Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis Log due to strange programs popping up


  • This topic is locked This topic is locked
8 replies to this topic

#1 zrruhl

zrruhl

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington DC
  • Local time:01:20 PM

Posted 04 April 2013 - 07:47 AM

I haven't had to deal with this in a long time, but would greatly appreciate your expert help!

 

FYI, halfway through the scan, this message appeared:

 

"For some reason your system denied write access to the Hosts file.  If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself.  To do this, click Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter.  Find the line(s) HijackThis reports and delate them.
Save the file as "hosts" (with quotes), and reboot."

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:26:35 AM, on 4/4/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16519)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbrmon.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.safesearch.net/?utm_medium=ie&utm_campaign=31&utm_source=sm&utm_content=1&utm_term=6EE05A7BAEB24541
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safesearch.net/?utm_medium=ie&utm_campaign=31&utm_source=sm&utm_content=1&utm_term=6EE05A7BAEB24541
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: Toolbar BHO - {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\littlewoobie04\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Search Assistant BHO - {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtSrcAs.dll
O2 - BHO: SafeSearch - {e27d5867-80de-4449-9c03-71707c0db05b} - C:\Program Files\SafeSearch\ie\adxloader.dll
O2 - BHO: Zoom Downloader - {E5C66DD8-308B-4a4f-AF0A-3D04F25B5343} - mscoree.dll (file missing)
O3 - Toolbar: GamingWonderland - {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files (x86)\GamingWonderland\bar\1.bin\gtbar.dll
O3 - Toolbar: Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O3 - Toolbar: SafeSearch Toolbar - {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - C:\Program Files\SafeSearch\ie\adxloader.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe
O4 - HKLM\..\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray
O4 - HKLM\..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
O4 - HKCU\..\Run: [DownloadManager] "C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe" /as
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: []  (User 'Default user')
O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: AD Blocker Service (ADBlockerSrv) - Unknown owner - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Anvi Smart Defender Realtime Guard Service (asdsrv) - Anvisoft - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\littlewoobie04\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamingWonderlandService - COMPANYVERS_NAME - C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

--
End of file - 12013 bytes



BC AdBot (Login to Remove)

 


#2 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:08:20 PM

Posted 04 April 2013 - 10:09 AM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.

 

 

 

 

 

Download DDS and save it to your desktop from .
Double click DDS to run the tool and press Start
Don't change any stettings without instruction

  • When done, DDS will save two (2) logs to your desktop:
    • DDS.txt
    • Attach.txt
  • .Please post them in your next reply


regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#3 zrruhl

zrruhl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington DC
  • Local time:01:20 PM

Posted 04 April 2013 - 09:10 PM

Hi Daniel,
 
Thank you very much for taking the time to help me with my issues.  Unfortunately this is my little girl's laptop and she seems to have been going places that she shouldn't, innocently as that may be.
 
I should tell you that a warning kept popping up the entire time that a Trojan was attempting to access the computer.  It took several attempts to get anything from the DDS scan, and attached is what I have.  I should say that only one file saved to my desktop after the many attempts.

 

 

 

 

 

 

Attached Files



#4 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:08:20 PM

Posted 05 April 2013 - 02:23 AM

You are welcome.

a warning kept popping up the entire time that a Trojan was attempting to access the computer

Could you tell me, what kind of software is telling you this ?


Please download Farbar Recovery Scan Tool and save it to a flash drive.

Download the 64bit Version.

Plug the flash drive into the infected PC.
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.


Once in the Command Prompt:
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[/list]
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#5 zrruhl

zrruhl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington DC
  • Local time:01:20 PM

Posted 05 April 2013 - 06:45 AM

Good morning,

 

Here is the Farbar Recovery logfile and it is attached as well:

 

