\Users\owner\AppData\Local\Temp\8sB2mWu.exe
C:\Users\owner\AppData\Local\Temp\a60e4713-fefa-497f-a9f0-16630139eaf9.exe
C:\Users\owner\AppData\Local\Temp\bMn0uis.exe
C:\Users\owner\AppData\Local\Temp\DNZEKpk.exe
C:\Users\owner\AppData\Local\Temp\EeNnsE.exe
C:\Users\owner\AppData\Local\Temp\ELt1bI.exe
C:\Users\owner\AppData\Local\Temp\f7JFW1J.exe
C:\Users\owner\AppData\Local\Temp\FFb2ibP.exe
C:\Users\owner\AppData\Local\Temp\fi3cvWW.exe
C:\Users\owner\AppData\Local\Temp\fvMbezg.exe
C:\Users\owner\AppData\Local\Temp\jilcnmpg.exe
C:\Users\owner\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\owner\AppData\Local\Temp\lvK3eq.exe
C:\Users\owner\AppData\Local\Temp\Mddphh.exe
C:\Users\owner\AppData\Local\Temp\nmpgbadk.exe
C:\Users\owner\AppData\Local\Temp\o8bNmvR.exe
C:\Users\owner\AppData\Local\Temp\OygbHXE.exe
C:\Users\owner\AppData\Local\Temp\pMyigT.exe
C:\Users\owner\AppData\Local\Temp\s9fMib.exe
C:\Users\owner\AppData\Local\Temp\somoto-master.exe
C:\Users\owner\AppData\Local\Temp\TAHUw5F.exe
C:\Users\owner\AppData\Local\Temp\UninstManager.dll
C:\Users\owner\AppData\Local\Temp\VuORbSs.exe
C:\Users\owner\AppData\Local\Temp\XTsQ02d.exe
C:\Users\owner\AppData\Local\Temp\youtube-setup.exe
C:\Users\owner\AppData\Local\Temp\Z0TQWz.exe
C:\Users\owner\AppData\Local\Temp\_isB1C1.exe
C:\Windows\Tasks\{A6AE2FA0-ABFC-4B7A-8749-EEC041AABB04}.job

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-07 10:30

==================== End Of Log ============================

Maniac · September 8, 2013

Open Notepad (Start => All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open Notepad and select Paste). Save it on the same directory as FRST.exe and save it as fixlist.txt

HKLM\...\Run: [aunes] - "C:\Users\owner\AppData\Roaming\aunes.dll",BufferError
HKLM\...\Run: [scpscr] - "C:\Users\owner\AppData\Roaming\scpscr.dll",FromCComplex
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [wjpimqnf] -
HKCU\...\Run: [spotify] -
HKCU\...\Run: [aruzext] -
HKCU\...\Run: [tdiijwzq] -
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume1\Users\owner\AppData\Local\Temp\svrrnss\snepmdf\wow.dll ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [] - [x]
C:\Users\owner\AppData\Local\Temp\1363853535.exe
C:\Users\owner\AppData\Local\Temp\1579.exe
C:\Users\owner\AppData\Local\Temp\2BF5.exe
C:\Users\owner\AppData\Local\Temp\6A7B.exe
C:\Users\owner\AppData\Local\Temp\6bIk0k.exe
C:\Users\owner\AppData\Local\Temp\6d765e57-3539-4eaa-a378-d1d1e063af98.exe
C:\Users\owner\AppData\Local\Temp\8sB2mWu.exe
C:\Users\owner\AppData\Local\Temp\a60e4713-fefa-497f-a9f0-16630139eaf9.exe
C:\Users\owner\AppData\Local\Temp\bMn0uis.exe
C:\Users\owner\AppData\Local\Temp\DNZEKpk.exe
C:\Users\owner\AppData\Local\Temp\EeNnsE.exe
C:\Users\owner\AppData\Local\Temp\ELt1bI.exe
C:\Users\owner\AppData\Local\Temp\f7JFW1J.exe
C:\Users\owner\AppData\Local\Temp\FFb2ibP.exe
C:\Users\owner\AppData\Local\Temp\fi3cvWW.exe
C:\Users\owner\AppData\Local\Temp\fvMbezg.exe
C:\Users\owner\AppData\Local\Temp\jilcnmpg.exe
C:\Users\owner\AppData\Local\Temp\lvK3eq.exe
C:\Users\owner\AppData\Local\Temp\Mddphh.exe
C:\Users\owner\AppData\Local\Temp\nmpgbadk.exe
C:\Users\owner\AppData\Local\Temp\o8bNmvR.exe
C:\Users\owner\AppData\Local\Temp\OygbHXE.exe
C:\Users\owner\AppData\Local\Temp\pMyigT.exe
C:\Users\owner\AppData\Local\Temp\s9fMib.exe

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.

