Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help finishing rootkit removal in Windows 8.1


  • This topic is locked This topic is locked
17 replies to this topic

#1 mcgtron

mcgtron

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 30 June 2014 - 02:38 PM

per request by Boopme, I am creating a new topic in this forum.

 

Boopme asked me to create a DDS log and post it here, however when I attempt to run DDS I get a message saying "This Program is not meant to run in Compatibility Mode, The Program shall now exit"

 

Here is what I had posted in the previous thread that I had created:

 

"I have a laptop with Windows 8.1 that got infected by rootkits.

Here is what I have already done:

Ran Malwarebytes Full Scan - (see notes below this list)

Ran SuperAntiSpyware Full Scan - multiple times until it found nothing

Ran Avast! Full Scan and Boot Scan - multiple times until they found nothing

Ran TDSSKiller - it found nothing
Ran AdwCleaner - 2 times, second time it found nothing

Ran Junkware Removal Tool (JRT) - 2 times, second time it found nothing

Ran MacAfee Rootkit Removal Tool - it found nothing

 

Notes:

 

At this point, Malwarebytes keeps finding new files, folders, and registry entries during the Heuristic portion of the scan. No matter how many times I run it, it finds them, cleans them, and then they return.

I am suspicious of 2 things in particular

 

1) In C:/Windows/ProgramData there is an UpdateTask folder with a file called vmhost.exe that I cannot delete. Every time I check, the file has been modified within the last hour or so.

2) In C:/Windows/ProgramData there is a MediaDev folder with a sub-folder in it called 1403631292 with a file in it called mediadev.exe that I cannot delete."

 

thanks to anyone who can offer some help.

 

-Matt



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 AM

Posted 05 July 2014 - 07:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

These tools are compatible with your Windows 8 operating system.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 05 July 2014 - 01:06 PM

nasdaq, THANK YOU for helping me. I really appreciate it. :)

 

here is the RogueKiller log, I will put the Farbar log in a new reply.

 

RogueKiller V9.1.0.0 (x64) [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Joanna [Admin rights]
Mode : Remove -- Date : 07/05/2014  13:13:45

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 22 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MFE_RR -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MFE_RR -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49934;https=127.0.0.1:49934  -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49934;https=127.0.0.1:49934  -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49934;https=127.0.0.1:49934  -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49934;https=127.0.0.1:49934  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-537367775-1549278493-593747507-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-537367775-1549278493-593747507-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-537367775-1549278493-593747507-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-537367775-1549278493-593747507-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Windows\Maintenance\Idle-Crawler Update -- "%LOCALAPPDATA%\Idle_Crawler\Idle-Crawler.exe" (--Update) -> DELETED

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  ST750LM022 HN-M7 SATA Disk Device +++++
--- User ---
[MBR] fd9c45f893067b4140b808bdc8664c76
[BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_07052014_125252.log


 



#4 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 05 July 2014 - 01:12 PM

And here is the FarBar log, with Addition file attached:Attached File  Addition.txt   23.25KB   2 downloads

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Joanna (administrator) on DELLLAPTOP on 05-07-2014 14:07:50
Running from C:\Users\Joanna\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(VM Host Corporation) C:\ProgramData\MediaDev\1403631292\mediadev.exe
(VM Host Corporation) C:\ProgramData\UpdateServer\1403887554\webdev.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\ProgramData\UpdateTask\vmhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\ProgramData\UpdateTask\vmhost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-09-11] (Synaptics Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-06-26] (AVAST Software)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [AnyProtect Tray] => "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe"
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-537367775-1549278493-593747507-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-537367775-1549278493-593747507-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
HKU\S-1-5-21-537367775-1549278493-593747507-1002\...\MountPoints2: {2ed9af4a-9b15-11e3-8263-485ab6aa7de7} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-537367775-1549278493-593747507-1002\...\MountPoints2: {61896084-caf9-11e3-8274-a01d48fe0344} - "F:\KODAK_Camera_Setup_App.exe"
HKU\S-1-5-21-537367775-1549278493-593747507-1002\...\MountPoints2: {a07ad5ff-83af-11e3-8259-806e6f6e6963} - "E:\Setup.exe"
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.msn.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: v9
CHR DefaultSearchProvider: v9
CHR DefaultSearchURL: http://search.v9.com/web/?type=dspp&ts=1403702657&from=ymb&uid=ST750LM022XHN-M750MBB_S31PJ9BDC11731&i=psd&t=344ac070f&q={searchTerms}
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-24]
CHR Extension: (Google Wallet) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-24]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-09-25] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-26] (AVAST Software)
R2 MediaDevSrv; C:\ProgramData\MediaDev\1403631292\mediadev.exe [366952 2014-06-24] (VM Host Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 WinDevSvc; C:\ProgramData\UpdateServer\1403887554\webdev.exe [389992 2014-06-27] (VM Host Corporation)