To answer your question, the popups regarding Trojans were coming from software somehow downloaded (most likely from a popup that my daughter decided to download. :(  The software was from the Anvi group of software, to which I have since uninstalled.  There were also popups from some gaming software that I didn't mention before.  I'm not sure if they are harmless or not but thought I should let you know either way.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 23 days old)
Ran by littlewoobie04 at 05-04-2013 07:35:06
Running from E:\
   (X64) OS Language: English(US)
Attention: Could not load system hive.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-04-05 07:32 - 2013-04-05 07:32 - 00000643 ____A C:\Windows\setupact.log
2013-04-05 07:32 - 2013-04-05 07:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-04-05 07:32 - 2013-04-05 07:32 - 00000000 ____A C:\Windows\setuperr.log
2013-04-04 21:50 - 2013-04-04 21:50 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds(4).com
2013-04-04 21:49 - 2013-04-04 21:49 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds(3).com
2013-04-04 21:48 - 2013-04-04 21:48 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds(2).com
2013-04-04 21:35 - 2013-04-04 21:35 - 00688992 ____A (Swearware) C:\Users\littlewoobie04\Downloads\dds(1).com
2013-04-04 21:22 - 2013-04-04 21:22 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds.com
2013-04-04 17:31 - 2013-04-04 17:31 - 00000000 ____D C:\Users\littl_000\AppData\Roaming\Google
2013-04-04 01:18 - 2013-01-28 21:57 - 00035232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2013-04-04 01:18 - 2013-01-28 19:08 - 00230904 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2013-04-04 01:15 - 2013-04-04 01:15 - 00000049 ____A C:\Users\littlewoobie04\Desktop\AnviSoft.url
2013-04-04 01:02 - 2013-04-02 06:34 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-04 00:41 - 2013-04-04 00:41 - 00000000 ____D C:\Users\littlewoobie04\AppData\Roaming\Anvisoft
2013-04-04 00:41 - 2013-04-04 00:41 - 00000000 ____D C:\ProgramData\Anvisoft
2013-04-04 00:41 - 2013-04-04 00:41 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-04-04 00:00 - 2013-04-04 00:00 - 00000900 ____A C:\Windows\PFRO.log
2013-04-03 23:43 - 2013-04-03 23:43 - 00003015 ____A C:\Users\littlewoobie04\Desktop\HiJackThis.lnk
2013-04-03 23:43 - 2013-04-03 23:43 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-04-03 23:25 - 2013-04-03 23:25 - 00054210 ____A C:\Users\littlewoobie04\Documents\cc_20130403_232540.reg
2013-04-03 23:19 - 2013-04-03 23:27 - 00000000 ____D C:\Users\littlewoobie04\AppData\Roaming\Google
2013-04-03 23:19 - 2013-04-03 23:19 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-04-03 23:19 - 2013-04-03 23:19 - 00000000 ____D C:\Program Files\CCleaner
2013-04-03 23:18 - 2013-04-05 01:28 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-03 23:18 - 2013-04-04 23:28 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-03 23:18 - 2013-04-03 23:19 - 00000000 ____D C:\ProgramData\Google
2013-04-03 23:18 - 2013-04-03 23:18 - 00000000 ____D C:\Program Files\Google
2013-04-03 23:18 - 2013-04-03 23:18 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-03 23:17 - 2013-04-04 23:45 - 00000258 _RASH C:\Users\littlewoobie04\ntuser.pol
2013-04-03 23:17 - 2013-04-03 23:19 - 00000000 ____D C:\Users\littlewoobie04\Documents\Add-in Express
2013-04-03 23:17 - 2013-04-03 23:17 - 01114512 ____A C:\Users\littlewoobie04\Downloads\ccleaner(1).exe
2013-04-03 23:17 - 2013-04-03 23:17 - 00000258 _RASH C:\Users\littl_000\ntuser.pol
2013-04-03 23:15 - 2013-04-03 23:15 - 01114512 ____A C:\Users\littlewoobie04\Downloads\ccleaner.exe
2013-04-03 12:29 - 2013-04-03 12:29 - 00000000 ____D C:\Users\littl_000\AppData\Roaming\Mozilla
2013-03-29 14:04 - 2013-02-11 20:17 - 00020992 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-20 18:58 - 2013-03-20 18:58 - 00000000 ____D C:\Users\littl_000\Documents\Canon Utilities
2013-03-17 18:40 - 2013-03-17 18:43 - 00291288 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-12 16:19 - 2013-03-12 16:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-12 16:19 - 2013-03-12 16:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-12 16:18 - 2013-02-11 20:55 - 19205632 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-12 16:17 - 2013-02-11 21:30 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-03-12 16:17 - 2013-02-11 21:29 - 14296064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-12 16:17 - 2013-02-11 20:56 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-03-12 16:17 - 2013-02-11 20:25 - 04041728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-03-12 16:17 - 2013-02-05 00:58 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-12 16:17 - 2013-02-05 00:57 - 01128960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 13761536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 02877952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 01658368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-03-12 16:17 - 2013-02-04 23:55 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-12 16:17 - 2013-02-04 21:44 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-03-12 16:17 - 2013-02-04 18:40 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-03-12 16:17 - 2013-02-04 18:39 - 02246656 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-12 16:17 - 2013-02-04 18:39 - 01351680 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-12 16:17 - 2013-02-04 18:39 - 00907776 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-03-12 16:17 - 2013-02-04 18:39 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-12 16:17 - 2013-02-04 18:38 - 15418368 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-12 16:17 - 2013-02-04 18:38 - 03966464 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-12 16:17 - 2013-02-04 18:38 - 02166272 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-12 16:17 - 2013-02-04 18:38 - 00854528 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-12 16:17 - 2013-02-04 18:38 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-03-12 16:17 - 2013-02-02 03:30 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-12 16:16 - 2013-02-07 00:09 - 00069864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2013-03-12 16:16 - 2013-02-06 23:34 - 10115072 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-03-12 16:16 - 2013-02-06 23:33 - 02302464 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-03-12 16:16 - 2013-02-06 23:33 - 02146816 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2013-03-12 16:16 - 2013-02-06 21:34 - 08856576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-03-12 16:16 - 2013-02-06 21:33 - 02033664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-03-12 16:16 - 2013-02-06 21:33 - 00754176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-03-12 16:16 - 2013-02-02 07:19 - 00496872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-03-12 16:16 - 2013-02-02 07:19 - 00446184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2013-03-12 16:16 - 2013-02-02 07:19 - 00329960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2013-03-12 16:16 - 2013-02-02 07:19 - 00061672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2013-03-12 16:16 - 2013-02-02 06:54 - 01933544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-03-12 16:16 - 2013-02-02 06:28 - 02226408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-03-12 16:16 - 2013-02-02 06:28 - 00993512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-03-12 16:16 - 2013-02-02 04:40 - 10792448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-03-12 16:16 - 2013-02-02 04:40 - 00410624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlroamextension.dll
2013-03-12 16:16 - 2013-02-02 04:40 - 00370688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2013-03-12 16:16 - 2013-02-02 04:40 - 00356352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-03-12 16:16 - 2013-02-02 04:40 - 00197632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2013-03-12 16:16 - 2013-02-02 04:40 - 00155136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2013-03-12 16:16 - 2013-02-02 04:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe
2013-03-12 16:16 - 2013-02-02 04:40 - 00079360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskkill.exe
2013-03-12 16:16 - 2013-02-02 04:39 - 05090816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-03-12 16:16 - 2013-02-02 04:39 - 00325632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-03-12 16:16 - 2013-02-02 04:39 - 00157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-03-12 16:16 - 2013-02-02 04:39 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-03-12 16:16 - 2013-02-02 04:39 - 00055296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-03-12 16:16 - 2013-02-02 04:39 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-03-12 16:16 - 2013-02-02 04:39 - 00015872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlmproxy.dll
2013-03-12 16:16 - 2013-02-02 04:39 - 00012288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlmsprep.dll
2013-03-12 16:16 - 2013-02-02 04:38 - 00567808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2013-03-12 16:16 - 2013-02-02 04:24 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\taskkill.exe
2013-03-12 16:16 - 2013-02-02 04:24 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\tasklist.exe
2013-03-12 16:16 - 2013-02-02 04:23 - 13643264 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00731648 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\wpd_ci.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00543232 ____A (Microsoft Corporation) C:\Windows\System32\wlroamextension.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00475136 ____A (Microsoft Corporation) C:\Windows\System32\WWanAPI.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00228352 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00105472 ____A (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00087552 ____A (Microsoft Corporation) C:\Windows\System32\wersvc.dll
2013-03-12 16:16 - 2013-02-02 04:22 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\SettingSync.dll
2013-03-12 16:16 - 2013-02-02 04:22 - 00416256 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-03-12 16:16 - 2013-02-02 04:21 - 05977600 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-03-12 16:16 - 2013-02-02 04:21 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\netprofmsvc.dll
2013-03-12 16:16 - 2013-02-02 04:21 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-03-12 16:16 - 2013-02-02 04:21 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\mbsmsapi.dll
2013-03-12 16:16 - 2013-02-02 04:20 - 00729600 ____A (Microsoft Corporation) C:\Windows\System32\duser.dll
2013-03-12 16:16 - 2013-02-02 04:20 - 00260096 ____A (Microsoft Corporation) C:\Windows\System32\hotspotauth.dll
2013-03-12 16:16 - 2013-02-02 03:25 - 00297984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2013-03-12 16:16 - 2013-02-02 03:25 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-03-12 16:16 - 2013-02-02 03:25 - 00037632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BthAvrcpTg.sys
2013-03-12 16:15 - 2013-03-02 04:22 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-03-12 16:15 - 2013-03-01 22:44 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-03-12 16:15 - 2013-02-05 18:31 - 00622080 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-03-12 16:15 - 2013-02-05 18:29 - 00370688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2013-03-12 16:15 - 2013-02-05 18:28 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-03-12 16:15 - 2013-02-05 18:28 - 00215552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2013-03-12 16:15 - 2013-02-02 01:41 - 01437184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-03-12 16:15 - 2013-02-02 01:31 - 01690624 ____A (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2013-03-12 07:01 - 2013-03-12 07:01 - 00244986 ____A C:\Users\littlewoobie04\Downloads\google (1).csv
2013-03-12 06:57 - 2013-03-12 06:57 - 00244986 ____A C:\Users\littlewoobie04\Downloads\google.csv
2013-03-12 06:57 - 2013-03-12 06:57 - 00139950 ____A C:\Users\littlewoobie04\Downloads\contacts.csv
2013-03-09 16:20 - 2013-03-09 16:20 - 00004096 __ASH C:\Users\littl_000\Desktop\Thumbs.db