Reboot Normally.

ur798 · September 8, 2013

Hi -

Thanks and below is fixlog.txt after done with the FiX (fixlist.txt)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2013 03
Ran by owner at 2013-09-08 18:35:01 Run:1
Running from C:\Users\owner\Desktop\New Folder\Malware folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [aunes] - "C:\Users\owner\AppData\Roaming\aunes.dll",BufferError
HKLM\...\Run: [scpscr] - "C:\Users\owner\AppData\Roaming\scpscr.dll",FromCComplex
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Lavasoft <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Lavasoft <====== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [wjpimqnf] -
HKCU\...\Run: [spotify] -
HKCU\...\Run: [aruzext] -
HKCU\...\Run: [tdiijwzq] -
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume1\Users\owner\AppData\Local\Temp\svrrnss\snepmdf\wow.dll ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [] - [x]
C:\Users\owner\AppData\Local\Temp\1363853535.exe
C:\Users\owner\AppData\Local\Temp\1579.exe
C:\Users\owner\AppData\Local\Temp\2BF5.exe
C:\Users\owner\AppData\Local\Temp\6A7B.exe
C:\Users\owner\AppData\Local\Temp\6bIk0k.exe
C:\Users\owner\AppData\Local\Temp\6d765e57-3539-4eaa-a378-d1d1e063af98.exe
C:\Users\owner\AppData\Local\Temp\8sB2mWu.exe
C:\Users\owner\AppData\Local\Temp\a60e4713-fefa-497f-a9f0-16630139eaf9.exe
C:\Users\owner\AppData\Local\Temp\bMn0uis.exe
C:\Users\owner\AppData\Local\Temp\DNZEKpk.exe
C:\Users\owner\AppData\Local\Temp\EeNnsE.exe
C:\Users\owner\AppData\Local\Temp\ELt1bI.exe
C:\Users\owner\AppData\Local\Temp\f7JFW1J.exe
C:\Users\owner\AppData\Local\Temp\FFb2ibP.exe
C:\Users\owner\AppData\Local\Temp\fi3cvWW.exe
C:\Users\owner\AppData\Local\Temp\fvMbezg.exe
C:\Users\owner\AppData\Local\Temp\jilcnmpg.exe
C:\Users\owner\AppData\Local\Temp\lvK3eq.exe
C:\Users\owner\AppData\Local\Temp\Mddphh.exe
C:\Users\owner\AppData\Local\Temp\nmpgbadk.exe
C:\Users\owner\AppData\Local\Temp\o8bNmvR.exe
C:\Users\owner\AppData\Local\Temp\OygbHXE.exe
C:\Users\owner\AppData\Local\Temp\pMyigT.exe
C:\Users\owner\AppData\Local\Temp\s9fMib.exe

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\aunes => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\scpscr => Value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU\...\Run: [wjpimqnf] - => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU\...\Run: [spotify] - => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU\...\Run: [aruzext] - => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU\...\Run: [tdiijwzq] - => Value not found.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\Users\owner\AppData\Local\Temp\1363853535.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\1579.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\2BF5.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\6A7B.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\6bIk0k.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\6d765e57-3539-4eaa-a378-d1d1e063af98.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\8sB2mWu.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\a60e4713-fefa-497f-a9f0-16630139eaf9.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\bMn0uis.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\DNZEKpk.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\EeNnsE.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\ELt1bI.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\f7JFW1J.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\FFb2ibP.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\fi3cvWW.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\fvMbezg.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\jilcnmpg.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\lvK3eq.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\Mddphh.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\nmpgbadk.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\o8bNmvR.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\OygbHXE.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\pMyigT.exe => Moved successfully.
C:\Users\owner\AppData\Local\Temp\s9fMib.exe => Moved successfully.

==== End of Fixlog ====

Maniac · September 9, 2013

Please generate a new fresh DDS log files.

ur798 · September 9, 2013

2 files are created...

