Jump to content

Audio ads in background with google - infected?


Recommended Posts

Audio ads are running in background with Goggle.  Does not seem to happen with Internet explorer.

Am I infected with something? Had computer trouble last week and tech got things up and running again and I purchased malwarebytes.  

Windows 7 Home Premium - 64 bit

 

should  I attach other report attach.txt?

 

dds.txt

Link to post
Share on other sites

  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum. Yes attach it.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Start with this: (make sure you have created a system restore point)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

Link to post
Share on other sites

adwcleaner(so).txt as follows:

# AdwCleaner v3.022 - Report created 19/03/2014 at 14:34:56
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Linda - LINDA-HP
# Running from : C:\Users\Linda\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Driver-Soft
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2698 octets] - [19/03/2014 13:47:06]
AdwCleaner[s0].txt - [2265 octets] - [19/03/2014 14:34:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2325 octets] ##########
Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

malwarebytes report as follows:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.19.10
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Linda :: LINDA-HP [administrator]
 
Protection: Enabled
 
3/19/14 2:47:40 PM
mbam-log-2014-03-19 (14-47-40).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 304545
Time elapsed: 21 minute(s), 40 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
will proceed with Combofix
Link to post
Share on other sites

something weird is still going on.  clicked on link in your post on disabling malware programs.  took me to bleeping computer and then quickly got a redirect and popup to loa.teebik.com   which I think is the same place I got redirected to this morning before we started our session. 

I am very very reluctant now to disable Microsoft Essentials and MWB in order to run Combofix.  

Link to post
Share on other sites

no direct "disable" in MB - do I just uncheck filesystem protection, website blocking, start with windows?

 

Also I was on bleeping computer reading instructions on how to use Combofix - and........ 2 audio ads were heard in background so "something" is still there.   

 

 

combofix looks a little scary to me 

Link to post
Share on other sites

no direct "disable" in MB - do I just uncheck filesystem protection, website blocking, start with windows?

If it's running..it's in your system tray by the clock. Should be an icon there, right click on chose exit.

If you have the free version, there's no need to disable it.

combofix looks a little scary to me

Nothing scary...just follow the directions.

Download to your desktop
Disable all malware programs
Run ComboFix.

MrC

Link to post
Share on other sites

OK...Next:

