Any thoughts on how to remove this unpleasant software appreciated. Babylon is unwanted and irritating.
Babylon
- Thread starter Ronny Munster
- Start date
Fiery
Level 1
- Jan 11, 2011
- 2,007
Hi and welcome to MalwareTips! 
I'm Fiery and I would gladly assist you in removing the malware on your computer.
PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.
Before we start:
<hr>
Please download AdwCleaner by Xplode onto your desktop.
Please download Junkware Removal Tool to your desktop from here
I'm Fiery and I would gladly assist you in removing the malware on your computer.
PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.
Before we start:
- Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
- Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
- Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
- Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
- The absence of symptoms does not mean your PC is fully disinfected.
- If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
- Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.
<hr>
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
- Click delete
- Please post the content of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt
Please download Junkware Removal Tool to your desktop from here
- Turn off your antivirus software now to avoid potential conflicts
- Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
- The tool will open and start scanning your system
- Please be patient as this can take a while to complete depending on your system's specifications
- On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
- Post the contents of JRT.txt into your next reply
Hi Fiery,Fiery said:Hi and welcome to MalwareTips!
I'm Fiery and I would gladly assist you in removing the malware on your computer.
PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.
Before we start:
- Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
- Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
- Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
- Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
- The absence of symptoms does not mean your PC is fully disinfected.
- If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
- Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.
<hr>
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
- Click delete
- Please post the content of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt
Please download Junkware Removal Tool to your desktop from here
- Turn off your antivirus software now to avoid potential conflicts
- Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
- The tool will open and start scanning your system
- Please be patient as this can take a while to complete depending on your system's specifications
- On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
- Post the contents of JRT.txt into your next reply
Thanks for your instructions which I have followed closely. Log file attached as requested and the text from the other file posted in this message. Let me know what happens next.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 x64
Ran by Linda on 30/06/2013 at 8:51:23.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/06/2013 at 8:53:16.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks a lot
Ronny
Fiery
Level 1
- Jan 11, 2011
- 2,007
Hi,
Did you run adwCleaner? Did it produce a log? If not, please run adwCleaner again before proceeding to the next step.
Download OTL by Old Timer from here and save it to your Desktop.
If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072
Did you run adwCleaner? Did it produce a log? If not, please run adwCleaner again before proceeding to the next step.
Download OTL by Old Timer from here and save it to your Desktop.
- Double click on OTL.exe to run it.
- Click the Scan All Users checkbox.
- Check the boxes beside LOP Check and Purity Check
- Click on Run Scan at the top left hand corner.
- When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
- Please attach the contents of these 2 Notepad files in your next reply.
If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072
Fiery said:
I did attach the log file as you requested - was it not visible? I will download the file as you suggest
Fiery
Level 1
- Jan 11, 2011
- 2,007
Hi,
Open OTL. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
Download Malwarebytes Anti-Rootkit from here to your Desktop
Open OTL. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
Download Malwarebytes Anti-Rootkit from here to your Desktop
- Unzip the contents to a folder on your Desktop.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
- After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
- When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)
Fiery said:
Hi,
I have run the additional reports which are attached. I have rebooted the PC but have had opportunity to run the Cleanup option.
Ronny
Ronny Munster said:
When I rebooted, I still get Babylon on Chrome toolbar even though I have run the Malware rootkit twice and I do not get an option to clean it up.
Ronny
Ronny Munster said:
Hi Fiery,
I reran all the processes this morning, and even though OTL says the system is clear, Chrome boots up with Babylon. I am unable to remove Babylon from the Chrome setup or via uninstall programmes as it is simple not visible. Is there anything else I can do?
Thanks
Ronny
Fiery said:
Hi
I tried everything again including uninstalling chrome and reinstalling and Babylon is still there. Any further clues as to what I can do to remove this insidious and nasty software?
Ronny
Fiery said:
Hi,
I have rerun OTL but there is only one log file produced which is attached; there is no extras.txt - not sure where to find it. I have looked everywhere.
Any ideas?
Ronny
Fiery
Level 1
- Jan 11, 2011
- 2,007
Hi,
Since you have Windows 8, there are some tools that we can't use here.
Open OTL. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>
<li>Plug the flashdrive into the infected PC and double click FRST64.exe</li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>
Since you have Windows 8, there are some tools that we can't use here.
Open OTL. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>
<li>Plug the flashdrive into the infected PC and double click FRST64.exe</li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>
Last edited by a moderator:
Fiery said:
HI,
Attached, I have run the processes you suggested. Let me know what you think this means.
Thanks
All processes killed
========== OTL ==========
Use Chrome's Settings page to change the HomePage.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Linda
->Temp folder emptied: 6545559 bytes
->Temporary Internet Files folder emptied: 32722324 bytes
->Google Chrome cache emptied: 12208689 bytes
->Flash cache emptied: 846 bytes
User: Public
User: Ronny
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1120755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 9047151 bytes
Total Files Cleaned = 59.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 07262013_220401
Files\Folders moved on Reboot...
C:\Users\Linda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\FireFly(2013072622015268C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(2013072622015168C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(2013072622015268C).log moved successfully.
File\Folder C:\Windows\temp\ttu3px3l.0.cs not found!
File\Folder C:\Windows\temp\ttu3px3l.cmdline not found!
File\Folder C:\Windows\temp\ttu3px3l.dll not found!
File\Folder C:\Windows\temp\ttu3px3l.err not found!
File\Folder C:\Windows\temp\ttu3px3l.out not found!