==================== Drivers (Whitelisted) ====================

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-06-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [426848 2014-06-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-26] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-08-19] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-01-13] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-11] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-09-11] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R1 {78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64; C:\Windows\System32\drivers\{78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64.sys [61112 2014-06-09] (StdLib)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S3 MFE_RR; \??\C:\Users\Joanna\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-05 14:07 - 2014-07-05 14:08 - 00011573 _____ () C:\Users\Joanna\Desktop\FRST.txt
2014-07-05 14:07 - 2014-07-05 14:07 - 00000000 ____D () C:\FRST
2014-07-05 12:39 - 2014-07-05 12:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-05 12:36 - 2014-07-05 12:36 - 02084352 _____ (Farbar) C:\Users\Joanna\Desktop\FRST64.exe
2014-07-05 12:35 - 2014-07-05 12:35 - 05283416 _____ () C:\Users\Joanna\Desktop\RogueKillerX64.exe
2014-06-30 15:30 - 2014-06-30 15:30 - 00688992 _____ (Swearware) C:\Users\Joanna\Desktop\dds.com
2014-06-27 19:46 - 2014-06-27 19:46 - 00000296 _____ () C:\Users\Joanna\Desktop\RootkitRemover_20140627_194604.log
2014-06-27 19:45 - 2014-06-27 19:45 - 00783120 _____ (McAfee, Inc.) C:\Users\Joanna\Desktop\rootkitremover.exe
2014-06-27 14:36 - 2014-06-27 15:41 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-06-27 13:42 - 2014-06-27 13:42 - 00000939 _____ () C:\Users\Joanna\Desktop\JRT.txt
2014-06-27 13:28 - 2014-06-27 13:28 - 00000000 ____D () C:\Windows\ERUNT
2014-06-27 13:20 - 2014-06-27 13:20 - 01016261 _____ (Thisisu) C:\Users\Joanna\Desktop\JRT.exe
2014-06-27 13:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-27 13:11 - 2014-06-27 19:12 - 00000000 ____D () C:\AdwCleaner
2014-06-27 13:11 - 2014-06-27 13:11 - 01342659 _____ () C:\Users\Joanna\Desktop\AdwCleaner.exe
2014-06-27 12:45 - 2014-06-27 12:45 - 00000000 ____D () C:\ProgramData\UpdateServer
2014-06-26 20:03 - 2014-06-26 20:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-26 20:01 - 2014-06-26 20:01 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\serv
2014-06-26 19:18 - 2014-06-26 19:18 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Joanna\Desktop\tdsskiller.exe
2014-06-26 17:32 - 2014-06-26 17:32 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\SUPERAntiSpyware.com
2014-06-26 17:32 - 2014-06-26 17:32 - 00000000 ____D () C:\SUPERDelete
2014-06-26 17:31 - 2014-06-26 17:32 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-26 17:31 - 2014-06-26 17:31 - 00001827 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-26 17:31 - 2014-06-26 17:31 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-26 17:31 - 2014-06-26 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-26 15:58 - 2014-06-27 15:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 15:58 - 2014-06-26 15:58 - 00001081 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 15:58 - 2014-06-26 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 15:58 - 2014-06-26 15:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 15:58 - 2014-06-26 15:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-26 15:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-26 15:58 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 15:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-24 14:30 - 2014-06-09 12:14 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64.sys
2014-06-24 13:58 - 2014-06-24 14:03 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-06-24 13:50 - 2014-06-25 09:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-24 13:50 - 2014-06-24 13:58 - 00000000 ____D () C:\Users\Joanna\AppData\Local\Google
2014-06-24 13:34 - 2014-06-24 13:34 - 00000000 ____D () C:\ProgramData\MediaDev
2014-06-24 13:31 - 2014-06-24 13:31 - 00000000 ____D () C:\Windows\Sun
2014-06-24 13:24 - 2014-06-24 13:24 - 00000045 _____ () C:\user.js
2014-06-24 13:20 - 2014-06-24 13:20 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-06-10 23:17 - 2014-05-08 19:06 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-06-10 21:53 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 21:53 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 21:53 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 21:53 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 21:53 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 21:53 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 21:53 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 21:53 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 21:53 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 21:53 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 21:53 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 21:53 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 21:53 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 21:53 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 21:53 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 21:53 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 21:53 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 21:53 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 21:53 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 21:53 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 21:53 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 21:53 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 21:53 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 21:53 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 21:53 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 21:53 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 21:53 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 21:52 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 21:52 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 21:50 - 2014-04-18 10:57 - 00032600 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2014-06-10 21:50 - 2014-04-18 10:44 - 01466856 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-06-10 21:50 - 2014-04-18 09:29 - 01200288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-06-10 21:50 - 2014-04-18 05:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\energyprov.dll
