BladeRunnerHF

Members
  • Content Count

    10
  • Joined

  • Last visited

Community Reputation

0 Neutral

About BladeRunnerHF

  • Rank
    Member
  1. Dumb questions but where would I find the product key. And do I reinstall by going to Lavasoft's website and just downloading the program by entering the product key (once I have it already first)?
  2. Hey Cecilia, This is not a stubborn virus question (!) but since I removed the Trojan virus, Windows has suddenly decided to upgrade from 8 to 8.1 WITHOUT needing my OK to proceed. In the past, they would ask if I wanted to upgrade and I always clicked "no". So last night, it just annouced it was going to upgrade in 15 minutes time. So fine. But now, it has turned off most of AdAware's functions and I can't turn it back on!!! I have pro security and the only function that is "o"n is REal Time Protection. Web protection, Email Protection, Network Protection are all in the off position and I can't change it back to "on"!!!
  3. Nope, after it ran the scan, TDSSKiller definitely did not create a report on the desktop. For that matter, I don't recall RogueKiller did either but after I opened the report, I was able to right-click on it and save it to the desktop. But with TDSSKiller, after I opened the report, right-clicking on it did nothing at all. So I couldn't save it or paste it onto the post here. I tried looking for the report in the folder where the program is, and I can't find the program!!! I looked everywhere in my program files and C drive and while I see FRST, I see neither TDSSKiller nor for that matter, RogueKiller! Anyway, I am going to run a full scan tomorrow just to be 100% certain. It takes about 2.5 hours. Thanks for all your help, Cecilia! I hope I don't have to bother you again!
  4. I just did a quick scan and Trojan.Powerliks.E did NOT show up! It had been showing up in all my previous quick scans the past 4-5 days. btw, to answer your first question above, the RKReport is included in my reply (post #5) together with the Fixlog.txt. It is the TDSSKiller log which I could not find in my C folder or on the desktop.
  5. Yes, I have the same issue with the downloading of documents / files setting being disabled each time I restart the computer or even re-connect to the Internet.
  6. Hey Cecilia, So I ran TDSSKiller. For some reason, I could not find a copy of the log in the C folder. I was able to open the report in the TDSSKiller Scan window but it would not allow me to copy it! Anyway, the results of the scan was "no objects found".
  7. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01 Ran by JimmyWongScript at 2014-10-31 15:45:32 Run:1 Running from C:\Users\JimmyWongScript\Desktop Loaded Profile: JimmyWongScript (Available profiles: JimmyWongScript) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-3605031373-3970412839-3411051381-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! S4 0271281369156683mcinstcleanup; C:\Users\JIMMYW~1\AppData\Local\Temp\027128~1.EXE -cleanup -nolog [X] S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-21] (GFI Software) CustomCLSID: HKU\S-1-5-21-3605031373-3970412839-3411051381-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? Reboot: ***************** "HKU\S-1-5-21-3605031373-3970412839-3411051381-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully. "HKU\S-1-5-21-3605031373-3970412839-3411051381-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully. 0271281369156683mcinstcleanup => Service deleted successfully. gfiark => Service deleted successfully. gfibto => Unable to stop service gfibto => Service deleted successfully. "HKU\S-1-5-21-3605031373-3970412839-3411051381-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found. The system needed a reboot. ==== End of Fixlog ==== RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : JimmyWongScript [Administrator] Mode : Scan -- Date : 10/31/2014 16:36:48 ¤¤¤ Processes : 1 ¤¤¤ [suspicious.Path] SearchProtection.exe -- C:\ProgramData\Search Protection\SearchProtection.exe[7] -> Killed [TermProc] ¤¤¤ Registry : 10 ¤¤¤ [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c} -> Found [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c} -> Found [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c} -> Found [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Search Protection : C:\ProgramData\Search Protection\SearchProtection.exe -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3605031373-3970412839-3411051381-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com/ -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3605031373-3970412839-3411051381-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com/ -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 251 (Driver: Loaded) ¤¤¤ [iAT:Addr] (explorer.exe @ KERNELBASE.dll) ext-ms-win-gpapi-grouppolicy-l1-1-0.dll - RegisterGPNotificationInternalWorker : C:\windows\SYSTEM32\gpapi.dll @ 0x7ff9ef314a0 [iAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\windows\SYSTEM32\clbcatq.dll @ 0x7ffa2681e40 [iAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\windows\SYSTEM32\clbcatq.dll @ 0x7ffa2681b70 [iAT:Addr] (explorer.exe @ wkscli.dll) ext-ms-win-domainjoin-netjoin-l1-1-0.dll - NetpGetJoinInformation : C:\windows\SYSTEM32\netjoin.dll @ 0x7ff9f6a10e0 [iAT:Addr] (iexplore.exe @ KERNELBASE.dll) ext-ms-win-gpapi-grouppolicy-l1-1-0.dll - RegisterGPNotificationInternalWorker : C:\windows\SYSTEM32\gpapi.dll @ 0x7ff9ef314a0 [iAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\windows\SYSTEM32\clbcatq.dll @ 0x7ffa2681e40 [iAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\windows\SYSTEM32\clbcatq.dll @ 0x7ffa2681b70 [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSuspendThread : Unknown @ 0x728c1f19 (jmp 0xfffffffffb082ab9) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSetContextThread : Unknown @ 0x728c1b89 (jmp 0xfffffffffb082a09) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSetInformationProcess : Unknown @ 0x728c29c9 (jmp 0xfffffffffb084cf9) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x728c2af9 (jmp 0xfffffffffb083799) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) KERNELBASE.dll - CreateProcessInternalW : Unknown @ 0x728c1a59 (jmp 0xfffffffffc92e032) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetInformationProcess : Unknown @ 0x728c29c9 (jmp 0xfffffffffb084cf9) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x728c2af9 (jmp 0xfffffffffb083799) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9) [iAT:Addr] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x15c0000 [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x728c1c21 (jmp 0xfffffffffb083eb1) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x728c1af1 (jmp 0xfffffffffb083c41) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x728c2769 (jmp 0xfffffffffb0af872) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x728c17f9 (jmp 0xfffffffffb0831d9) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x728c1f19 (jmp 0xfffffffffb082ab9) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x728c1b89 (jmp 0xfffffffffb082a09) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59) [iAT:Addr] (iexplore.exe @ KERNELBASE.dll) ext-ms-win-gpapi-grouppolicy-l1-1-0.dll - RegisterGPNotificationInternalWorker : C:\windows\SysWOW64\gpapi.dll @ 0x6741dac [iAT:Inl] (iexplore.exe @ avcuf32.