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.25.2
Run by owner at 18:12:44 on 2013-09-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4862.2925 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\WINDOWS\System32\spool\drivers\x64\3\WrtMon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\RAVCpl64.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\Users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Arcadesafari BHO: {adff4c9a-4f49-4a1f-8885-360e107b7938} -
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: PasswordBox Toolbar: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: PasswordBox Toolbar: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - <orphaned>
uRun: [wjpimqnf] <no file>
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [brMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DisplaySwitch] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EFF2CCD9-1B66-41B3-8DB3-9ED980B3D482} : DHCPNameServer = 192.168.1.1
Notify: vxicjor - C:\Users\owner\AppData\Local\vxicjor.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-Run: [DisplaySwitch] <no file>
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
x64-mPolicies-System: ConsentPromptBehaviorUser = dword:3
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-8-29 14456]
R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-8-18 18768]
R1 asdws;asdws;C:\Windows\System32\drivers\asdws.sys [2013-8-18 17232]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-6-13 1236336]
R2 ADBlockerSrv;AD Blocker Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2013-3-16 279368]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-8-18 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2013-8-12 742120]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 346696]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-8-16 67584]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2012-9-12 82872]
R3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2008-5-21 286208]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-9-6 32512]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2013-1-10 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-09-06 09:34:41 78161360 ----a-w- C:\Windows\System32\mrt.exe
2013-09-06 09:21:22 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-09-05 23:56:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-05 23:56:31 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-09-05 23:56:31 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-05 23:56:31 263592 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-09-05 23:56:31 175016 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-09-05 23:56:31 175016 ----a-w- C:\Windows\SysWow64\java.exe
2013-08-29 05:05:37 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-08-07 08:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-25 03:54:29 17830400 ----a-w- C:\Windows\System32\mshtml.dll
2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-25 03:35:45 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-07-25 03:31:23 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-25 03:29:21 237056 ----a-w- C:\Windows\System32\url.dll
2013-07-25 03:29:06 86016 ----a-w- C:\Windows\System32\jsproxy.dll
2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-25 03:28:27 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-07-25 03:28:24 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-07-25 03:28:18 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-07-25 03:27:29 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-25 03:26:53 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-07-25 02:40:07 12334080 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-25 02:30:47 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-07-25 02:26:45 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-25 02:24:39 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-07-25 02:24:24 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-25 02:23:51 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-07-25 02:23:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-07-25 02:23:27 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-07-25 02:22:47 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-25 02:22:04 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-10 12:19:56 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-10 12:19:55 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll
2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-05 04:45:27 1423808 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 13:27:51 20480 ----a-w- C:\Windows\System32\icaapi.dll
2013-06-15 11:38:39 29184 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
.
============= FINISH: 18:14:29.09 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2013 1:05:08 PM
System Uptime: 9/9/2013 5:28:00 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLA
Processor: AMD Phenom 9550 Quad-Core Processor | CPU 1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 320.151 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.302 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 466 GiB total, 288.266 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware Antivirus
AD Blocker
Adobe Acrobat 9 Pro
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
Anvi Smart Defender 1.9.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applet
Arcadesafari
Bonjour
Brother MFL-Pro Suite MFC-490CW
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
CyberLink PowerDirector
DSmobile 600
DSmobileSCAN II
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
Free YouTube to MP3 Downloader version 1.0
Google Chrome
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Demo
HP Picasso Media Center Add-In
HP Update
HPTCSSetup
iCloud
IHA_MessageCenter
iTunes
Java 7 Update 25
Java Auto Updater
Java SE Runtime Environment 6 Update 1
JNLP
LabelPrint
LightScribe System Software 1.12.37.1
LightScribeTemplateLabeler
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Automated Troubleshooting Services Shim
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
muvee autoProducer 6.1
My HP Games
NVIDIA Drivers
PasswordBox
PCIe Soft Data Fax Modem with SmartCP
Power2Go
Presto! PageManager 7.16.80
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Snagit 11
SnagIt 9
Spotify
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb944965)
Verizon Toolbar
Visual Studio 2010 x64 Redistributables
Vz In-Home Agent
Yahoo! Toolbar
.
==== End Of File ===========================

Maniac · September 10, 2013

Step 1

Please uninstall this application: Arcadesafari

Step 2

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 4

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

Junkware Removal Tool log
AdwCleaner log
Malwarebytes' Anti-Malware log

ur798 · September 11, 2013

#1 JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows Vista Home Premium x64
Ran by owner on Tue 09/10/2013 at 17:43:48.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\displayswitch
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\search protection
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2301109152-3522168215-2525550890-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\owner\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/10/2013 at 18:18:54.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#2 AdwCleaner [s2].txt

# AdwCleaner v3.003 - Report created 10/09/2013 at 19:03:59
# Updated 07/09/2013 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)
# Username : owner - OWNER-PC
# Running from : C:\Users\owner\Desktop\New Folder\Malware folder\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8116 octets] - [05/09/2013 21:34:09]
AdwCleaner[R1].txt - [1073 octets] - [09/09/2013 09:24:01]
AdwCleaner[R2].txt - [1034 octets] - [10/09/2013 19:02:48]
AdwCleaner[s0].txt - [7546 octets] - [05/09/2013 21:37:28]
AdwCleaner[s1].txt - [1160 octets] - [09/09/2013 09:35:48]
AdwCleaner[s2].txt - [957 octets] - [10/09/2013 19:03:59]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1016 octets] ##########

