Sign in to follow this  
BladeRunnerHF

Trojan.Poweliks.E

Recommended Posts

I started having slow and intermittent Internet service about 10 days ago. At first I thought it was my DSL provider. But the problem persisted so I did a manual full scan of my computer. I have the latest version of Adaware Pro Security 11.

 

It detected AND deleted a bunch of cookies AND a Trojan.Poweliks.E which was in the VirtMem Region Dump file path. After that my Internet connection was fine.

 

However, the next the time I ran a scan, it again detected and deleted the same virus (again in the same file path but different number). For the past few days, I have ran at least 20 scans and it always detects the same virus. And it the scan report always says that action taken : deleted.

 

So, if it was deleted, why does it keep getting detected again and again??? Is my computer safe?

Share this post


Link to post
Share on other sites

Hi BladeRunnerHF,

 

Probably Ad-Aware doesn't find all pieces of the trojan.

 

Please, to get help with cleaning your computer follow the instructions in the topic Read This Before You Post!.

Share this post


Link to post
Share on other sites

Here ya go!

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
Ran by JimmyWongScript (administrator) on BEDROOM-PC on 31-10-2014 12:16:07
Running from C:\Users\JimmyWongScript\Downloads
Loaded Profile: JimmyWongScript (Available profiles: JimmyWongScript)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Lavasoft) C:\ProgramData\Search Protection\SearchProtection.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
HKLM\...\Run: [btTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
HKLM\...\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-07-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [search Protection] => C:\ProgramData\Search Protection\SearchProtection.exe [949512 2014-02-17] (Lavasoft)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3605031373-3970412839-3411051381-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3605031373-3970412839-3411051381-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-3605031373-3970412839-3411051381-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\JimmyWongScript\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM - DefaultScope {4879D9FA-7A7B-4BA9-B93A-0E753A22A0C3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {4879D9FA-7A7B-4BA9-B93A-0E753A22A0C3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {4879D9FA-7A7B-4BA9-B93A-0E753A22A0C3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {4879D9FA-7A7B-4BA9-B93A-0E753A22A0C3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-06-06&gen=cnet&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=2014-06-06&gen=cnet&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {4879D9FA-7A7B-4BA9-B93A-0E753A22A0C3} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Ad-Aware Security Toolbar -> {6c97a91e-4524-4019-86af-2aa2d567bf5c} -> C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll ()
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files\McAfee\MSK [2013-01-14]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-06] (Andrea Electronics Corporation)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed]
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft) [File not signed]
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros) [File not signed]
S4 0271281369156683mcinstcleanup; C:\Users\JIMMYW~1\AppData\Local\Temp\027128~1.EXE -cleanup -nolog [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2014-08-21] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2014-08-21] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2014-08-21] (BitDefender)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2014-04-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2014-04-22] (BitDefender LLC)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-06] (Cirrus Logic)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-21] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-04-22] (BitDefender LLC)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-04-01] (Duplex Secure Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 12:16 - 2014-10-31 12:16 - 00017739 _____ () C:\Users\JimmyWongScript\Downloads\FRST.txt
2014-10-31 12:15 - 2014-10-31 12:16 - 00000000 ____D () C:\FRST
2014-10-31 12:04 - 2014-10-31 12:04 - 02113536 _____ (Farbar) C:\Users\JimmyWongScript\Downloads\FRST64.exe
2014-10-31 11:41 - 2014-10-31 11:41 - 00000000 ___RD () C:\Users\JimmyWongScript\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-10-29 14:37 - 2014-10-29 14:37 - 00001606 _____ () C:\Users\JimmyWongScript\Documents\Ad-Aware_Report_Quick_Manual_2014-10-29T14-35-32.146043.xml
2014-10-28 19:43 - 2014-10-28 19:43 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
2014-10-28 15:48 - 2014-10-21 23:34 - 00010777 _____ () C:\windows\system32\AutoconfigV2.cab
2014-10-28 15:48 - 2014-10-21 23:33 - 00581016 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-10-28 15:48 - 2014-10-21 23:33 - 00462760 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-10-28 15:48 - 2014-10-21 21:08 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-10-28 15:48 - 2014-10-21 21:08 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 15:48 - 2014-10-21 21:01 - 00695808 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-10-28 15:48 - 2014-10-21 21:01 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-10-28 15:48 - 2014-10-21 21:01 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-28 15:48 - 2014-10-21 21:00 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2014-10-28 15:43 - 2014-10-31 12:00 - 00233387 _____ () C:\windows\WindowsUpdate.log
2014-10-28 15:04 - 2014-10-28 15:04 - 00002792 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-10-28 15:04 - 2014-10-28 15:04 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-28 15:04 - 2014-10-28 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-28 15:04 - 2014-10-28 15:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-26 22:37 - 2014-10-26 22:37 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-10-25 14:57 - 2014-10-26 22:38 - 00002307 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-10-25 14:57 - 2014-10-25 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-10-25 14:56 - 2014-10-25 14:56 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-10-24 16:12 - 2014-10-24 17:19 - 00000000 ____D () C:\Users\JimmyWongScript\Documents\Environmental Bank
2014-10-24 16:01 - 2014-10-25 01:29 - 00047628 _____ () C:\windows\diagwrn.xml
2014-10-24 16:01 - 2014-10-25 01:29 - 00047628 _____ () C:\windows\diagerr.xml
2014-10-23 02:44 - 2014-10-23 02:44 - 00439288 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-19 17:22 - 2014-09-29 18:49 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-19 17:22 - 2014-09-29 18:49 - 00104904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-16 15:57 - 2014-10-16 15:58 - 00000000 ____D () C:\Users\JimmyWongScript\Documents\Naturally Plus
2014-10-15 16:40 - 2014-07-12 00:41 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2014-10-15 16:40 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-10-15 16:40 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-10-15 16:40 - 2014-07-12 00:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-10-15 16:40 - 2014-07-12 00:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-10-15 16:40 - 2014-07-12 00:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-10-15 16:40 - 2014-07-12 00:16 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2014-10-15 16:40 - 2014-07-12 00:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-10-15 16:40 - 2014-07-12 00:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-10-15 16:40 - 2014-07-12 00:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-10-15 16:40 - 2014-07-12 00:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-10-15 16:40 - 2014-07-12 00:15 - 00006144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-10-15 16:40 - 2014-07-11 20:02 - 00478352 _____ () C:\windows\SysWOW64\locale.nls
2014-10-15 16:40 - 2014-07-11 20:00 - 00478352 _____ () C:\windows\system32\locale.nls