2014-06-10 21:50 - 2014-04-18 05:32 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-06-10 21:50 - 2014-04-18 04:58 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-06-10 21:50 - 2014-04-18 04:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-06-10 21:50 - 2014-04-18 04:21 - 01126912 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-06-10 21:50 - 2014-04-18 04:09 - 08652800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-06-10 21:50 - 2014-04-18 03:51 - 00836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-06-10 21:50 - 2014-04-18 03:49 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-06-10 21:50 - 2014-04-14 05:20 - 00324888 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2014-06-10 21:50 - 2014-04-14 04:01 - 00285144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2014-06-10 21:50 - 2014-04-11 00:51 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-06-10 21:50 - 2014-04-11 00:23 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-06-10 21:50 - 2014-04-10 23:30 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-06-10 21:50 - 2014-04-09 07:53 - 00337240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-06-10 21:50 - 2014-04-09 02:39 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-06-10 21:50 - 2014-04-09 01:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-06-10 21:50 - 2014-04-09 00:35 - 01411584 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-10 21:50 - 2014-04-08 23:33 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2014-06-10 21:50 - 2014-04-07 22:01 - 00589656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-06-10 21:50 - 2014-04-06 12:34 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-06-10 21:50 - 2014-04-06 12:34 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-06-10 21:50 - 2014-04-06 12:32 - 00125496 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-06-10 21:50 - 2014-04-06 12:31 - 21268952 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-10 21:50 - 2014-04-06 12:30 - 00201920 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2014-06-10 21:50 - 2014-04-06 12:24 - 00360792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2014-06-10 21:50 - 2014-04-06 12:20 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-06-10 21:50 - 2014-04-06 12:20 - 01403856 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2014-06-10 21:50 - 2014-04-06 12:20 - 01379064 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-06-10 21:50 - 2014-04-06 12:20 - 00881616 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-06-10 21:50 - 2014-04-06 12:20 - 00765408 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-06-10 21:50 - 2014-04-06 12:20 - 00609448 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-06-10 21:50 - 2014-04-06 12:20 - 00491744 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-06-10 21:50 - 2014-04-06 12:20 - 00467496 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-06-10 21:50 - 2014-04-06 12:20 - 00463256 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-06-10 21:50 - 2014-04-06 12:20 - 00364640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-06-10 21:50 - 2014-04-06 12:20 - 00244880 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-06-10 21:50 - 2014-04-06 12:20 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-06-10 21:50 - 2014-04-06 12:20 - 00028408 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-06-10 21:50 - 2014-04-06 11:23 - 00098584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-06-10 21:50 - 2014-04-06 11:22 - 18755672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-10 21:50 - 2014-04-06 11:22 - 00178184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2014-06-10 21:50 - 2014-04-06 11:16 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-06-10 21:50 - 2014-04-06 11:16 - 01209616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-06-10 21:50 - 2014-04-06 11:16 - 00707048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-06-10 21:50 - 2014-04-06 11:16 - 00669856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-06-10 21:50 - 2014-04-06 11:16 - 00518544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-06-10 21:50 - 2014-04-06 11:16 - 00406504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-06-10 21:50 - 2014-04-06 11:16 - 00387896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-06-10 21:50 - 2014-04-06 11:16 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-06-10 21:50 - 2014-04-06 11:16 - 00305768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-06-10 21:50 - 2014-04-06 10:10 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-10 21:50 - 2014-04-06 08:58 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-06-10 21:50 - 2014-04-06 08:51 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-06-10 21:50 - 2014-04-06 08:33 - 00335872 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2014-06-10 21:50 - 2014-04-06 08:24 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-06-10 21:50 - 2014-04-06 08:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-06-10 21:50 - 2014-04-06 07:55 - 16872448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-06-10 21:50 - 2014-04-06 07:54 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-06-10 21:50 - 2014-04-06 07:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2014-06-10 21:50 - 2014-04-06 07:20 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-06-10 21:50 - 2014-04-06 07:01 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-06-10 21:50 - 2014-04-06 06:52 - 00955904 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-06-10 21:50 - 2014-04-06 06:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-06-10 21:50 - 2014-04-06 06:37 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-06-10 21:50 - 2014-04-06 06:36 - 00888320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-06-10 21:50 - 2014-04-06 06:05 - 01222656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2014-06-10 21:50 - 2014-04-06 05:59 - 00982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2014-06-10 21:50 - 2014-04-03 04:12 - 02124840 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-06-10 21:50 - 2014-04-03 04:12 - 00307304 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-06-10 21:50 - 2014-04-03 04:12 - 00130144 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2014-06-10 21:50 - 2014-04-03 00:03 - 00230808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-06-10 21:50 - 2014-04-03 00:03 - 00111528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2014-06-10 21:50 - 2014-04-02 23:53 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-06-10 21:50 - 2014-04-02 22:53 - 04269056 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-06-10 21:50 - 2014-04-02 22:53 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-10 21:50 - 2014-04-02 22:51 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-06-10 21:50 - 2014-04-02 22:23 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-06-10 21:50 - 2014-04-02 22:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-06-10 21:50 - 2014-04-02 22:23 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2014-06-10 21:50 - 2014-04-02 22:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll
2014-06-10 21:50 - 2014-04-01 02:23 - 00384856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-06-10 21:50 - 2014-03-31 01:42 - 07425368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-10 21:50 - 2014-03-30 20:41 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-06-10 21:50 - 2014-03-30 20:01 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-06-10 21:50 - 2014-03-30 19:43 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-06-10 21:50 - 2014-03-30 18:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-06-10 21:50 - 2014-03-30 18:49 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-06-10 21:50 - 2014-03-30 18:35 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-06-10 21:50 - 2014-03-30 18:11 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-06-10 21:50 - 2014-03-30 17:47 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-06-10 21:50 - 2014-03-28 11:58 - 00407016 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2014-06-10 21:50 - 2014-03-27 02:16 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-06-10 21:50 - 2014-03-27 01:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-06-10 21:50 - 2014-03-27 00:59 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-06-10 21:50 - 2014-03-27 00:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-06-10 21:50 - 2014-03-27 00:19 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-06-10 21:50 - 2014-03-26 23:46 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-06-10 21:50 - 2014-03-26 23:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-06-10 21:50 - 2014-03-26 23:10 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-06-10 21:50 - 2014-03-24 18:58 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-06-10 21:50 - 2014-03-19 23:48 - 00263424 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2014-06-10 21:50 - 2014-03-19 20:44 - 06645248 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-10 21:50 - 2014-03-19 19:33 - 05774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-10 21:50 - 2014-03-19 04:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2014-06-10 21:50 - 2014-03-19 04:07 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-06-10 21:50 - 2014-03-19 03:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-10 21:50 - 2014-03-19 03:17 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2014-06-10 21:50 - 2014-03-19 02:36 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-10 21:50 - 2014-03-19 01:56 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-06-10 21:50 - 2014-03-19 01:45 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-06-10 21:50 - 2014-03-19 01:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-06-10 21:50 - 2014-03-19 01:07 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-06-10 21:50 - 2014-03-19 01:02 - 01527296 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-06-10 21:50 - 2014-03-19 01:00 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-06-10 21:50 - 2014-03-19 00:51 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-06-10 21:50 - 2014-03-19 00:31 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2014-06-10 21:50 - 2014-03-19 00:18 - 02688000 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-06-10 21:50 - 2014-03-18 04:19 - 00077312 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-06-10 21:50 - 2014-03-18 01:00 - 07173120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2014-06-10 21:50 - 2014-03-18 00:52 - 05104640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2014-06-10 21:50 - 2014-03-17 01:09 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-06-10 21:50 - 2014-03-17 00:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-06-10 21:50 - 2014-03-16 23:01 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-06-10 21:50 - 2014-03-16 22:47 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-06-10 21:50 - 2014-03-16 22:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-06-10 21:50 - 2014-03-14 02:26 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2014-06-10 21:50 - 2014-03-14 02:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2014-06-10 21:50 - 2014-03-06 08:42 - 00310616 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-06-10 21:44 - 2014-05-09 23:46 - 02151424 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 21:44 - 2014-05-09 23:22 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 21:44 - 2014-05-03 03:14 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-06-10 21:44 - 2014-05-03 00:21 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-10 21:44 - 2014-05-03 00:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-10 21:44 - 2014-05-02 23:41 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-06-10 21:44 - 2014-05-02 23:38 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-06-10 21:43 - 2014-05-05 00:02 - 03360256 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-10 21:43 - 2014-04-30 07:16 - 01336648 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-06-10 21:43 - 2014-04-29 23:51 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-06-10 21:43 - 2014-04-03 03:59 - 02518872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 21:43 - 2014-04-03 03:59 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 21:39 - 2014-06-10 21:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 21:39 - 2014-06-10 21:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 21:39 - 2014-05-19 02:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe
2014-06-10 21:39 - 2014-05-19 02:21 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2014-06-10 21:39 - 2014-05-19 01:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-06-10 21:39 - 2014-04-30 00:43 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-06-10 21:39 - 2014-04-30 00:26 - 01345536 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-06-10 21:39 - 2014-04-29 23:47 - 01509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-06-10 21:38 - 2014-06-10 21:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 21:38 - 2014-06-10 21:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 21:38 - 2014-06-10 21:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 21:38 - 2014-06-10 21:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 21:38 - 2014-06-10 21:38 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 21:38 - 2014-06-10 21:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 21:38 - 2014-06-10 21:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 21:38 - 2014-06-10 21:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 21:38 - 2014-06-10 21:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 21:38 - 2014-06-10 21:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 21:38 - 2014-05-01 09:31 - 03048904 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-06-10 21:38 - 2014-05-01 09:31 - 00055328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys
2014-06-10 21:38 - 2014-05-01 03:14 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-06-10 21:38 - 2014-05-01 03:05 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-06-10 21:38 - 2014-05-01 02:51 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-06-10 21:38 - 2014-05-01 01:24 - 02834944 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2014-06-10 21:37 - 2014-06-10 21:37 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