#3 mbam-log-2013-09-10

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.10.12

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
owner :: OWNER-PC [administrator]

9/10/2013 7:48:48 PM
mbam-log-2013-09-10 (19-48-48).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ur798 · September 11, 2013

The Malwarebytes was very slow. It took 44 minutes for a 'quick' scan. Usually is 15 mins or so. It really quickens when I brought up task manager and monitor the performance and then all of a sudden the speed is back to normal and finished the scan.

Maniac · September 11, 2013

Thanks for letting me know!

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please copy/paste the contents or attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

ur798 · September 12, 2013

Combofix.txt

ComboFix 13-09-10.03 - owner 09/11/2013 20:50:08.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4862.3400 [GMT -4:00]
Running from: c:\users\owner\Desktop\New Folder\Malware folder\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\owner\AppData\Local\assembly\tmp
c:\users\owner\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\owner\AppData\Roaming\17b69110-8679-4434-9609-34594275da03
c:\windows\PFRO.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-12 to 2013-09-12 )))))))))))))))))))))))))))))))
.
.
2013-09-12 01:02 . 2013-09-12 01:02 -------- d-----w- c:\users\owner\AppData\Local\temp
2013-09-12 01:02 . 2013-09-12 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-10 23:46 . 2013-09-10 23:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-10 23:46 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-10 23:05 . 2013-09-10 23:05 -------- d-----w- c:\users\owner\AppData\Local\adawarebp
2013-09-10 22:57 . 2013-09-10 22:57 -------- d-----w- c:\program files\iPod
2013-09-10 22:57 . 2013-09-10 22:58 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-10 22:57 . 2013-09-10 22:58 -------- d-----w- c:\program files\iTunes
2013-09-10 22:57 . 2013-09-10 22:58 -------- d-----w- c:\program files (x86)\iTunes
2013-09-10 21:43 . 2013-09-10 21:43 -------- d-----w- c:\windows\ERUNT
2013-09-06 09:29 . 2013-07-25 03:37 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-09-06 09:25 . 2013-09-06 09:25 -------- d-----w- c:\users\owner\AppData\Local\Brother
2013-09-06 09:21 . 2013-09-06 09:21 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-09-06 05:26 . 2013-09-06 05:26 -------- d-----w- c:\program files (x86)\ESET
2013-09-06 05:04 . 2013-09-06 05:16 -------- d-----w- c:\programdata\HitmanPro
2013-09-06 01:33 . 2013-09-10 23:04 -------- d-----w- C:\AdwCleaner
2013-09-06 01:28 . 2013-08-20 04:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11AF250B-F612-4700-8401-2EE2D3FC2534}\mpengine.dll
2013-09-05 23:56 . 2013-09-05 23:56 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-05 23:53 . 2013-07-08 04:16 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-09-05 23:53 . 2013-07-08 04:16 992768 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-09-05 23:53 . 2013-07-08 04:12 1276416 ----a-w- c:\windows\system32\crypt32.dll
2013-09-05 23:53 . 2013-07-08 04:20 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-09-05 23:53 . 2013-07-08 04:16 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-09-05 23:53 . 2013-07-08 04:15 218624 ----a-w- c:\windows\system32\wintrust.dll
2013-09-05 23:53 . 2013-07-08 04:12 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2013-09-05 23:53 . 2013-07-08 04:12 132096 ----a-w- c:\windows\system32\cryptnet.dll
2013-09-05 23:53 . 2013-07-17 20:01 2048 ----a-w- c:\windows\system32\tzres.dll
2013-09-05 23:53 . 2013-07-17 19:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-09-05 21:41 . 2013-09-05 21:55 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-05 18:39 . 2013-09-05 18:39 -------- d-----w- C:\FRST
2013-09-02 22:59 . 2013-09-05 03:35 -------- d-----w- c:\users\owner\AppData\Local\17b69110-8679-4434-9609-34594275da03ad
2013-09-01 10:27 . 2009-08-20 03:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2013-08-29 12:01 . 2013-04-11 15:06 39504 ----a-w- c:\windows\system32\drivers\gfiark.sys
2013-08-29 05:36 . 2013-08-29 06:01 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-08-29 05:34 . 2013-08-29 05:34 -------- d-----w- c:\users\owner\AppData\Roaming\LavasoftStatistics
2013-08-29 05:11 . 2013-09-11 23:57 -------- d-----w- c:\program files (x86)\PasswordBox
2013-08-29 05:07 . 2013-08-29 05:07 -------- d-----w- c:\programdata\Lavasoft
2013-08-29 05:07 . 2013-08-29 12:01 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-08-29 05:06 . 2013-08-29 05:06 -------- d-----w- c:\programdata\Downloaded Installations
2013-08-29 05:06 . 2013-08-29 05:06 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-08-29 05:06 . 2013-08-29 05:06 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-08-29 05:06 . 2013-08-29 05:06 -------- d-----w- c:\program files (x86)\Lavasoft