File\Folder C:\Windows\temp\ttu3px3l.tmp not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2013 01
Ran by Linda (administrator) on 26-07-2013 22:07:23
Running from F:\
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\Livedrive\VSSService.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Livedrive Internet Ltd) C:\Program Files (x86)\Livedrive\Livedrive.exe
(Microsoft Corporation) C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKCU\...\Run: [Livedrive] - C:\Program Files (x86)\Livedrive\Livedrive.exe [1806336 2013-05-15] (Livedrive Internet Ltd)
HKCU\...\Run: [SkyDrive] - C:\Users\Linda\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-07-02] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6365920 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {1760612A-67B3-4EAC-9496-D8C44D86192B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {1760612A-67B3-4EAC-9496-D8C44D86192B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {1760612A-67B3-4EAC-9496-D8C44D86192B} URL =
SearchScopes: HKCU - {1760612A-67B3-4EAC-9496-D8C44D86192B} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: BrowserHelper Class - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\ExplorerExtensions.dll (Livedrive Internet Ltd)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Chrome:
=======
CHR HomePage: hxxp://search.babylon.com/?affID=113480&tt=3012_5&babsrc=HP_ss_cr&mntrId=ac004cbf000000000000000ffe3f8b4f
CHR RestoreOnStartup: "hxxp://search.babylon.com/?affID=113480&tt=3012_5&babsrc=HP_ss_cr&mntrId=ac004cbf000000000000000ffe3f8b4f", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google
riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (Entanglement) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0
CHR Extension: (Google Docs) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Poppit) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Gmail) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-12] (Conexant Systems, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 LivedriveVSSService; C:\Program Files (x86)\Livedrive\VSSService.exe [210584 2013-05-15] ()
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1900728 2013-06-06] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros)
==================== Drivers (Whitelisted) ====================
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-07-01] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-07-01] (Acronis)
U3 mfeavfk01; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-26 22:07 - 2013-07-26 22:07 - 00000000 ____D C:\FRST
2013-07-23 19:49 - 2013-07-23 19:49 - 00201732 _____ C:\Users\Linda\Desktop\OTL.Txt
2013-07-18 08:34 - 2013-07-18 08:34 - 00325416 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 00:58 - 2013-06-01 12:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-17 00:58 - 2013-06-01 12:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-17 00:58 - 2013-06-01 12:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-17 00:58 - 2013-06-01 11:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-07-17 00:58 - 2013-06-01 10:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2013-07-17 00:58 - 2013-06-01 10:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2013-07-17 00:58 - 2013-06-01 10:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2013-07-17 00:57 - 2013-06-16 23:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-17 00:57 - 2013-06-01 12:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-07-17 00:57 - 2013-06-01 12:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-07-17 00:57 - 2013-06-01 12:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-07-17 00:57 - 2013-06-01 12:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-07-17 00:57 - 2013-06-01 12:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2013-07-17 00:57 - 2013-06-01 10:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-07-17 00:57 - 2013-06-01 10:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2013-07-17 00:57 - 2013-06-01 10:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2013-07-17 00:57 - 2013-06-01 10:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2013-07-17 00:57 - 2013-06-01 10:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2013-07-17 00:57 - 2013-06-01 10:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2013-07-17 00:57 - 2013-06-01 10:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-17 00:57 - 2013-06-01 10:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-17 00:57 - 2013-06-01 10:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2013-07-17 00:57 - 2013-06-01 10:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2013-07-17 00:57 - 2013-06-01 10:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2013-07-17 00:57 - 2013-06-01 10:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2013-07-17 00:57 - 2013-06-01 10:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2013-07-17 00:57 - 2013-06-01 10:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2013-07-17 00:57 - 2013-06-01 10:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2013-07-17 00:57 - 2013-06-01 10:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2013-07-17 00:57 - 2013-06-01 04:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys
2013-07-17 00:57 - 2013-05-24 23:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2013-07-17 00:57 - 2013-05-24 23:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2013-07-17 00:57 - 2013-05-24 23:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2013-07-17 00:57 - 2013-05-24 23:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2013-07-17 00:57 - 2013-05-20 01:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml
2013-07-14 20:56 - 2013-07-14 20:56 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2013-07-14 15:45 - 2013-07-14 15:45 - 00000000 ____D C:\Users\Linda\Documents\Fax
2013-07-12 20:42 - 2013-07-12 20:43 - 110406132 _____ C:\Users\Linda\Downloads\sky news 120713.mp4
2013-07-11 20:30 - 2013-05-31 00:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 20:29 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 20:29 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 20:29 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 20:29 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 20:29 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 20:29 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 20:29 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 20:29 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 20:29 - 2013-06-12 00:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 20:29 - 2013-06-12 00:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 20:29 - 2013-06-12 00:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 20:29 - 2013-06-12 00:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 20:29 - 2013-06-12 00:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 20:29 - 2013-06-12 00:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 20:29 - 2013-06-12 00:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 20:29 - 2013-06-12 00:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 20:29 - 2013-06-12 00:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 20:29 - 2013-06-01 10:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 20:29 - 2013-06-01 10:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 20:29 - 2013-05-04 07:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 20:29 - 2013-05-04 05:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 20:29 - 2013-04-11 23:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 20:29 - 2013-04-11 23:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-07 17:32 - 2012-04-20 16:40 - 00196440 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2013-07-05 12:01 - 2013-05-15 23:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-07-04 16:18 - 2013-07-04 16:18 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Acronis