2014-10-15 16:40 - 2014-07-08 18:33 - 00181248 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2014-10-15 16:40 - 2014-07-08 18:32 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2014-10-15 16:40 - 2014-07-08 18:32 - 00340480 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2014-10-15 16:40 - 2014-07-08 18:30 - 01220608 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2014-10-15 16:40 - 2014-07-07 01:52 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2014-10-15 16:40 - 2014-07-07 01:52 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-10-15 16:40 - 2014-07-04 06:52 - 00328000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-10-15 16:40 - 2014-07-02 21:59 - 01824784 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-10-15 16:40 - 2014-07-02 20:30 - 01408952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-10-15 16:40 - 2014-06-28 03:01 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2014-10-15 16:40 - 2014-06-28 02:57 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-10-15 16:40 - 2014-06-28 02:56 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2014-10-15 16:40 - 2014-06-25 03:09 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-10-15 16:40 - 2014-06-25 03:07 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-10-15 16:40 - 2014-06-17 19:27 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-10-15 16:40 - 2014-06-17 19:23 - 02238464 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-10-15 16:40 - 2014-06-11 10:47 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-10-15 16:40 - 2014-06-11 00:40 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-10-15 16:40 - 2014-06-10 18:44 - 01403896 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-10-15 16:40 - 2014-05-29 19:31 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-10-15 16:40 - 2014-05-29 19:03 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-10-15 16:40 - 2014-02-04 06:57 - 01271664 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-10-15 16:39 - 2014-09-20 01:17 - 02236928 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-15 16:39 - 2014-09-20 01:17 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-15 16:39 - 2014-09-20 01:16 - 19280896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-15 16:39 - 2014-09-20 01:16 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-15 16:39 - 2014-09-20 01:16 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-15 16:39 - 2014-09-20 01:16 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-15 16:39 - 2014-09-19 23:57 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-15 16:39 - 2014-09-19 23:57 - 13757952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-15 16:39 - 2014-09-19 23:57 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-15 16:39 - 2014-09-19 23:57 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-15 16:39 - 2014-09-19 23:57 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-15 16:39 - 2014-09-13 01:29 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 16:39 - 2014-09-13 00:02 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-15 16:39 - 2014-07-07 01:53 - 01125376 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-15 16:39 - 2014-07-07 01:52 - 03248128 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-15 16:39 - 2014-07-07 01:52 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-15 16:39 - 2014-07-07 01:52 - 00300544 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-15 16:39 - 2014-07-07 01:51 - 05982208 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-15 16:39 - 2014-07-07 00:01 - 01049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-15 16:39 - 2014-07-07 00:01 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-15 16:39 - 2014-07-07 00:00 - 05095424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-15 16:39 - 2014-07-06 23:59 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-15 16:38 - 2014-10-10 00:47 - 00693248 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-15 16:38 - 2014-10-10 00:47 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-15 16:38 - 2014-10-08 00:26 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-15 16:38 - 2014-09-28 00:18 - 04068352 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-15 16:38 - 2014-09-20 01:18 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-15 16:38 - 2014-09-20 01:17 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-10-15 16:38 - 2014-09-20 01:17 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-10-15 16:38 - 2014-09-20 01:16 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-15 16:38 - 2014-09-20 01:16 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-10-15 16:38 - 2014-09-20 01:16 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-15 16:38 - 2014-09-20 01:16 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-15 16:38 - 2014-09-20 01:16 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-10-15 16:38 - 2014-09-20 01:16 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-15 16:38 - 2014-09-20 01:16 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-15 16:38 - 2014-09-20 01:16 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-15 16:38 - 2014-09-20 01:16 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-15 16:38 - 2014-09-20 01:15 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-15 16:38 - 2014-09-20 01:15 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-15 16:38 - 2014-09-20 01:15 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-15 16:38 - 2014-09-19 23:57 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-15 16:38 - 2014-09-19 23:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-10-15 16:38 - 2014-09-19 23:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-15 16:38 - 2014-09-19 23:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-15 16:38 - 2014-09-19 23:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-15 16:38 - 2014-09-19 23:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-10-15 16:38 - 2014-09-19 23:57 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-15 16:38 - 2014-09-19 23:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-15 16:38 - 2014-09-19 23:57 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-10-15 16:38 - 2014-09-19 23:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-15 16:38 - 2014-09-19 23:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-15 16:38 - 2014-09-19 23:56 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-15 16:38 - 2014-09-19 23:56 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-15 16:38 - 2014-09-19 23:56 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-15 16:38 - 2014-09-19 23:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-15 16:38 - 2014-09-19 23:33 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-15 16:38 - 2014-09-19 21:06 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-10-15 16:38 - 2014-09-17 19:24 - 02416128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-15 16:38 - 2014-09-02 22:48 - 00510464 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 16:38 - 2014-09-02 22:21 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-15 16:38 - 2014-08-30 00:05 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-10-15 16:38 - 2014-08-01 18:08 - 00388729 _____ () C:\windows\system32\ApnDatabase.xml
2014-10-15 16:38 - 2014-07-24 09:50 - 00447296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-10-15 16:38 - 2014-07-16 19:28 - 00027648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2014-10-15 16:38 - 2014-07-16 18:59 - 00305664 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2014-10-15 16:38 - 2014-07-16 18:59 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2014-10-15 16:38 - 2014-07-12 02:45 - 01549824 _____ (Microsoft Corporation) C:\windows\system32\msdtctm.dll
2014-10-15 16:38 - 2014-07-12 00:36 - 00674304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-10-15 16:38 - 2014-07-12 00:36 - 00211456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-10-15 16:38 - 2014-07-12 00:34 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-10-15 16:38 - 2014-07-12 00:34 - 00250368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-10-15 16:38 - 2014-06-28 02:57 - 01341952 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-10-15 16:38 - 2014-06-27 22:23 - 01126400 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-10-15 16:38 - 2014-06-12 19:34 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-10-15 16:37 - 2014-09-17 18:56 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-15 16:37 - 2014-08-30 01:48 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-10-15 16:37 - 2014-08-30 01:46 - 02306560 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-10-15 16:37 - 2014-08-30 00:03 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-10-15 16:37 - 2014-06-12 19:29 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-10-09 22:49 - 2014-10-09 22:49 - 00002335 _____ () C:\Users\JimmyWongScript\Downloads\Temp17836-09-10-2014-22-48-21.html