==================== One Month Modified Files and Folders =======

2013-04-05 07:34 - 2012-07-26 03:28 - 00850046 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-05 07:33 - 2012-12-25 23:00 - 01063556 ____A C:\Windows\WindowsUpdate.log
2013-04-05 07:32 - 2013-04-05 07:32 - 00000643 ____A C:\Windows\setupact.log
2013-04-05 07:32 - 2013-04-05 07:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-04-05 07:32 - 2013-04-05 07:32 - 00000000 ____A C:\Windows\setuperr.log
2013-04-05 07:00 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\System32\sru
2013-04-05 01:28 - 2013-04-03 23:18 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-04 23:45 - 2013-04-03 23:17 - 00000258 _RASH C:\Users\littlewoobie04\ntuser.pol
2013-04-04 23:45 - 2012-12-25 23:00 - 00000000 ____D C:\users\littlewoobie04
2013-04-04 23:42 - 2013-04-04 00:41 - 00000000 ____D C:\Users\littlewoobie04\AppData\Roaming\Anvisoft
2013-04-04 23:40 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-04-04 23:28 - 2013-04-03 23:18 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-04 21:50 - 2013-04-04 21:50 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds(4).com
2013-04-04 21:49 - 2013-04-04 21:49 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds(3).com
2013-04-04 21:48 - 2013-04-04 21:48 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds(2).com
2013-04-04 21:45 - 2012-12-12 11:16 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-04-04 21:37 - 2012-07-26 03:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-04 21:35 - 2013-04-04 21:35 - 00688992 ____A (Swearware) C:\Users\littlewoobie04\Downloads\dds(1).com
2013-04-04 21:22 - 2013-04-04 21:22 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds.com
2013-04-04 21:18 - 2013-01-15 19:23 - 00000000 ____D C:\Users\littl_000\AppData\Local\CrashDumps
2013-04-04 21:15 - 2012-12-25 23:03 - 00000000 ____D C:\Users\littlewoobie04\Documents\Bluetooth Folder
2013-04-04 18:26 - 2012-12-26 00:47 - 00000000 ____D C:\Users\littl_000\Documents\Bluetooth Folder
2013-04-04 17:31 - 2013-04-04 17:31 - 00000000 ____D C:\Users\littl_000\AppData\Roaming\Google
2013-04-04 17:31 - 2012-12-26 13:32 - 00000000 ____D C:\Users\littl_000\AppData\Local\Google
2013-04-04 09:30 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\rescache
2013-04-04 08:31 - 2012-12-28 12:33 - 00000000 ____D C:\Users\littlewoobie04\AppData\Local\Google
2013-04-04 08:17 - 2012-07-26 01:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-04-04 08:11 - 2012-07-26 01:26 - 01048576 __ASH C:\Windows\System32\config\BBI
2013-04-04 08:10 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-04-04 08:10 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-04-04 08:08 - 2012-12-28 12:56 - 00000000 ____D C:\Users\littlewoobie04\AppData\Local\CrashDumps
2013-04-04 08:08 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\System32\Recovery
2013-04-04 01:15 - 2013-04-04 01:15 - 00000049 ____A C:\Users\littlewoobie04\Desktop\AnviSoft.url
2013-04-04 00:41 - 2013-04-04 00:41 - 00000000 ____D C:\ProgramData\Anvisoft
2013-04-04 00:41 - 2013-04-04 00:41 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-04-04 00:00 - 2013-04-04 00:00 - 00000900 ____A C:\Windows\PFRO.log
2013-04-03 23:43 - 2013-04-03 23:43 - 00003015 ____A C:\Users\littlewoobie04\Desktop\HiJackThis.lnk
2013-04-03 23:43 - 2013-04-03 23:43 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-04-03 23:43 - 2012-12-25 23:00 - 00000000 ____D C:\Users\littlewoobie04\AppData\Local\VirtualStore
2013-04-03 23:27 - 2013-04-03 23:19 - 00000000 ____D C:\Users\littlewoobie04\AppData\Roaming\Google
2013-04-03 23:25 - 2013-04-03 23:25 - 00054210 ____A C:\Users\littlewoobie04\Documents\cc_20130403_232540.reg
2013-04-03 23:24 - 2013-01-21 21:30 - 00000000 ____D C:\Windows\Minidump
2013-04-03 23:24 - 2012-12-12 12:17 - 00000000 ____D C:\Windows\Panther
2013-04-03 23:19 - 2013-04-03 23:19 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-04-03 23:19 - 2013-04-03 23:19 - 00000000 ____D C:\Program Files\CCleaner
2013-04-03 23:19 - 2013-04-03 23:18 - 00000000 ____D C:\ProgramData\Google
2013-04-03 23:19 - 2013-04-03 23:17 - 00000000 ____D C:\Users\littlewoobie04\Documents\Add-in Express
2013-04-03 23:18 - 2013-04-03 23:18 - 00000000 ____D C:\Program Files\Google
2013-04-03 23:18 - 2013-04-03 23:18 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-03 23:17 - 2013-04-03 23:17 - 01114512 ____A C:\Users\littlewoobie04\Downloads\ccleaner(1).exe
2013-04-03 23:17 - 2013-04-03 23:17 - 00000258 _RASH C:\Users\littl_000\ntuser.pol
2013-04-03 23:17 - 2012-12-26 00:46 - 00000000 ____D C:\users\littl_000
2013-04-03 23:17 - 2012-07-26 04:12 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-04-03 23:17 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-04-03 23:15 - 2013-04-03 23:15 - 01114512 ____A C:\Users\littlewoobie04\Downloads\ccleaner.exe
2013-04-03 19:57 - 2012-12-26 01:00 - 00000000 ____D C:\Users\littlewoobie04\AppData\Local\softthinks
2013-04-03 12:29 - 2013-04-03 12:29 - 00000000 ____D C:\Users\littl_000\AppData\Roaming\Mozilla
2013-04-02 06:34 - 2013-04-04 01:02 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-01 21:41 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-03-28 11:23 - 2012-12-28 12:29 - 00595240 ____A (OptimumInstaller) C:\Users\littl_000\Downloads\downloadmanager_Setup.exe
2013-03-28 10:25 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\System32\NDF
2013-03-20 18:58 - 2013-03-20 18:58 - 00000000 ____D C:\Users\littl_000\Documents\Canon Utilities
2013-03-20 18:49 - 2013-01-22 12:55 - 00000000 ____D C:\ProgramData\PhotoStitch
2013-03-17 18:43 - 2013-03-17 18:40 - 00291288 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-15 17:58 - 2012-07-26 04:12 - 00000000 ___RD C:\Windows\ToastData
2013-03-15 17:52 - 2012-12-27 19:25 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-13 19:46 - 2012-12-26 13:32 - 00000000 ____D C:\Users\littl_000\AppData\Local\Deployment
2013-03-12 16:19 - 2013-03-12 16:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-12 16:19 - 2013-03-12 16:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-12 07:01 - 2013-03-12 07:01 - 00244986 ____A C:\Users\littlewoobie04\Downloads\google (1).csv
2013-03-12 06:57 - 2013-03-12 06:57 - 00244986 ____A C:\Users\littlewoobie04\Downloads\google.csv
2013-03-12 06:57 - 2013-03-12 06:57 - 00139950 ____A C:\Users\littlewoobie04\Downloads\contacts.csv
2013-03-09 16:20 - 2013-03-09 16:20 - 00004096 __ASH C:\Users\littl_000\Desktop\Thumbs.db


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2012-12-28 01:40] - [2012-10-11 01:46] - 0517120 ____A (Microsoft Corporation) BCF2036A0DD579E47C008C133550283E

C:\Windows\System32\wininit.exe
[2012-07-25 20:03] - [2012-07-25 23:08] - 0132608 ____A (Microsoft Corporation) FE9AB232B56A12224E8A3F3F9878C9A3

C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2012-12-28 01:40] - [2012-10-11 03:35] - 2380944 ____A (Microsoft Corporation) E13A31D5254C25406A7946BDD9B06364

C:\Windows\SysWOW64\explorer.exe
[2012-12-28 01:40] - [2012-10-11 01:56] - 2115952 ____A (Microsoft Corporation) 953ADECFF08202A01EFC6110214FDE02

C:\Windows\System32\svchost.exe
[2013-01-09 16:33] - [2012-09-20 02:33] - 0029696 ____A (Microsoft Corporation) EDE27EACE742EE2888C5DD36400A2EC0

C:\Windows\SysWOW64\svchost.exe
[2013-01-09 16:33] - [2012-09-20 01:55] - 0023040 ____A (Microsoft Corporation) A46DC432F81473F526E3994AA483E366

C:\Windows\System32\services.exe
[2013-01-09 16:35] - [2012-09-20 02:33] - 0410624 ____A (Microsoft Corporation) 8F226143046435C75C033B0C52E90FFE

C:\Windows\System32\User32.dll
[2013-01-09 16:33] - [2012-09-20 02:33] - 1342464 ____A (Microsoft Corporation) A99AD14F26BDA7D7F27F76BC91B7EED7

C:\Windows\SysWOW64\User32.dll
[2013-01-09 16:32] - [2012-09-20 00:10] - 1126912 ____A (Microsoft Corporation) BA1C3ACD929A71E88B49C2B6E38F92B3

C:\Windows\System32\userinit.exe
[2012-07-25 20:06] - [2012-07-25 23:08] - 0025088 ____A (Microsoft Corporation) 0E925F7BA032920D58DD284B6181A247

C:\Windows\SysWOW64\userinit.exe
[2012-07-25 20:08] - [2012-07-25 23:21] - 0021504 ____A (Microsoft Corporation) 9F6289D194A04A09671FEED4B6CB6EF7

C:\Windows\System32\Drivers\volsnap.sys
[2012-07-25 22:30] - [2012-07-26 00:57] - 0332016 ____A (Microsoft Corporation) 2FB3CDFD5EAF4CD9D4AFAF96877D13AE