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b) [iAT:Inl] (iexplore.exe @ apphelp.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9) [iAT:Inl] (iexplore.exe @ apphelp.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ apphelp.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771) [iAT:Inl] (iexplore.exe @ apphelp.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b) [iAT:Inl] (iexplore.exe @ iertutil.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b) [iAT:Inl] (iexplore.exe @ iertutil.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ user32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x728c2d59 (jmp 0xfffffffffb0837d9) [iAT:Inl] (iexplore.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x728c2d59 (jmp 0xfffffffffb0837d9) [iAT:Inl] (iexplore.exe @ GDI32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9) [iAT:Inl] (iexplore.exe @ GDI32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771) [iAT:Inl] (iexplore.exe @ IMM32.DLL) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ IMM32.DLL) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ MSCTF.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5) [iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549) [iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ shcore.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ combase.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ combase.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81) [iAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\windows\SysWOW64\clbcatq.dll @ 0x75d72622 [iAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\windows\SysWOW64\clbcatq.dll @ 0x75d71f51 [iAT:Inl] (iexplore.exe @ SspiCli.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81) [iAT:Inl] (iexplore.exe @ sechost.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59) [iAT:Inl] (iexplore.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ bcryptPrimitives.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ IEFRAME.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b) [iAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ ole32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771) [iAT:Inl] (iexplore.exe @ ole32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5) [iAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549) [iAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ SHELL32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x728c2af9 (jmp 0xfffffffffb083799) [iAT:Inl] (iexplore.exe @ ADVAPI32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ comdlg32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ uxtheme.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ adawarebp.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x728c2cc1 (jmp 0xfffffffffb2ffd6e) [iAT:Inl] (iexplore.exe @ Secur32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9) [iAT:Inl] (iexplore.exe @ Secur32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771) [iAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ WS2_32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x728c2a61 (jmp 0xfffffffffb084051) [iAT:Inl] (iexplore.exe @ NSI.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ NSI.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ CRYPTSP.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ rsaenh.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ rsaenh.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ mswsock.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59) [iAT:Inl] (iexplore.exe @ mswsock.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ mswsock.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x728c2a61 (jmp 0xfffffffffb084051) [iAT:Inl] (iexplore.exe @ dwmapi.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9) [iAT:Inl] (iexplore.exe @ dwmapi.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771) [iAT:Inl] (iexplore.exe @ dwmapi.dll) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549) [iAT:Inl] (iexplore.exe @ IPHLPAPI.DLL) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ MSHTML.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b) [iAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5) [iAT:Inl] (iexplore.exe @ DNSAPI.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ dxgi.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ rasadhlp.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ schannel.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81) [iAT:Inl] (iexplore.exe @ SkypeIEPlugin.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ ncrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ ncryptsslp.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ ninput.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ OLEACC.DLL) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ OLEACC.DLL) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ Flash.ocx) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ Flash.ocx) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ Flash.ocx) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5) [iAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ DINPUT8.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ UIAutomationCore.DLL) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ UIAutomationCore.DLL) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ UIAutomationCore.DLL) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549) [iAT:Inl] (iexplore.exe @ cfgmgr32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ msxml3.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ NLAapi.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59) [iAT:Inl] (iexplore.exe @ T2EMBED.DLL) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ ntmarta.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ ntmarta.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x728c1c21 (jmp 0xfffffffffb083eb1) [iAT:Inl] (iexplore.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ ksuser.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ twinapi.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ twinapi.