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 12:11 - 2014-05-11 22:56 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-31 12:06 - 2014-02-26 23:58 - 00000000 ____D () C:\Users\JimmyWongScript\AppData\Roaming\Skype
2014-10-31 12:00 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru
2014-10-31 11:59 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\Registration
2014-10-31 11:58 - 2013-08-18 00:12 - 00000000 ____D () C:\Users\JimmyWongScript\Documents\Poetry
2014-10-31 11:45 - 2013-03-31 12:12 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3605031373-3970412839-3411051381-1001
2014-10-31 11:45 - 2013-01-14 21:04 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-10-31 11:40 - 2014-05-11 22:56 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-29 21:57 - 2013-05-21 18:42 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-10-29 14:18 - 2013-11-24 14:45 - 00000000 ____D () C:\Users\JimmyWongScript\Documents\Resume 2014
2014-10-28 19:43 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\WinStore
2014-10-28 19:43 - 2012-07-26 03:59 - 00000000 ____D () C:\windows\CbsTemp
2014-10-28 16:54 - 2013-04-05 22:48 - 00000000 ____D () C:\Users\JimmyWongScript\AppData\Local\CrashDumps
2014-10-28 15:14 - 2013-01-14 21:51 - 00000000 ____D () C:\windows\Panther
2014-10-25 18:13 - 2012-07-26 03:28 - 00850046 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-25 15:43 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF
2014-10-25 14:57 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-10-25 14:01 - 2014-09-24 11:57 - 00000000 ___HD () C:\$Windows.~BT
2014-10-25 13:57 - 2014-02-26 23:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-25 13:57 - 2014-02-26 23:58 - 00000000 ____D () C:\ProgramData\Skype
2014-10-25 01:10 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-25 01:07 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-10-24 18:05 - 2012-07-26 04:13 - 00003379 ____N () C:\windows\DtcInstall.log
2014-10-24 16:06 - 2014-05-11 22:56 - 00003900 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 16:06 - 2014-05-11 22:56 - 00003664 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-24 15:48 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-10-20 00:23 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\rescache
2014-10-19 17:18 - 2014-07-13 21:52 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-19 17:18 - 2012-07-26 04:12 - 00000000 ___RD () C:\windows\ToastData
2014-10-19 17:18 - 2012-07-26 04:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-17 23:53 - 2013-07-19 23:43 - 00000000 ____D () C:\windows\system32\MRT
2014-10-17 23:51 - 2013-04-04 22:49 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-15 16:29 - 2014-07-22 14:00 - 00000000 ____D () C:\Users\JimmyWongScript\Documents\PE Class

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-29 13:42

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01
Ran by JimmyWongScript at 2014-10-31 12:17:21
Running from C:\Users\JimmyWongScript\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Enabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
Ad-Aware Security Toolbar (HKLM-x32\...\adawaretb) (Version: 3.9.0.23 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AvcEngine (Version: 3.10.7820.0 - Lavasoft) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic) Hidden
Classic Shell (HKLM\...\{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}) (Version: 3.6.5 - IvoSoft)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.210 - ALPS ELECTRIC CO., LTD.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.1.89 - Final Draft, Inc.)
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
Rosetta Stone Version 3 (HKLM-x32\...\{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}) (Version: 3.3.5.2 - Rosetta Stone Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3605031373-3970412839-3411051381-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points =========================