2013-07-03 15:14 - 2013-07-26 22:05 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 15:14 - 2013-07-26 21:24 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 15:14 - 2013-07-13 09:25 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-03 15:14 - 2013-07-12 18:19 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-03 15:14 - 2013-07-12 18:19 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-01 17:28 - 2013-07-01 17:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-01 17:21 - 2013-07-01 17:21 - 00000000 ____D C:\_OTL
2013-07-01 17:18 - 2013-07-01 17:18 - 00602112 _____ (OldTimer Tools) C:\Users\Linda\Downloads\OTL (1).exe
2013-07-01 16:03 - 2013-07-04 16:42 - 00000000 ____D C:\ProgramData\Acronis
2013-07-01 16:03 - 2013-07-01 16:03 - 01462560 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tdrpman.sys
2013-07-01 16:03 - 2013-07-01 16:03 - 01120032 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib.sys
2013-07-01 16:03 - 2013-07-01 16:03 - 00367200 _____ (Acronis) C:\Windows\system32\Drivers\afcdp.sys
2013-07-01 16:03 - 2013-07-01 16:03 - 00233760 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2013-07-01 16:03 - 2013-07-01 16:03 - 00183224 _____ (Acronis) C:\Windows\system32\Drivers\tib_mounter.sys
2013-07-01 16:03 - 2013-07-01 16:03 - 00108832 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\fltsrv.sys
2013-07-01 16:03 - 2013-07-01 16:03 - 00001203 _____ C:\Users\Public\Desktop\True Image 2013.lnk
2013-07-01 15:58 - 2013-07-01 16:00 - 273084272 _____ C:\Users\Linda\Downloads\ATIH2013_6514_en-US (2).exe
2013-07-01 15:58 - 2013-07-01 15:59 - 273084272 _____ C:\Users\Linda\Downloads\ATIH2013_6514_en-US (1).exe
2013-07-01 13:52 - 2013-07-01 13:53 - 273084272 _____ C:\Users\Linda\Downloads\ATIH2013_6514_en-US.exe
2013-07-01 13:46 - 2013-07-01 13:46 - 00147262 _____ C:\Users\Linda\Downloads\OTL.Txt
2013-07-01 13:46 - 2013-07-01 13:46 - 00045122 _____ C:\Users\Linda\Downloads\Extras.Txt
2013-06-30 21:55 - 2013-07-01 09:24 - 00000000 ____D C:\Users\Linda\AppData\Local\Windows Live
2013-06-30 21:18 - 2013-06-30 21:18 - 00000000 ____D C:\Users\Linda\AppData\Local\Microsoft Help
2013-06-30 19:55 - 2013-07-26 10:01 - 00023814 _____ C:\Windows\system32\lvcoinst.log
2013-06-30 19:55 - 2013-06-30 19:55 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-06-30 08:51 - 2013-06-30 08:51 - 00000000 ____D C:\Windows\ERUNT
2013-06-30 08:51 - 2013-06-30 08:51 - 00000000 ____D C:\JRT
2013-06-30 08:47 - 2013-06-30 08:47 - 00000981 _____ C:\AdwCleaner[S1].txt
2013-06-30 04:01 - 2013-06-30 08:25 - 00000000 ___RD C:\Windows\BrowserChoice
2013-06-30 03:08 - 2013-07-11 20:39 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-06-29 18:47 - 2013-06-29 18:47 - 00000000 _____ C:\Recovery.txt
2013-06-29 17:06 - 2013-06-29 17:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2013-06-29 16:48 - 2013-07-26 22:06 - 00004986 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LINDA-STUDY-Linda Linda-study
2013-06-29 16:20 - 2013-07-26 18:37 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-06-29 15:48 - 2013-06-29 15:48 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Malwarebytes
2013-06-29 15:47 - 2013-06-29 15:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-29 15:47 - 2013-06-29 15:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-29 15:47 - 2013-06-29 15:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-29 15:47 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-06-29 15:37 - 2013-06-29 15:37 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-06-29 15:37 - 2013-06-29 15:37 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-06-29 15:37 - 2013-06-29 15:37 - 00000000 ____D C:\Program Files\CCleaner
2013-06-29 15:36 - 2013-06-29 15:36 - 04396440 _____ (Piriform Ltd) C:\Users\Linda\Downloads\ccsetup403.exe
2013-06-29 15:33 - 2013-06-29 15:33 - 00000000 ____D C:\Users\Linda\Documents\Clinical
2013-06-29 15:25 - 2013-06-29 16:33 - 1495540736 _____ C:\Users\Linda\Desktop\backup.pst
2013-06-29 15:23 - 2013-06-29 15:23 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2013-06-29 14:52 - 2013-06-29 14:52 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-06-29 14:52 - 2012-11-10 10:56 - 00223592 _____ (EldoS Corporation) C:\Windows\SysWOW64\CbFsNetRdr3.dll
2013-06-29 14:52 - 2012-11-10 10:56 - 00141672 _____ (EldoS Corporation) C:\Windows\system32\CbFsNetRdr3.dll
2013-06-29 14:52 - 2012-11-10 10:55 - 00190312 _____ (EldoS Corporation) C:\Windows\system32\CbFsMntNtf3.dll
2013-06-29 14:52 - 2012-11-10 10:55 - 00158056 _____ (EldoS Corporation) C:\Windows\SysWOW64\CbFsMntNtf3.dll
2013-06-29 14:52 - 2012-11-10 10:50 - 00352008 _____ (EldoS Corporation) C:\Windows\system32\Drivers\cbfs3.sys
2013-06-29 14:51 - 2013-07-26 22:06 - 00000000 ____D C:\Users\Linda\AppData\Local\Livedrive
2013-06-29 14:51 - 2013-06-29 14:52 - 00000000 ____D C:\Program Files (x86)\Livedrive
2013-06-29 14:51 - 2013-06-29 14:51 - 11284632 _____ (Livedrive Internet Ltd) C:\Users\Linda\Downloads\Livedrive-knowhow.exe
2013-06-29 14:49 - 2013-04-09 06:33 - 00489576 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2013-06-29 14:49 - 2013-04-09 06:33 - 00446792 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2013-06-29 14:49 - 2013-04-09 06:33 - 00253544 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2013-06-29 14:49 - 2013-04-09 06:20 - 00306952 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_10ec.dll
2013-06-29 14:49 - 2013-04-09 06:20 - 00086280 _____ (Microsoft Corporation) C:\Windows\system32\kdnet.dll
2013-06-29 14:49 - 2013-04-09 06:18 - 00077960 _____ (Microsoft Corporation) C:\Windows\system32\kdvm.dll
2013-06-29 14:49 - 2013-04-09 06:17 - 01829408 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-06-29 14:49 - 2013-04-09 05:52 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-06-29 14:49 - 2013-04-09 05:52 - 00804352 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2013-06-29 14:49 - 2013-04-09 05:52 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-06-29 14:49 - 2013-04-09 05:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-06-29 14:49 - 2013-04-09 05:52 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2013-06-29 14:49 - 2013-04-09 05:51 - 14267904 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-06-29 14:49 - 2013-04-09 05:51 - 03552768 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-06-29 14:49 - 2013-04-09 05:51 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2013-06-29 14:49 - 2013-04-09 05:51 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2013-06-29 14:49 - 2013-04-09 05:51 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-06-29 14:49 - 2013-04-09 05:51 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-06-29 14:49 - 2013-04-09 05:51 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2013-06-29 14:49 - 2013-04-09 05:50 - 02107904 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-06-29 14:49 - 2013-04-09 05:50 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2013-06-29 14:49 - 2013-04-09 05:50 - 00745984 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-06-29 14:49 - 2013-04-09 05:50 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-06-29 14:49 - 2013-04-09 05:50 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-06-29 14:49 - 2013-04-09 05:50 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\GenuineCenter.dll
2013-06-29 14:49 - 2013-04-09 05:50 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2013-06-29 14:49 - 2013-04-09 05:50 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-06-29 14:49 - 2013-04-09 05:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2013-06-29 14:49 - 2013-04-09 05:49 - 01444864 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2013-06-29 14:49 - 2013-04-09 05:49 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-06-29 14:49 - 2013-04-09 05:49 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2013-06-29 14:49 - 2013-04-09 05:49 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2013-06-29 14:49 - 2013-04-09 05:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\fhengine.dll