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

FRST.TXT

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Linda (administrator) on LINDA-HP on 20-03-2014 12:56:43
Running from C:\Users\Linda\Downloads\Farbar Recovery
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [smartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [623880 2008-11-18] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\607\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2798687626-2405255637-153004402-1000\...\Run: [sansaDispatch] - C:\Users\Linda\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-08-28] (SanDisk Corporation)
HKU\S-1-5-21-2798687626-2405255637-153004402-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shawconnect.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - {0499BC2B-7A6A-4571-BDEB-53A451B5E889} URL = http://websearch.shaw.ca/shaw/ws/results/Web/{SearchTerms}/1/417/TopNavigation/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true&ua=ie-tb-cd
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/706-111074-26712-0/4?satitle={searchTerms}&mfe=Desktops
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll (Google Inc.)
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Tcpip\Parameters: [DhcpNameServer] 64.59.184.15 64.59.190.245
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Linda\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Linda\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Linda\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (HP Product Detection Plugin) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0\plugins/npProductDetectPlugin.dll (Hewlett-Packard)
CHR Plugin: (HP Active Check Plugin) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0\plugins/npAclmPlugin.dll (Hewlett-Packard)
CHR Plugin: (HP Pit Plugin) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0\plugins/npPitPlugin.dll (Hewlett-Packard)
CHR Plugin: (HP Active Check Plugin) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0\plugins/npIdfPlugin.dll (Hewlett-Packard)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Linda\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Extension: (HP Product Detection Plugin) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-04-15]
CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Plugins) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop [2013-03-01]
CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Google Wallet) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR StartMenuInternet: Google Chrome - C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe [186760 2011-04-29] ()
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-03-13] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 RapportCerberus_34302; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [397520 2011-12-15] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-07-29] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101464 2012-07-08] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-07-29] (Trusteer Ltd.)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-20 12:55 - 2014-03-20 12:56 - 00000000 ____D () C:\FRST
2014-03-20 12:54 - 2014-03-20 12:56 - 00000000 ____D () C:\Users\Linda\Downloads\Farbar Recovery
2014-03-20 10:27 - 2014-03-20 10:27 - 00017905 _____ () C:\Users\Linda\Desktop\ComboFix.txt
2014-03-20 09:39 - 2014-03-20 09:39 - 00017905 _____ () C:\ComboFix.txt
2014-03-20 09:11 - 2014-03-20 09:39 - 00000000 ____D () C:\Qoobox
2014-03-20 09:11 - 2014-03-20 09:38 - 00000000 ____D () C:\Windows\erdnt
2014-03-20 09:11 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-20 09:11 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-20 09:11 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-20 09:11 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-20 09:11 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-20 09:11 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-20 09:11 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-20 09:11 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-20 08:54 - 2014-03-20 08:54 - 00000000 ____D () C:\Users\Linda\Desktop\ComboFix
2014-03-20 07:44 - 2014-03-20 07:44 - 00000000 ____D () C:\Users\Linda\AppData\Local\{D18D19F1-AEE1-4F23-BC0A-C769236C10E8}
2014-03-19 13:57 - 2014-03-19 13:57 - 00002698 _____ () C:\Users\Linda\Desktop\AdwCleaner[R0].txt
2014-03-19 13:46 - 2014-03-19 14:35 - 00000000 ____D () C:\AdwCleaner
2014-03-19 13:44 - 2014-03-19 13:44 - 01950720 _____ () C:\Users\Linda\Desktop\AdwCleaner.exe
2014-03-19 12:44 - 2014-03-19 12:44 - 00003114 _____ () C:\Users\Linda\Desktop\RKreport[0]_S_03192014_124402.txt
2014-03-19 12:41 - 2014-03-19 12:45 - 00000000 ____D () C:\Users\Linda\Desktop\RK_Quarantine
2014-03-19 12:39 - 2014-03-19 12:39 - 03901952 _____ () C:\Users\Linda\Downloads\RogueKiller (1).exe
2014-03-19 12:22 - 2014-03-19 12:22 - 03901952 _____ () C:\Users\Linda\Downloads\RogueKiller.exe
2014-03-19 10:39 - 2014-03-19 10:39 - 00024403 _____ () C:\Users\Linda\Desktop\attach.txt
2014-03-19 10:39 - 2014-03-19 10:38 - 00023664 _____ () C:\Users\Linda\Desktop\dds.txt
2014-03-19 10:32 - 2014-03-19 10:32 - 00688992 ____R (Swearware) C:\Users\Linda\Desktop\dds.scr
2014-03-19 10:27 - 2014-03-19 10:27 - 00000000 ____D () C:\Users\Linda\AppData\Local\{726958C8-B01B-4761-9BB1-0B6EAA3ECD10}
2014-03-18 22:27 - 2014-03-18 22:27 - 00000000 ____D () C:\Users\Linda\AppData\Local\{76C6B80C-9324-4DAE-9EB0-6E11A152763E}
2014-03-18 15:51 - 2014-03-18 15:52 - 06497677 ____R () C:\Users\Linda\Documents\Linda Backup.mbf
2014-03-18 15:19 - 2014-03-18 15:19 - 00000941 _____ () C:\Users\Linda\Downloads\PCF (1).ofx
2014-03-18 10:27 - 2014-03-18 10:27 - 00000000 ____D () C:\Users\Linda\AppData\Local\{6C907D51-10DC-45B4-95CC-2262861CFED0}
2014-03-17 21:55 - 2014-03-17 21:55 - 00000000 ____D () C:\Users\Linda\AppData\Local\{4289E666-662B-40C2-8205-544445927DCA}
2014-03-17 19:00 - 2014-03-17 18:52 - 00013744 _____ () C:\Users\Linda\Documents\Richard Bourne and family tax 2013.u13