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSuspendThread : Unknown @ 0x728c1f19 (jmp 0xfffffffffb082ab9) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSetContextThread : Unknown @ 0x728c1b89 (jmp 0xfffffffffb082a09) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSetInformationProcess : Unknown @ 0x728c29c9 (jmp 0xfffffffffb084cf9) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x728c2af9 (jmp 0xfffffffffb083799) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ KERNEL32.DLL) KERNELBASE.dll - CreateProcessInternalW : Unknown @ 0x728c1a59 (jmp 0xfffffffffc92e032) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetInformationProcess : Unknown @ 0x728c29c9 (jmp 0xfffffffffb084cf9) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x728c2af9 (jmp 0xfffffffffb083799) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9) [iAT:Addr] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x1340000 [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x728c1c21 (jmp 0xfffffffffb083eb1) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x728c1af1 (jmp 0xfffffffffb083c41) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x728c2769 (jmp 0xfffffffffb0af872) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x728c17f9 (jmp 0xfffffffffb0831d9) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x728c1f19 (jmp 0xfffffffffb082ab9) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x728c1b89 (jmp 0xfffffffffb082a09) [iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59) [iAT:Addr] (iexplore.exe @ KERNELBASE.dll) ext-ms-win-gpapi-grouppolicy-l1-1-0.dll - RegisterGPNotificationInternalWorker : C:\windows\SysWOW64\gpapi.dll @ 0xc0a1dac [iAT:Inl] (iexplore.exe @ avcuf32.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b) [iAT:Inl] (iexplore.exe @ apphelp.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9) [iAT:Inl] (iexplore.exe @ apphelp.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ apphelp.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771) [iAT:Inl] (iexplore.exe @ apphelp.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b) [iAT:Inl] (iexplore.exe @ iertutil.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b) [iAT:Inl] (iexplore.exe @ iertutil.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ user32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x728c2d59 (jmp 0xfffffffffb0837d9) [iAT:Inl] (iexplore.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x728c2d59 (jmp 0xfffffffffb0837d9) [iAT:Inl] (iexplore.exe @ GDI32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9) [iAT:Inl] (iexplore.exe @ GDI32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771) [iAT:Inl] (iexplore.exe @ IMM32.DLL) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ IMM32.DLL) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ MSCTF.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5) [iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549) [iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ shcore.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ combase.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ combase.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81) [iAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\windows\SysWOW64\clbcatq.dll @ 0x75d72622 [iAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\windows\SysWOW64\clbcatq.dll @ 0x75d71f51 [iAT:Inl] (iexplore.exe @ SspiCli.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81) [iAT:Inl] (iexplore.exe @ sechost.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59) [iAT:Inl] (iexplore.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ bcryptPrimitives.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ IEFRAME.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b) [iAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ ole32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771) [iAT:Inl] (iexplore.exe @ ole32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5) [iAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549) [iAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ SHELL32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x728c2af9 (jmp 0xfffffffffb083799) [iAT:Inl] (iexplore.exe @ ADVAPI32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ comdlg32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ uxtheme.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ adawarebp.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x728c2cc1 (jmp 0xfffffffffb2ffd6e) [iAT:Inl] (iexplore.exe @ Secur32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9) [iAT:Inl] (iexplore.exe @ Secur32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771) [iAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ WS2_32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x728c2a61 (jmp 0xfffffffffb084051) [iAT:Inl] (iexplore.exe @ NSI.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ NSI.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ mswsock.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59) [iAT:Inl] (iexplore.exe @ mswsock.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ mswsock.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x728c2a61 (jmp 0xfffffffffb084051) [iAT:Inl] (iexplore.exe @ CRYPTSP.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ dwmapi.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9) [iAT:Inl] (iexplore.exe @ dwmapi.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771) [iAT:Inl] (iexplore.exe @ dwmapi.dll) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549) [iAT:Inl] (iexplore.exe @ rsaenh.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ rsaenh.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ IPHLPAPI.DLL) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ MSHTML.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b) [iAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ dxgi.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ DNSAPI.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ SkypeIEPlugin.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5) [iAT:Inl] (iexplore.exe @ ninput.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ uiautomationcore.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ uiautomationcore.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ uiautomationcore.dll) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549) [iAT:Inl] (iexplore.exe @ rasadhlp.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5) [iAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) [iAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593) [iAT:Inl] (iexplore.exe @ cfgmgr32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31) [iAT:Inl] (iexplore.exe @ NLAapi.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59) [iAT:Inl] (iexplore.exe @ schannel.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81) [iAT:Inl] (iexplore.exe @ ncrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ ncryptsslp.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61) [iAT:Inl] (iexplore.exe @ OLEACC.DLL) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f) [iAT:Inl] (iexplore.exe @ OLEACC.DLL) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD3200LPVT-75G33T0 +++++ --- User --- [MBR] b634dedba9a1db59aa440503c424c080 [bSP] bb94eaade9b98d465b34baf1ed21fc19 : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB User = LL1 ... OK User = LL2 ... OK Posting this now before I restart the computer and run TDSSKIller. btw, FYI...not sure if this matters...when I started FRST, there was an, "Application Error" pop-up with the message "Exception EAccessViolation in module ERUNT.exe at 0003A62. Access violation at address 00403A62 in module 'ERUNT.exe'. Read of address 0069005C." I just clicked OK and everything seem to run fine and went according to your instructions. There was an Application Error pop-up too the very first time I started FRST.