2013-06-29 14:49 - 2013-04-09 05:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2013-06-29 14:49 - 2013-04-09 05:49 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll
2013-06-29 14:49 - 2013-04-09 05:49 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2013-06-29 14:49 - 2013-04-09 05:49 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\fmifs.dll
2013-06-29 14:49 - 2013-04-09 05:48 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2013-06-29 14:49 - 2013-04-09 03:34 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2013-06-29 14:49 - 2013-04-09 03:34 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-06-29 14:49 - 2013-04-09 03:34 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2013-06-29 14:49 - 2013-04-09 03:33 - 00623104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-06-29 14:49 - 2013-04-09 03:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2013-06-29 14:49 - 2013-04-09 03:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2013-06-29 14:49 - 2013-04-09 03:31 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2013-06-29 14:49 - 2013-04-09 03:31 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2013-06-29 14:49 - 2013-04-09 00:44 - 00123880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-06-29 14:49 - 2013-04-09 00:39 - 01408896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-06-29 14:49 - 2013-04-09 00:37 - 00426024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-06-29 14:49 - 2013-04-09 00:37 - 00324368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-06-29 14:49 - 2013-04-08 22:52 - 11878912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-06-29 14:49 - 2013-04-08 22:52 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-06-29 14:49 - 2013-04-08 22:52 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-06-29 14:49 - 2013-04-08 22:52 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-06-29 14:49 - 2013-04-08 22:52 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-06-29 14:49 - 2013-04-08 22:51 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 01593344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 01113600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 00659456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 00403968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-06-29 14:49 - 2013-04-08 22:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-06-29 14:49 - 2013-04-05 00:30 - 00503080 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2013-06-29 14:49 - 2013-03-15 23:05 - 00298456 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2013-06-29 14:49 - 2013-03-15 23:05 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-06-29 14:49 - 2013-03-02 11:39 - 00069864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2013-06-29 14:49 - 2013-03-02 03:43 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2013-06-29 14:49 - 2013-02-07 02:33 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-06-29 14:49 - 2013-01-29 02:57 - 00035232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-06-29 14:49 - 2013-01-29 00:08 - 00230904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-06-29 14:48 - 2013-06-29 14:48 - 02286864 _____ (Livedrive Internet Limited) C:\Users\Linda\Downloads\Livedrive-Restore (1).exe
2013-06-29 14:48 - 2013-05-15 23:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-06-29 14:48 - 2013-05-15 23:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-06-29 14:48 - 2013-05-14 14:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-06-29 14:48 - 2013-05-14 10:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-29 14:48 - 2013-04-28 23:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-06-29 14:48 - 2013-02-21 11:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-29 14:48 - 2013-02-21 11:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-29 14:48 - 2013-02-21 11:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-29 14:48 - 2013-02-21 11:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-29 14:48 - 2013-02-21 11:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-06-29 14:48 - 2013-02-21 11:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-06-29 14:48 - 2013-02-19 10:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-06-29 14:28 - 2013-07-26 21:59 - 00000000 ____D C:\Users\Linda\Documents\Outlook Files
2013-06-29 13:54 - 2013-06-29 13:54 - 00000020 ___SH C:\Users\Ronny\ntuser.ini
2013-06-29 13:54 - 2013-06-29 13:54 - 00000000 ____D C:\Users\Ronny
2013-06-29 13:19 - 2013-07-23 10:42 - 00000000 ____D C:\Program Files\My Dell
2013-06-29 13:19 - 2013-06-29 13:19 - 00003990 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-06-29 13:19 - 2013-06-29 13:19 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-06-29 13:19 - 2013-06-29 13:19 - 00003202 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-06-29 13:19 - 2013-06-29 13:19 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2013-06-29 13:16 - 2013-06-29 13:18 - 00000000 ____D C:\Users\Linda\AppData\Roaming\PCDr
2013-06-29 09:04 - 2013-06-29 09:04 - 00000000 ____D C:\Program Files (x86)\Acronis
2013-06-29 08:57 - 2013-07-18 12:05 - 00000000 ____D C:\Users\Linda\Desktop\HP Desktop - software
2013-06-29 08:51 - 2013-07-26 22:05 - 00008570 _____ C:\Users\Public\CAFADEBUG.log
2013-06-28 19:48 - 2013-06-28 20:22 - 00000000 ____D C:\Users\Linda\Documents\ION
2013-06-28 19:10 - 2013-07-10 12:09 - 00000000 ____D C:\Users\Linda\Documents\App4health
2013-06-28 19:09 - 2013-04-16 03:34 - 01455368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-06-28 19:08 - 2012-11-10 05:22 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\RDWebAI.dll
2013-06-28 19:08 - 2012-11-10 05:22 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\VmHostAI.dll
2013-06-28 19:08 - 2012-11-10 05:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\appserverai.dll
2013-06-28 19:07 - 2013-06-29 14:50 - 00000000 ____D C:\Program Files (x86)\Livedrive Restore
2013-06-28 19:07 - 2012-11-10 05:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-06-28 19:07 - 2012-11-10 05:23 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2013-06-28 19:06 - 2013-06-29 14:52 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Livedrive Internet Limited
2013-06-28 19:06 - 2013-06-28 19:06 - 02286864 _____ (Livedrive Internet Limited) C:\Users\Linda\Downloads\Livedrive-Restore.exe
2013-06-28 19:04 - 2013-03-02 11:57 - 00332520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-06-28 19:04 - 2013-03-02 11:57 - 00077544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2013-06-28 19:04 - 2013-03-02 11:45 - 00148712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2013-06-28 19:04 - 2013-03-02 11:39 - 00495336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2013-06-28 19:04 - 2013-03-02 11:39 - 00327912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-06-28 19:04 - 2013-03-02 09:23 - 01338880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-28 19:04 - 2013-03-02 09:23 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2013-06-28 19:04 - 2013-03-02 09:23 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2013-06-28 19:04 - 2013-03-02 09:23 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2013-06-28 19:04 - 2013-03-02 09:23 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-06-28 19:04 - 2013-03-02 09:23 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