24-10-2014 19:47:28 Windows Update
27-10-2014 02:36:26 AA11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3FE294AA-4B50-458E-8939-9B554E1E65C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {563F22F3-0106-4B9B-9025-363E868C8E25} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {698CB2CD-2513-4613-9684-17034CE769F7} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install ping => C:\Windows\system32\AutoUpdate.exe [2014-10-21] (Microsoft Corporation)
Task: {71C3E4F4-FD69-43A1-9E71-48F52496E80B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {85069B17-C166-4846-97AE-D517EAE39A99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-11] (Google Inc.)
Task: {86C8B6F5-9331-4981-BD75-AA973DD2C1A0} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install v2 => C:\windows\system32\AutoUpdate.exe [2014-10-21] (Microsoft Corporation)
Task: {A489B9E5-DCDF-44FA-BFD8-011787599DB9} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B99284E9-514F-4087-B9E8-06E40CD3BC33} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CDCC16D1-10A9-4AB3-BC69-652725EE8CBC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-10-17] (Microsoft Corporation)
Task: {E7B05D55-634D-4DC1-8267-1A2F41F8E051} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EF6C1C7C-4DD1-4959-B750-2BF90068822A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-11] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-01-14 20:58 - 2012-04-24 22:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-10-15 13:37 - 2014-10-15 13:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
2014-10-15 14:03 - 2014-10-15 14:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll
2014-10-15 14:04 - 2014-10-15 14:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll
2014-06-06 14:39 - 2014-04-22 17:28 - 00156936 _____ () C:\windows\SYSTEM32\bdfwcore.dll
2014-04-22 17:29 - 2014-07-08 22:46 - 00766976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpbr.mdl
2014-04-22 17:29 - 2014-07-08 22:46 - 00556032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpdsp.mdl
2014-04-22 17:29 - 2014-07-08 22:47 - 02575360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpph.mdl
2014-04-22 17:29 - 2014-07-08 22:46 - 01306112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttprbl.mdl
2014-10-15 14:03 - 2014-10-15 14:03 - 02753360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll
2012-08-06 21:16 - 2012-08-06 21:16 - 20591616 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
2012-08-06 21:16 - 2012-08-06 21:16 - 03765248 _____ () C:\Program Files\Cirrus Logic Audio Panel\en-US\CirrusAudioPanel_Dell.resources.dll
2012-08-06 21:16 - 2012-08-06 21:16 - 00048128 _____ () C:\Program Files\Cirrus Logic Audio Panel\CoreAudioApi.dll
2012-08-06 21:16 - 2012-08-06 21:16 - 00013312 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizationControlsLib.dll
2012-08-06 21:16 - 2012-08-06 21:16 - 00270848 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizeLanguage.dll
2012-08-06 21:16 - 2012-08-06 21:16 - 00011776 _____ () C:\Program Files\Cirrus Logic Audio Panel\ExtendedWindowsControls.dll
2012-07-31 21:10 - 2012-07-31 21:10 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2013-01-14 21:56 - 2012-07-25 16:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
2014-10-15 14:03 - 2014-10-15 14:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-20 00:05 - 2014-10-20 00:05 - 00017920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\PSIClient\7d6131a8e96aba610707f25a9434b0bb\PSIClient.ni.dll
2013-01-14 20:45 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-01-14 21:05 - 2012-09-12 23:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-01-14 21:05 - 2012-08-06 12:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-01-14 21:05 - 2012-08-06 12:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\JimmyWongScript\Downloads\FRST64.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 0271281369156683mcinstcleanup => 2
MSCONFIG\Services: mfevtp => 2
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKCU\...\StartupApproved\StartupFolder: => "MagicDisc.lnk"
HKCU\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"

========================= Accounts: ==========================

Administrator (S-1-5-21-3605031373-3970412839-3411051381-500 - Administrator - Disabled)
Guest (S-1-5-21-3605031373-3970412839-3411051381-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3605031373-3970412839-3411051381-1003 - Limited - Enabled)
JimmyWongScript (S-1-5-21-3605031373-3970412839-3411051381-1001 - Administrator - Enabled) => C:\Users\JimmyWongScript

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2014 11:41:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 8.0.0.204, time stamp: 0x5017bc2c
Faulting module name: audio.dll, version: 8.0.0.204, time stamp: 0x5017bc21
Exception code: 0xc0000005
Fault offset: 0x000000000001ae08
Faulting process id: 0xa04
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3
Faulting package full name: BtvStack.exe4
Faulting package-relative application ID: BtvStack.exe5

Error: (10/30/2014 05:45:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15641

Error: (10/30/2014 05:45:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15641

Error: (10/30/2014 05:45:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/30/2014 01:14:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 8.0.0.204, time stamp: 0x5017bc2c
Faulting module name: audio.dll, version: 8.0.0.204, time stamp: 0x5017bc21
Exception code: 0xc0000005
Fault offset: 0x000000000001ae08
Faulting process id: 0x1ecc
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3
Faulting package full name: BtvStack.exe4
Faulting package-relative application ID: BtvStack.exe5

Error: (10/29/2014 09:56:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 8.0.0.204, time stamp: 0x5017bc2c
Faulting module name: audio.dll, version: 8.0.0.204, time stamp: 0x5017bc21
Exception code: 0xc0000005
Fault offset: 0x000000000001ae08
Faulting process id: 0xe90
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3
Faulting package full name: BtvStack.exe4
Faulting package-relative application ID: BtvStack.exe5

Error: (10/29/2014 01:20:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 8.0.0.204, time stamp: 0x5017bc2c
Faulting module name: audio.dll, version: 8.0.0.204, time stamp: 0x5017bc21
Exception code: 0xc0000005
Fault offset: 0x000000000001ae08
Faulting process id: 0x3c8
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3
Faulting package full name: BtvStack.exe4
Faulting package-relative application ID: BtvStack.exe5

Error: (10/28/2014 07:01:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BtvStack.exe, version: 8.0.0.204, time stamp: 0x5017bc2c
Faulting module name: audio.dll, version: 8.0.0.204, time stamp: 0x5017bc21
Exception code: 0xc0000005
Fault offset: 0x000000000001ae08
Faulting process id: 0x40d0
Faulting application start time: 0xBtvStack.exe0
Faulting application path: BtvStack.exe1
Faulting module path: BtvStack.exe2
Report Id: BtvStack.exe3
Faulting package full name: BtvStack.exe4
Faulting package-relative application ID: BtvStack.exe5