  8. Here ya go! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01 Ran by JimmyWongScript (administrator) on BEDROOM-PC on 31-10-2014 12:16:07 Running from C:\Users\JimmyWongScript\Downloads Loaded Profile: JimmyWongScript (Available profiles: JimmyWongScript) Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe (Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe (Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) C:\ProgramData\Search Protection\SearchProtection.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.) HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] () HKLM\...\Run: [btTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros) HKLM\...\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-07-31] (Qualcomm Atheros Commnucations) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] () HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft) HKLM-x32\...\Run: [search Protection] => C:\ProgramData\Search Protection\SearchProtection.exe [949512 2014-02-17] (Lavasoft) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3605031373-3970412839-3411051381-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-3605031373-3970412839-3411051381-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd) HKU\S-1-5-21-3605031373-3970412839-3411051381-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! Startup: C:\Users\JimmyWongScript\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com SearchScopes: HKLM - DefaultScope {4879D9FA-7A7B-4BA9-B93A-0E753A22A0C3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS SearchScopes: HKLM - {4879D9FA-7A7B-4BA9-B93A-0E753A22A0C3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS SearchScopes: HKLM-x32 - DefaultScope {4879D9FA-7A7B-4BA9-B93A-0E753A22A0C3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS SearchScopes: HKLM-x32 - {4879D9FA-7A7B-4BA9-B93A-0E753A22A0C3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-06-06&gen=cnet&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-06-06&gen=cnet&hsimp=yhs-lavasoft&ent=ch&q={searchTerms} SearchScopes: HKCU - {4879D9FA-7A7B-4BA9-B93A-0E753A22A0C3} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll () BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll () BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll () Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM-x32 - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll () Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254 FireFox: ======== FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK FF Extension: No Name - C:\Program Files\McAfee\MSK [2013-01-14] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-06] (Andrea Electronics Corporation) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed] R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft) [File not signed] S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation) R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] () S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros) [File not signed] S4 0271281369156683mcinstcleanup; C:\Users\JIMMYW~1\AppData\Local\Temp\027128~1.EXE -cleanup -nolog [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-08-21] (BitDefender) R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2014-08-21] (BitDefender) R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-08-21] (BitDefender) R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2014-04-22] (BitDefender LLC) R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2014-04-22] (BitDefender LLC) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation) R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-06] (Cirrus Logic) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-21] (GFI Software) R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-04-22] (BitDefender LLC) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-04-01] (Duplex Secure Ltd.) R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-31 12:16 - 2014-10-31 12:16 - 00017739 _____ () C:\Users\JimmyWongScript\Downloads\FRST.txt 2014-10-31 12:15 - 2014-10-31 12:16 - 00000000 ____D () C:\FRST 2014-10-31 12:04 - 2014-10-31 12:04 - 02113536 _____ (Farbar) C:\Users\JimmyWongScript\Downloads\FRST64.exe 2014-10-31 11:41 - 2014-10-31 11:41 - 00000000 ___RD () C:\Users\JimmyWongScript\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-10-29 14:37 - 2014-10-29 14:37 - 00001606 _____ () C:\Users\JimmyWongScript\Documents\Ad-Aware_Report_Quick_Manual_2014-10-29T14-35-32.146043.xml 2014-10-28 19:43 - 2014-10-28 19:43 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense 2014-10-28 15:48 - 2014-10-21 23:34 - 00010777 _____ () C:\windows\system32\AutoconfigV2.cab 2014-10-28 15:48 - 2014-10-21 23:33 - 00581016 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe 2014-10-28 15:48 - 2014-10-21 23:33 - 00462760 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe 2014-10-28 15:48 - 2014-10-21 21:08 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll 2014-10-28 15:48 - 2014-10-21 21:08 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-10-28 15:48 - 2014-10-21 21:01 - 00695808 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll 2014-10-28 15:48 - 2014-10-21 21:01 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll 2014-10-28 15:48 - 2014-10-21 21:01 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-10-28 15:48 - 2014-10-21 21:00 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll 2014-10-28 15:43 - 2014-10-31 12:00 - 00233387 _____ () C:\windows\WindowsUpdate.log 2014-10-28 15:04 - 2014-10-28 15:04 - 00002792 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC 2014-10-28 15:04 - 2014-10-28 15:04 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-10-28 15:04 - 2014-10-28 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-10-28 15:04 - 2014-10-28 15:04 - 00000000 ____D () C:\Program Files\CCleaner 2014-10-26 22:37 - 2014-10-26 22:37 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf 2014-10-25 14:57 - 2014-10-26 22:38 - 00002307 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2014-10-25 14:57 - 2014-10-25 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2014-10-25 14:56 - 2014-10-25 14:56 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-10-24 16:12 - 2014-10-24 17:19 - 00000000 ____D () C:\Users\JimmyWongScript\Documents\Environmental Bank 2014-10-24 16:01 - 2014-10-25 01:29 - 00047628 _____ () C:\windows\diagwrn.xml 2014-10-24 16:01 - 2014-10-25 01:29 - 00047628 _____ () C:\windows\diagerr.xml 2014-10-23 02:44 - 2014-10-23 