2013-06-28 19:04 - 2013-03-02 09:22 - 05091840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-28 19:04 - 2013-03-02 09:22 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2013-06-28 19:04 - 2013-03-02 09:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2013-06-28 19:04 - 2013-03-02 09:21 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2013-06-28 19:04 - 2013-03-02 09:21 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2013-06-28 19:04 - 2013-03-02 03:45 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-28 19:04 - 2013-03-02 03:45 - 01161728 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-06-28 19:04 - 2013-03-02 03:45 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2013-06-28 19:04 - 2013-03-02 03:45 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2013-06-28 19:04 - 2013-03-02 03:45 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2013-06-28 19:04 - 2013-03-02 03:45 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2013-06-28 19:04 - 2013-03-02 03:45 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2013-06-28 19:04 - 2013-03-02 03:45 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2013-06-28 19:04 - 2013-03-02 03:45 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2013-06-28 19:04 - 2013-03-02 03:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2013-06-28 19:04 - 2013-03-02 03:45 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\WSDPrintProxy.DLL
2013-06-28 19:04 - 2013-03-02 03:44 - 05978624 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-06-28 19:04 - 2013-03-02 03:44 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2013-06-28 19:04 - 2013-03-02 03:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2013-06-28 19:04 - 2013-03-02 03:44 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-06-28 19:04 - 2013-03-02 03:44 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\discan.dll
2013-06-28 19:04 - 2013-03-02 03:44 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-06-28 19:04 - 2013-03-02 03:44 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\NdisImPlatform.dll
2013-06-28 19:04 - 2013-03-02 03:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\DevDispItemProvider.dll
2013-06-28 19:04 - 2013-03-02 03:43 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2013-06-28 19:04 - 2013-03-02 03:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2013-06-28 19:04 - 2013-03-01 05:56 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2013-06-28 19:03 - 2013-07-03 15:14 - 00000000 ____D C:\Users\Linda\AppData\Local\Google
2013-06-28 19:03 - 2013-07-03 15:14 - 00000000 ____D C:\Users\Linda\AppData\Local\Deployment
2013-06-28 19:03 - 2013-07-03 15:14 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-28 19:03 - 2013-06-28 19:03 - 00000000 ____D C:\Users\Linda\AppData\Local\Apps\2.0
2013-06-28 18:57 - 2013-03-02 10:59 - 00411880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-06-28 18:55 - 2013-07-26 22:06 - 00000000 ___RD C:\Users\Linda\SkyDrive
2013-06-28 18:55 - 2013-07-02 16:47 - 00002264 _____ C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-06-28 18:55 - 2013-06-28 18:55 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2013-06-28 18:55 - 2013-06-28 18:55 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2013-06-28 18:55 - 2013-05-31 00:24 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-06-28 18:55 - 2013-05-31 00:08 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-06-28 18:55 - 2013-05-24 00:01 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-06-28 18:55 - 2013-05-23 23:27 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-06-28 18:54 - 2013-05-04 07:59 - 13644288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2013-06-28 18:54 - 2013-05-04 07:59 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-06-28 18:54 - 2013-05-04 07:59 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2013-06-28 18:54 - 2013-05-04 07:59 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-06-28 18:54 - 2013-05-04 07:58 - 10116096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-06-28 18:54 - 2013-05-04 07:58 - 01332736 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2013-06-28 18:54 - 2013-05-04 07:58 - 00470528 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2013-06-28 18:54 - 2013-05-04 07:58 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2013-06-28 18:54 - 2013-05-04 07:57 - 02305024 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-06-28 18:54 - 2013-05-04 07:57 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2013-06-28 18:54 - 2013-05-04 07:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\BCP47Langs.dll
2013-06-28 18:54 - 2013-05-04 05:57 - 10788864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-06-28 18:54 - 2013-05-04 05:57 - 08857088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-06-28 18:54 - 2013-05-04 05:57 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-06-28 18:54 - 2013-05-04 05:56 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-06-28 18:54 - 2013-05-04 05:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2013-06-28 18:54 - 2013-05-04 05:47 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2013-06-28 18:53 - 2013-05-15 03:25 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2013-06-28 18:53 - 2013-05-15 03:25 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2013-06-28 18:53 - 2013-05-15 03:24 - 00793088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2013-06-28 18:53 - 2013-05-15 03:24 - 00482816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2013-06-28 18:53 - 2013-05-04 08:58 - 00120736 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2013-06-28 18:53 - 2013-05-04 08:34 - 00446720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-06-28 18:53 - 2013-05-04 08:34 - 00284416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2013-06-28 18:53 - 2013-05-04 08:30 - 00058312 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-06-28 18:53 - 2013-05-04 07:59 - 01619968 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-06-28 18:53 - 2013-05-04 07:59 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2013-06-28 18:53 - 2013-05-04 07:59 - 00251904 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-06-28 18:53 - 2013-05-04 07:59 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-06-28 18:53 - 2013-05-04 07:59 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-06-28 18:53 - 2013-05-04 07:59 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-06-28 18:53 - 2013-05-04 07:58 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2013-06-28 18:53 - 2013-05-04 07:58 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-06-28 18:53 - 2013-05-04 07:58 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2013-06-28 18:53 - 2013-05-04 07:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\netprofm.dll
2013-06-28 18:53 - 2013-05-04 07:58 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2013-06-28 18:53 - 2013-05-04 07:57 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2013-06-28 18:53 - 2013-05-04 07:57 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2013-06-28 18:53 - 2013-05-04 07:57 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2013-06-28 18:53 - 2013-05-04 07:57 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2013-06-28 18:53 - 2013-05-04 07:57 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\biwinrt.dll
2013-06-28 18:53 - 2013-05-04 07:57 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\muifontsetup.dll
2013-06-28 18:53 - 2013-05-04 07:56 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2013-06-28 18:53 - 2013-05-04 05:58 - 00758784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2013-06-28 18:53 - 2013-05-04 05:58 - 00621056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-06-28 18:53 - 2013-05-04 05:58 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-06-28 18:53 - 2013-05-04 05:58 - 00083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-06-28 18:53 - 2013-05-04 05:58 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-06-28 18:53 - 2013-05-04 05:57 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2013-06-28 18:53 - 2013-05-04 05:57 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2013-06-28 18:53 - 2013-05-04 05:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netprofm.dll
2013-06-28 18:53 - 2013-05-04 05:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\npmproxy.dll