2014-03-17 09:54 - 2014-03-17 09:55 - 00000000 ____D () C:\Users\Linda\AppData\Local\{D92C96F3-4368-409A-8067-3286D4C7D639}
2014-03-16 21:54 - 2014-03-16 21:54 - 00000000 ____D () C:\Users\Linda\AppData\Local\{A2B58B25-7B2A-43E4-876E-B504D50F1836}
2014-03-16 09:54 - 2014-03-16 09:54 - 00000000 ____D () C:\Users\Linda\AppData\Local\{81307389-992A-4FA5-A4C1-AB9184F4BAF8}
2014-03-15 23:11 - 2014-03-17 23:50 - 00017833 _____ () C:\Users\Linda\Documents\Angela  Bourne and family tax 2013.u13
2014-03-15 21:53 - 2014-03-15 21:53 - 00000000 ____D () C:\Users\Linda\AppData\Local\{B960CBAE-0AC6-4D04-A04C-252E90FE5DE9}
2014-03-15 21:21 - 2014-03-17 15:24 - 00019967 _____ () C:\Users\Linda\Documents\Angela  Bourne tax 2012.u12
2014-03-15 09:53 - 2014-03-15 09:53 - 00000000 ____D () C:\Users\Linda\AppData\Local\{C7F6E77A-22E2-4CE8-AFFC-DDDE691A59F0}
2014-03-15 09:44 - 2014-03-15 09:45 - 04110135 _____ () C:\Users\Linda\Downloads\tdsskiller (1).zip
2014-03-14 21:52 - 2014-03-14 21:53 - 00000000 ____D () C:\Users\Linda\AppData\Local\{4E00AA51-EA22-4455-B4AE-99232173A5BF}
2014-03-14 11:59 - 2014-03-14 11:59 - 00001466 _____ () C:\Users\Linda\Downloads\PCF.ofx
2014-03-14 11:52 - 2014-03-14 11:52 - 00001172 _____ () C:\Users\Linda\Downloads\cibc.ofx
2014-03-14 10:55 - 2014-03-14 10:57 - 00002952 _____ () C:\Users\Linda\Desktop\Rkill.txt
2014-03-14 10:55 - 2014-03-14 10:55 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Linda\Downloads\iExplore (1).exe
2014-03-14 10:38 - 2014-03-14 10:38 - 04110135 _____ () C:\Users\Linda\Downloads\tdsskiller.zip
2014-03-14 10:36 - 2014-03-14 10:36 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Linda\Downloads\iexplore.exe
2014-03-14 09:01 - 2014-03-14 09:01 - 00000000 ____D () C:\Users\Linda\AppData\Local\{3CA6B5CA-FFC0-40D3-B619-2366C30D2503}
2014-03-13 15:33 - 2014-03-13 15:33 - 00000000 ____D () C:\Windows\Standalone System Sweeper
2014-03-13 15:12 - 2014-03-13 15:12 - 00000000 ____D () C:\Users\Linda\AppData\Local\{C70C6F6F-0CA1-4A18-8C04-1F9154B70A89}
2014-03-13 14:23 - 2014-03-01 00:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 14:23 - 2014-02-28 23:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 14:23 - 2014-02-28 23:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 14:23 - 2014-02-28 22:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 14:23 - 2014-02-28 22:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 14:23 - 2014-02-28 22:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 14:23 - 2014-02-28 22:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 14:23 - 2014-02-28 22:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 14:23 - 2014-02-28 22:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 14:23 - 2014-02-28 22:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 14:23 - 2014-02-28 22:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 14:23 - 2014-02-28 22:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 14:23 - 2014-02-28 22:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 14:23 - 2014-02-28 22:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 14:23 - 2014-02-28 22:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 14:23 - 2014-02-28 22:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 14:23 - 2014-02-28 22:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 14:23 - 2014-02-28 21:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 14:23 - 2014-02-28 21:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 14:23 - 2014-02-28 21:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 14:23 - 2014-02-28 21:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 14:23 - 2014-02-28 21:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 14:23 - 2014-02-28 21:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 14:23 - 2014-02-28 21:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 14:23 - 2014-02-28 21:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 14:23 - 2014-02-28 21:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 14:23 - 2014-02-28 21:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 14:23 - 2014-02-28 21:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 14:23 - 2014-02-28 21:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 14:23 - 2014-02-28 21:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 14:23 - 2014-02-28 21:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 14:23 - 2014-02-28 21:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 14:23 - 2014-02-28 21:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 14:23 - 2014-02-28 21:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 14:23 - 2014-02-28 20:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 14:23 - 2014-02-28 20:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 14:23 - 2014-02-28 20:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 14:23 - 2014-02-28 20:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 14:23 - 2014-02-28 20:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 14:23 - 2014-02-28 20:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 14:23 - 2014-02-06 19:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 14:23 - 2014-01-28 20:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 14:23 - 2014-01-28 20:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 14:23 - 2014-01-27 20:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 14:22 - 2014-02-03 20:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 14:22 - 2014-02-03 20:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 14:22 - 2014-02-03 20:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 14:22 - 2014-02-03 20:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 13:12 - 2014-03-13 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-13 13:12 - 2014-03-13 13:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-13 13:12 - 2014-03-13 13:12 - 00000000 ____D () C:\Users\Linda\Desktop\mbar
2014-03-10 20:43 - 2014-03-10 20:43 - 00000000 ____D () C:\Users\Linda\AppData\Local\{483EF396-FCE1-4272-AC28-5AAEEB0D2844}