02:44 - 00439288 _____ () C:\windows\system32\FNTCACHE.DAT 2014-10-19 17:22 - 2014-09-29 18:49 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-10-19 17:22 - 2014-09-29 18:49 - 00104904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-16 15:57 - 2014-10-16 15:58 - 00000000 ____D () C:\Users\JimmyWongScript\Documents\Naturally Plus 2014-10-15 16:40 - 2014-07-12 00:41 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL 2014-10-15 16:40 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL 2014-10-15 16:40 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL 2014-10-15 16:40 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL 2014-10-15 16:40 - 2014-07-12 00:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL 2014-10-15 16:40 - 2014-07-12 00:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL 2014-10-15 16:40 - 2014-07-12 00:16 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL 2014-10-15 16:40 - 2014-07-12 00:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL 2014-10-15 16:40 - 2014-07-12 00:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL 2014-10-15 16:40 - 2014-07-12 00:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL 2014-10-15 16:40 - 2014-07-12 00:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL 2014-10-15 16:40 - 2014-07-12 00:15 - 00006144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL 2014-10-15 16:40 - 2014-07-11 20:02 - 00478352 _____ () C:\windows\SysWOW64\locale.nls 2014-10-15 16:40 - 2014-07-11 20:00 - 00478352 _____ () C:\windows\system32\locale.nls 2014-10-15 16:40 - 2014-07-08 18:33 - 00181248 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe 2014-10-15 16:40 - 2014-07-08 18:32 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll 2014-10-15 16:40 - 2014-07-08 18:32 - 00340480 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll 2014-10-15 16:40 - 2014-07-08 18:30 - 01220608 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll 2014-10-15 16:40 - 2014-07-07 01:52 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll 2014-10-15 16:40 - 2014-07-07 01:52 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll 2014-10-15 16:40 - 2014-07-04 06:52 - 00328000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys 2014-10-15 16:40 - 2014-07-02 21:59 - 01824784 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2014-10-15 16:40 - 2014-07-02 20:30 - 01408952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2014-10-15 16:40 - 2014-06-28 03:01 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll 2014-10-15 16:40 - 2014-06-28 02:57 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2014-10-15 16:40 - 2014-06-28 02:56 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll 2014-10-15 16:40 - 2014-06-25 03:09 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll 2014-10-15 16:40 - 2014-06-25 03:07 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll 2014-10-15 16:40 - 2014-06-17 19:27 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll 2014-10-15 16:40 - 2014-06-17 19:23 - 02238464 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2014-10-15 16:40 - 2014-06-11 10:47 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2014-10-15 16:40 - 2014-06-11 00:40 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2014-10-15 16:40 - 2014-06-10 18:44 - 01403896 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2014-10-15 16:40 - 2014-05-29 19:31 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2014-10-15 16:40 - 2014-05-29 19:03 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2014-10-15 16:40 - 2014-02-04 06:57 - 01271664 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2014-10-15 16:39 - 2014-09-20 01:17 - 02236928 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-10-15 16:39 - 2014-09-20 01:17 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-10-15 16:39 - 2014-09-20 01:16 - 19280896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-10-15 16:39 - 2014-09-20 01:16 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-10-15 16:39 - 2014-09-20 01:16 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-10-15 16:39 - 2014-09-20 01:16 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-10-15 16:39 - 2014-09-19 23:57 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-10-15 16:39 - 2014-09-19 23:57 - 13757952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-10-15 16:39 - 2014-09-19 23:57 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-10-15 16:39 - 2014-09-19 23:57 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-10-15 16:39 - 2014-09-19 23:57 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-10-15 16:39 - 2014-09-13 01:29 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\packager.dll 2014-10-15 16:39 - 2014-09-13 00:02 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll 2014-10-15 16:39 - 2014-07-07 01:53 - 01125376 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-10-15 16:39 - 2014-07-07 01:52 - 03248128 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll 2014-10-15 16:39 - 2014-07-07 01:52 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2014-10-15 16:39 - 2014-07-07 01:52 - 00300544 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2014-10-15 16:39 - 2014-07-07 01:51 - 05982208 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-10-15 16:39 - 2014-07-07 00:01 - 01049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe 2014-10-15 16:39 - 2014-07-07 00:01 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll 2014-10-15 16:39 - 2014-07-07 00:00 - 05095424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2014-10-15 16:39 - 2014-07-06 23:59 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll 2014-10-15 16:38 - 2014-10-10 00:47 - 00693248 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-10-15 16:38 - 2014-10-10 00:47 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2014-10-15 16:38 - 2014-10-08 00:26 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-10-15 16:38 - 2014-09-28 00:18 - 04068352 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-10-15 16:38 - 2014-09-20 01:18 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-10-15 16:38 - 2014-09-20 01:17 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll 2014-10-15 16:38 - 2014-09-20 01:17 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll 2014-10-15 16:38 - 2014-09-20 01:16 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-10-15 16:38 - 2014-09-20 01:16 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2014-10-15 16:38 - 2014-09-20 01:16 