==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 3965.27 MB
Available physical RAM: 2134.66 MB
Total Pagefile: 7805.27 MB
Available Pagefile: 5338.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:452.76 GB) (Free:406.35 GB) NTFS
3 Drive e: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32


  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B        *
  Disk 1    Online         3825 MB      0 B        

Partitions of Disk 0:
===============

Disk ID: {84CEAC4E-4217-4B27-9B79-1437D20AF120}

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    System (partition with boot components)             500 MB  1024 KB
  Partition 2    OEM                 40 MB   501 MB
  Partition 3    Reserved           128 MB   541 MB
  Partition 4    Recovery           500 MB   669 MB
  Partition 5    Primary            452 GB  1169 MB
  Partition 6    Recovery            11 GB   453 GB

==================================================================================

Disk: 0
Partition 1
Type    : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         ESP          FAT32  Partition    500 MB  Healthy    System (partition with boot components) 

=========================================================

Disk: 0
Partition 2
Type    : 796badd3-6bbf-4d9f-b631-466eb71a4965
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 3
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 4
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3         WINRETOOLS   NTFS   Partition    500 MB  Healthy    Hidden 

=========================================================

Disk: 0
Partition 5
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   OS           NTFS   Partition    452 GB  Healthy    Boot   

=========================================================

Disk: 0
Partition 6
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4         PBR Image    NTFS   Partition     11 GB  Healthy    Hidden 

=========================================================

Partitions of Disk 1:
===============

Disk ID: C3072E18

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           3821 MB  4032 KB

==================================================================================

Disk: 1
Partition 1
Type  : 0C
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     E   USB DISK     FAT32  Removable   3821 MB  Healthy           

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: E4411EEC

Partition 1:
=========
Hex: 00000200EEFFFFFF01000000FFFFFFFF
Active: NO
Type: EE
Size: -512 byte

==============================
Partitions of Disk 1:
===============
Disk ID: C3072E18

Partition 1:
=========
Hex: 000001010C4CCDCA801F0000C06D7700
Active: NO
Type: 0C
Size: 4 GB


Last Boot: 2013-04-02 10:54

==================== End Of Log =============================

Attached Files

  • Attached File  FRST.txt   27.76KB   0 downloads


#6 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:08:20 PM

Posted 05 April 2013 - 09:54 AM

Hy there.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

Did you follow the link I posted above on how to boot into the Recovery Console ? It is very important so nothing can hide itself from our tools :)
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#7 zrruhl

zrruhl
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington DC
  • Local time:01:20 PM

Posted 05 April 2013 - 08:38 PM

My apologies - a gross lack of sleep is my only excuse for not implicitly following your instructions...Here is the correct log:

 

Here it is, as well as attached:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 23 days old)
Ran by SYSTEM at 05-04-2013 19:56:08
Running from J:\
Windows 8   (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [DellWPF]  [x]
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6842000 2012-09-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4  [1230992 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [BtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe" [763520 2012-08-08] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [127616 2012-08-08] (Qualcomm Atheros Commnucations)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [GamingWonderland Search Scope Monitor] "C:\PROGRA~2\GAMING~2\bar\1.bin\gtsrchmn.exe" /m=2 /w /h [42536 2012-12-28] (MindSpark)
HKLM-x32\...\Run: [GamingWonderland Browser Plugin Loader] C:\PROGRA~2\GAMING~2\bar\1.bin\gtbrmon.exe [30096 2012-12-28] (VER_COMPANY_NAME)
HKLM-x32\...\Run: []  [x]
HKU\littlewoobie04\...\Run: [DownloadManager] "C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe" /as [1644544 2012-12-28] (Zoom Downloader)
HKU\littlewoobie04\...\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545" [241280 2013-02-24] (SEIKO EPSON CORPORATION)
HKU\littlewoobie04\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-04-03] (Google Inc.)
HKU\littlewoobie04\...\Run: []  [x]
HKU\littl_000\...\Run: [Google Update] "C:\Users\littl_000\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-12-26] (Google Inc.)
HKU\littl_000\...\Run: [MusicManager] "C:\Users\littl_000\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7366656 2013-03-18] (Google Inc.)
HKU\littl_000\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2013-04-03] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\ProgramData\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()

==================== Services (Whitelisted) ===================

3 AllUserInstallAgent; C:\Windows\System32\AUInstallAgent.dll [122368 2012-07-25] (Microsoft Corporation)
2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [211072 2012-08-08] (Qualcomm Atheros Commnucations)
2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [169472 2012-11-06] (Microsoft Corporation)
2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [179712 2012-09-20] (Microsoft Corporation)
2 DefaultTabUpdate; "C:\Users\littlewoobie04\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe" [107520 2012-12-28] ()
2 DeviceAssociationService; C:\Windows\System32\das.dll [342016 2012-07-25] (Microsoft Corporation)
3 DeviceInstall; C:\Windows\System32\umpnpmgr.dll [107008 2012-09-20] (Microsoft Corporation)
3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [207872 2012-07-25] (Microsoft Corporation)
3 EFS; C:\Windows\System32\efssvc.dll [37376 2012-07-25] (Microsoft Corporation)
3 fhsvc; C:\Windows\System32\fhsvc.dll [116736 2012-09-20] (Microsoft Corporation)
2 GamingWonderlandService; C:\PROGRA~2\GAMING~2\bar\1.bin\gtbarsvc.exe [42504 2012-12-28] (COMPANYVERS_NAME)
2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
3 KeyIso; C:\Windows\System32\keyiso.dll [59904 2012-07-25] (Microsoft Corporation)
3 KeyIso; C:\Windows\SysWow64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
2 LSM; C:\Windows\System32\lsm.dll [438272 2013-01-09] (Microsoft Corporation)
3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [332080 2012-01-26] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-11-16] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [241016 2012-11-09] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-11-09] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177680 2012-11-09] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
3 NcaSvc; C:\Windows\System32\ncasvc.dll [161792 2012-07-25] (Microsoft Corporation)
3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [73728 2012-07-25] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\netlogon.dll [743936 2012-07-25] (Microsoft Corporation)
3 Netlogon; C:\Windows\SysWow64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
3 netprofm; C:\Windows\System32\netprofmsvc.dll [467456 2013-02-02] (Microsoft Corporation)
3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2675712 2012-11-06] (Microsoft Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [254512 2012-04-24] ()
2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
2 SftService; "C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe" [1914728 2012-11-26] (SoftThinks SAS)
3 StorSvc; C:\Windows\SysWow64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
3 svsvc; C:\Windows\System32\svsvc.dll [12800 2012-07-25] (Microsoft Corporation)
3 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [178176 2012-12-06] (Microsoft Corporation)
3 TimeBroker; C:\Windows\System32\TimeBrokerServer.dll [170496 2012-12-06] (Microsoft Corporation)
3 VaultSvc; C:\Windows\System32\vaultsvc.dll [283648 2012-07-25] (Microsoft Corporation)
3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)
3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)
3 vmicrdv; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)
3 vmicshutdown; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)
3 vmictimesync; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)
3 vmicvss; C:\Windows\System32\ICSvc.dll [336384 2012-07-25] (Microsoft Corporation)
2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [263680 2012-07-25] (Microsoft Corporation)
3 WiaRpc; C:\Windows\System32\wiarpc.dll [65536 2012-07-25] (Microsoft Corporation)
2 WinDefend; "C:\Program Files\Windows Defender\MsMpEng.exe" [14920 2013-01-28] (Microsoft Corporation)
3 WinHttpAutoProxySvc; C:\Windows\SysWow64\winhttp.dll [516608 2012-11-06] (Microsoft Corporation)
3 wlidsvc; C:\Windows\System32\wlidsvc.dll [1964544 2013-01-09] (Microsoft Corporation)
3 WSService; C:\Windows\System32\WSService.dll [2367528 2012-09-20] (Microsoft Corporation)
2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-08-07] (Atheros)