2014-03-10 08:43 - 2014-03-10 08:43 - 00000000 ____D () C:\Users\Linda\AppData\Local\{B9E9D6E5-BFAD-4FD6-A32A-0FED6DF94C1D}
2014-03-09 12:06 - 2014-03-13 14:17 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-09 12:06 - 2014-03-13 14:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-09 12:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-09 12:04 - 2014-03-09 12:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-09 09:53 - 2014-03-09 09:53 - 00000000 ____D () C:\Users\Linda\AppData\Local\{91C480F6-9D81-42E8-9DE2-37AAC23711E9}
2014-03-08 08:36 - 2014-03-08 08:36 - 00000000 ____D () C:\Users\Linda\AppData\Local\{0DA38F6D-21A5-4D1B-88EB-BD435832633F}
2014-03-07 20:35 - 2014-03-07 20:36 - 00000000 ____D () C:\Users\Linda\AppData\Local\{90D80A3B-B34C-4149-A041-5AC5F6A20845}
2014-03-07 08:35 - 2014-03-07 08:35 - 00000000 ____D () C:\Users\Linda\AppData\Local\{4A03D845-5D32-47CE-8B83-EFCC059B1FC6}
2014-03-06 11:50 - 2014-03-06 11:50 - 00000000 ____D () C:\Users\Linda\AppData\Local\{B1985AAA-772F-4972-82A9-D2C575EF0FB7}
2014-03-05 23:49 - 2014-03-05 23:50 - 00000000 ____D () C:\Users\Linda\AppData\Local\{A4C676CC-FDB3-4530-AD55-5D167A125FA9}
2014-03-05 11:49 - 2014-03-05 11:49 - 00000000 ____D () C:\Users\Linda\AppData\Local\{022D93E3-5140-4E32-ACBF-2460F3C2E144}
2014-03-04 23:48 - 2014-03-04 23:48 - 00000000 ____D () C:\Users\Linda\AppData\Local\{3DFD02DF-D473-473E-940A-92BDD4A3F84B}
2014-03-04 11:48 - 2014-03-04 11:48 - 00000000 ____D () C:\Users\Linda\AppData\Local\{C837A25E-0E23-46D1-9FA6-17E2FB1AE22B}
2014-03-03 23:48 - 2014-03-03 23:48 - 00000000 ____D () C:\Users\Linda\AppData\Local\{5868A32F-B678-42CD-813B-63B5FF90F26C}
2014-03-03 11:47 - 2014-03-03 11:47 - 00000000 ____D () C:\Users\Linda\AppData\Local\{629F476D-FEA3-447B-8F8F-6F70F7CEC77A}
2014-03-02 23:47 - 2014-03-02 23:47 - 00000000 ____D () C:\Users\Linda\AppData\Local\{B7BE4974-E6BD-4E96-940B-857705F9D067}
2014-03-02 11:46 - 2014-03-02 11:46 - 00000000 ____D () C:\Users\Linda\AppData\Local\{844733AD-1883-479C-AC63-778852B8C542}
2014-03-01 23:46 - 2014-03-01 23:46 - 00000000 ____D () C:\Users\Linda\AppData\Local\{5D12563C-56FE-4248-B292-B153463D76B9}
2014-03-01 11:45 - 2014-03-01 11:46 - 00000000 ____D () C:\Users\Linda\AppData\Local\{1B87D094-0531-4C9C-B9B5-C0305D749086}
2014-02-28 23:45 - 2014-02-28 23:45 - 00000000 ____D () C:\Users\Linda\AppData\Local\{4A5BA009-E776-462A-94D9-F9937B4BC049}
2014-02-28 11:44 - 2014-02-28 11:44 - 00000000 ____D () C:\Users\Linda\AppData\Local\{FAA311A5-4DB5-43C3-91BD-B5F32EB59988}
2014-02-27 21:11 - 2014-02-27 21:12 - 00000000 ____D () C:\Users\Linda\AppData\Local\{E8B54A22-4B4D-47A8-856E-496391D39491}
2014-02-27 09:11 - 2014-02-27 09:11 - 00000000 ____D () C:\Users\Linda\AppData\Local\{3AA78922-C130-4097-A301-2757CEEA4C9B}
2014-02-26 21:10 - 2014-02-26 21:11 - 00000000 ____D () C:\Users\Linda\AppData\Local\{D9F1E8B1-9637-480F-BB77-96ADDDDC06BF}
2014-02-26 16:53 - 2014-02-26 16:53 - 00137216 _____ () C:\Users\Linda\Downloads\feb_dbs.xls
2014-02-26 16:53 - 2014-02-26 16:53 - 00137216 _____ () C:\Users\Linda\Downloads\feb_dbs (1).xls
2014-02-26 16:52 - 2014-02-26 16:52 - 02034176 _____ () C:\Users\Linda\Downloads\feb_dbl.xls
2014-02-26 09:10 - 2014-02-26 09:10 - 00000000 ____D () C:\Users\Linda\AppData\Local\{20C8D4BF-83FF-449F-848C-AED86495CE51}
2014-02-25 21:09 - 2014-02-25 21:10 - 00000000 ____D () C:\Users\Linda\AppData\Local\{183F4AE5-926F-43A0-8065-8349255CAFC4}
2014-02-25 18:05 - 2014-03-10 15:12 - 00015707 _____ () C:\Users\Linda\Documents\Ryan Carruthers and family tax 2013.u13
2014-02-25 09:09 - 2014-02-25 09:09 - 00000000 ____D () C:\Users\Linda\AppData\Local\{956B8DEE-ECFF-41C0-826A-EBA43DA0E3DC}
2014-02-24 21:09 - 2014-02-24 21:09 - 00000000 ____D () C:\Users\Linda\AppData\Local\{ECB1D390-9685-429A-A49D-6228FE59A879}
2014-02-24 15:09 - 2013-12-18 22:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-24 15:09 - 2013-12-18 22:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-24 15:09 - 2013-12-18 22:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-24 15:09 - 2013-12-18 22:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-24 15:08 - 2014-02-24 15:09 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-24 09:08 - 2014-02-24 09:08 - 00000000 ____D () C:\Users\Linda\AppData\Local\{52C1F4D0-8977-46D3-A05C-13B7793BA3DA}
2014-02-23 21:07 - 2014-02-23 21:08 - 00000000 ____D () C:\Users\Linda\AppData\Local\{900FAA6B-E719-41CA-8094-26C62FF353A4}
2014-02-23 09:07 - 2014-02-23 09:07 - 00000000 ____D () C:\Users\Linda\AppData\Local\{3F570D9C-9773-4B2F-AF0B-C9D9BA7B81CE}
2014-02-22 10:29 - 2014-02-22 10:29 - 00000000 ____D () C:\Users\Linda\AppData\Local\{6194DB2D-4C9C-41A1-BA5A-529152CE4D7F}
2014-02-21 22:29 - 2014-02-21 22:29 - 00000000 ____D () C:\Users\Linda\AppData\Local\{FCE496F5-5B4E-4C70-8387-7090D3EBD6A8}
2014-02-21 13:29 - 2014-02-21 13:29 - 00000360 _____ () C:\Windows\DirectX.log
2014-02-21 10:28 - 2014-02-21 10:28 - 00000000 ____D () C:\Users\Linda\AppData\Local\{668AAD56-2DAC-4306-9B71-AB67C5121229}
2014-02-20 22:27 - 2014-02-20 22:28 - 00000000 ____D () C:\Users\Linda\AppData\Local\{380B06A4-B7F3-41D5-A02A-95CD4B55AFE1}
2014-02-20 10:42 - 2014-03-04 13:48 - 00001832 _____ () C:\Users\Public\Desktop\UFile 2013.lnk
2014-02-20 10:42 - 2014-03-04 13:48 - 00000000 ____D () C:\Program Files (x86)\UFile 2013
2014-02-20 10:42 - 2014-02-20 10:42 - 00000000 ____D () C:\ProgramData\Dr Tax
2014-02-20 10:27 - 2014-02-20 10:27 - 00000000 ____D () C:\Users\Linda\AppData\Local\{ABCD7C0C-A08D-4120-BEDD-24CEA53FC15B}
2014-02-19 22:27 - 2014-02-19 22:27 - 00000000 ____D () C:\Users\Linda\AppData\Local\{B34C5440-FBC4-4187-AB64-CBD42A886424}
2014-02-19 10:26 - 2014-02-19 10:27 - 00000000 ____D () C:\Users\Linda\AppData\Local\{E601B0F4-CAB9-4519-9A86-FB38831774F6}
2014-02-18 22:24 - 2014-02-18 22:26 - 00000000 ____D () C:\Users\Linda\AppData\Local\{BB77350F-79E9-4B38-898B-BC376F2D2F03}
2014-02-18 10:24 - 2014-02-18 10:24 - 00000000 ____D () C:\Users\Linda\AppData\Local\{7C1A32D1-96E0-4031-90B7-AAD55CDDB4F6}
 