2013-06-28 18:53 - 2013-05-04 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\muifontsetup.dll
2013-06-28 18:53 - 2013-05-04 05:56 - 00449536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2013-06-28 18:53 - 2013-05-04 05:56 - 00411136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2013-06-28 18:53 - 2013-05-04 05:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2013-06-28 18:53 - 2013-05-04 05:55 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-06-28 18:53 - 2013-05-04 05:51 - 00014848 _____ (Microsoft) C:\Windows\system32\rars.rs
2013-06-28 18:53 - 2013-05-04 05:10 - 00014848 _____ (Microsoft) C:\Windows\SysWOW64\rars.rs
2013-06-28 18:53 - 2013-04-24 00:13 - 01013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-28 18:53 - 2013-04-24 00:12 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-28 18:53 - 2013-04-24 00:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-28 18:53 - 2013-04-23 23:56 - 01255936 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-28 18:53 - 2013-04-23 23:55 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-28 18:53 - 2013-04-23 23:55 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-28 18:53 - 2013-04-23 23:55 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-28 18:53 - 2013-03-02 03:45 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-06-28 18:53 - 2013-03-02 03:45 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\taskhostex.exe
2013-06-28 18:53 - 2013-03-02 03:45 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-06-28 18:50 - 2013-03-06 07:31 - 19758592 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-06-28 18:50 - 2013-03-06 06:03 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-06-28 18:50 - 2013-03-02 09:23 - 00375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2013-06-28 18:50 - 2013-03-02 03:44 - 01011200 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2013-06-28 18:50 - 2013-02-12 01:17 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-06-28 18:50 - 2013-02-05 23:29 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2013-06-28 18:50 - 2013-02-05 23:28 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2013-06-28 18:50 - 2013-02-02 12:19 - 00496872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-06-28 18:50 - 2013-02-02 12:19 - 00061672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys
2013-06-28 18:50 - 2013-02-02 11:54 - 01933544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-06-28 18:50 - 2013-02-02 09:40 - 00410624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlroamextension.dll
2013-06-28 18:50 - 2013-02-02 09:40 - 00370688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2013-06-28 18:50 - 2013-02-02 09:40 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2013-06-28 18:50 - 2013-02-02 09:40 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2013-06-28 18:50 - 2013-02-02 09:40 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tasklist.exe
2013-06-28 18:50 - 2013-02-02 09:40 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskkill.exe
2013-06-28 18:50 - 2013-02-02 09:39 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-06-28 18:50 - 2013-02-02 09:39 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-06-28 18:50 - 2013-02-02 09:39 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmproxy.dll
2013-06-28 18:50 - 2013-02-02 09:39 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlmsprep.dll
2013-06-28 18:50 - 2013-02-02 09:38 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2013-06-28 18:50 - 2013-02-02 09:24 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\taskkill.exe
2013-06-28 18:50 - 2013-02-02 09:24 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\tasklist.exe
2013-06-28 18:50 - 2013-02-02 09:23 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2013-06-28 18:50 - 2013-02-02 09:23 - 00543232 _____ (Microsoft Corporation) C:\Windows\system32\wlroamextension.dll
2013-06-28 18:50 - 2013-02-02 09:23 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2013-06-28 18:50 - 2013-02-02 09:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2013-06-28 18:50 - 2013-02-02 09:23 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2013-06-28 18:50 - 2013-02-02 09:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2013-06-28 18:50 - 2013-02-02 09:21 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-06-28 18:50 - 2013-02-02 09:21 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-06-28 18:50 - 2013-02-02 09:20 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2013-06-28 18:50 - 2013-02-02 09:20 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\hotspotauth.dll
2013-06-28 18:50 - 2013-02-02 08:25 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2013-06-28 18:50 - 2013-02-02 06:41 - 01437184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-06-28 18:50 - 2013-02-02 06:31 - 01690624 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2013-06-28 18:50 - 2012-12-15 05:55 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2013-06-28 18:50 - 2012-10-24 04:25 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2013-06-28 18:50 - 2012-10-24 03:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2013-06-28 18:49 - 2013-04-27 06:20 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-28 18:49 - 2013-04-03 00:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-28 18:49 - 2013-04-03 00:12 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-28 18:49 - 2013-03-22 04:49 - 02382336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-06-28 18:49 - 2013-03-21 23:47 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-06-28 18:49 - 2013-03-15 01:17 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2013-06-28 18:49 - 2013-03-06 08:10 - 00112872 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-06-28 18:49 - 2013-03-06 07:31 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-06-28 18:49 - 2013-03-06 07:29 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-06-28 18:49 - 2013-03-06 06:03 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-06-28 18:48 - 2013-06-28 18:48 - 00571576 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\Setup.x86.en-US_HomeBusinessRetail_m7qgn-bkd8c-h9ypj-w9vkk-frdtp_TX_DB_.exe
2013-06-28 18:48 - 2013-06-28 18:48 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-06-28 18:35 - 2013-06-30 22:19 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-746366360-4130465092-240824867-1002
2013-06-28 18:29 - 2013-06-28 18:29 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Intel Corporation
2013-06-28 18:28 - 2013-07-06 06:26 - 00000000 ___RD C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-28 18:28 - 2013-07-06 06:26 - 00000000 ___RD C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-06-28 18:28 - 2013-06-29 19:40 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-06-28 18:28 - 2013-06-28 18:28 - 00001432 _____ C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-06-28 18:28 - 2013-06-28 18:28 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Macromedia
2013-06-28 18:28 - 2013-06-28 18:28 - 00000000 ____D C:\Users\Linda\AppData\Roaming\Adobe
2013-06-28 18:28 - 2013-06-28 18:28 - 00000000 ____D C:\Users\Linda\AppData\Local\Power2Go8
2013-06-28 18:28 - 2013-06-28 18:28 - 00000000 ____D C:\Users\Linda\AppData\Local\Conexant
2013-06-28 18:27 - 2013-07-26 13:30 - 00000000 ____D C:\Users\Linda\AppData\Local\Packages
2013-06-28 18:27 - 2013-07-01 16:09 - 00000000 ____D C:\Users\Linda\AppData\Local\VirtualStore
2013-06-28 18:27 - 2013-06-30 08:25 - 00000000 ____D C:\ProgramData\PRICache
2013-06-28 18:26 - 2013-06-29 19:32 - 00000000 ___RD C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-06-28 18:26 - 2013-06-29 19:32 - 00000000 ___RD C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-06-28 18:26 - 2013-06-29 19:32 - 00000000 ___RD C:\Users\Linda\AppData\Roaming\Micro
Last edited by a moderator:
Fiery
Level 1
- Jan 11, 2011
- 2,007
Hi,
Please attach the FRST log as an attachment like you did for the OTL log?
