Jump to content

Still infected?


Recommended Posts

I recently discovered that my credit card number had been stolen, and while searching my computer with Malwarebytes, discovered malware that my antivirus had missed. I ran a few programs - Malwarebytes, Spybot, Adwcleaner - and thought my computer was clean. But I recently tried running Adwcleaner again and it keeps bringing up 2 things that it will "delete" but will then reappear when I run it again (see below). What is this, and how can I permanently get rid of it? Thank you for any help you can give me!

# AdwCleaner v2.302 - Logfile created 06/10/2013 at 23:07:27

# Updated 06/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Bethany - BETHANY-PC

# Boot Mode : Normal

# Running from : C:\Users\Bethany\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1860 octets] - [08/06/2013 08:33:00]

AdwCleaner[R2].txt - [973 octets] - [08/06/2013 17:25:39]

AdwCleaner[R3].txt - [1032 octets] - [08/06/2013 17:26:00]

AdwCleaner[R4].txt - [1386 octets] - [10/06/2013 22:30:21]

AdwCleaner[R5].txt - [1446 octets] - [10/06/2013 22:31:38]

AdwCleaner[R6].txt - [1565 octets] - [10/06/2013 22:33:19]

AdwCleaner[R7].txt - [1450 octets] - [10/06/2013 22:40:51]

AdwCleaner[R8].txt - [1804 octets] - [10/06/2013 23:06:05]

AdwCleaner[s1].txt - [326 octets] - [08/06/2013 08:34:20]

AdwCleaner[s2].txt - [1850 octets] - [08/06/2013 08:34:53]

AdwCleaner[s3].txt - [326 octets] - [08/06/2013 17:26:16]

AdwCleaner[s4].txt - [324 octets] - [10/06/2013 22:32:02]

AdwCleaner[s5].txt - [1629 octets] - [10/06/2013 22:33:46]

AdwCleaner[s6].txt - [324 octets] - [10/06/2013 22:42:25]

AdwCleaner[s7].txt - [1739 octets] - [10/06/2013 23:07:27]

########## EOF - C:\AdwCleaner[s7].txt - [1799 octets] ##########

Link to post
Share on other sites

Hi there,

my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.

  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.

Pleae attach the gmer.txt to your reply:

  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, browse to where you saved the file, and
  2. Click Upload.

Link to post
Share on other sites

Hi and thank you, Marius. I found the Malwarebytes log and after looking at it it looks clean, which makes me think I found the malware with another program. It may have been the ESET online scanner. So I apologize is this isn't helpful, but I'm pasting the Malwarebytes log anyway:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.06.07.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Bethany :: BETHANY-PC [administrator]

Protection: Enabled

6/8/2013 8:44:49 AM

mbam-log-2013-06-08 (08-44-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219972

Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------------------------------------------------------

Here is the Farbar FRST text:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013 02

Ran by Bethany (administrator) on 11-06-2013 07:45:59

Running from C:\Users\Bethany\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Webroot) C:\Program Files\Webroot\WRSA.exe

(Microsoft Corporation) C:\windows\system32\WLANExt.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe

(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe

(Webroot) C:\Program Files\Webroot\WRSA.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe

(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe

(Intel Corporation) C:\windows\system32\igfxext.exe

(Intel Corporation) C:\windows\system32\igfxsrvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe

(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

(Microsoft Corporation) C:\windows\SysWOW64\NOTEPAD.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\windows\SysWOW64\NOTEPAD.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] [x]

HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-26] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3 [2188904 2011-01-18] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)

HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]

HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1519016 2011-01-28] (TOSHIBA Corporation)

HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2011-01-05] (Intel® Corporation)

HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)

HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)

HKCU\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-14] (SUPERAntiSpyware.com)

HKCU\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)

HKLM-x32\...\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [532480 2010-11-09] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2010-03-04] (TOSHIBA Electronics, Inc.)

HKLM-x32\...\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM [34160 2010-08-16] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]

HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218792 2010-08-17] (Toshiba)

HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294712 2010-11-29] (TOSHIBA Corporation)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [733648 2013-06-08] (Webroot)

HKLM-x32\...\Run: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [5365592 2009-01-26] (Safer Networking Limited)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk

ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)

Startup: C:\ProgramData\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk

ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll ()

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)

BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: No Name - {96CEA57F-AC68-4618-A1A2-DCF5428AF18B} - No File

BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll ()

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll ()

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll ()

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:

=======

CHR RestoreOnStartup: "hxxp://www.google.com/"

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File

CHR Plugin: (Delta SkyMiles Shopping Assistant) - C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhdcobklpdnnaokdbjeldffiijoajhgp\1.0.0.6_0\plugin/DeltaSSAPlugin.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File