==================== Drivers (Whitelisted) =====================

0 3ware; C:\Windows\System32\Drivers\3ware.sys [106736 2012-07-26] (LSI)
0 acpiex; C:\Windows\System32\Drivers\acpiex.sys [77040 2012-07-26] (Microsoft Corporation)
3 acpipagr; C:\Windows\System32\Drivers\acpipagr.sys [10240 2012-07-25] (Microsoft Corporation)
3 acpitime; C:\Windows\System32\Drivers\acpitime.sys [10752 2012-07-25] (Microsoft Corporation)
0 arc; C:\Windows\System32\Drivers\arc.sys [104688 2012-07-26] (PMC-Sierra, Inc.)
0 arcsas; C:\Windows\System32\Drivers\arcsas.sys [108272 2012-07-26] (PMC-Sierra, Inc.)
3 AthBTPort; C:\Windows\system32\DRIVERS\btath_flt.sys [88728 2012-08-08] (Qualcomm Atheros)
3 athr; C:\Windows\system32\DRIVERS\athw8x.sys [3618304 2012-07-24] (Qualcomm Atheros Communications, Inc.)
1 BasicDisplay; C:\Windows\System32\Drivers\BasicDisplay.sys [48640 2012-07-25] (Microsoft Corporation)
1 BasicRender; C:\Windows\System32\Drivers\BasicRender.sys [29696 2012-07-25] (Microsoft Corporation)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [344216 2012-08-08] (Qualcomm Atheros)
3 btath_avdt; C:\Windows\System32\Drivers\btath_avdt.sys [114840 2012-08-08] (Qualcomm Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [33944 2012-08-08] (Qualcomm Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [178840 2012-08-08] (Qualcomm Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [76952 2012-08-08] (Qualcomm Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [135832 2012-08-08] (Qualcomm Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [574616 2012-08-08] (Qualcomm Atheros)
3 BthAvrcpTg; C:\Windows\System32\Drivers\BthAvrcpTg.sys [37632 2013-02-02] (Microsoft Corporation)
3 BthHFEnum; C:\Windows\System32\Drivers\BthHFEnum.sys [51200 2012-07-25] (Microsoft Corporation)
3 bthhfhid; C:\Windows\System32\Drivers\bthhfhid.sys [29952 2012-11-26] (Microsoft Corporation)
3 BthLEEnum; C:\Windows\System32\Drivers\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)
0 CLFS; C:\Windows\System32\Drivers\CLFS.sys [361200 2012-07-26] (Microsoft Corporation)
1 CLVirtualDrive; C:\Windows\System32\Drivers\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
3 condrv; C:\Windows\System32\Drivers\condrv.sys [33792 2012-07-26] (Microsoft Corporation)
1 dam; C:\Windows\System32\Drivers\dam.sys [58088 2012-10-11] (Microsoft Corporation)
3 DellRbtn; C:\Windows\System32\Drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
0 EhStorClass; C:\Windows\System32\Drivers\EhStorClass.sys [81136 2012-07-26] (Microsoft Corporation)
0 EhStorTcgDrv; C:\Windows\System32\Drivers\EhStorTcgDrv.sys [113904 2012-07-26] (Microsoft Corporation)
3 FxPPM; C:\Windows\System32\Drivers\FxPPM.sys [22528 2012-11-05] (Microsoft Corporation)
3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [12288 2012-07-25] (Microsoft Corporation)
3 GPIOClx0101; C:\Windows\System32\Drivers\msgpioclx.sys [120040 2012-09-20] (Microsoft Corporation)
3 hidi2c; C:\Windows\System32\Drivers\hidi2c.sys [39936 2012-11-20] (Microsoft Corporation)
3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
3 hyperkbd; C:\Windows\System32\Drivers\hyperkbd.sys [11776 2012-07-25] (Microsoft Corporation)
3 HyperVideo; C:\Windows\System32\Drivers\HyperVideo.sys [24576 2012-07-25] (Microsoft Corporation)
0 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [651832 2012-10-27] (Intel Corporation)
3 kdnic; C:\Windows\System32\Drivers\kdnic.sys [18432 2012-07-25] (Microsoft Corporation)
0 LSI_SSS; C:\Windows\System32\Drivers\LSI_SSS.sys [81136 2012-07-26] (LSI Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)
0 mfeelamk; C:\Windows\System32\Drivers\mfeelamk.sys [69168 2012-11-09] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-11-09] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)
3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [129536 2012-07-25] (Microsoft Corporation)
3 msgpiowin32; C:\Windows\System32\Drivers\msgpiowin32.sys [28904 2013-01-09] (Microsoft Corporation)
3 mshidumdf; C:\Windows\System32\Drivers\mshidumdf.sys [10752 2012-07-25] (Microsoft Corporation)
3 MsLldp; C:\Windows\System32\Drivers\MsLldp.sys [68608 2012-07-25] (Microsoft Corporation)
0 mvumis; C:\Windows\System32\Drivers\mvumis.sys [64240 2012-07-26] (Marvell Semiconductor, Inc.)
3 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [126464 2012-07-25] (Microsoft Corporation)
3 NDISWANLEGACY; C:\Windows\system32\DRIVERS\ndiswan.sys [174080 2012-07-25] (Microsoft Corporation)
2 Ndu; C:\Windows\System32\Drivers\Ndu.sys [97792 2012-07-25] (Microsoft Corporation)
1 npsvctrig; C:\Windows\System32\Drivers\npsvctrig.sys [23552 2012-07-25] (Microsoft Corporation)
0 pdc; C:\Windows\System32\Drivers\pdc.sys [69864 2013-02-07] (Microsoft Corporation)
3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [683664 2012-06-13] (Realtek                                            )
3 sdstor; C:\Windows\System32\Drivers\sdstor.sys [56552 2012-10-11] (Microsoft Corporation)
3 SerCx; C:\Windows\System32\Drivers\SerCx.sys [62976 2012-07-25] (Microsoft Corporation)
3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-20] (Synaptics Incorporated)
3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-09-20] (Synaptics Incorporated)
0 spaceport; C:\Windows\System32\Drivers\spaceport.sys [283888 2012-07-26] (Microsoft Corporation)
3 SpbCx; C:\Windows\System32\Drivers\SpbCx.sys [59392 2012-07-25] (Microsoft Corporation)
0 storahci; C:\Windows\System32\Drivers\storahci.sys [77552 2012-07-26] (Microsoft Corporation)
3 UASPStor; C:\Windows\System32\Drivers\UASPStor.sys [97008 2012-07-26] (Microsoft Corporation)
3 UCX01000; C:\Windows\System32\Drivers\UCX01000.sys [212200 2012-09-20] (Microsoft Corporation)
3 USBHUB3; C:\Windows\System32\Drivers\USBHUB3.sys [446184 2013-02-02] (Microsoft Corporation)
3 USBXHCI; C:\Windows\System32\Drivers\USBXHCI.sys [337128 2012-09-20] (Microsoft Corporation)
3 VerifierExt; C:\Windows\System32\Drivers\VerifierExt.sys [106224 2012-07-26] (Microsoft Corporation)
3 vpci; C:\Windows\System32\Drivers\vpci.sys [67824 2012-07-26] (Microsoft Corporation)
0 VSTXRAID; C:\Windows\System32\Drivers\VSTXRAID.sys [322800 2012-07-26] (VIA Corporation)
0 WdBoot; C:\Windows\System32\Drivers\WdBoot.sys [35232 2013-01-28] (Microsoft Corporation)
0 WdFilter; C:\Windows\System32\Drivers\WdFilter.sys [230904 2013-01-28] (Microsoft Corporation)
0 WFPLWFS; C:\Windows\System32\Drivers\WFPLWFS.sys [96496 2012-07-26] (Microsoft Corporation)
3 wpcfltr; C:\Windows\System32\Drivers\wpcfltr.sys [45056 2012-07-25] (Microsoft Corporation)
3 WpdUpFltr; C:\Windows\System32\Drivers\WpdUpFltr.sys [19968 2012-07-25] (Microsoft Corporation)
3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
3 mfeavfk01;  [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-04-05 07:32 - 2013-04-05 07:32 - 00000643 ____A C:\Windows\setupact.log
2013-04-05 07:32 - 2013-04-05 07:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-04-05 07:32 - 2013-04-05 07:32 - 00000000 ____A C:\Windows\setuperr.log
2013-04-04 21:50 - 2013-04-04 21:50 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds(4).com
2013-04-04 21:49 - 2013-04-04 21:49 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds(3).com
2013-04-04 21:48 - 2013-04-04 21:48 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds(2).com
2013-04-04 21:35 - 2013-04-04 21:35 - 00688992 ____A (Swearware) C:\Users\littlewoobie04\Downloads\dds(1).com
2013-04-04 21:22 - 2013-04-04 21:22 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds.com
2013-04-04 17:31 - 2013-04-04 17:31 - 00000000 ____D C:\Users\littl_000\AppData\Roaming\Google
2013-04-04 01:18 - 2013-01-28 21:57 - 00035232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2013-04-04 01:18 - 2013-01-28 19:08 - 00230904 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2013-04-04 01:15 - 2013-04-04 01:15 - 00000049 ____A C:\Users\littlewoobie04\Desktop\AnviSoft.url
2013-04-04 01:02 - 2013-04-02 06:34 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-04 00:41 - 2013-04-04 23:42 - 00000000 ____D C:\Users\littlewoobie04\AppData\Roaming\Anvisoft
2013-04-04 00:41 - 2013-04-04 00:41 - 00000000 ____D C:\ProgramData\Anvisoft
2013-04-04 00:41 - 2013-04-04 00:41 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-04-04 00:00 - 2013-04-04 00:00 - 00000900 ____A C:\Windows\PFRO.log
2013-04-03 23:43 - 2013-04-03 23:43 - 00003015 ____A C:\Users\littlewoobie04\Desktop\HiJackThis.lnk
2013-04-03 23:43 - 2013-04-03 23:43 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-04-03 23:25 - 2013-04-03 23:25 - 00054210 ____A C:\Users\littlewoobie04\Documents\cc_20130403_232540.reg
2013-04-03 23:19 - 2013-04-03 23:27 - 00000000 ____D C:\Users\littlewoobie04\AppData\Roaming\Google
2013-04-03 23:19 - 2013-04-03 23:19 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-04-03 23:19 - 2013-04-03 23:19 - 00000000 ____D C:\Program Files\CCleaner
2013-04-03 23:18 - 2013-04-05 16:28 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-03 23:18 - 2013-04-04 23:28 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-03 23:18 - 2013-04-03 23:19 - 00000000 ____D C:\ProgramData\Google
2013-04-03 23:18 - 2013-04-03 23:18 - 00000000 ____D C:\Program Files\Google
2013-04-03 23:18 - 2013-04-03 23:18 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-03 23:17 - 2013-04-04 23:45 - 00000258 _RASH C:\Users\littlewoobie04\ntuser.pol