Lastly, remove any left over malicious files with HitmanPro
<ol>
<li>This step can be performed in <>Normal Mode</> ,so please <>download the latest official version of HitmanPro</>.
<a href="http://malwaretips.com/download-hitmanpro" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li><>Double click on the previously downloaded file</> to start the HitmanPro installation.
<img title="HitmanPro Installer" src="http://malwaretips.com/images/removalguide/hpro1.png" alt="[Image: hitmanpro-icon.png]" width="54" height="58" border="0" />
<>IF</> you are experiencing problems while trying to starting HitmanPro, you can use the "<em>Force Breach</em>" mode.To start this program in Force Breach mode,<> hold down the left CTRL-key when you start HitmanPro</> and all non-essential processes are terminated, including the malware process. (<a href="http://www.youtube.com/watch?feature=player_embedded&v=m6eRWTv2STk" target="_blank">How to start HitmanPro in Force Breach mode - Video</a>)</li>
<li>Click on <>Next </>to install HitmanPro on your system.
<img title="HitmanPro installation process" src="http://malwaretips.com/images/removalguide/hpro2.png" alt="[Image: installing-hitmanpro.png]" width="532" height="421" border="0" /></li>
<li>The setup screen is displayed, from which you can decide whether you wish to install HitmanPro on your machine or just perform a one-time scan, select a option then click on <>Next </>to start a system scan.
<img title="HitmanPro setup options" src="http://malwaretips.com/images/removalguide/hpro3.png" alt="[Image: hitmanpro-setup-options.png]" width="532" height="421" border="0" /></li>
<li>HitmanPro will start scanning your system for malicious files. Depending on the the size of your hard drive, and the performance of your computer, this step will take several minutes.
<img title="HitmanPro scanning for Win 8 Security System" src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanpro-scanning.png]" width="532" height="421" border="0" /></li>
<li>Once the scan is complete,a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</>.
<img title="HitmanPro Win 8 Security System scan results" src="http://malwaretips.com/images/removalguide/hpro5.png" alt="[Image: hitmanpro-scan-results.png]" width="532" height="421" border="0" /></li>
<li>Click <>Activate free license </>to start the free 30 days trial and remove the malicious files.
<img title="Activate HitmanPro free license to remove detected infections" src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanpro-activation.png]" width="532" height="421" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.</li>
</ol>
<h2>Double check for other malicious files with Emsisoft Emergency Kit</h2>
<ol>
<li>You can download the latest official version of Emsisoft Emergency Kit from the below link.
<a href="http://malwaretips.com/download-emsisoft" rel="nofollow" target="_blank"> <>EMSISOFT EMERGENCY KIT DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)</em></li>
<li>After the download process will finish , you'll need to <span style="font-weight: bold;">unpack EmsisoftEmergencyKit.zip</span>
<img title="Unpack EmsisoftEmergencyKit.zip" src="http://malwaretips.com/images/removalguide/ekk-zip-image.png" alt="Unpack Emsisoft Emergency Kit" width="319" height="109" /></li>
<li>Open the Emsisoft Emergency Kit folder and double click <>EmergencyKitScanner.bat</>.
<img title="Double click on EmergencyKitScanner.bat" src="http://malwaretips.com/images/removalguide/ekk-batfile.png" alt="Click on EmergencyKitScanner.bat" width="396" height="141" /></li>
<li>A pop-up will prompt you to update Emsisoft Emergency Kit,and you'll need to click the <>Yes</> button to allow this request.
<img title="Update Emsisoft Emergency Kit definitions" src="http://malwaretips.com/images/removalguide/eek-update.png" alt="Update Emsisoft Emergency Kit" width="360" height="139" /></li>
<li>After the Update process has completed,click on the <>Menu</> tab and then select <>Scan PC</>.
<img title="Go to the Scan tab to start a system scan" src="http://malwaretips.com/images/removalguide/ekk-scan.png" alt="Scan tab on Emsisoft Emergency Kit" width="479" height="346" /></li>
<li>Select <>Smart scan</> and click on the <>SCAN</> button to search for Vista Defender malicious files.
<img title="Start a Emsisoft Emergency Kit Smart scan" src="http://malwaretips.com/images/removalguide/ekk-smart-scan.png" alt="Emsisoft Emergency Kit smart scan" width="480" height="345" /></li>
<li>Emsisoft will now start scanning your computer for malicious files.When the scan will be completed,you will be presented with a screen showing you the infections that Emsisoft has detected.