Error: (10/28/2014 04:54:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.2.9200.16384, time stamp: 0x5010888a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x010701e2
Faulting process id: 0x2f58
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3
Faulting package full name: dllhost.exe4
Faulting package-relative application ID: dllhost.exe5

Error: (10/28/2014 04:17:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dllhost.exe, version: 6.2.9200.16384, time stamp: 0x5010888a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x004e01e2
Faulting process id: 0x518
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3
Faulting package full name: dllhost.exe4
Faulting package-relative application ID: dllhost.exe5

System errors:
=============
Error: (10/31/2014 00:14:35 PM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/31/2014 00:14:04 PM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/31/2014 00:02:09 PM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/31/2014 00:01:37 PM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/31/2014 11:55:17 AM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/31/2014 11:54:45 AM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/31/2014 11:54:14 AM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/31/2014 11:53:43 AM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/31/2014 11:53:11 AM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/31/2014 11:52:40 AM) (Source: DCOM) (EventID: 10010) (User: bedroom-pc)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Celeron® CPU B820 @ 1.70GHz
Percentage of memory in use: 68%
Total physical RAM: 3959.09 MB
Available physical RAM: 1245.39 MB
Total Pagefile: 5677.82 MB
Available Pagefile: 2945.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.95 GB) (Free:245.29 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.21 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:8 GB) (Free:0.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 332184BE)

Partition: GPT Partition Type.

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Sometimes Poweliks destroys some Windows functions, it may be necessary to reinstall Windows even if Poweliks is completely removed.

 

1.

2014-10-19 17:22 - 2014-09-29 18:49 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

Since you said it started approx. 10 days ago, I wonder if you downloaded Flash Player from Adobe's web site?

 

2. Please, start Notepad program.

Copy all text that is in the box:

HKU\S-1-5-21-3605031373-3970412839-3411051381-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
S4 0271281369156683mcinstcleanup; C:\Users\JIMMYW~1\AppData\Local\Temp\027128~1.EXE -cleanup -nolog [X]
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-21] (GFI Software)
CustomCLSID: HKU\S-1-5-21-3605031373-3970412839-3411051381-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Reboot:
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Close all programs.

Move FRST from Downloads folder to the desktop and then start it, please.

Click the Fix button.

Wait until the tool has finished.

Computer is restarted.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your answer.

 

3. Please, save RougueKiller on the Desktop: http://www.adlice.com/softs/roguekiller/RogueKillerX64.exe

 

Turn off all running programs and remove any external drives and other devices connected with USB etc. except mouse and keyboard.

 

Start RougueKiller by right-clicking the program and selecting "Run as administrator". If it won't start, try several times. If you still are unsuccessful, rename the file to winlogon.exe.

 

Wait until "Prescan" has finished.

Click on "Scan" button in upper right corner.

Wait until the scan has finished.

 

A report with a name similar to RKreport.txt should have been created on the desktop.

Please, post it in your answer.

 

4. Save TDSSKiller on the Desktop: http://support.kaspersky.com/downloads/utils/tdsskiller.exe

 

Restart the computer.

Turn off all programs.

Run the program TDSSKiller.

 

Click on Start Scan.

 

If any malicious objects are found select Cure and click Continue. If Cure isn't available select Skip. If any suspicious objects are found select Skip Do NOT select Quarantine or Delete.

The computer might need a restart.

 

Paste the content of the TDSSKiller log, which is located in the folder C:\ with the name TDSSKiller followed by version and time, into your answer.

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01
Ran by JimmyWongScript at 2014-10-31 15:45:32 Run:1
Running from C:\Users\JimmyWongScript\Desktop
Loaded Profile: JimmyWongScript (Available profiles: JimmyWongScript)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3605031373-3970412839-3411051381-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
S4 0271281369156683mcinstcleanup; C:\Users\JIMMYW~1\AppData\Local\Temp\027128~1.EXE -cleanup -nolog [X]
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-21] (GFI Software)
CustomCLSID: HKU\S-1-5-21-3605031373-3970412839-3411051381-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Reboot:
*****************

"HKU\S-1-5-21-3605031373-3970412839-3411051381-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3605031373-3970412839-3411051381-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
0271281369156683mcinstcleanup => Service deleted successfully.
gfiark => Service deleted successfully.
gfibto => Unable to stop service
gfibto => Service deleted successfully.
"HKU\S-1-5-21-3605031373-3970412839-3411051381-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.

The system needed a reboot.

==== End of Fixlog ====

 

 

 

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : JimmyWongScript [Administrator]
Mode : Scan -- Date : 10/31/2014 16:36:48

