Hi, you have more user_accounts, therefore mawlare is active there as well.


FRST’s FixList


1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Start (Microsoft Corporation) C:\Windows\System32\wscript.exe C:\Program Files\IB Updater C:\Users\ASTOSM~1\AppData\Local\Temp\roof.vbs HKU\S-1-5-21-56981888-196162964-2650871854-1000\...\Run: [roof] - wscript.exe //B "C:\Users\ASTOSM~1\AppData\Local\Temp\roof.vbs" <===== ATTENTION HKU\S-1-5-21-56981888-196162964-2650871854-1000\...\MountPoints2: {64eab9b6-5e58-11e3-a3d4-7845c40e50ca} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-56981888-196162964-2650871854-1000\...\MountPoints2: {64eab9b7-5e58-11e3-a3d4-7845c40e50ca} - G:\TL-Bootstrap.exe HKU\S-1-5-21-56981888-196162964-2650871854-1000\...\MountPoints2: {9a3b58a5-c998-11e2-82eb-7845c40e50ca} - F:\LaunchU3.exe -a HKU\S-1-5-21-56981888-196162964-2650871854-1000\...\MountPoints2: {b91fa839-7e32-11e2-9e49-7845c40e50ca} - F:\HPLauncher.exe HKU\S-1-5-21-56981888-196162964-2650871854-1000\...\MountPoints2: {cb27cd91-d6d4-11e2-8f12-7845c40e50ca} - F:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-56981888-196162964-2650871854-1000\...\MountPoints2: {fff6308f-1b9a-11e3-9a60-7845c40e50ca} - F:\Handset_USB_Driver.exe SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=c86387f9-37ff-131d-da67-c1f4e9428428&searchtype=ds&q={searchTerms}&installDate=18/10/2013 SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=GB&userid=c86387f9-37ff-131d-da67-c1f4e9428428&searchtype=ds&q={searchTerms}&installDate=18/10/2013 SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6PQR03IkR6&loc=skw&search={searchTerms} Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2013-09-10] CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2013-09-10] U3 aswMBR; \??\C:\Users\ASTOSM~1\AppData\Local\Temp\aswMBR.sys [X] AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 CMD: DEL %TEMP%\*.* /F /S /Q End

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.


FRST’s Scan


Re-run FRST, just hit the Scan button and post me fresh FRST.txt logreport.