==================== One Month Modified Files and Folders =======
 
2014-03-20 12:56 - 2014-03-20 12:55 - 00000000 ____D () C:\FRST
2014-03-20 12:56 - 2014-03-20 12:54 - 00000000 ____D () C:\Users\Linda\Downloads\Farbar Recovery
2014-03-20 12:20 - 2011-05-02 15:18 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 12:01 - 2011-04-29 09:38 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2798687626-2405255637-153004402-1000UA.job
2014-03-20 10:27 - 2014-03-20 10:27 - 00017905 _____ () C:\Users\Linda\Desktop\ComboFix.txt
2014-03-20 09:39 - 2014-03-20 09:39 - 00017905 _____ () C:\ComboFix.txt
2014-03-20 09:39 - 2014-03-20 09:11 - 00000000 ____D () C:\Qoobox
2014-03-20 09:39 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
2014-03-20 09:38 - 2014-03-20 09:11 - 00000000 ____D () C:\Windows\erdnt
2014-03-20 09:38 - 2011-03-24 01:09 - 01601826 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 09:37 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-20 09:22 - 2011-04-28 13:01 - 00000000 ____D () C:\Users\Linda
2014-03-20 08:54 - 2014-03-20 08:54 - 00000000 ____D () C:\Users\Linda\Desktop\ComboFix
2014-03-20 08:20 - 2011-05-02 15:18 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 07:53 - 2011-04-29 09:38 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2798687626-2405255637-153004402-1000Core.job
2014-03-20 07:44 - 2014-03-20 07:44 - 00000000 ____D () C:\Users\Linda\AppData\Local\{D18D19F1-AEE1-4F23-BC0A-C769236C10E8}
2014-03-19 20:41 - 2011-04-28 13:21 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CBDD2B50-2972-4C0D-B88E-22C9CF7F8CCE}
2014-03-19 14:46 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-19 14:46 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-19 14:43 - 2009-07-13 23:13 - 00787310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 14:38 - 2013-01-13 07:11 - 00014628 _____ () C:\Windows\setupact.log
2014-03-19 14:38 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-19 14:35 - 2014-03-19 13:46 - 00000000 ____D () C:\AdwCleaner
2014-03-19 14:35 - 2011-04-28 13:16 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\SoftGrid Client
2014-03-19 13:57 - 2014-03-19 13:57 - 00002698 _____ () C:\Users\Linda\Desktop\AdwCleaner[R0].txt
2014-03-19 13:44 - 2014-03-19 13:44 - 01950720 _____ () C:\Users\Linda\Desktop\AdwCleaner.exe
2014-03-19 12:45 - 2014-03-19 12:41 - 00000000 ____D () C:\Users\Linda\Desktop\RK_Quarantine
2014-03-19 12:44 - 2014-03-19 12:44 - 00003114 _____ () C:\Users\Linda\Desktop\RKreport[0]_S_03192014_124402.txt
2014-03-19 12:39 - 2014-03-19 12:39 - 03901952 _____ () C:\Users\Linda\Downloads\RogueKiller (1).exe
2014-03-19 12:22 - 2014-03-19 12:22 - 03901952 _____ () C:\Users\Linda\Downloads\RogueKiller.exe
2014-03-19 10:39 - 2014-03-19 10:39 - 00024403 _____ () C:\Users\Linda\Desktop\attach.txt
2014-03-19 10:38 - 2014-03-19 10:39 - 00023664 _____ () C:\Users\Linda\Desktop\dds.txt
2014-03-19 10:32 - 2014-03-19 10:32 - 00688992 ____R (Swearware) C:\Users\Linda\Desktop\dds.scr
2014-03-19 10:27 - 2014-03-19 10:27 - 00000000 ____D () C:\Users\Linda\AppData\Local\{726958C8-B01B-4761-9BB1-0B6EAA3ECD10}
2014-03-18 22:27 - 2014-03-18 22:27 - 00000000 ____D () C:\Users\Linda\AppData\Local\{76C6B80C-9324-4DAE-9EB0-6E11A152763E}
2014-03-18 15:58 - 2011-04-29 18:04 - 24248320 _____ () C:\Users\Linda\Documents\Linda.MNY
2014-03-18 15:52 - 2014-03-18 15:51 - 06497677 ____R () C:\Users\Linda\Documents\Linda Backup.mbf
2014-03-18 15:48 - 2012-12-16 09:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-18 15:48 - 2012-01-20 13:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-18 15:19 - 2014-03-18 15:19 - 00000941 _____ () C:\Users\Linda\Downloads\PCF (1).ofx
2014-03-18 10:27 - 2014-03-18 10:27 - 00000000 ____D () C:\Users\Linda\AppData\Local\{6C907D51-10DC-45B4-95CC-2262861CFED0}
2014-03-17 23:50 - 2014-03-15 23:11 - 00017833 _____ () C:\Users\Linda\Documents\Angela  Bourne and family tax 2013.u13
2014-03-17 21:55 - 2014-03-17 21:55 - 00000000 ____D () C:\Users\Linda\AppData\Local\{4289E666-662B-40C2-8205-544445927DCA}
2014-03-17 18:52 - 2014-03-17 19:00 - 00013744 _____ () C:\Users\Linda\Documents\Richard Bourne and family tax 2013.u13
2014-03-17 15:24 - 2014-03-15 21:21 - 00019967 _____ () C:\Users\Linda\Documents\Angela  Bourne tax 2012.u12
2014-03-17 11:50 - 2011-05-19 15:31 - 00000000 ____D () C:\Users\Linda\Documents\My Scans
2014-03-17 09:55 - 2014-03-17 09:54 - 00000000 ____D () C:\Users\Linda\AppData\Local\{D92C96F3-4368-409A-8067-3286D4C7D639}
2014-03-16 21:54 - 2014-03-16 21:54 - 00000000 ____D () C:\Users\Linda\AppData\Local\{A2B58B25-7B2A-43E4-876E-B504D50F1836}