CHR Plugin: (Java Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Extension: (YouTube) - C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (AdBlock) - C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0

CHR Extension: (Webroot) - C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.0.15_0

CHR Extension: (Gmail) - C:\Users\Bethany\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()

R2 N360; C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)

R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2012-12-13] (Symantec Corporation)

S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)

R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [733648 2013-06-08] (Webroot)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130608.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130608.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130610.025\ENG64.SYS [126040 2013-06-11] (Symantec Corporation)

R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130610.025\ENG64.SYS [126040 2013-06-11] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130610.025\EX64.SYS [2098776 2013-06-11] (Symantec Corporation)

R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130610.025\EX64.SYS [2098776 2013-06-11] (Symantec Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R1 SRTSP; C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\0502020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\0502020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)

R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-08-29] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [112616 2013-06-08] (Webroot)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-11 07:45 - 2013-06-11 07:45 - 00000000 ____D C:\FRST

2013-06-11 07:44 - 2013-06-11 07:44 - 01920272 ____A (Farbar) C:\Users\Bethany\Desktop\FRST64.exe

2013-06-11 01:04 - 2013-06-11 01:05 - 00001810 ____A C:\AdwCleaner[s8].txt

2013-06-11 01:04 - 2013-06-11 01:04 - 00001750 ____A C:\AdwCleaner[R10].txt

2013-06-11 00:45 - 2013-06-11 00:46 - 00001689 ____A C:\AdwCleaner[R9].txt

2013-06-11 00:01 - 2013-06-11 00:01 - 00688992 ____A (Swearware) C:\Users\Bethany\Downloads\dds.com

2013-06-10 23:57 - 2013-06-11 00:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-06-10 23:54 - 2013-06-10 23:54 - 00000049 ____A C:\Users\Bethany\AppData\Roaming\mbam.context.scan

2013-06-10 23:07 - 2013-06-10 23:07 - 00001868 ____A C:\AdwCleaner[s7].txt

2013-06-10 23:06 - 2013-06-10 23:06 - 00001804 ____A C:\AdwCleaner[R8].txt

2013-06-10 22:42 - 2013-06-10 22:42 - 00000324 ____A C:\AdwCleaner[s6].txt

2013-06-10 22:40 - 2013-06-10 22:42 - 00001450 ____A C:\AdwCleaner[R7].txt

2013-06-10 22:36 - 2013-06-10 22:36 - 00000000 ____A C:\ProgramData\0x0304A000.sfl

2013-06-10 22:33 - 2013-06-10 22:35 - 00001629 ____A C:\AdwCleaner[s5].txt

2013-06-10 22:33 - 2013-06-10 22:33 - 00001565 ____A C:\AdwCleaner[R6].txt

2013-06-10 22:32 - 2013-06-10 22:32 - 00000324 ____A C:\AdwCleaner[s4].txt

2013-06-10 22:31 - 2013-06-10 22:31 - 00001446 ____A C:\AdwCleaner[R5].txt

2013-06-10 22:30 - 2013-06-10 22:30 - 00001386 ____A C:\AdwCleaner[R4].txt

2013-06-09 16:25 - 2013-06-09 16:29 - 158313199 ____A C:\Users\Bethany\Downloads\Daft Punk.zip

2013-06-09 11:32 - 2013-05-06 09:39 - 09060352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-09 11:32 - 2013-05-06 09:04 - 06033408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-06-09 11:32 - 2013-04-10 01:47 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-09 11:32 - 2013-04-10 01:46 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-09 11:32 - 2013-04-10 01:46 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-09 11:32 - 2013-04-10 01:03 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-06-09 11:32 - 2013-04-10 01:02 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-06-09 11:32 - 2013-04-10 01:02 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-06-09 11:32 - 2013-02-28 08:03 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-09 11:32 - 2013-02-28 07:38 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-06-09 11:31 - 2013-04-10 01:51 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-09 11:31 - 2013-04-10 01:51 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-09 11:31 - 2013-04-10 01:51 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-06-09 11:31 - 2013-04-10 01:47 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-06-09 11:31 - 2013-04-10 01:46 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-09 11:31 - 2013-04-10 01:46 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-09 11:31 - 2013-04-10 01:08 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-06-09 11:31 - 2013-04-10 01:07 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-06-09 11:31 - 2013-04-10 01:07 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-06-09 11:31 - 2013-04-10 01:03 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-06-09 11:31 - 2013-04-10 01:03 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-06-09 11:31 - 2013-04-10 01:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-06-09 11:31 - 2012-06-16 01:16 - 00609792 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-06-09 11:31 - 2012-06-16 01:15 - 00911360 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-09 11:31 - 2012-06-16 00:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-06-09 11:31 - 2012-06-16 00:26 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-06-08 19:38 - 2013-06-08 19:38 - 00000000 ____D C:\Users\Bethany\AppData\Roaming\Panda Security