¤¤¤ Processes : 1 ¤¤¤
[suspicious.Path] SearchProtection.exe -- C:\ProgramData\Search Protection\SearchProtection.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 10 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Search Protection : C:\ProgramData\Search Protection\SearchProtection.exe -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3605031373-3970412839-3411051381-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3605031373-3970412839-3411051381-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com/ -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 251 (Driver: Loaded) ¤¤¤
[iAT:Addr] (explorer.exe @ KERNELBASE.dll) ext-ms-win-gpapi-grouppolicy-l1-1-0.dll - RegisterGPNotificationInternalWorker : C:\windows\SYSTEM32\gpapi.dll @ 0x7ff9ef314a0
[iAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\windows\SYSTEM32\clbcatq.dll @ 0x7ffa2681e40
[iAT:Addr] (explorer.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\windows\SYSTEM32\clbcatq.dll @ 0x7ffa2681b70
[iAT:Addr] (explorer.exe @ wkscli.dll) ext-ms-win-domainjoin-netjoin-l1-1-0.dll - NetpGetJoinInformation : C:\windows\SYSTEM32\netjoin.dll @ 0x7ff9f6a10e0
[iAT:Addr] (iexplore.exe @ KERNELBASE.dll) ext-ms-win-gpapi-grouppolicy-l1-1-0.dll - RegisterGPNotificationInternalWorker : C:\windows\SYSTEM32\gpapi.dll @ 0x7ff9ef314a0
[iAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\windows\SYSTEM32\clbcatq.dll @ 0x7ffa2681e40
[iAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\windows\SYSTEM32\clbcatq.dll @ 0x7ffa2681b70
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSuspendThread : Unknown @ 0x728c1f19 (jmp 0xfffffffffb082ab9)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSetContextThread : Unknown @ 0x728c1b89 (jmp 0xfffffffffb082a09)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSetInformationProcess : Unknown @ 0x728c29c9 (jmp 0xfffffffffb084cf9)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x728c2af9 (jmp 0xfffffffffb083799)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) KERNELBASE.dll - CreateProcessInternalW : Unknown @ 0x728c1a59 (jmp 0xfffffffffc92e032)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetInformationProcess : Unknown @ 0x728c29c9 (jmp 0xfffffffffb084cf9)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x728c2af9 (jmp 0xfffffffffb083799)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9)
[iAT:Addr] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x15c0000
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x728c1c21 (jmp 0xfffffffffb083eb1)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x728c1af1 (jmp 0xfffffffffb083c41)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x728c2769 (jmp 0xfffffffffb0af872)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x728c17f9 (jmp 0xfffffffffb0831d9)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x728c1f19 (jmp 0xfffffffffb082ab9)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x728c1b89 (jmp 0xfffffffffb082a09)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59)
[iAT:Addr] (iexplore.exe @ KERNELBASE.dll) ext-ms-win-gpapi-grouppolicy-l1-1-0.dll - RegisterGPNotificationInternalWorker : C:\windows\SysWOW64\gpapi.dll @ 0x6741dac
[iAT:Inl] (iexplore.exe @ avcuf32.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b)
[iAT:Inl] (iexplore.exe @ apphelp.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9)
[iAT:Inl] (iexplore.exe @ apphelp.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ apphelp.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771)
[iAT:Inl] (iexplore.exe @ apphelp.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b)
[iAT:Inl] (iexplore.exe @ iertutil.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b)
[iAT:Inl] (iexplore.exe @ iertutil.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ user32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x728c2d59 (jmp 0xfffffffffb0837d9)
[iAT:Inl] (iexplore.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x728c2d59 (jmp 0xfffffffffb0837d9)
[iAT:Inl] (iexplore.exe @ GDI32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9)
[iAT:Inl] (iexplore.exe @ GDI32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771)
[iAT:Inl] (iexplore.exe @ IMM32.DLL) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ IMM32.DLL) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ MSCTF.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5)
[iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549)
[iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ shcore.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ combase.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ combase.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81)
[iAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\windows\SysWOW64\clbcatq.dll @ 0x75d72622
[iAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\windows\SysWOW64\clbcatq.dll @ 0x75d71f51
[iAT:Inl] (iexplore.exe @ SspiCli.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81)
[iAT:Inl] (iexplore.exe @ sechost.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59)
[iAT:Inl] (iexplore.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ bcryptPrimitives.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ IEFRAME.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b)
[iAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ ole32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771)
[iAT:Inl] (iexplore.exe @ ole32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5)
[iAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549)
[iAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ SHELL32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x728c2af9 (jmp 0xfffffffffb083799)
[iAT:Inl] (iexplore.exe @ ADVAPI32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ comdlg32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ uxtheme.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ adawarebp.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x728c2cc1 (jmp 0xfffffffffb2ffd6e)
[iAT:Inl] (iexplore.exe @ Secur32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9)
[iAT:Inl] (iexplore.exe @ Secur32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771)
[iAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ WS2_32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x728c2a61 (jmp 0xfffffffffb084051)
[iAT:Inl] (iexplore.exe @ NSI.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ NSI.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ CRYPTSP.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ rsaenh.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ rsaenh.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ mswsock.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59)
[iAT:Inl] (iexplore.exe @ mswsock.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ mswsock.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x728c2a61 (jmp 0xfffffffffb084051)
[iAT:Inl] (iexplore.exe @ dwmapi.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9)
[iAT:Inl] (iexplore.exe @ dwmapi.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771)
[iAT:Inl] (iexplore.exe @ dwmapi.dll) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549)
[iAT:Inl] (iexplore.exe @ IPHLPAPI.DLL) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ MSHTML.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b)
[iAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5)
[iAT:Inl] (iexplore.exe @ DNSAPI.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ dxgi.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ rasadhlp.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ schannel.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81)
[iAT:Inl] (iexplore.exe @ SkypeIEPlugin.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ ncrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ ncryptsslp.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ ninput.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ OLEACC.DLL) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ OLEACC.DLL) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ Flash.ocx) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ Flash.ocx) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ Flash.ocx) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5)
[iAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ DINPUT8.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ UIAutomationCore.DLL) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ UIAutomationCore.DLL) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ UIAutomationCore.DLL) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549)
[iAT:Inl] (iexplore.exe @ cfgmgr32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ msxml3.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ NLAapi.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59)