Make sure that everything is <>Checked (ticked)</> and then click on <>Quarantine selected objects</>.
<img title="Emsisoft Scan results" src="http://malwaretips.com/images/removalguide/eek-scan-results.png" alt="Emsisoft smart scan results" width="480" height="345" /></li>
<li>Emsisoft Emergency Kit will now start removing the malicious files.If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.</li>
</ol>
Please attach the FRST log as an attachment like you did for the OTL log?
Lastly, remove any left over malicious files with HitmanPro
<ol>
<li>This step can be performed in <>Normal Mode</> ,so please <>download the latest official version of HitmanPro</>.
<a href="http://malwaretips.com/download-hitmanpro" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li><>Double click on the previously downloaded file</> to start the HitmanPro installation.
<img title="HitmanPro Installer" src="http://malwaretips.com/images/removalguide/hpro1.png" alt="[Image: hitmanpro-icon.png]" width="54" height="58" border="0" />
<>IF</> you are experiencing problems while trying to starting HitmanPro, you can use the "<em>Force Breach</em>" mode.To start this program in Force Breach mode,<> hold down the left CTRL-key when you start HitmanPro</> and all non-essential processes are terminated, including the malware process. (<a href="http://www.youtube.com/watch?feature=player_embedded&v=m6eRWTv2STk" target="_blank">How to start HitmanPro in Force Breach mode - Video</a>)</li>
<li>Click on <>Next </>to install HitmanPro on your system.
<img title="HitmanPro installation process" src="http://malwaretips.com/images/removalguide/hpro2.png" alt="[Image: installing-hitmanpro.png]" width="532" height="421" border="0" /></li>
<li>The setup screen is displayed, from which you can decide whether you wish to install HitmanPro on your machine or just perform a one-time scan, select a option then click on <>Next </>to start a system scan.
<img title="HitmanPro setup options" src="http://malwaretips.com/images/removalguide/hpro3.png" alt="[Image: hitmanpro-setup-options.png]" width="532" height="421" border="0" /></li>
<li>HitmanPro will start scanning your system for malicious files. Depending on the the size of your hard drive, and the performance of your computer, this step will take several minutes.
<img title="HitmanPro scanning for Win 8 Security System" src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanpro-scanning.png]" width="532" height="421" border="0" /></li>
<li>Once the scan is complete,a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</>.
<img title="HitmanPro Win 8 Security System scan results" src="http://malwaretips.com/images/removalguide/hpro5.png" alt="[Image: hitmanpro-scan-results.png]" width="532" height="421" border="0" /></li>
<li>Click <>Activate free license </>to start the free 30 days trial and remove the malicious files.
<img title="Activate HitmanPro free license to remove detected infections" src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanpro-activation.png]" width="532" height="421" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.</li>
</ol>
<h2>Double check for other malicious files with Emsisoft Emergency Kit</h2>
<ol>
<li>You can download the latest official version of Emsisoft Emergency Kit from the below link.
<a href="http://malwaretips.com/download-emsisoft" rel="nofollow" target="_blank"> <>EMSISOFT EMERGENCY KIT DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download Emsisoft Emergency Kit)</em></li>
<li>After the download process will finish , you'll need to <span style="font-weight: bold;">unpack EmsisoftEmergencyKit.zip</span>
<img title="Unpack EmsisoftEmergencyKit.zip" src="http://malwaretips.com/images/removalguide/ekk-zip-image.png" alt="Unpack Emsisoft Emergency Kit" width="319" height="109" /></li>
<li>Open the Emsisoft Emergency Kit folder and double click <>EmergencyKitScanner.bat</>.
<img title="Double click on EmergencyKitScanner.bat" src="http://malwaretips.com/images/removalguide/ekk-batfile.png" alt="Click on EmergencyKitScanner.bat" width="396" height="141" /></li>
<li>A pop-up will prompt you to update Emsisoft Emergency Kit,and you'll need to click the <>Yes</> button to allow this request.
<img title="Update Emsisoft Emergency Kit definitions" src="http://malwaretips.com/images/removalguide/eek-update.png" alt="Update Emsisoft Emergency Kit" width="360" height="139" /></li>
<li>After the Update process has completed,click on the <>Menu</> tab and then select <>Scan PC</>.
<img title="Go to the Scan tab to start a system scan" src="http://malwaretips.com/images/removalguide/ekk-scan.png" alt="Scan tab on Emsisoft Emergency Kit" width="479" height="346" /></li>
<li>Select <>Smart scan</> and click on the <>SCAN</> button to search for Vista Defender malicious files.
<img title="Start a Emsisoft Emergency Kit Smart scan" src="http://malwaretips.com/images/removalguide/ekk-smart-scan.png" alt="Emsisoft Emergency Kit smart scan" width="480" height="345" /></li>
<li>Emsisoft will now start scanning your computer for malicious files.When the scan will be completed,you will be presented with a screen showing you the infections that Emsisoft has detected.
Make sure that everything is <>Checked (ticked)</> and then click on <>Quarantine selected objects</>.
<img title="Emsisoft Scan results" src="http://malwaretips.com/images/removalguide/eek-scan-results.png" alt="Emsisoft smart scan results" width="480" height="345" /></li>
<li>Emsisoft Emergency Kit will now start removing the malicious files.If during the removal process Emsisoft will display a message stating that it needs to reboot, please allow this request.</li>
</ol>
Last edited by a moderator:
Fiery said:
Hi Fiery,
I have attached the FRST log texts as you suggested and the Hitman Pro log. I will attach anything which the EMISOFT process records when the scan is complete.
Thanks
Ronny
Last edited by a moderator:
Ronny Munster said:
Hi Fiery,
I've attached the log from EMISOFT which as you will see is clean. However, having rebooted my PC I still have this when I open Chrome - I don't understand how it is still there even though I have run all these processes.
http://search.babylon.com/?affID=113480&tt=3012_5&babsrc=HP_ss_cr&mntrId=ac004cbf000000000000000ffe3f8b4f
Ronny
Last edited by a moderator:
Similar threads
- Locked