2013-06-08 19:34 - 2013-06-11 01:07 - 00000000 ____D C:\Program Files (x86)\Panda Security

2013-06-08 19:34 - 2013-06-08 19:34 - 00000000 ____D C:\ProgramData\Panda Security

2013-06-08 19:29 - 2013-06-08 19:29 - 00808224 ____A C:\Users\Bethany\Downloads\PandaCloudAntivirus.exe

2013-06-08 19:12 - 2013-06-08 19:12 - 00000000 ____D C:\Users\Bethany\AppData\Local\lptmp1034542885

2013-06-08 18:53 - 2013-06-11 01:07 - 00000758 ____A C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk

2013-06-08 18:53 - 2013-06-08 18:53 - 00150160 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll

2013-06-08 18:53 - 2013-06-08 18:53 - 00102792 ____A (Webroot) C:\Windows\System32\WRusr.dll

2013-06-08 18:52 - 2013-06-10 23:28 - 00000000 ____D C:\ProgramData\WRData

2013-06-08 18:52 - 2013-06-08 18:52 - 00112616 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys

2013-06-08 18:52 - 2013-06-08 18:52 - 00000000 ____D C:\Program Files\Webroot

2013-06-08 18:51 - 2013-06-08 18:51 - 00733648 ____A (Webroot) C:\Users\Bethany\Downloads\wsainstall.exe

2013-06-08 18:26 - 2013-06-08 18:26 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2013-06-08 17:58 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20130608-175810.backup

2013-06-08 17:26 - 2013-06-08 17:26 - 00001032 ____A C:\AdwCleaner[R3].txt

2013-06-08 17:26 - 2013-06-08 17:26 - 00000326 ____A C:\AdwCleaner[s3].txt

2013-06-08 17:25 - 2013-06-08 17:25 - 00000973 ____A C:\AdwCleaner[R2].txt

2013-06-08 17:20 - 2013-06-10 22:57 - 00001450 ____A C:\Users\Bethany\Desktop\Spybot - Search & Destroy.lnk

2013-06-08 17:20 - 2013-06-08 17:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-06-08 17:20 - 2013-06-08 17:20 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy

2013-06-08 17:18 - 2013-06-08 17:18 - 16409960 ____A (Safer Networking Limited ) C:\Users\Bethany\Downloads\spybotsd162.exe

2013-06-08 13:39 - 2013-06-08 13:39 - 00000000 ____D C:\Users\Bethany\AppData\Local\Eraser 6

2013-06-08 10:31 - 2013-06-11 06:19 - 00000514 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1c2114ee-96e4-4f32-8344-c324fd979e45.job

2013-06-08 10:30 - 2013-06-11 06:19 - 00000514 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f5673223-009d-410d-b329-6b3db6302e44.job

2013-06-08 10:30 - 2013-06-08 10:30 - 00001819 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2013-06-08 10:30 - 2013-06-08 10:30 - 00000000 ____D C:\Users\Bethany\AppData\Roaming\SUPERAntiSpyware.com

2013-06-08 10:30 - 2013-06-08 10:30 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2013-06-08 10:30 - 2013-06-08 10:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-06-08 10:29 - 2013-06-08 10:30 - 26074448 ____A (SUPERAntiSpyware.com) C:\Users\Bethany\Downloads\SUPERAntiSpyware.exe

2013-06-08 08:56 - 2013-06-08 08:56 - 00000000 ____D C:\Program Files (x86)\ESET

2013-06-08 08:55 - 2013-06-08 08:55 - 02347384 ____A (ESET) C:\Users\Bethany\Downloads\esetsmartinstaller_enu.exe

2013-06-08 08:42 - 2013-06-11 01:09 - 00058016 ____A C:\Users\Bethany\AppData\Local\GDIPFONTCACHEV1.DAT

2013-06-08 08:38 - 2013-06-11 01:07 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT

2013-06-08 08:38 - 2013-06-11 01:07 - 00004238 ____A C:\Windows\PFRO.log

2013-06-08 08:38 - 2013-06-11 01:07 - 00000448 ____A C:\Windows\setupact.log

2013-06-08 08:38 - 2013-06-08 08:38 - 00000000 ____A C:\Windows\setuperr.log

2013-06-08 08:34 - 2013-06-08 08:35 - 00001850 ____A C:\AdwCleaner[s2].txt

2013-06-08 08:34 - 2013-06-08 08:34 - 00000326 ____A C:\AdwCleaner[s1].txt

2013-06-08 08:33 - 2013-06-08 08:33 - 00001860 ____A C:\AdwCleaner[R1].txt

2013-06-08 08:28 - 2013-06-08 08:28 - 00640135 ____A C:\Users\Bethany\Desktop\adwcleaner.exe