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-10-15 16:38 - 2014-09-20 01:16 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-10-15 16:38 - 2014-09-20 01:16 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2014-10-15 16:38 - 2014-09-20 01:16 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-10-15 16:38 - 2014-09-20 01:16 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-10-15 16:38 - 2014-09-20 01:16 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-10-15 16:38 - 2014-09-20 01:16 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-10-15 16:38 - 2014-09-20 01:15 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-10-15 16:38 - 2014-09-20 01:15 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-10-15 16:38 - 2014-09-20 01:15 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-10-15 16:38 - 2014-09-19 23:57 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-10-15 16:38 - 2014-09-19 23:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2014-10-15 16:38 - 2014-09-19 23:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-10-15 16:38 - 2014-09-19 23:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-10-15 16:38 - 2014-09-19 23:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-10-15 16:38 - 2014-09-19 23:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2014-10-15 16:38 - 2014-09-19 23:57 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-10-15 16:38 - 2014-09-19 23:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-10-15 16:38 - 2014-09-19 23:57 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll 2014-10-15 16:38 - 2014-09-19 23:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-10-15 16:38 - 2014-09-19 23:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-10-15 16:38 - 2014-09-19 23:56 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-10-15 16:38 - 2014-09-19 23:56 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-10-15 16:38 - 2014-09-19 23:56 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-10-15 16:38 - 2014-09-19 23:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-10-15 16:38 - 2014-09-19 23:33 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-10-15 16:38 - 2014-09-19 21:06 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll 2014-10-15 16:38 - 2014-09-17 19:24 - 02416128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2014-10-15 16:38 - 2014-09-02 22:48 - 00510464 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll 2014-10-15 16:38 - 2014-09-02 22:21 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll 2014-10-15 16:38 - 2014-08-30 00:05 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll 2014-10-15 16:38 - 2014-08-01 18:08 - 00388729 _____ () C:\windows\system32\ApnDatabase.xml 2014-10-15 16:38 - 2014-07-24 09:50 - 00447296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS 2014-10-15 16:38 - 2014-07-16 19:28 - 00027648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll 2014-10-15 16:38 - 2014-07-16 18:59 - 00305664 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll 2014-10-15 16:38 - 2014-07-16 18:59 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll 2014-10-15 16:38 - 2014-07-12 02:45 - 01549824 _____ (Microsoft Corporation) C:\windows\system32\msdtctm.dll 2014-10-15 16:38 - 2014-07-12 00:36 - 00674304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys 2014-10-15 16:38 - 2014-07-12 00:36 - 00211456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2014-10-15 16:38 - 2014-07-12 00:34 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2014-10-15 16:38 - 2014-07-12 00:34 - 00250368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys 2014-10-15 16:38 - 2014-06-28 02:57 - 01341952 _____ (Microsoft Corporation) C:\windows\system32\user32.dll 2014-10-15 16:38 - 2014-06-27 22:23 - 01126400 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll 2014-10-15 16:38 - 2014-06-12 19:34 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll 2014-10-15 16:37 - 2014-09-17 18:56 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2014-10-15 16:37 - 2014-08-30 01:48 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll 2014-10-15 16:37 - 2014-08-30 01:46 - 02306560 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2014-10-15 16:37 - 2014-08-30 00:03 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2014-10-15 16:37 - 2014-06-12 19:29 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll 2014-10-09 22:49 - 2014-10-09 22:49 - 00002335 _____ () C:\Users\JimmyWongScript\Downloads\Temp17836-09-10-2014-22-48-21.html ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-31 12:11 - 2014-05-11 22:56 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-31 12:06 - 2014-02-26 23:58 - 00000000 ____D () C:\Users\JimmyWongScript\AppData\Roaming\Skype 2014-10-31 12:00 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru 2014-10-31 11:59 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\Registration 2014-10-31 11:58 - 2013-08-18 00:12 - 00000000 ____D () C:\Users\JimmyWongScript\Documents\Poetry 2014-10-31 11:45 - 2013-03-31 12:12 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3605031373-3970412839-3411051381-1001 2014-10-31 11:45 - 2013-01-14 21:04 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2014-10-31 11:40 - 2014-05-11 22:56 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-29 21:57 - 2013-05-21 18:42 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-10-29 14:18 - 2013-11-24 14:45 - 00000000 ____D () C:\Users\JimmyWongScript\Documents\Resume 2014 2014-10-28 19:43 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\WinStore 2014-10-28 19:43 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp 2014-10-28 16:54 - 2013-04-05 22:48 - 00000000 ____D () C:\Users\JimmyWongScript\AppData\Local\CrashDumps 2014-10-28 15:14 - 2013-01-14 21:51 - 00000000 ____D () C:\windows\Panther 2014-10-25 18:13 - 2012-07-26 03:28 - 00850046 _____ () C:\windows\system32\PerfStringBackup.INI 2014-10-25 15:43 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF 2014-10-25 14:57 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-10-25 14:01 - 2014-09-24 11:57 - 00000000 ___HD () C:\$Windows.