==================== One Month Modified Files and Folders =======

2014-07-05 14:08 - 2014-07-05 14:07 - 00011573 _____ () C:\Users\Joanna\Desktop\FRST.txt
2014-07-05 14:07 - 2014-07-05 14:07 - 00000000 ____D () C:\FRST
2014-07-05 14:07 - 2014-02-19 14:00 - 01460704 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 14:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-05 13:36 - 2014-04-25 22:06 - 00000342 _____ () C:\Windows\Tasks\PrintProjects Communicator.job
2014-07-05 13:14 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-05 13:02 - 2014-02-19 16:05 - 00000000 __RDO () C:\Users\Joanna\SkyDrive
2014-07-05 12:39 - 2014-07-05 12:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-05 12:36 - 2014-07-05 12:36 - 02084352 _____ (Farbar) C:\Users\Joanna\Desktop\FRST64.exe
2014-07-05 12:36 - 2014-03-24 18:43 - 00000000 ____D () C:\ProgramData\Kodak
2014-07-05 12:35 - 2014-07-05 12:35 - 05283416 _____ () C:\Users\Joanna\Desktop\RogueKillerX64.exe
2014-07-02 15:38 - 2014-02-19 16:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-02 15:37 - 2014-02-19 16:55 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-30 16:47 - 2014-02-20 16:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-30 15:30 - 2014-06-30 15:30 - 00688992 _____ (Swearware) C:\Users\Joanna\Desktop\dds.com
2014-06-30 15:17 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-06-30 15:13 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-27 19:46 - 2014-06-27 19:46 - 00000296 _____ () C:\Users\Joanna\Desktop\RootkitRemover_20140627_194604.log
2014-06-27 19:45 - 2014-06-27 19:45 - 00783120 _____ (McAfee, Inc.) C:\Users\Joanna\Desktop\rootkitremover.exe
2014-06-27 19:14 - 2013-08-26 02:01 - 00069070 _____ () C:\Windows\PFRO.log
2014-06-27 19:12 - 2014-06-27 13:11 - 00000000 ____D () C:\AdwCleaner
2014-06-27 17:25 - 2014-02-19 16:08 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-537367775-1549278493-593747507-1002
2014-06-27 15:41 - 2014-06-27 14:36 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-06-27 15:32 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-06-27 15:11 - 2014-06-26 15:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-27 15:03 - 2014-01-22 16:37 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-06-27 15:03 - 2013-11-01 19:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-06-27 15:02 - 2014-01-22 16:33 - 00000000 ____D () C:\ProgramData\CyberLink
2014-06-27 15:02 - 2013-11-01 19:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-27 15:01 - 2014-02-19 16:04 - 00000000 ____D () C:\Users\Joanna\AppData\Local\CyberLink
2014-06-27 15:01 - 2014-01-22 16:37 - 00000000 ____D () C:\Users\Public\CyberLink
2014-06-27 15:00 - 2013-11-01 19:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-06-27 14:55 - 2013-11-01 18:31 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-06-27 14:52 - 2013-11-01 19:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-06-27 14:52 - 2013-11-01 19:10 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-06-27 14:42 - 2014-02-19 16:04 - 00000000 ____D () C:\Users\Joanna\Documents\Youcam
2014-06-27 14:41 - 2013-10-02 17:14 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-06-27 14:26 - 2013-08-22 10:44 - 00498520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-27 13:42 - 2014-06-27 13:42 - 00000939 _____ () C:\Users\Joanna\Desktop\JRT.txt
2014-06-27 13:28 - 2014-06-27 13:28 - 00000000 ____D () C:\Windows\ERUNT
2014-06-27 13:20 - 2014-06-27 13:20 - 01016261 _____ (Thisisu) C:\Users\Joanna\Desktop\JRT.exe
2014-06-27 13:11 - 2014-06-27 13:11 - 01342659 _____ () C:\Users\Joanna\Desktop\AdwCleaner.exe
2014-06-27 12:57 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-06-27 12:45 - 2014-06-27 12:45 - 00000000 ____D () C:\ProgramData\UpdateServer
2014-06-27 12:31 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-27 12:19 - 2014-03-01 22:25 - 00000000 ____D () C:\Users\Joanna\AppData\Local\pinger.com
2014-06-26 20:34 - 2014-03-15 16:46 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJoanna
2014-06-26 20:34 - 2014-03-15 16:46 - 00000358 _____ () C:\Windows\Tasks\HPCeeScheduleForJoanna.job