2013-06-08 06:18 - 2013-06-08 06:18 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-06-07 23:22 - 2013-06-07 23:22 - 00000000 ____D C:\Users\Bethany\AppData\Roaming\Malwarebytes

2013-06-07 23:21 - 2013-06-07 23:21 - 00001084 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-06-07 23:21 - 2013-06-07 23:21 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-06-07 23:21 - 2013-06-07 23:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-07 23:21 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-06-07 23:20 - 2013-06-07 23:20 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Bethany\Downloads\mbam-setup-1.75.0.1300.exe

2013-05-15 18:37 - 2013-04-10 02:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-15 18:37 - 2013-04-10 02:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-15 18:37 - 2013-02-27 02:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-15 18:37 - 2013-02-27 01:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-15 18:37 - 2013-02-27 01:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-15 18:37 - 2013-02-27 01:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-15 18:37 - 2013-02-27 01:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-15 18:37 - 2013-02-27 00:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-15 18:37 - 2013-02-27 00:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-15 18:37 - 2013-02-27 00:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-15 18:37 - 2011-02-03 07:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

2013-05-15 18:36 - 2013-04-09 23:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-15 18:36 - 2013-03-19 01:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-15 18:36 - 2013-03-19 01:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-14 20:06 - 2013-05-14 20:10 - 00000000 ____D C:\ProgramData\MiMedia

2013-05-14 20:06 - 2013-05-14 20:06 - 00000000 ____D C:\Program Files\MiMedia LLC

2013-05-14 19:55 - 2013-05-14 19:55 - 00000000 ____D C:\Users\Bethany\AppData\LocalGoogle

2013-05-14 19:54 - 2013-05-14 19:54 - 00781760 ____A (Google Inc.) C:\Users\Bethany\Downloads\googledrivesync.exe

==================== One Month Modified Files and Folders =======

2013-06-11 07:45 - 2013-06-11 07:45 - 00000000 ____D C:\FRST

2013-06-11 07:44 - 2013-06-11 07:44 - 01920272 ____A (Farbar) C:\Users\Bethany\Desktop\FRST64.exe

2013-06-11 06:49 - 2011-08-29 20:47 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cc66ae5aa3be6e.job

2013-06-11 06:47 - 2012-05-06 10:32 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-11 06:31 - 2011-07-25 12:29 - 01114998 ____A C:\Windows\WindowsUpdate.log

2013-06-11 06:19 - 2013-06-08 10:31 - 00000514 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 1c2114ee-96e4-4f32-8344-c324fd979e45.job

2013-06-11 06:19 - 2013-06-08 10:30 - 00000514 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f5673223-009d-410d-b329-6b3db6302e44.job

2013-06-11 01:16 - 2009-07-14 00:45 - 00025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-11 01:16 - 2009-07-14 00:45 - 00025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-11 01:09 - 2013-06-08 08:42 - 00058016 ____A C:\Users\Bethany\AppData\Local\GDIPFONTCACHEV1.DAT

2013-06-11 01:07 - 2013-06-08 19:34 - 00000000 ____D C:\Program Files (x86)\Panda Security

2013-06-11 01:07 - 2013-06-08 18:53 - 00000758 ____A C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk

2013-06-11 01:07 - 2013-06-08 08:38 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT

2013-06-11 01:07 - 2013-06-08 08:38 - 00004238 ____A C:\Windows\PFRO.log

2013-06-11 01:07 - 2013-06-08 08:38 - 00000448 ____A C:\Windows\setupact.log

2013-06-11 01:07 - 2011-07-25 12:47 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-11 01:07 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-11 01:05 - 2013-06-11 01:04 - 00001810 ____A C:\AdwCleaner[s8].txt

2013-06-11 01:04 - 2013-06-11 01:04 - 00001750 ____A C:\AdwCleaner[R10].txt

2013-06-11 00:57 - 2013-06-10 23:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-06-11 00:46 - 2013-06-11 00:45 - 00001689 ____A C:\AdwCleaner[R9].txt

2013-06-11 00:01 - 2013-06-11 00:01 - 00688992 ____A (Swearware) C:\Users\Bethany\Downloads\dds.com

2013-06-10 23:54 - 2013-06-10 23:54 - 00000049 ____A C:\Users\Bethany\AppData\Roaming\mbam.context.scan

2013-06-10 23:28 - 2013-06-08 18:52 - 00000000 ____D C:\ProgramData\WRData

2013-06-10 23:06 - 2013-06-10 23:06 - 00001804 ____A C:\AdwCleaner[R8].txt

2013-06-10 22:57 - 2013-06-08 17:20 - 00001450 ____A C:\Users\Bethany\Desktop\Spybot - Search & Destroy.lnk