2014-03-16 10:05 - 2011-04-29 17:10 - 04927488 _____ () C:\Users\Linda\Documents\SIMMONS2008TREE.paf
2014-03-16 09:54 - 2014-03-16 09:54 - 00000000 ____D () C:\Users\Linda\AppData\Local\{81307389-992A-4FA5-A4C1-AB9184F4BAF8}
2014-03-15 22:18 - 2013-02-15 13:52 - 00001832 _____ () C:\Users\Public\Desktop\UFile 2012.lnk
2014-03-15 22:18 - 2013-02-15 13:52 - 00000000 ____D () C:\Program Files (x86)\UFile 2012
2014-03-15 21:53 - 2014-03-15 21:53 - 00000000 ____D () C:\Users\Linda\AppData\Local\{B960CBAE-0AC6-4D04-A04C-252E90FE5DE9}
2014-03-15 14:04 - 2011-04-29 09:39 - 00002368 _____ () C:\Users\Linda\Desktop\Google Chrome.lnk
2014-03-15 09:53 - 2014-03-15 09:53 - 00000000 ____D () C:\Users\Linda\AppData\Local\{C7F6E77A-22E2-4CE8-AFFC-DDDE691A59F0}
2014-03-15 09:45 - 2014-03-15 09:44 - 04110135 _____ () C:\Users\Linda\Downloads\tdsskiller (1).zip
2014-03-14 21:53 - 2014-03-14 21:52 - 00000000 ____D () C:\Users\Linda\AppData\Local\{4E00AA51-EA22-4455-B4AE-99232173A5BF}
2014-03-14 14:29 - 2012-12-04 12:50 - 07738574 _____ () C:\Users\Linda\AppData\Local\census.cache
2014-03-14 14:29 - 2012-12-04 12:50 - 00105989 _____ () C:\Users\Linda\AppData\Local\ars.cache
2014-03-14 13:19 - 2011-04-29 15:23 - 00000000 ____D () C:\Users\Linda\Documents\Linda Personal
2014-03-14 11:59 - 2014-03-14 11:59 - 00001466 _____ () C:\Users\Linda\Downloads\PCF.ofx
2014-03-14 11:52 - 2014-03-14 11:52 - 00001172 _____ () C:\Users\Linda\Downloads\cibc.ofx
2014-03-14 10:57 - 2014-03-14 10:55 - 00002952 _____ () C:\Users\Linda\Desktop\Rkill.txt
2014-03-14 10:55 - 2014-03-14 10:55 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Linda\Downloads\iExplore (1).exe
2014-03-14 10:38 - 2014-03-14 10:38 - 04110135 _____ () C:\Users\Linda\Downloads\tdsskiller.zip
2014-03-14 10:36 - 2014-03-14 10:36 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Linda\Downloads\iexplore.exe
2014-03-14 09:01 - 2014-03-14 09:01 - 00000000 ____D () C:\Users\Linda\AppData\Local\{3CA6B5CA-FFC0-40D3-B619-2366C30D2503}
2014-03-13 20:14 - 2009-07-13 22:45 - 00320728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 20:13 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 20:13 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 18:15 - 2013-08-14 21:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-13 18:13 - 2011-04-28 14:32 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-13 15:33 - 2014-03-13 15:33 - 00000000 ____D () C:\Windows\Standalone System Sweeper
2014-03-13 15:31 - 2011-03-24 01:37 - 00000000 ____D () C:\ProgramData\PDFC
2014-03-13 15:12 - 2014-03-13 15:12 - 00000000 ____D () C:\Users\Linda\AppData\Local\{C70C6F6F-0CA1-4A18-8C04-1F9154B70A89}
2014-03-13 14:48 - 2011-06-25 07:16 - 00003218 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLINDA-HP$
2014-03-13 14:48 - 2011-06-25 07:16 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForLINDA-HP$.job
2014-03-13 14:30 - 2013-02-09 10:39 - 00124986 _____ () C:\Windows\PFRO.log
2014-03-13 14:17 - 2014-03-09 12:06 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-13 14:17 - 2014-03-09 12:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-13 13:13 - 2014-03-13 13:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-13 13:12 - 2014-03-13 13:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-13 13:12 - 2014-03-13 13:12 - 00000000 ____D () C:\Users\Linda\Desktop\mbar
2014-03-13 12:14 - 2011-04-28 15:04 - 00000000 ____D () C:\Windows\pss
2014-03-13 08:02 - 2011-04-29 20:03 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\ZoomBrowser EX
2014-03-12 20:57 - 2011-04-28 17:17 - 00000000 ____D () C:\Users\Linda\AppData\Local\Windows Live Writer
2014-03-12 19:16 - 2012-12-30 08:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 19:16 - 2011-05-19 09:58 - 00000000 ____D () C:\Users\Linda\AppData\Local\Intuit
2014-03-12 19:16 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-03-12 10:48 - 2009-07-14 01:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-10 23:51 - 2011-10-30 12:53 - 00018282 _____ () C:\Windows\system32\config\rules.rdb
2014-03-10 20:43 - 2014-03-10 20:43 - 00000000 ____D () C:\Users\Linda\AppData\Local\{483EF396-FCE1-4272-AC28-5AAEEB0D2844}
2014-03-10 15:12 - 2014-02-25 18:05 - 00015707 _____ () C:\Users\Linda\Documents\Ryan Carruthers and family tax 2013.u13
2014-03-10 08:43 - 2014-03-10 08:43 - 00000000 ____D () C:\Users\Linda\AppData\Local\{B9E9D6E5-BFAD-4FD6-A32A-0FED6DF94C1D}