2014-06-26 20:03 - 2014-06-26 20:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-26 20:03 - 2014-04-22 18:19 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-26 20:03 - 2014-02-20 16:16 - 00001989 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-26 20:03 - 2014-02-20 16:15 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-26 20:03 - 2014-02-20 16:15 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-26 20:03 - 2014-02-20 16:15 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-26 20:03 - 2014-02-20 16:15 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-26 20:03 - 2014-02-20 16:15 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-26 20:03 - 2014-02-20 16:15 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-26 20:01 - 2014-06-26 20:01 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\serv
2014-06-26 19:18 - 2014-06-26 19:18 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Joanna\Desktop\tdsskiller.exe
2014-06-26 17:32 - 2014-06-26 17:32 - 00000000 ____D () C:\Users\Joanna\AppData\Roaming\SUPERAntiSpyware.com
2014-06-26 17:32 - 2014-06-26 17:32 - 00000000 ____D () C:\SUPERDelete
2014-06-26 17:32 - 2014-06-26 17:31 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-26 17:31 - 2014-06-26 17:31 - 00001827 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-26 17:31 - 2014-06-26 17:31 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-26 17:31 - 2014-06-26 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-26 16:30 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-26 15:58 - 2014-06-26 15:58 - 00001081 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-26 15:58 - 2014-06-26 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-26 15:58 - 2014-06-26 15:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-26 15:58 - 2014-06-26 15:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-25 23:01 - 2013-08-22 09:25 - 00000322 _____ () C:\Windows\win.ini
2014-06-25 09:49 - 2014-06-24 13:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-24 14:03 - 2014-06-24 13:58 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-06-24 13:58 - 2014-06-24 13:50 - 00000000 ____D () C:\Users\Joanna\AppData\Local\Google
2014-06-24 13:58 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-24 13:58 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-24 13:43 - 2014-02-20 16:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-24 13:35 - 2014-01-22 16:39 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-24 13:34 - 2014-06-24 13:34 - 00000000 ____D () C:\ProgramData\MediaDev
2014-06-24 13:31 - 2014-06-24 13:31 - 00000000 ____D () C:\Windows\Sun
2014-06-24 13:24 - 2014-06-24 13:24 - 00000045 _____ () C:\user.js
2014-06-24 13:20 - 2014-06-24 13:20 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-06-20 09:14 - 2014-02-21 22:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-20 09:14 - 2014-02-21 22:27 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-17 10:12 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-06-15 13:21 - 2014-02-21 11:32 - 00000000 ____D () C:\Users\Joanna\Documents\Last Will & Wishes
2014-06-13 09:54 - 2013-08-26 02:09 - 00956540 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 09:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-06-13 09:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-06-13 09:46 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2014-06-13 09:46 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-06-12 09:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-10 21:39 - 2014-06-10 21:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 21:39 - 2014-06-10 21:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 21:38 - 2014-06-10 21:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 21:38 - 2014-06-10 21:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 21:38 - 2014-06-10 21:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 21:38 - 2014-06-10 21:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 21:38 - 2014-06-10 21:38 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 21:38 - 2014-06-10 21:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 21:38 - 2014-06-10 21:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 21:38 - 2014-06-10 21:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 21:38 - 2014-06-10 21:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 21:38 - 2014-06-10 21:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 21:37 - 2014-06-10 21:37 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-09 12:14 - 2014-06-24 14:30 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64.sys

Files to move or delete:
====================
C:\Users\Joanna\jagex_cl_runescape_LIVE.dat
C:\Users\Joanna\jagex_cl_runescape_LIVE1.dat
C:\Users\Joanna\jagex_runescape_preferences.dat
C:\Users\Joanna\jagex_runescape_preferences2.dat