2013-06-10 22:42 - 2013-06-10 22:42 - 00000324 ____A C:\AdwCleaner[s6].txt

2013-06-10 22:42 - 2013-06-10 22:40 - 00001450 ____A C:\AdwCleaner[R7].txt

2013-06-10 22:36 - 2013-06-10 22:36 - 00000000 ____A C:\ProgramData\0x0304A000.sfl

2013-06-10 22:35 - 2013-06-10 22:33 - 00001629 ____A C:\AdwCleaner[s5].txt

2013-06-10 22:33 - 2013-06-10 22:33 - 00001565 ____A C:\AdwCleaner[R6].txt

2013-06-10 22:32 - 2013-06-10 22:32 - 00000324 ____A C:\AdwCleaner[s4].txt

2013-06-10 22:31 - 2013-06-10 22:31 - 00001446 ____A C:\AdwCleaner[R5].txt

2013-06-10 22:30 - 2013-06-10 22:30 - 00001386 ____A C:\AdwCleaner[R4].txt

2013-06-09 20:00 - 2012-03-02 20:04 - 00000000 ____D C:\Users\Bethany\Desktop\music to file

2013-06-09 16:29 - 2013-06-09 16:25 - 158313199 ____A C:\Users\Bethany\Downloads\Daft Punk.zip

2013-06-09 11:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

2013-06-08 19:38 - 2013-06-08 19:38 - 00000000 ____D C:\Users\Bethany\AppData\Roaming\Panda Security

2013-06-08 19:34 - 2013-06-08 19:34 - 00000000 ____D C:\ProgramData\Panda Security

2013-06-08 19:29 - 2013-06-08 19:29 - 00808224 ____A C:\Users\Bethany\Downloads\PandaCloudAntivirus.exe

2013-06-08 19:12 - 2013-06-08 19:12 - 00000000 ____D C:\Users\Bethany\AppData\Local\lptmp1034542885

2013-06-08 18:53 - 2013-06-08 18:53 - 00150160 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll

2013-06-08 18:53 - 2013-06-08 18:53 - 00102792 ____A (Webroot) C:\Windows\System32\WRusr.dll

2013-06-08 18:52 - 2013-06-08 18:52 - 00112616 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys

2013-06-08 18:52 - 2013-06-08 18:52 - 00000000 ____D C:\Program Files\Webroot

2013-06-08 18:51 - 2013-06-08 18:51 - 00733648 ____A (Webroot) C:\Users\Bethany\Downloads\wsainstall.exe

2013-06-08 18:26 - 2013-06-08 18:26 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2013-06-08 18:03 - 2011-04-07 15:13 - 00000000 ____D C:\Windows\Panther

2013-06-08 18:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-06-08 17:58 - 2009-07-13 22:34 - 00449441 ___RA C:\Windows\System32\Drivers\etc\hosts.20130610-225918.backup

2013-06-08 17:41 - 2013-06-08 17:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-06-08 17:26 - 2013-06-08 17:26 - 00001032 ____A C:\AdwCleaner[R3].txt

2013-06-08 17:26 - 2013-06-08 17:26 - 00000326 ____A C:\AdwCleaner[s3].txt

2013-06-08 17:25 - 2013-06-08 17:25 - 00000973 ____A C:\AdwCleaner[R2].txt

2013-06-08 17:23 - 2012-06-24 11:55 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-06-08 17:23 - 2012-06-24 11:54 - 00000000 ____D C:\ProgramData\Skype

2013-06-08 17:20 - 2013-06-08 17:20 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy

2013-06-08 17:18 - 2013-06-08 17:18 - 16409960 ____A (Safer Networking Limited ) C:\Users\Bethany\Downloads\spybotsd162.exe

2013-06-08 13:39 - 2013-06-08 13:39 - 00000000 ____D C:\Users\Bethany\AppData\Local\Eraser 6

2013-06-08 10:30 - 2013-06-08 10:30 - 00001819 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2013-06-08 10:30 - 2013-06-08 10:30 - 00000000 ____D C:\Users\Bethany\AppData\Roaming\SUPERAntiSpyware.com

2013-06-08 10:30 - 2013-06-08 10:30 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2013-06-08 10:30 - 2013-06-08 10:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2013-06-08 10:30 - 2013-06-08 10:29 - 26074448 ____A (SUPERAntiSpyware.com) C:\Users\Bethany\Downloads\SUPERAntiSpyware.exe

2013-06-08 10:17 - 2009-07-14 01:08 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-06-08 08:56 - 2013-06-08 08:56 - 00000000 ____D C:\Program Files (x86)\ESET