2014-03-09 12:04 - 2014-03-09 12:04 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-09 09:53 - 2014-03-09 09:53 - 00000000 ____D () C:\Users\Linda\AppData\Local\{91C480F6-9D81-42E8-9DE2-37AAC23711E9}
2014-03-08 08:36 - 2014-03-08 08:36 - 00000000 ____D () C:\Users\Linda\AppData\Local\{0DA38F6D-21A5-4D1B-88EB-BD435832633F}
2014-03-07 20:36 - 2014-03-07 20:35 - 00000000 ____D () C:\Users\Linda\AppData\Local\{90D80A3B-B34C-4149-A041-5AC5F6A20845}
2014-03-07 08:35 - 2014-03-07 08:35 - 00000000 ____D () C:\Users\Linda\AppData\Local\{4A03D845-5D32-47CE-8B83-EFCC059B1FC6}
2014-03-06 11:50 - 2014-03-06 11:50 - 00000000 ____D () C:\Users\Linda\AppData\Local\{B1985AAA-772F-4972-82A9-D2C575EF0FB7}
2014-03-05 23:50 - 2014-03-05 23:49 - 00000000 ____D () C:\Users\Linda\AppData\Local\{A4C676CC-FDB3-4530-AD55-5D167A125FA9}
2014-03-05 11:49 - 2014-03-05 11:49 - 00000000 ____D () C:\Users\Linda\AppData\Local\{022D93E3-5140-4E32-ACBF-2460F3C2E144}
2014-03-04 23:48 - 2014-03-04 23:48 - 00000000 ____D () C:\Users\Linda\AppData\Local\{3DFD02DF-D473-473E-940A-92BDD4A3F84B}
2014-03-04 14:24 - 2011-04-29 16:46 - 00000000 ____D () C:\Users\Linda\AppData\Local\CrashDumps
2014-03-04 13:48 - 2014-02-20 10:42 - 00001832 _____ () C:\Users\Public\Desktop\UFile 2013.lnk
2014-03-04 13:48 - 2014-02-20 10:42 - 00000000 ____D () C:\Program Files (x86)\UFile 2013
2014-03-04 11:48 - 2014-03-04 11:48 - 00000000 ____D () C:\Users\Linda\AppData\Local\{C837A25E-0E23-46D1-9FA6-17E2FB1AE22B}
2014-03-03 23:48 - 2014-03-03 23:48 - 00000000 ____D () C:\Users\Linda\AppData\Local\{5868A32F-B678-42CD-813B-63B5FF90F26C}
2014-03-03 11:47 - 2014-03-03 11:47 - 00000000 ____D () C:\Users\Linda\AppData\Local\{629F476D-FEA3-447B-8F8F-6F70F7CEC77A}
2014-03-03 07:36 - 2011-04-28 13:09 - 00078832 _____ () C:\Users\Linda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-02 23:47 - 2014-03-02 23:47 - 00000000 ____D () C:\Users\Linda\AppData\Local\{B7BE4974-E6BD-4E96-940B-857705F9D067}
2014-03-02 11:46 - 2014-03-02 11:46 - 00000000 ____D () C:\Users\Linda\AppData\Local\{844733AD-1883-479C-AC63-778852B8C542}
2014-03-01 23:46 - 2014-03-01 23:46 - 00000000 ____D () C:\Users\Linda\AppData\Local\{5D12563C-56FE-4248-B292-B153463D76B9}
2014-03-01 11:46 - 2014-03-01 11:45 - 00000000 ____D () C:\Users\Linda\AppData\Local\{1B87D094-0531-4C9C-B9B5-C0305D749086}
2014-03-01 00:05 - 2014-03-13 14:23 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 23:45 - 2014-02-28 23:45 - 00000000 ____D () C:\Users\Linda\AppData\Local\{4A5BA009-E776-462A-94D9-F9937B4BC049}
2014-02-28 23:17 - 2014-03-13 14:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 23:16 - 2014-03-13 14:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 22:58 - 2014-03-13 14:23 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 22:52 - 2014-03-13 14:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 22:51 - 2014-03-13 14:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 22:42 - 2014-03-13 14:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 22:40 - 2014-03-13 14:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 22:37 - 2014-03-13 14:23 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 22:33 - 2014-03-13 14:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 22:33 - 2014-03-13 14:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 22:32 - 2014-03-13 14:23 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 22:30 - 2014-03-13 14:23 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 22:23 - 2014-03-13 14:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 22:17 - 2014-03-13 14:23 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 22:11 - 2014-03-13 14:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 22:02 - 2014-03-13 14:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 21:54 - 2014-03-13 14:23 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 21:52 - 2014-03-13 14:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 21:51 - 2014-03-13 14:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 21:47 - 2014-03-13 14:23 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 21:43 - 2014-03-13 14:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 21:43 - 2014-03-13 14:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 21:42 - 2014-03-13 14:23 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 21:40 - 2014-03-13 14:23 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 21:38 - 2014-03-13 14:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 21:37 - 2014-03-13 14:23 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 21:35 - 2014-03-13 14:23 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 21:18 - 