Some content of TEMP:
====================
C:\Users\Joanna\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-26 12:16

==================== End Of Log ============================


 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 AM

Posted 05 July 2014 - 01:44 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
(VM Host Corporation) C:\ProgramData\MediaDev\1403631292\mediadev.exe
(VM Host Corporation) C:\ProgramData\UpdateServer\1403887554\webdev.exe
() C:\ProgramData\UpdateTask\vmhost.exe
() C:\ProgramData\UpdateTask\vmhost.exe
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [AnyProtect Tray] => "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
CHR DefaultSearchKeyword: v9
CHR DefaultSearchProvider: v9
CHR DefaultSearchURL: http://search.v9.com/web/?type=dspp&ts=1403702657&from=ymb&uid=ST750LM022XHN-M750MBB_S31PJ9BDC11731&i=psd&t=344ac070f&q={searchTerms}
R2 MediaDevSrv; C:\ProgramData\MediaDev\1403631292\mediadev.exe [366952 2014-06-24] (VM Host Corporation)
R2 WinDevSvc; C:\ProgramData\UpdateServer\1403887554\webdev.exe [389992 2014-06-27] (VM Host Corporation)
R1 {78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64; C:\Windows\System32\drivers\{78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64.sys [61112 2014-06-09] (StdLib)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S3 MFE_RR; \??\C:\Users\Joanna\AppData\Local\Temp\mfe_rr.sys [X]
Task: {34857A8F-9004-4DD8-B0C7-247222B5B1C1} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {66FCF477-5BBD-4324-A371-38330AE3E5AF} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {7E916172-CADF-431B-AB31-793704C36C24} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {C2A98FE7-08CB-4AA9-A464-EC8CBD905F48} - \FF Watcher {2820A8D0-6667-4A94-8790-4D22C61D4CA3} No Task File <==== ATTENTION
C:\ProgramData\MediaDev
C:\ProgramData\UpdateServer
C:\Windows\System32\drivers\{78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64.sys
End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Uncheck the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
====

To restore an item quarantined by AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
  • Go to Tools > Quarantine Manager
  • Place a checkmark in the item(s) you want to restore and click Restaurer
  • Click Quitter to close the program
===

How is the computer running now?

#6 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 05 July 2014 - 02:32 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by Joanna at 2014-07-05 15:16:46 Run:1
Running from C:\Users\Joanna\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
(VM Host Corporation) C:\ProgramData\MediaDev\1403631292\mediadev.exe
(VM Host Corporation) C:\ProgramData\UpdateServer\1403887554\webdev.exe
() C:\ProgramData\UpdateTask\vmhost.exe
() C:\ProgramData\UpdateTask\vmhost.exe
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [AnyProtect Tray] => "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
CHR DefaultSearchKeyword: v9
CHR DefaultSearchProvider: v9
CHR DefaultSearchURL: http://search.v9.com/web/?type=dspp&ts=1403702657&from=ymb&uid=ST750LM022XHN-M750MBB_S31PJ9BDC11731&i=psd&t=344ac070f&q={searchTerms}
R2 MediaDevSrv; C:\ProgramData\MediaDev\1403631292\mediadev.exe [366952 2014-06-24] (VM Host Corporation)
R2 WinDevSvc; C:\ProgramData\UpdateServer\1403887554\webdev.exe [389992 2014-06-27] (VM Host Corporation)
R1 {78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64; C:\Windows\System32\drivers\{78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64.sys [61112 2014-06-09] (StdLib)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S3 MFE_RR; \??\C:\Users\Joanna\AppData\Local\Temp\mfe_rr.sys [X]
Task: {34857A8F-9004-4DD8-B0C7-247222B5B1C1} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {66FCF477-5BBD-4324-A371-38330AE3E5AF} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {7E916172-CADF-431B-AB31-793704C36C24} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {C2A98FE7-08CB-4AA9-A464-EC8CBD905F48} - \FF Watcher {2820A8D0-6667-4A94-8790-4D22C61D4CA3} No Task File <==== ATTENTION
C:\ProgramData\MediaDev
C:\ProgramData\UpdateServer
C:\Windows\System32\drivers\{78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64.sys
End
*****************