2013-06-08 08:55 - 2013-06-08 08:55 - 02347384 ____A (ESET) C:\Users\Bethany\Downloads\esetsmartinstaller_enu.exe

2013-06-08 08:38 - 2013-06-08 08:38 - 00000000 ____A C:\Windows\setuperr.log

2013-06-08 08:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK

2013-06-08 08:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR

2013-06-08 08:35 - 2013-06-08 08:34 - 00001850 ____A C:\AdwCleaner[s2].txt

2013-06-08 08:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\zh-HK

2013-06-08 08:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\tr-TR

2013-06-08 08:34 - 2013-06-08 08:34 - 00000326 ____A C:\AdwCleaner[s1].txt

2013-06-08 08:33 - 2013-06-08 08:33 - 00001860 ____A C:\AdwCleaner[R1].txt

2013-06-08 08:28 - 2013-06-08 08:28 - 00640135 ____A C:\Users\Bethany\Desktop\adwcleaner.exe

2013-06-08 06:21 - 2012-03-03 16:43 - 00000000 ____D C:\Users\Bethany\AppData\Local\CrashDumps

2013-06-08 06:18 - 2013-06-08 06:18 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-06-08 06:18 - 2013-06-08 06:18 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-06-07 23:22 - 2013-06-07 23:22 - 00000000 ____D C:\Users\Bethany\AppData\Roaming\Malwarebytes

2013-06-07 23:21 - 2013-06-07 23:21 - 00001084 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-06-07 23:21 - 2013-06-07 23:21 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-06-07 23:21 - 2013-06-07 23:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-07 23:20 - 2013-06-07 23:20 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Bethany\Downloads\mbam-setup-1.75.0.1300.exe

2013-06-01 11:06 - 2013-01-12 18:56 - 00000000 ____D C:\Program Files (x86)\PC Checkup

2013-05-28 21:28 - 2011-09-09 21:18 - 00000000 ____D C:\Users\Bethany\AppData\Roaming\SoftGrid Client

2013-05-16 07:54 - 2009-07-14 01:13 - 00741680 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-15 20:56 - 2013-05-02 23:27 - 00000000 ____D C:\Users\Bethany\AppData\Local\NPE

2013-05-14 20:10 - 2013-05-14 20:06 - 00000000 ____D C:\ProgramData\MiMedia

2013-05-14 20:06 - 2013-05-14 20:06 - 00000000 ____D C:\Program Files\MiMedia LLC

2013-05-14 19:56 - 2013-04-04 17:47 - 00000000 ____D C:\Users\Bethany\Documents\L&M

2013-05-14 19:55 - 2013-05-14 19:55 - 00000000 ____D C:\Users\Bethany\AppData\LocalGoogle

2013-05-14 19:55 - 2011-08-29 20:23 - 00000000 ____D C:\Users\Bethany\AppData\Local\Google

2013-05-14 19:55 - 2011-07-25 12:47 - 00000000 ____D C:\Program Files (x86)\Google

2013-05-14 19:54 - 2013-05-14 19:54 - 00781760 ____A (Google Inc.) C:\Users\Bethany\Downloads\googledrivesync.exe

2013-05-14 19:49 - 2012-05-06 10:32 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-14 19:49 - 2012-05-06 10:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-05 07:23

==================== End Of Log ============================

And the Addition text:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2013 02

Ran by Bethany at 2013-06-11 07:46:43 Run:

Running from C:\Users\Bethany\Desktop

Boot Mode: Normal

==========================================================

==================== Installed Programs =======================

Adobe AIR (Version: 2.5.1.17730)

Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)

Adobe Flash Player 11 Plugin (Version: 11.7.700.202)

Adobe Reader X (10.1.2) MUI (Version: 10.1.2)

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

Bonjour (Version: 3.0.0.10)

Cisco Connect (Version: 1.2.10218.1)

D3DX10 (Version: 15.4.2368.0902)

ESET Online Scanner v3

Google Chrome (Version: 27.0.1453.110)

Google Drive (Version: 1.9.4536.8202)

Google Update Helper (Version: 1.3.21.145)

Intel PROSet Wireless

Intel® Management Engine Components (Version: 7.0.0.1144)

Intel® Processor Graphics (Version: 8.15.10.2353)

Intel® PROSet/Wireless WiFi Software (Version: 14.0.2000)

Intel® Rapid Storage Technology (Version: 10.1.2.1004)

Intel® Wireless Display

Intel® Wireless Display (Version: 2.0.29.0)

iTunes (Version: 11.0.2.26)

Java 7 Update 21 (Version: 7.0.210)

Java Auto Updater (Version: 2.1.9.5)

Java 6 Update 27 (Version: 6.0.270)