[iAT:Inl] (iexplore.exe @ T2EMBED.DLL) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ ntmarta.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ ntmarta.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x728c1c21 (jmp 0xfffffffffb083eb1)
[iAT:Inl] (iexplore.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ ksuser.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ twinapi.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ twinapi.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSuspendThread : Unknown @ 0x728c1f19 (jmp 0xfffffffffb082ab9)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSetContextThread : Unknown @ 0x728c1b89 (jmp 0xfffffffffb082a09)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSetInformationProcess : Unknown @ 0x728c29c9 (jmp 0xfffffffffb084cf9)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtSetSystemInformation : Unknown @ 0x728c2af9 (jmp 0xfffffffffb083799)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ KERNEL32.DLL) KERNELBASE.dll - CreateProcessInternalW : Unknown @ 0x728c1a59 (jmp 0xfffffffffc92e032)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetInformationProcess : Unknown @ 0x728c29c9 (jmp 0xfffffffffb084cf9)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x728c2af9 (jmp 0xfffffffffb083799)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9)
[iAT:Addr] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - LdrLoadDll : Unknown @ 0x1340000
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x728c1c21 (jmp 0xfffffffffb083eb1)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x728c1af1 (jmp 0xfffffffffb083c41)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x728c2769 (jmp 0xfffffffffb0af872)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x728c17f9 (jmp 0xfffffffffb0831d9)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x728c1f19 (jmp 0xfffffffffb082ab9)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x728c1b89 (jmp 0xfffffffffb082a09)
[iAT:Inl] (iexplore.exe @ KERNELBASE.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59)
[iAT:Addr] (iexplore.exe @ KERNELBASE.dll) ext-ms-win-gpapi-grouppolicy-l1-1-0.dll - RegisterGPNotificationInternalWorker : C:\windows\SysWOW64\gpapi.dll @ 0xc0a1dac
[iAT:Inl] (iexplore.exe @ avcuf32.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b)
[iAT:Inl] (iexplore.exe @ apphelp.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9)
[iAT:Inl] (iexplore.exe @ apphelp.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ apphelp.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771)
[iAT:Inl] (iexplore.exe @ apphelp.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b)
[iAT:Inl] (iexplore.exe @ iertutil.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b)
[iAT:Inl] (iexplore.exe @ iertutil.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ user32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x728c2d59 (jmp 0xfffffffffb0837d9)
[iAT:Inl] (iexplore.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x728c2d59 (jmp 0xfffffffffb0837d9)
[iAT:Inl] (iexplore.exe @ GDI32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9)
[iAT:Inl] (iexplore.exe @ GDI32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771)
[iAT:Inl] (iexplore.exe @ IMM32.DLL) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ IMM32.DLL) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ MSCTF.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5)
[iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549)
[iAT:Inl] (iexplore.exe @ MSCTF.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ shcore.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ combase.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ combase.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81)
[iAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject2 : C:\windows\SysWOW64\clbcatq.dll @ 0x75d72622
[iAT:Addr] (iexplore.exe @ combase.dll) ext-ms-win-com-clbcatq-l1-1-0.dll - GetCatalogObject : C:\windows\SysWOW64\clbcatq.dll @ 0x75d71f51
[iAT:Inl] (iexplore.exe @ SspiCli.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81)
[iAT:Inl] (iexplore.exe @ sechost.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59)
[iAT:Inl] (iexplore.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ bcryptPrimitives.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ IEFRAME.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b)
[iAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ IEFRAME.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ SHLWAPI.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ ole32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771)
[iAT:Inl] (iexplore.exe @ ole32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ ole32.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5)
[iAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549)
[iAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ SHELL32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ SHELL32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ comctl32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x728c2af9 (jmp 0xfffffffffb083799)
[iAT:Inl] (iexplore.exe @ ADVAPI32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ comdlg32.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ uxtheme.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ adawarebp.dll) KERNEL32.dll - GetStartupInfoA : Unknown @ 0x728c2cc1 (jmp 0xfffffffffb2ffd6e)
[iAT:Inl] (iexplore.exe @ Secur32.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9)
[iAT:Inl] (iexplore.exe @ Secur32.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771)
[iAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ urlmon.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ WS2_32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x728c2a61 (jmp 0xfffffffffb084051)
[iAT:Inl] (iexplore.exe @ NSI.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ NSI.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ mswsock.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59)
[iAT:Inl] (iexplore.exe @ mswsock.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ mswsock.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x728c2a61 (jmp 0xfffffffffb084051)
[iAT:Inl] (iexplore.exe @ CRYPTSP.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ dwmapi.dll) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x728c1599 (jmp 0xfffffffffb0837e9)
[iAT:Inl] (iexplore.exe @ dwmapi.dll) ntdll.dll - NtMapViewOfSection : Unknown @ 0x728c1501 (jmp 0xfffffffffb083771)
[iAT:Inl] (iexplore.exe @ dwmapi.dll) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549)
[iAT:Inl] (iexplore.exe @ rsaenh.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ rsaenh.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ IPHLPAPI.DLL) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ MSHTML.dll) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x728c1e81 (jmp 0xfffffffffb2f8e5b)
[iAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ MSHTML.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ dxgi.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ DNSAPI.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ SkypeIEPlugin.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ IEUI.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5)
[iAT:Inl] (iexplore.exe @ ninput.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ uiautomationcore.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ uiautomationcore.dll) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ uiautomationcore.dll) USER32.dll - SetWinEventHook : Unknown @ 0x728c2049 (jmp 0xfffffffffc83f549)
[iAT:Inl] (iexplore.exe @ rasadhlp.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - GetMessageA : Unknown @ 0x728c2e89 (jmp 0xfffffffffc849db5)
[iAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)
[iAT:Inl] (iexplore.exe @ WINMM.dll) USER32.dll - PostMessageA : Unknown @ 0x728c2fb9 (jmp 0xfffffffffc844593)
[iAT:Inl] (iexplore.exe @ cfgmgr32.dll) ntdll.dll - NtCreateFile : Unknown @ 0x728c2b91 (jmp 0xfffffffffb084b31)
[iAT:Inl] (iexplore.exe @ NLAapi.dll) ntdll.dll - NtQueueApcThread : Unknown @ 0x728c1cb9 (jmp 0xfffffffffb083d59)
[iAT:Inl] (iexplore.exe @ schannel.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x728c1d51 (jmp 0xfffffffffb083e81)
[iAT:Inl] (iexplore.exe @ ncrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ ncryptsslp.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x728c2931 (jmp 0xfffffffffb084b61)
[iAT:Inl] (iexplore.exe @ OLEACC.DLL) USER32.dll - GetMessageW : Unknown @ 0x728c2f21 (jmp 0xfffffffffc848c4f)
[iAT:Inl] (iexplore.exe @ OLEACC.DLL) USER32.dll - PostMessageW : Unknown @ 0x728c3051 (jmp 0xfffffffffc849c38)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200LPVT-75G33T0 +++++
--- User ---
[MBR] b634dedba9a1db59aa440503c424c080
[bSP] bb94eaade9b98d465b34baf1ed21fc19 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