2013-04-03 23:17 - 2013-04-03 23:19 - 00000000 ____D C:\Users\littlewoobie04\Documents\Add-in Express
2013-04-03 23:17 - 2013-04-03 23:17 - 01114512 ____A C:\Users\littlewoobie04\Downloads\ccleaner(1).exe
2013-04-03 23:17 - 2013-04-03 23:17 - 00000258 _RASH C:\Users\littl_000\ntuser.pol
2013-04-03 23:15 - 2013-04-03 23:15 - 01114512 ____A C:\Users\littlewoobie04\Downloads\ccleaner.exe
2013-04-03 12:29 - 2013-04-03 12:29 - 00000000 ____D C:\Users\littl_000\AppData\Roaming\Mozilla
2013-03-29 14:04 - 2013-02-11 20:17 - 00020992 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-03-20 18:58 - 2013-03-20 18:58 - 00000000 ____D C:\Users\littl_000\Documents\Canon Utilities
2013-03-17 18:40 - 2013-03-17 18:43 - 00291288 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-12 16:19 - 2013-03-12 16:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-12 16:19 - 2013-03-12 16:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-12 16:18 - 2013-02-11 20:55 - 19205632 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-12 16:17 - 2013-02-11 21:30 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-03-12 16:17 - 2013-02-11 21:29 - 14296064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-12 16:17 - 2013-02-11 20:56 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-03-12 16:17 - 2013-02-11 20:25 - 04041728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-03-12 16:17 - 2013-02-05 00:58 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-12 16:17 - 2013-02-05 00:57 - 01128960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 13761536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 02877952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 01658368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-12 16:17 - 2013-02-05 00:56 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-03-12 16:17 - 2013-02-04 23:55 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-12 16:17 - 2013-02-04 21:44 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-03-12 16:17 - 2013-02-04 18:40 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-03-12 16:17 - 2013-02-04 18:39 - 02246656 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-12 16:17 - 2013-02-04 18:39 - 01351680 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-12 16:17 - 2013-02-04 18:39 - 00907776 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-03-12 16:17 - 2013-02-04 18:39 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-12 16:17 - 2013-02-04 18:38 - 15418368 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-12 16:17 - 2013-02-04 18:38 - 03966464 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-12 16:17 - 2013-02-04 18:38 - 02166272 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-12 16:17 - 2013-02-04 18:38 - 00854528 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-12 16:17 - 2013-02-04 18:38 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-03-12 16:17 - 2013-02-02 03:30 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-12 16:16 - 2013-02-07 00:09 - 00069864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2013-03-12 16:16 - 2013-02-06 23:34 - 10115072 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-03-12 16:16 - 2013-02-06 23:33 - 02302464 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-03-12 16:16 - 2013-02-06 23:33 - 02146816 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2013-03-12 16:16 - 2013-02-06 21:34 - 08856576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-03-12 16:16 - 2013-02-06 21:33 - 02033664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-03-12 16:16 - 2013-02-06 21:33 - 00754176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-03-12 16:16 - 2013-02-02 07:19 - 00496872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-03-12 16:16 - 2013-02-02 07:19 - 00446184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2013-03-12 16:16 - 2013-02-02 07:19 - 00329960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2013-03-12 16:16 - 2013-02-02 07:19 - 00061672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2013-03-12 16:16 - 2013-02-02 06:54 - 01933544 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-03-12 16:16 - 2013-02-02 06:28 - 02226408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-03-12 16:16 - 2013-02-02 06:28 - 00993512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2013-03-12 16:16 - 2013-02-02 04:40 - 10792448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-03-12 16:16 - 2013-02-02 04:40 - 00410624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlroamextension.dll
2013-03-12 16:16 - 2013-02-02 04:40 - 00370688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2013-03-12 16:16 - 2013-02-02 04:40 - 00356352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-03-12 16:16 - 2013-02-02 04:40 - 00197632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2013-03-12 16:16 - 2013-02-02 04:40 - 00155136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2013-03-12 16:16 - 2013-02-02 04:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe
2013-03-12 16:16 - 2013-02-02 04:40 - 00079360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskkill.exe
2013-03-12 16:16 - 2013-02-02 04:39 - 05090816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-03-12 16:16 - 2013-02-02 04:39 - 00325632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-03-12 16:16 - 2013-02-02 04:39 - 00157696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-03-12 16:16 - 2013-02-02 04:39 - 00115712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-03-12 16:16 - 2013-02-02 04:39 - 00055296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-03-12 16:16 - 2013-02-02 04:39 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-03-12 16:16 - 2013-02-02 04:39 - 00015872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlmproxy.dll
2013-03-12 16:16 - 2013-02-02 04:39 - 00012288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlmsprep.dll
2013-03-12 16:16 - 2013-02-02 04:38 - 00567808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2013-03-12 16:16 - 2013-02-02 04:24 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\taskkill.exe
2013-03-12 16:16 - 2013-02-02 04:24 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\tasklist.exe
2013-03-12 16:16 - 2013-02-02 04:23 - 13643264 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00731648 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\wpd_ci.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00543232 ____A (Microsoft Corporation) C:\Windows\System32\wlroamextension.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00475136 ____A (Microsoft Corporation) C:\Windows\System32\WWanAPI.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00228352 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00105472 ____A (Microsoft Corporation) C:\Windows\System32\wpdbusenum.dll
2013-03-12 16:16 - 2013-02-02 04:23 - 00087552 ____A (Microsoft Corporation) C:\Windows\System32\wersvc.dll
2013-03-12 16:16 - 2013-02-02 04:22 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\SettingSync.dll
2013-03-12 16:16 - 2013-02-02 04:22 - 00416256 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-03-12 16:16 - 2013-02-02 04:21 - 05977600 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-03-12 16:16 - 2013-02-02 04:21 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\netprofmsvc.dll
2013-03-12 16:16 - 2013-02-02 04:21 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-03-12 16:16 - 2013-02-02 04:21 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\mbsmsapi.dll
2013-03-12 16:16 - 2013-02-02 04:20 - 00729600 ____A (Microsoft Corporation) C:\Windows\System32\duser.dll
2013-03-12 16:16 - 2013-02-02 04:20 - 00260096 ____A (Microsoft Corporation) C:\Windows\System32\hotspotauth.dll
2013-03-12 16:16 - 2013-02-02 03:25 - 00297984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2013-03-12 16:16 - 2013-02-02 03:25 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-03-12 16:16 - 2013-02-02 03:25 - 00037632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BthAvrcpTg.sys
2013-03-12 16:15 - 2013-03-02 04:22 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-03-12 16:15 - 2013-03-01 22:44 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-03-12 16:15 - 2013-02-05 18:31 - 00622080 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-03-12 16:15 - 2013-02-05 18:29 - 00370688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2013-03-12 16:15 - 2013-02-05 18:28 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-03-12 16:15 - 2013-02-05 18:28 - 00215552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2013-03-12 16:15 - 2013-02-02 01:41 - 01437184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-03-12 16:15 - 2013-02-02 01:31 - 01690624 ____A (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2013-03-12 07:01 - 2013-03-12 07:01 - 00244986 ____A C:\Users\littlewoobie04\Downloads\google (1).csv
2013-03-12 06:57 - 2013-03-12 06:57 - 00244986 ____A C:\Users\littlewoobie04\Downloads\google.csv
2013-03-12 06:57 - 2013-03-12 06:57 - 00139950 ____A C:\Users\littlewoobie04\Downloads\contacts.csv
2013-03-09 16:20 - 2013-03-09 16:20 - 00004096 __ASH C:\Users\littl_000\Desktop\Thumbs.db