JMicron Flash Media Controller Driver (Version: 1.0.57.2)

Junk Mail filter update (Version: 15.4.3502.0922)

Label@Once 1.0 (Version: 1.0)

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

Mesh Runtime (Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)

Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT_amd64 (Version: 15.4.2862.0708)

Norton 360 (Version: 5.2.2.3)

Norton PC Checkup (Version: 3.0.4.81.0)

PlayReady PC Runtime amd64 (Version: 1.3.0)

PlayReady PC Runtime x86 (Version: 1.3.0)

QuickTime (Version: 7.70.80.34)

Realtek Ethernet Controller Driver (Version: 7.38.113.2011)

Realtek High Definition Audio Driver (Version: 6.0.1.6305)

Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)

Skype Launcher (Version: 2.01)

Skype™ 6.1 (Version: 6.1.129)

Spybot - Search & Destroy (Version: 1.6.2)

SUPERAntiSpyware (Version: 5.6.1020)

Synaptics Pointing Device Driver (Version: 15.2.11.1)

Synctunes Desktop (Version: 1.1.0)

TOSHIBA Application Installer (Version: 9.0.1.1)

TOSHIBA Assist (Version: 4.02.02)

TOSHIBA Bulletin Board (Version: 1.6.08.64)

TOSHIBA Disc Creator (Version: 2.1.0.7 for x64)

TOSHIBA eco Utility (Version: 1.2.24.64)

TOSHIBA Face Recognition (Version: 3.1.9.64)

TOSHIBA Flash Cards Support Utility (Version: 1.63.0.12C)

TOSHIBA Hardware Setup (Version: 1.63.1.34C)

TOSHIBA HDD Protection (Version: 2.2.1.12)

TOSHIBA HDD/SSD Alert (Version: 3.1.64.8)

Toshiba Laptop Checkup (Version: 2.0.10.26)

TOSHIBA Media Controller (Version: 1.0.86.2)

TOSHIBA Media Controller Plug-in (Version: 1.0.6.1)

Toshiba Online Backup (Version: 2.0.0.25)

TOSHIBA PC Health Monitor (Version: 1.7.5.64)

TOSHIBA Quality Application (Version: 1.0.3)

TOSHIBA Recovery Media Creator (Version: 2.1.3.5109)

TOSHIBA ReelTime (Version: 1.7.17.64)

TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.0)

TOSHIBA Service Station (Version: 2.1.52)

TOSHIBA Sleep Utility (Version: 1.4.2.7)

TOSHIBA Supervisor Password (Version: 1.63.51.2C)

TOSHIBA Value Added Package (Version: 1.5.4.64)

TOSHIBA VIDEO PLAYER (Version: 4.00.6.08-A)

TOSHIBA Web Camera Application (Version: 2.0.0.19)

TOSHIBA Wireless Display Monitor (Version: 1.0.1)

TOSHIBA Wireless LAN Indicator (Version: 1.0.3)

ToshibaRegistration (Version: 1.0.4)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Utility Common Driver (Version: 1.0.52.2C)

Webroot SecureAnywhere (Version: 8.0.2.147)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3555.0308)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3555.0308)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

==================== Restore Points =========================

08-06-2013 21:22:10 Removed Skype Click to Call

08-06-2013 21:59:18 Windows Modules Installer

10-06-2013 11:57:01 Windows Modules Installer

==================== Hosts content: ==========================

# Copyright © 1993-2009 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

# # # Start of entries inserted by Spybot - Search & Destroy

# This list is Copyright 2000-2008 Safer Networking Limited

# End of entries inserted by Spybot - Search & Destroy

# 127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

There are more than 1000 lines starting with "127.0.0.1"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (06/11/2013 06:30:27 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (06/11/2013 06:26:22 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/11/2013 06:19:44 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 17389587

Error: (06/11/2013 06:19:44 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 17389587

Error: (06/11/2013 06:19:44 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/11/2013 01:13:04 AM) (Source: Application Hang) (User: )

Description: The program SpybotSD.exe version 1.6.2.46 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17b4

Start Time: 01ce6661b6d8689e

Termination Time: 9

Application Path: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

Report Id: 968919e0-d255-11e2-86eb-b870f4bfba5f

Error: (06/11/2013 01:07:56 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 11:08:58 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 10:38:08 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 10:33:07 PM) (Source: Application Hang) (User: )

Description: The program adwcleaner.exe version 2.3.0.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: be0

Start Time: 01ce664bc872f2e5

Termination Time: 15

Application Path: C:\Users\Bethany\Desktop\adwcleaner.exe

Report Id: 3dd51527-d23f-11e2-bfa3-b870f4bfba5f

System errors:

=============

Error: (06/11/2013 06:20:24 AM) (Source: DCOM) (User: )

Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (06/11/2013 01:07:45 AM) (Source: Service Control Manager) (User: )

Description: The Common Client Job Manager Service service terminated with service-specific error %%-1.