2014-03-13 14:23 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 21:16 - 2014-03-13 14:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 21:14 - 2014-03-13 14:23 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 21:10 - 2014-03-13 14:23 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 21:03 - 2014-03-13 14:23 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 21:00 - 2014-03-13 14:23 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 20:57 - 2014-03-13 14:23 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 20:38 - 2014-03-13 14:23 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 20:32 - 2014-03-13 14:23 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 20:27 - 2014-03-13 14:23 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 20:25 - 2014-03-13 14:23 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 20:25 - 2014-03-13 14:23 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 11:44 - 2014-02-28 11:44 - 00000000 ____D () C:\Users\Linda\AppData\Local\{FAA311A5-4DB5-43C3-91BD-B5F32EB59988}
2014-02-27 21:12 - 2014-02-27 21:11 - 00000000 ____D () C:\Users\Linda\AppData\Local\{E8B54A22-4B4D-47A8-856E-496391D39491}
2014-02-27 09:11 - 2014-02-27 09:11 - 00000000 ____D () C:\Users\Linda\AppData\Local\{3AA78922-C130-4097-A301-2757CEEA4C9B}
2014-02-26 21:11 - 2014-02-26 21:10 - 00000000 ____D () C:\Users\Linda\AppData\Local\{D9F1E8B1-9637-480F-BB77-96ADDDDC06BF}
2014-02-26 16:53 - 2014-02-26 16:53 - 00137216 _____ () C:\Users\Linda\Downloads\feb_dbs.xls
2014-02-26 16:53 - 2014-02-26 16:53 - 00137216 _____ () C:\Users\Linda\Downloads\feb_dbs (1).xls
2014-02-26 16:52 - 2014-02-26 16:52 - 02034176 _____ () C:\Users\Linda\Downloads\feb_dbl.xls
2014-02-26 09:10 - 2014-02-26 09:10 - 00000000 ____D () C:\Users\Linda\AppData\Local\{20C8D4BF-83FF-449F-848C-AED86495CE51}
2014-02-25 21:10 - 2014-02-25 21:09 - 00000000 ____D () C:\Users\Linda\AppData\Local\{183F4AE5-926F-43A0-8065-8349255CAFC4}
2014-02-25 09:09 - 2014-02-25 09:09 - 00000000 ____D () C:\Users\Linda\AppData\Local\{956B8DEE-ECFF-41C0-826A-EBA43DA0E3DC}
2014-02-24 21:09 - 2014-02-24 21:09 - 00000000 ____D () C:\Users\Linda\AppData\Local\{ECB1D390-9685-429A-A49D-6228FE59A879}
2014-02-24 15:12 - 2013-11-01 08:27 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-24 15:09 - 2014-02-24 15:08 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-24 15:09 - 2013-06-23 22:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-24 09:08 - 2014-02-24 09:08 - 00000000 ____D () C:\Users\Linda\AppData\Local\{52C1F4D0-8977-46D3-A05C-13B7793BA3DA}
2014-02-23 21:08 - 2014-02-23 21:07 - 00000000 ____D () C:\Users\Linda\AppData\Local\{900FAA6B-E719-41CA-8094-26C62FF353A4}
2014-02-23 10:02 - 2011-04-29 07:17 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\CyberLink
2014-02-23 09:07 - 2014-02-23 09:07 - 00000000 ____D () C:\Users\Linda\AppData\Local\{3F570D9C-9773-4B2F-AF0B-C9D9BA7B81CE}
2014-02-22 10:29 - 2014-02-22 10:29 - 00000000 ____D () C:\Users\Linda\AppData\Local\{6194DB2D-4C9C-41A1-BA5A-529152CE4D7F}
2014-02-21 22:29 - 2014-02-21 22:29 - 00000000 ____D () C:\Users\Linda\AppData\Local\{FCE496F5-5B4E-4C70-8387-7090D3EBD6A8}
2014-02-21 13:29 - 2014-02-21 13:29 - 00000360 _____ () C:\Windows\DirectX.log
2014-02-21 10:28 - 2014-02-21 10:28 - 00000000 ____D () C:\Users\Linda\AppData\Local\{668AAD56-2DAC-4306-9B71-AB67C5121229}
2014-02-20 22:28 - 2014-02-20 22:27 - 00000000 ____D () C:\Users\Linda\AppData\Local\{380B06A4-B7F3-41D5-A02A-95CD4B55AFE1}
2014-02-20 22:28 - 2011-04-28 17:18 - 00000000 ____D () C:\Users\Linda\AppData\Local\Windows Live
2014-02-20 10:42 - 2014-02-20 10:42 - 00000000 ____D () C:\ProgramData\Dr Tax
2014-02-20 10:27 - 2014-02-20 10:27 - 00000000 ____D () C:\Users\Linda\AppData\Local\{ABCD7C0C-A08D-4120-BEDD-24CEA53FC15B}
2014-02-19 22:27 - 2014-02-19 22:27 - 00000000 ____D () C:\Users\Linda\AppData\Local\{B34C5440-FBC4-4187-AB64-CBD42A886424}
2014-02-19 10:27 - 2014-02-19 10:26 - 00000000 ____D () C:\Users\Linda\AppData\Local\{E601B0F4-CAB9-4519-9A86-FB38831774F6}
2014-02-18 22:26 - 2014-02-18 22:24 - 00000000 ____D () C:\Users\Linda\AppData\Local\{BB77350F-79E9-4B38-898B-BC376F2D2F03}
2014-02-18 15:03 - 2011-04-29 19:59 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-02-18 10:24 - 2014-02-18 10:24 - 00000000 ____D () C:\Users\Linda\AppData\Local\{7C1A32D1-96E0-4031-90B7-AAD55CDDB4F6}
 
Files to move or delete:
====================
C:\Users\Linda\jobq.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-20 10:51
 
==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.