==================== One Month Modified Files and Folders =======

2013-04-05 19:13 - 2012-07-26 01:26 - 01048576 __ASH C:\Windows\System32\config\BBI
2013-04-05 19:10 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\System32\sru
2013-04-05 18:07 - 2012-12-25 23:00 - 01185608 ____A C:\Windows\WindowsUpdate.log
2013-04-05 16:58 - 2012-12-28 12:56 - 00000000 ____D C:\Users\littlewoobie04\AppData\Local\CrashDumps
2013-04-05 16:28 - 2013-04-03 23:18 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-05 07:35 - 2013-04-05 07:34 - 00000000 ____D C:\FRST
2013-04-05 07:34 - 2012-07-26 03:28 - 00850046 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-05 07:32 - 2013-04-05 07:32 - 00000643 ____A C:\Windows\setupact.log
2013-04-05 07:32 - 2013-04-05 07:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-04-05 07:32 - 2013-04-05 07:32 - 00000000 ____A C:\Windows\setuperr.log
2013-04-04 23:45 - 2013-04-03 23:17 - 00000258 _RASH C:\Users\littlewoobie04\ntuser.pol
2013-04-04 23:45 - 2012-12-25 23:00 - 00000000 ____D C:\users\littlewoobie04
2013-04-04 23:42 - 2013-04-04 00:41 - 00000000 ____D C:\Users\littlewoobie04\AppData\Roaming\Anvisoft
2013-04-04 23:40 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-04-04 23:28 - 2013-04-03 23:18 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-04 21:50 - 2013-04-04 21:50 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds(4).com
2013-04-04 21:49 - 2013-04-04 21:49 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds(3).com
2013-04-04 21:48 - 2013-04-04 21:48 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds(2).com
2013-04-04 21:45 - 2012-12-12 11:16 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-04-04 21:37 - 2012-07-26 03:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-04 21:35 - 2013-04-04 21:35 - 00688992 ____A (Swearware) C:\Users\littlewoobie04\Downloads\dds(1).com
2013-04-04 21:22 - 2013-04-04 21:22 - 00688992 ____R (Swearware) C:\Users\littlewoobie04\Downloads\dds.com
2013-04-04 21:18 - 2013-01-15 19:23 - 00000000 ____D C:\Users\littl_000\AppData\Local\CrashDumps
2013-04-04 21:15 - 2012-12-26 00:47 - 00000000 ____D C:\Users\littl_000\Documents\Bluetooth Folder
2013-04-04 21:15 - 2012-12-25 23:03 - 00000000 ____D C:\Users\littlewoobie04\Documents\Bluetooth Folder
2013-04-04 17:31 - 2013-04-04 17:31 - 00000000 ____D C:\Users\littl_000\AppData\Roaming\Google
2013-04-04 17:31 - 2012-12-26 13:32 - 00000000 ____D C:\Users\littl_000\AppData\Local\Google
2013-04-04 09:30 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\rescache
2013-04-04 08:31 - 2012-12-28 12:33 - 00000000 ____D C:\Users\littlewoobie04\AppData\Local\Google
2013-04-04 08:17 - 2012-07-26 01:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-04-04 08:10 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-04-04 08:10 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-04-04 08:08 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\System32\Recovery
2013-04-04 01:15 - 2013-04-04 01:15 - 00000049 ____A C:\Users\littlewoobie04\Desktop\AnviSoft.url
2013-04-04 00:41 - 2013-04-04 00:41 - 00000000 ____D C:\ProgramData\Anvisoft
2013-04-04 00:41 - 2013-04-04 00:41 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-04-04 00:00 - 2013-04-04 00:00 - 00000900 ____A C:\Windows\PFRO.log
2013-04-03 23:43 - 2013-04-03 23:43 - 00003015 ____A C:\Users\littlewoobie04\Desktop\HiJackThis.lnk
2013-04-03 23:43 - 2013-04-03 23:43 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-04-03 23:43 - 2012-12-25 23:00 - 00000000 ____D C:\Users\littlewoobie04\AppData\Local\VirtualStore
2013-04-03 23:27 - 2013-04-03 23:19 - 00000000 ____D C:\Users\littlewoobie04\AppData\Roaming\Google
2013-04-03 23:25 - 2013-04-03 23:25 - 00054210 ____A C:\Users\littlewoobie04\Documents\cc_20130403_232540.reg
2013-04-03 23:24 - 2013-01-21 21:30 - 00000000 ____D C:\Windows\Minidump
2013-04-03 23:24 - 2012-12-12 12:17 - 00000000 ____D C:\Windows\Panther
2013-04-03 23:19 - 2013-04-03 23:19 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-04-03 23:19 - 2013-04-03 23:19 - 00000000 ____D C:\Program Files\CCleaner
2013-04-03 23:19 - 2013-04-03 23:18 - 00000000 ____D C:\ProgramData\Google
2013-04-03 23:19 - 2013-04-03 23:17 - 00000000 ____D C:\Users\littlewoobie04\Documents\Add-in Express
2013-04-03 23:18 - 2013-04-03 23:18 - 00000000 ____D C:\Program Files\Google
2013-04-03 23:18 - 2013-04-03 23:18 - 00000000 ____D C:\Program Files (x86)\Google
2013-04-03 23:17 - 2013-04-03 23:17 - 01114512 ____A C:\Users\littlewoobie04\Downloads\ccleaner(1).exe
2013-04-03 23:17 - 2013-04-03 23:17 - 00000258 _RASH C:\Users\littl_000\ntuser.pol
2013-04-03 23:17 - 2012-12-26 00:46 - 00000000 ____D C:\users\littl_000
2013-04-03 23:17 - 2012-07-26 04:12 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-04-03 23:17 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-04-03 23:15 - 2013-04-03 23:15 - 01114512 ____A C:\Users\littlewoobie04\Downloads\ccleaner.exe
2013-04-03 19:57 - 2012-12-26 01:00 - 00000000 ____D C:\Users\littlewoobie04\AppData\Local\softthinks
2013-04-03 12:29 - 2013-04-03 12:29 - 00000000 ____D C:\Users\littl_000\AppData\Roaming\Mozilla
2013-04-02 06:34 - 2013-04-04 01:02 - 00282744 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-01 21:41 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-03-28 11:23 - 2012-12-28 12:29 - 00595240 ____A (OptimumInstaller) C:\Users\littl_000\Downloads\downloadmanager_Setup.exe
2013-03-28 10:25 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\System32\NDF
2013-03-20 18:58 - 2013-03-20 18:58 - 00000000 ____D C:\Users\littl_000\Documents\Canon Utilities
2013-03-20 18:49 - 2013-01-22 12:55 - 00000000 ____D C:\ProgramData\PhotoStitch
2013-03-17 18:43 - 2013-03-17 18:40 - 00291288 ____A C:\Windows\System32\FNTCACHE.DAT
2013-03-15 17:58 - 2012-07-26 04:12 - 00000000 ___RD C:\Windows\ToastData
2013-03-15 17:52 - 2012-12-27 19:25 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-03-13 19:46 - 2012-12-26 13:32 - 00000000 ____D C:\Users\littl_000\AppData\Local\Deployment
2013-03-12 16:19 - 2013-03-12 16:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-12 16:19 - 2013-03-12 16:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-12 07:01 - 2013-03-12 07:01 - 00244986 ____A C:\Users\littlewoobie04\Downloads\google (1).csv
2013-03-12 06:57 - 2013-03-12 06:57 - 00244986 ____A C:\Users\littlewoobie04\Downloads\google.csv
2013-03-12 06:57 - 2013-03-12 06:57 - 00139950 ____A C:\Users\littlewoobie04\Downloads\contacts.csv
2013-03-09 16:20 - 2013-03-09 16:20 - 00004096 __ASH C:\Users\littl_000\Desktop\Thumbs.db