Error: (06/10/2013 11:08:55 PM) (Source: Service Control Manager) (User: )

Description: The Common Client Job Manager Service service terminated with service-specific error %%-1.

Error: (06/10/2013 10:37:41 PM) (Source: Service Control Manager) (User: )

Description: The Common Client Job Manager Service service terminated with service-specific error %%-1.

Error: (06/10/2013 00:23:14 PM) (Source: Service Control Manager) (User: )

Description: The Common Client Job Manager Service service terminated with service-specific error %%-1.

Error: (06/10/2013 06:38:15 AM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

Error: (06/09/2013 10:45:45 PM) (Source: Server) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F9719151-EE1C-4C59-9008-2649FC344E86} because another computer on the network has the same name. The server could not start.

Error: (06/09/2013 10:16:04 PM) (Source: Server) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F9719151-EE1C-4C59-9008-2649FC344E86} because another computer on the network has the same name. The server could not start.

Error: (06/09/2013 10:15:52 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

Error: (06/09/2013 10:35:57 AM) (Source: DCOM) (User: )

Description: {8086EBD4-43E3-4B19-BEB3-F0EA4ECF319C}

Microsoft Office Sessions:

=========================

Error: (06/11/2013 06:30:27 AM) (Source: SideBySide)(User: )

Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8

Error: (06/11/2013 06:26:22 AM) (Source: SideBySide)(User: )

Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/11/2013 06:19:44 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 17389587

Error: (06/11/2013 06:19:44 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 17389587

Error: (06/11/2013 06:19:44 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/11/2013 01:13:04 AM) (Source: Application Hang)(User: )

Description: SpybotSD.exe1.6.2.4617b401ce6661b6d8689e9C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe968919e0-d255-11e2-86eb-b870f4bfba5f

Error: (06/11/2013 01:07:56 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 11:08:58 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 10:38:08 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/10/2013 10:33:07 PM) (Source: Application Hang)(User: )

Description: adwcleaner.exe2.3.0.2be001ce664bc872f2e515C:\Users\Bethany\Desktop\adwcleaner.exe3dd51527-d23f-11e2-bfa3-b870f4bfba5f

==================== Memory info ===========================

Percentage of memory in use: 47%

Total physical RAM: 6050.69 MB

Available physical RAM: 3148.13 MB

Total Pagefile: 12099.57 MB

Available Pagefile: 9053.99 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (TI106151W0F) (Fixed) (Total:580.59 GB) (Free:501.84 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 637CA5D8)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=14 GB) - (Type=17)

==================== End Of Log ============================

I will run the GMER rootkit tool next but was wondering if I need to close the Farber Tool without clicking Fix, first? Thanks again.

Link to post
Share on other sites

Looks goot until here!

Let´s cross check:

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x64 (UAC is enabled)

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton 360

Webroot SecureAnywhere

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

MVPS Hosts File

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.75.0.1300

Java 6 Update 27

Java 7 Update 21

Adobe Flash Player 11.7.700.202

Adobe Reader 10.1.2 Adobe Reader out of Date!

Google Chrome 27.0.1453.110

Google Chrome 27.0.1453.94

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Your system is all clean now! :)

Adobe Reader update

Your Adobe Reader is outdated. We will fix this.

  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

Uninstall our tools.

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

Reading Material

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups

    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.

    [*] Brains

    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Hi - thanks for re-opening this. I just have a question: I've been having issues connecting to the internet in Chrome the last few days, and it seems to be happening more and more often. I keep getting messages like this one:

 

Unable to access the network

The connection to forums.malwarebytes.org was interrupted by a change in the network connection.

Here are some suggestions:

Reload this webpage later.
Check your Internet connection. Restart any router, modem, or other network devices you may be using.

Error 21 (net::ERR_NETWORK_CHANGED): A network change was detected.

 

Is this related to the malware? Does it mean that there's still something going on with my computer, or is it a side effect of removing the malware? Thanks!

Link to post
Share on other sites

As you can see here, werfault.exe is part of windows and needs internet access: http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=werfault.exe

 

To get the issue fixed:

 

  1. Reset your router (modem)
  2. Ensure all windows updates are installed.
  3. Ensure you have the latest device drivers installed (this tool might help: http://download.cnet.com/DriverMax/3000-18513_4-10572602.html?part=dl-85782&subj=dl&tag=button)
  4. Run windows network diagnostic tool: http://www.guidingtech.com/7532/repair-network-windows-7-diagnostic/
Link to post
Share on other sites

  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.