~BT 2014-10-25 13:57 - 2014-02-26 23:58 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-10-25 13:57 - 2014-02-26 23:58 - 00000000 ____D () C:\ProgramData\Skype 2014-10-25 01:10 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-10-25 01:07 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\BBI 2014-10-24 18:05 - 2012-07-26 04:13 - 00003379 ____N () C:\windows\DtcInstall.log 2014-10-24 16:06 - 2014-05-11 22:56 - 00003900 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-24 16:06 - 2014-05-11 22:56 - 00003664 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-24 15:48 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent 2014-10-20 00:23 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\rescache 2014-10-19 17:18 - 2014-07-13 21:52 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-10-19 17:18 - 2012-07-26 04:12 - 00000000 ___RD () C:\windows\ToastData 2014-10-19 17:18 - 2012-07-26 04:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-17 23:53 - 2013-07-19 23:43 - 00000000 ____D () C:\windows\system32\MRT 2014-10-17 23:51 - 2013-04-04 22:49 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-10-15 16:29 - 2014-07-22 14:00 - 00000000 ____D () C:\Users\JimmyWongScript\Documents\PE Class ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-29 13:42 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01 Ran by JimmyWongScript at 2014-10-31 12:17:21 Running from C:\Users\JimmyWongScript\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Enabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft) Ad-Aware Security Toolbar (HKLM-x32\...\adawaretb) (Version: 3.9.0.23 - Lavasoft) AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated) Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic) Hidden Classic Shell (HKLM\...\{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}) (Version: 3.6.5 - IvoSoft) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.210 - ALPS ELECTRIC CO., LTD.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.1.89 - Final Draft, Inc.) FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Qualcomm Atheros Communications) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.) Rosetta Stone Version 3 (HKLM-x32\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.5.2 - Rosetta Stone Ltd.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3605031373-3970412839-3411051381-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? ==================== Restore Points ========================= 24-10-2014 19:47:28 Windows Update 27-10-2014 02:36:26 AA11 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {3FE294AA-4B50-458E-8939-9B554E1E65C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {563F22F3-0106-4B9B-9025-363E868C8E25} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.) Task: {698CB2CD-2513-4613-9684-17034CE769F7} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install ping => C:\Windows\system32\AutoUpdate.exe [2014-10-21] (Microsoft Corporation) Task: {71C3E4F4-FD69-43A1-9E71-48F52496E80B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd) Task: {85069B17-C166-4846-97AE-D517EAE39A99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-11] (Google Inc.) Task: {86C8B6F5-9331-4981-BD75-AA973DD2C1A0} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install v2 => C:\windows\system32\AutoUpdate.exe [2014-10-21] (Microsoft Corporation) Task: {A489B9E5-DCDF-44FA-BFD8-011787599DB9} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {B99284E9-514F-4087-B9E8-06E40CD3BC33} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {CDCC16D1-10A9-4AB3-BC69-652725EE8CBC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-10-17] (Microsoft Corporation) Task: {E7B05D55-634D-4DC1-8267-1A2F41F8E051} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {EF6C1C7C-4DD1-4959-B750-2BF90068822A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-11] (Google Inc.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-01-14 20:58 - 2012-04-24 22:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2014-10-15 13:37 - 2014-10-15 13:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe 2014-10-15 14:03 - 2014-10-15 14:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll 2014-10-15 14:04 - 2014-10-15 14:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll 2014-06-06 14:39 - 2014-04-22 17:28 - 00156936 _____ () C:\windows\SYSTEM32\bdfwcore.dll 2014-04-22 17:29 - 2014-07-08 22:46 - 00766976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpbr.mdl 2014-04-22 17:29 - 2014-07-08 22:46 - 00556032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpdsp.mdl 2014-04-22 17:29 - 2014-07-08 22:47 - 02575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpph.mdl 2014-04-22 17:29 - 2014-07-08 22:46 - 01306112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttprbl.mdl 2014-10-15 14:03 - 2014-10-15 14:03 - 02753360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll 2012-08-06 21:16 - 2012-08-06 21:16 - 20591616 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe 2012-08-06 21:16 - 2012-08-06 21:16 - 03765248 _____ () C:\Program Files\Cirrus Logic Audio Panel\en-US\CirrusAudioPanel_Dell.resources.dll 2012-08-06 21:16 - 2012-08-06 21:16 - 00048128 _____ () C:\Program Files\Cirrus Logic Audio Panel\CoreAudioApi.dll 2012-08-06 21:16 - 2012-08-06 21:16 - 00013312 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizationControlsLib.dll 2012-08-06 21:16 - 2012-08-06 21:16 - 00270848 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizeLanguage.dll 2012-08-06 21:16 - 2012-08-06 21:16 - 00011776 _____ () C:\Program Files\Cirrus Logic Audio Panel\ExtendedWindowsControls.dll 2012-07-31 21:10 - 2012-07-31 21:10 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll 2013-01-14 21:56 - 2012-07-25 16:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe 2014-10-15 14:03 - 2014-10-15 14:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-10-20 00:05 - 2014-10-20 00:05 - 00017920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\7d6131a8e96aba610707f25a9434b0bb\PSIClient.ni.dll 2013-01-14 20:45 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2013-01-14 21:05 - 2012-09-12 23:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2013-01-14 21:05 - 2012-08-06 12:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2013-01-14 21:05 - 2012-08-06 12:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\JimmyWongScript\Downloads\FRST64.exe:BDU ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: 0271281369156683mcinstcleanup => 2 MSCONFIG\Services: mfevtp => 2 HKLM\...\StartupApproved\Run: => "QuickSet" HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8" HKLM\...\StartupApproved\Run32: => "CLVirtualDrive" HKLM\...\StartupApproved\Run32: => "mcui_exe" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKCU\...