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2012-12-28 01:40] - [2012-10-11 01:46] - 0517120 ____A (Microsoft Corporation) BCF2036A0DD579E47C008C133550283E

C:\Windows\System32\wininit.exe
[2012-07-25 20:03] - [2012-07-25 23:08] - 0132608 ____A (Microsoft Corporation) FE9AB232B56A12224E8A3F3F9878C9A3

C:\Windows\explorer.exe
[2012-12-28 01:40] - [2012-10-11 03:35] - 2380944 ____A (Microsoft Corporation) E13A31D5254C25406A7946BDD9B06364

C:\Windows\SysWOW64\explorer.exe
[2012-12-28 01:40] - [2012-10-11 01:56] - 2115952 ____A (Microsoft Corporation) 953ADECFF08202A01EFC6110214FDE02

C:\Windows\System32\svchost.exe
[2013-01-09 16:33] - [2012-09-20 02:33] - 0029696 ____A (Microsoft Corporation) EDE27EACE742EE2888C5DD36400A2EC0

C:\Windows\SysWOW64\svchost.exe
[2013-01-09 16:33] - [2012-09-20 01:55] - 0023040 ____A (Microsoft Corporation) A46DC432F81473F526E3994AA483E366

C:\Windows\System32\services.exe
[2013-01-09 16:35] - [2012-09-20 02:33] - 0410624 ____A (Microsoft Corporation) 8F226143046435C75C033B0C52E90FFE

C:\Windows\System32\User32.dll
[2013-01-09 16:33] - [2012-09-20 02:33] - 1342464 ____A (Microsoft Corporation) A99AD14F26BDA7D7F27F76BC91B7EED7

C:\Windows\SysWOW64\User32.dll
[2013-01-09 16:32] - [2012-09-20 00:10] - 1126912 ____A (Microsoft Corporation) BA1C3ACD929A71E88B49C2B6E38F92B3

C:\Windows\System32\userinit.exe
[2012-07-25 20:06] - [2012-07-25 23:08] - 0025088 ____A (Microsoft Corporation) 0E925F7BA032920D58DD284B6181A247

C:\Windows\SysWOW64\userinit.exe
[2012-07-25 20:08] - [2012-07-25 23:21] - 0021504 ____A (Microsoft Corporation) 9F6289D194A04A09671FEED4B6CB6EF7

C:\Windows\System32\Drivers\volsnap.sys
[2012-07-25 22:30] - [2012-07-26 00:57] - 0332016 ____A (Microsoft Corporation) 2FB3CDFD5EAF4CD9D4AFAF96877D13AE


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-03-15 17:51:40
Restore point made on: 2013-04-01 21:31:24
Restore point made on: 2013-04-03 23:40:23

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3965.27 MB
Available physical RAM: 3308.13 MB
Total Pagefile: 3965.27 MB
Available Pagefile: 3323.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:452.76 GB) (Free:405.22 GB) NTFS
3 Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.44 GB) FAT32
4 Drive f: (DIAGS) (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT32
6 Drive h: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS
7 Drive i: (PBR Image) (Fixed) (Total:11.86 GB) (Free:0.28 GB) NTFS
8 Drive j: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS


  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B        *
  Disk 1    Online         3825 MB      0 B        

Partitions of Disk 0:
===============

Disk ID: {84CEAC4E-4217-4B27-9B79-1437D20AF120}

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    System (partition with boot components)             500 MB  1024 KB
  Partition 2    OEM                 40 MB   501 MB
  Partition 3    Reserved           128 MB   541 MB
  Partition 4    Recovery           500 MB   669 MB
  Partition 5    Primary            452 GB  1169 MB
  Partition 6    Recovery            11 GB   453 GB

==================================================================================

Disk: 0
Partition 1
Type    : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     E   ESP          FAT32  Partition    500 MB  Healthy    Hidden 

=========================================================

Disk: 0
Partition 2
Type    : 796badd3-6bbf-4d9f-b631-466eb71a4965
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 6     F   DIAGS        FAT32  Partition     40 MB  Healthy    Hidden 

=========================================================

Disk: 0
Partition 3
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 4
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     H   WINRETOOLS   NTFS   Partition    500 MB  Healthy    Hidden 

=========================================================

Disk: 0
Partition 5
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   OS           NTFS   Partition    452 GB  Healthy           

=========================================================

Disk: 0
Partition 6
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     I   PBR Image    NTFS   Partition     11 GB  Healthy    Hidden 

=========================================================

Partitions of Disk 1:
===============

Disk ID: C3072E18

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           3821 MB  4032 KB

==================================================================================

Disk: 1
Partition 1
Type  : 0C
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     J   USB DISK     FAT32  Removable   3821 MB  Healthy           

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: E4411EEC

Partition 1:
=========
Hex: 00000200EEFFFFFF01000000FFFFFFFF
Active: NO
Type: EE
Size: -512 byte

==============================
Partitions of Disk 1:
===============
Disk ID: C3072E18

Partition 1:
=========
Hex: 000001010C4CCDCA801F0000C06D7700
Active: NO
Type: 0C
Size: 4 GB


Last Boot: 2013-04-02 10:54

==================== End Of Log =============================

Attached Files

  • Attached File  FRST.txt   44.43KB   0 downloads


#8 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:08:20 PM

Posted 06 April 2013 - 12:37 PM

Hy there.

This logfile appears clean. I did a little reasearch about this AnviSoft thing and honestly, I can't tell you if this is a legit software or a rogue but in my opinion, it is definitely a software I wont trust.


Please uninstall Anvi Smart Defender 1.8
 
 
 
I notice that you have a registry cleaner installed (CCLeaner). Registry cleaners tend to present more problems than they solve, one false positive then more than often it means a re-installation of the operating system. The positive effects of registry cleaners are barely noticeable - if any. I recommend that you uninstall the product to minimize any risk to your system. I have placed a couple of links for you to read below in your own time.

Information from Bill Castner (MS-MVP) on why you should NOT use one here - http://aumha.net/viewtopic.php?t=28099
Information from miekiemoes (MS-MVP) on why you should NOT use one here - http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
 
 
 
Download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Edited by Larusso, 06 April 2013 - 12:37 PM.

regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif

#9 Larusso

Larusso

    Raggamuffin


  • Malware Response Team
  • 305 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austria
  • Local time:08:20 PM

Posted 12 April 2013 - 09:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
Daniel

Bread for the world instead Bombs and Bangers


I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users