[1672] C:\ProgramData\MediaDev\1403631292\mediadev.exe => Process closed successfully.
[2240] C:\ProgramData\UpdateServer\1403887554\webdev.exe => Process closed successfully.
[4228] C:\ProgramData\UpdateTask\vmhost.exe => Process closed successfully.
[5712] C:\ProgramData\UpdateTask\vmhost.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnyProtect Scanner => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnyProtect Tray => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCR\PROTOCOLS\Filter\text/xml' => Key deleted successfully.
'HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}'=> Key not found.
CHR DefaultSearchKeyword: v9 ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: v9 ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://search.v9.com/web/?type=dspp&ts=1403702657&from=ymb&uid=ST750LM022XHN-M750MBB_S31PJ9BDC11731&i=psd&t=344ac070f&q={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
MediaDevSrv => Service deleted successfully.
WinDevSvc => Service deleted successfully.
{78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64 => Unable to stop service
{78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64 => Service deleted successfully.
clwvd => Service deleted successfully.
MFE_RR => Service deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34857A8F-9004-4DD8-B0C7-247222B5B1C1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34857A8F-9004-4DD8-B0C7-247222B5B1C1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66FCF477-5BBD-4324-A371-38330AE3E5AF}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66FCF477-5BBD-4324-A371-38330AE3E5AF}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E916172-CADF-431B-AB31-793704C36C24}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E916172-CADF-431B-AB31-793704C36C24}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2A98FE7-08CB-4AA9-A464-EC8CBD905F48}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2A98FE7-08CB-4AA9-A464-EC8CBD905F48}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {2820A8D0-6667-4A94-8790-4D22C61D4CA3}' => Key deleted successfully.
C:\ProgramData\MediaDev => Moved successfully.
C:\ProgramData\UpdateServer => Moved successfully.
C:\Windows\System32\drivers\{78b17104-363a-4bd9-b49c-77419f14b0d0}Gw64.sys => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

 

# AdwCleaner v3.214 - Report created 05/07/2014 at 15:23:42
# Updated 29/06/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Joanna - DELLLAPTOP
# Running from : C:\Users\Joanna\Desktop\adwcleaner_3.214.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

-\\ Google Chrome v

[ File : C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3339 octets] - [27/06/2014 13:11:50]
AdwCleaner[R1].txt - [848 octets] - [27/06/2014 18:04:09]
AdwCleaner[R2].txt - [715 octets] - [05/07/2014 15:23:42]
AdwCleaner[S0].txt - [3195 octets] - [27/06/2014 13:14:02]
AdwCleaner[S1].txt - [908 octets] - [27/06/2014 19:12:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [893 octets] ##########

 

 

 

 

the system seems to be running fine. however it seemed fine before I even posted here - the only problem that I had was Malwarebytes heuristic scan kept finding problems. I have not run the Malwarebytes scan, but I will do so if you wish.


Edited by mcgtron, 05 July 2014 - 04:34 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 AM

Posted 06 July 2014 - 07:42 AM

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

Please download Malwarebytes Anti-Rootkit here.
  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.
  • Keep me posted.


#8 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 06 July 2014 - 09:45 AM

 Results of screen317's Security Check version 0.99.85 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
avast! Antivirus  
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 AM

Posted 06 July 2014 - 10:16 AM

avast! Antivirus
Antivirus out of date!


Take care of this.

You can install the free Microsoft Security Essentials.
http://windows.microsoft.com/en-CA/windows/security-essentials-download

Make sure Avast! is disable when your run this application.

#10 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 06 July 2014 - 10:18 AM

the MBAR scan found nothing.



#11 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 06 July 2014 - 10:20 AM

Avast! was only out of date by 1 day, because I had just turned the laptop on to follow your directions and it hadn't auto-updated yet. I did take care of it though.


Edited by mcgtron, 06 July 2014 - 10:21 AM.


#12 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 06 July 2014 - 10:58 AM

here is a MBAM scan that I just ran. i only ran the scan, I did not apply the actions that MBAM recommended and will not unless you want me to.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/6/2014
Scan Time: 11:22:23 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.06.06
Rootkit Database: v2014.07.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Joanna

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 270229
Time Elapsed: 18 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Eorezo.A, HKLM\SOFTWARE\WOW6432NODE\FREE_SOFTTODAY, , [fa547428c2b9d16572bc278dbc46a759],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.VMHost.A, C:\ProgramData\UpdateTask\vmhost.exe, , [fd51524aa0db2115f8673c7d5aa803fd],

Physical Sectors: 0
(No malicious items detected)

(end)

 


Edited by mcgtron, 06 July 2014 - 10:58 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:36 AM

Posted 06 July 2014 - 12:34 PM

Yes remove these items.

#14 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 06 July 2014 - 12:58 PM

OK, I did, and now I am running the scan again.

 

MediaDev is finally gone.

 

VHHost.A comes back every time MBAM removes it.

 

Eorezo.A is a new one that I have not seen in this scan before.



#15 mcgtron

mcgtron
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 06 July 2014 - 02:48 PM

the MBAM scan came back clean






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users