\StartupApproved\StartupFolder: => "MagicDisc.lnk" HKCU\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk" ========================= Accounts: ========================== Administrator (S-1-5-21-3605031373-3970412839-3411051381-500 - Administrator - Disabled) Guest (S-1-5-21-3605031373-3970412839-3411051381-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3605031373-3970412839-3411051381-1003 - Limited - Enabled) JimmyWongScript (S-1-5-21-3605031373-3970412839-3411051381-1001 - Administrator - Enabled) => C:\Users\JimmyWongScript ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/31/2014 11:41:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BtvStack.exe, version: 8.0.0.204, time stamp: 0x5017bc2c Faulting module name: audio.dll, version: 8.0.0.204, time stamp: 0x5017bc21 Exception code: 0xc0000005 Fault offset: 0x000000000001ae08 Faulting process id: 0xa04 Faulting application start time: 0xBtvStack.exe0 Faulting application path: BtvStack.exe1 Faulting module path: BtvStack.exe2 Report Id: BtvStack.exe3 Faulting package full name: BtvStack.exe4 Faulting package-relative application ID: BtvStack.exe5 Error: (10/30/2014 05:45:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15641 Error: (10/30/2014 05:45:35 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15641 Error: (10/30/2014 05:45:34 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/30/2014 01:14:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BtvStack.exe, version: 8.0.0.204, time stamp: 0x5017bc2c Faulting module name: audio.dll, version: 8.0.0.204, time stamp: 0x5017bc21 Exception code: 0xc0000005 Fault offset: 0x000000000001ae08 Faulting process id: 0x1ecc Faulting application start time: 0xBtvStack.exe0 Faulting application path: BtvStack.exe1 Faulting module path: BtvStack.exe2 Report Id: BtvStack.exe3 Faulting package full name: BtvStack.exe4 Faulting package-relative application ID: BtvStack.exe5 Error: (10/29/2014 09:56:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BtvStack.exe, version: 8.0.0.204, time stamp: 0x5017bc2c Faulting module name: audio.dll, version: 8.0.0.204, time stamp: 0x5017bc21 Exception code: 0xc0000005 Fault offset: 0x000000000001ae08 Faulting process id: 0xe90 Faulting application start time: 0xBtvStack.exe0 Faulting application path: BtvStack.exe1 Faulting module path: BtvStack.exe2 Report Id: BtvStack.exe3 Faulting package full name: BtvStack.exe4 Faulting package-relative application ID: BtvStack.exe5 Error: (10/29/2014 01:20:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BtvStack.exe, version: 8.0.0.204, time stamp: 0x5017bc2c Faulting module name: audio.dll, version: 8.0.0.204, time stamp: 0x5017bc21 Exception code: 0xc0000005 Fault offset: 0x000000000001ae08 Faulting process id: 0x3c8 Faulting application start time: 0xBtvStack.exe0 Faulting application path: BtvStack.exe1 Faulting module path: BtvStack.exe2 Report Id: BtvStack.exe3 Faulting package full name: BtvStack.exe4 Faulting package-relative application ID: BtvStack.exe5 Error: (10/28/2014 07:01:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BtvStack.exe, version: 8.0.0.204, time stamp: 0x5017bc2c Faulting module name: audio.dll, version: 8.0.0.204, time stamp: 0x5017bc21 Exception code: 0xc0000005 Fault offset: 0x000000000001ae08 Faulting process id: 0x40d0 Faulting application start time: 0xBtvStack.exe0 Faulting application path: BtvStack.exe1 Faulting module path: BtvStack.exe2 Report Id: BtvStack.exe3 Faulting package full name: BtvStack.exe4 Faulting package-relative application ID: BtvStack.exe5 Error: (10/28/2014 04:54:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: dllhost.exe, version: 6.2.9200.16384, time stamp: 0x5010888a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x010701e2 Faulting process id: 0x2f58 Faulting application start time: 0xdllhost.exe0 Faulting application path: dllhost.exe1 Faulting module path: dllhost.exe2 Report Id: dllhost.exe3 Faulting package full name: dllhost.exe4 Faulting package-relative application ID: dllhost.exe5 Error: (10/28/2014 04:17:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: dllhost.exe, version: 6.2.9200.16384, time stamp: 0x5010888a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x004e01e2 Faulting process id: 0x518 Faulting application start time: 0xdllhost.exe0 Faulting application path: dllhost.exe1 Faulting module path: dllhost.exe2 Report Id: dllhost.exe3 Faulting package full name: dllhost.exe4 Faulting package-relative application ID: dllhost.exe5 System errors: ============= Error: (10/31/2014 00:14:35 PM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/31/2014 00:14:04 PM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/31/2014 00:02:09 PM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/31/2014 00:01:37 PM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/31/2014 11:55:17 AM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/31/2014 11:54:45 AM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/31/2014 11:54:14 AM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/31/2014 11:53:43 AM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/31/2014 11:53:11 AM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/31/2014 11:52:40 AM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel® Celeron® CPU B820 @ 1.70GHz Percentage of memory in use: 68% Total physical RAM: 3959.09 MB Available physical RAM: 1245.39 MB Total Pagefile: 5677.82 MB Available Pagefile: 2945.56 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:288.95 GB) (Free:245.29 GB) NTFS Drive x: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.21 GB) NTFS Drive y: (PBR Image) (Fixed) (Total:8 GB) (Free:0.26 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 332184BE) Partition: GPT Partition Type. ==================== End Of Log ============================
  9. I started having slow and intermittent Internet service about 10 days ago. At first I thought it was my DSL provider. But the problem persisted so I did a manual full scan of my computer. I have the latest version of Adaware Pro Security 11. It detected AND deleted a bunch of cookies AND a Trojan.Poweliks.E which was in the VirtMem Region Dump file path. After that my Internet connection was fine. However, the next the time I ran a scan, it again detected and deleted the same virus (again in the same file path but different number). For the past few days, I have ran at least 20 scans and it always detects the same virus. And it the scan report always says that action taken : deleted. So, if it was deleted, why does it keep getting detected again and again??? Is my computer safe?