 

 

Posting this now before I restart the computer and run TDSSKIller.

 

btw, FYI...not sure if this matters...when I started FRST, there was an, "Application Error" pop-up with the message "Exception EAccessViolation in module ERUNT.exe at 0003A62. Access violation at address 00403A62 in module 'ERUNT.exe'. Read of address 0069005C."

 

I just clicked OK and everything seem to run fine and went according to your instructions.

 

There was an Application Error pop-up too the very first time I started FRST.

Share this post


Link to post
Share on other sites

Hey Cecilia,

 

So I ran TDSSKiller. For some reason, I could not find a copy of the log in the C folder. I was able to open the report in the TDSSKiller Scan window but it would not allow me to copy it! Anyway, the results of the scan was "no objects found".

Share this post


Link to post
Share on other sites

Do you have an RKReport on the desktop, or in the folder where TDSSKiller is?

 

Does Ad-Aware find anything when you do a full scan now?

Share this post


Link to post
Share on other sites

I just did a quick scan and Trojan.Powerliks.E did NOT show up! It had been showing up in all my previous quick scans the past 4-5 days.

 

btw, to answer your first question above, the RKReport is included in my reply (post #5) together with the Fixlog.txt.

It is the TDSSKiller log which I could not find in my C folder or on the desktop.

Share this post


Link to post
Share on other sites

Good!

 

Sorry, please check if the TDSSKiller report is on the desktop, or in the folder where the program is (if not on the desktop). It would be nice to see the report even if nothing was found.

Share this post


Link to post
Share on other sites

Nope, after it ran the scan, TDSSKiller definitely did not create a report on the desktop. For that matter, I don't recall RogueKiller did either but after I opened the report, I was able to right-click on it and save it to the desktop. But with TDSSKiller, after I opened the report, right-clicking on it did nothing at all. So I couldn't save it or paste it onto the post here.

 

I tried looking for the report in the folder where the program is, and I can't find the program!!! I looked everywhere in my program files and C drive and while I see FRST, I see neither TDSSKiller nor for that matter, RogueKiller!

 

Anyway, I am going to run a full scan tomorrow just to be 100% certain. It takes about 2.5 hours.

 

Thanks for all your help, Cecilia! I hope I don't have to bother you again!

Share this post


Link to post
Share on other sites

That's OK. I think the computer is clean, but please check that you can access the different Administration Tools in Control Panel.

 

Uninstallation of FRST

Download OTC http://oldtimer.geekstogo.com/OTC.exe

Close all programs.

Start OTC program.

Click the CleanUp! button.

Select Yes when asked "Begin cleanup process".

If you are asked to reboot, select Yes.

If any logs remain on the computer you can remove them.

 

Improve the security in the computer

It is very important to keep Windows and all programs updated. An old version of, for example, Flash contains vulnerabilities that makes it easy to infect the computer from a web page. To help you with keeping everything updated you can use the program Secunia Personal Software Inspector (PSI). http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/ describes how to install and use the program.

Share this post


Link to post
Share on other sites

Hey Cecilia,

 

This is not a stubborn virus question (!) but since I removed the Trojan virus, Windows has suddenly decided to upgrade from 8 to 8.1 WITHOUT needing my OK to proceed. In the past, they would ask if I wanted to upgrade and I always clicked "no". So last night, it just annouced it was going to upgrade in 15 minutes time. So fine.

 

But now, it has turned off most of AdAware's functions and I can't turn it back on!!! I have pro security and the only function that is "o"n is REal Time Protection. Web protection, Email Protection, Network Protection are all in the off position and I can't change it back to "on"!!!

Share this post


Link to post
Share on other sites

Hi again,

 

I have seen in other forums that users suddenly have 8.1 without really knowing how, so obviously Microsoft has changed something.

 

Please, try with uninstalling Ad-Aware, restarting the computer and then install Ad-Aware again. Make sure you have the product key first.

Share this post


Link to post
Share on other sites

Dumb questions but where would I find the product key. And do I reinstall by going to Lavasoft's website and just downloading the program by entering the product key (once I have it already first)?

Share this post


Link to post
Share on other sites

There is no such thing as a dumb question :)

 

You should see the license key when you select "App Management" in the left column.

Yes, download Ad-Aware from Lavasoft's website. After the installation you enter the product key and Ad-Aware will be activated and converted to the Pro version.

http://www.lavasoft.com/mylavasoft/support/supportcenter/product_manuals

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this