2013-08-29 05:05 . 2013-08-29 05:05 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-08-29 05:05 . 2012-09-20 09:40 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-08-29 05:05 . 2013-09-02 03:22 -------- d-----w- c:\users\owner\AppData\Roaming\Ad-Aware Antivirus
2013-08-29 04:24 . 2009-08-20 03:50 52568 ----a-w- c:\windows\system32\AdobePDF.dll
2013-08-26 21:11 . 2013-08-26 21:11 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-08-18 13:14 . 2012-11-07 07:16 17232 ----a-w- c:\windows\system32\drivers\asdws.sys
2013-08-18 13:14 . 2012-11-07 07:16 23376 ----a-w- c:\windows\system32\drivers\asdrs.sys
2013-08-18 13:14 . 2012-11-07 07:16 18768 ----a-w- c:\windows\system32\drivers\asdrm.sys
2013-08-13 01:27 . 2013-08-20 21:05 -------- d-----w- c:\programdata\FLEXnet
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-10 21:52 . 2013-01-20 18:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-10 21:52 . 2013-01-20 18:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-06 09:34 . 2006-11-02 12:35 78161360 ----a-w- c:\windows\system32\mrt.exe
2013-09-05 23:56 . 2013-01-09 17:49 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-09-05 23:56 . 2013-01-09 17:49 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-08-07 08:22 . 2013-01-09 17:34 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-07-08 04:16 . 2013-09-05 23:54 43008 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-16 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2013-5-29 9479536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 ADBlockerSrv;AD Blocker Service;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe;c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 03:37 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-20 21:52]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 05:10]
.
2013-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 05:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2007-07-18 20480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-16 15843360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-16 82464]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-04-28 315936]
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: verizon.net\activate
Trusted Zone: verizon.net\activatemydsl
Trusted Zone: verizon.net\activatemyfios
Trusted Zone: verizon.net\activatemyhsi
Trusted Zone: verizon.net\activatemywifi
Trusted Zone: verizon.net\wbadownload
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-wjpimqnf - (no file)
Wow6432Node-HKCU-Run-Spotify - (no file)
Wow6432Node-HKCU-Run-aruzext - (no file)
Wow6432Node-HKCU-Run-tdiijwzq - (no file)
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
Wow6432Node-HKLM-Run-GameServer33 - c:\users\owner\AppData\Roaming\InstallShield\WIN65B.exe
Notify-vxicjor - c:\users\owner\AppData\Local\vxicjor.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-DisplaySwitch - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-Coupon Printer for Windows5.0.0.3 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-verizontb - c:\program files (x86)\verizontb\uninstall.exe
AddRemove-{A6C3D5F0-3C6C-46BF-A8D0-06EE92E02E9E}_is1 - c:\program files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\unins000.exe
AddRemove-Applet - c:\windows\system32\javaws.exe
AddRemove-JNLP - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-09-11 21:06:31
ComboFix-quarantined-files.txt 2013-09-12 01:06
.
Pre-Run: 346,962,513,920 bytes free
Post-Run: 347,581,763,584 bytes free
.
- - End Of File - - 1A277B44FD116BFAF5D251809B26C9C0
03BA8F890B47C0BE359A4D5A636D214D

Maniac · September 12, 2013

Please scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
  Save it to your Desktop.
- Double click on the to download the ESET Smart Installer. icon on your Desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under Scan Settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

ur798 · September 13, 2013

The download button is 'blue' color. After scanned, it said, "No threat found" and I don't see the 'list threats'.

Maniac · September 13, 2013

Much better.

How are things now?

ur798 · September 14, 2013

Yes, much better and everything seems back to normal.

What kind of security software(s) do you suggest that I should keep in the computer for top guard?

Maniac · September 14, 2013

Awesome!

Take a look at my last step.

Step 1

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 2

Double click on AdwCleaner.exe to run the tool.
Click on Uninstall
Confirm with Yes

Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

AdvancedSetup · September 18, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Cannot start mbam.exe, blocked by group policy

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information