Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trovi and KNCTR soft phone

Started by SallyMae , Nov 24 2014 01:53 PM

  • Please log in to reply

#1
SallyMae
Posted 24 November 2014 - 01:53 PM

SallyMae

    Member

  • Member
  • PipPip
  • 88 posts

I ran malwarebytes and it found these and claimed to have quarantined them but they are still on my computer and taking over my browser. There is no "uninstall" for the KNCTR phone and when I try to throw away the program files it says I can't because the folder or files are open in another program.  I can't figure out which program they are supposed to be open in since I shut down all windows and programs and tried deleting again but couldn't.  Trovi keeps taking over my browser.  I can't find it under any plugins in Mozilla Firefox.  Help!?  Please?

 

OTL Log:

 

OTL logfile created on: 11/24/2014 2:30:59 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Angela\Desktop\Cleanup and Computer Tools
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17416)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.45 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 45.86% Memory free
6.95 Gb Paging File | 4.59 Gb Available in Paging File | 66.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 426.10 Gb Total Space | 374.51 Gb Free Space | 87.89% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 23.72 Gb Free Space | 94.89% Space Free | Partition Type: NTFS
 
Computer Name: PEACHESANDCREAM | User Name: Angela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/11 01:46:55 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/10/30 12:24:49 | 000,166,296 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2014/10/16 17:13:12 | 001,360,672 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
PRC - [2014/10/10 16:15:59 | 001,942,424 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2014/10/10 16:15:58 | 000,156,568 | ---- | M] (APN LLC.) -- C:\Users\Angela\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/04/14 14:11:32 | 001,107,296 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2014/03/22 16:58:09 | 000,527,936 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/07/27 21:03:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Angela\Desktop\Cleanup and Computer Tools\OTL.exe
PRC - [2013/07/03 14:39:08 | 007,342,080 | ---- | M] () -- C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
PRC - [2013/05/23 16:23:54 | 000,568,912 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe
PRC - [2013/03/08 17:18:34 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
PRC - [2013/03/01 04:25:24 | 000,552,960 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331STI.EXE
PRC - [2012/12/14 00:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2012/09/27 16:08:08 | 000,989,352 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/09/27 16:04:44 | 001,087,648 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/09/27 16:02:40 | 001,279,120 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/08/31 10:32:14 | 000,452,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2012/03/28 07:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/11/22 19:53:28 | 001,327,440 | ---- | M] (Comfort Software Group) -- C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/15 11:05:50 | 000,188,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3be4139a741b447ab35a2c788a2f4559\UIAutomationTypes.ni.dll
MOD - [2014/11/14 12:21:44 | 000,797,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\be5959dd0b1b70812c8bd019e932678b\System.Runtime.Remoting.ni.dll
MOD - [2014/11/12 20:20:16 | 000,146,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\8e945b32dd6b4b00c900f6c01c0f3c62\System.Numerics.ni.dll
MOD - [2014/11/11 01:46:51 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/11/09 00:21:58 | 000,392,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\9b0c1539963f393f6641949a67757b8f\System.Xml.Linq.ni.dll
MOD - [2014/11/09 00:21:57 | 007,785,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll
MOD - [2014/11/09 00:21:48 | 001,874,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\6281ab590224520bad7c4f5b3ef37575\System.Xaml.ni.dll
MOD - [2014/11/09 00:21:45 | 012,856,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\70c6bf4a51d18b4a9a1805cd48d1caad\System.Windows.Forms.ni.dll
MOD - [2014/11/09 00:20:53 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8efdc7a3726640f79d9333da88accaf8\System.Drawing.ni.dll
MOD - [2014/11/09 00:20:49 | 007,385,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\393d18ac0734febc7e5f0437f6af0555\System.Data.ni.dll
MOD - [2014/11/09 00:20:41 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\00fc7d14bbb38db00e4103912c041adf\System.Configuration.ni.dll
MOD - [2014/11/09 00:20:39 | 000,463,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\eb62bc6e97d1d2aafbf3a101d7f029e1\PresentationFramework.Aero2.ni.dll
MOD - [2014/11/09 00:20:38 | 018,744,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\377e9afc870e7d53922fbcfd6023b2f7\PresentationFramework.ni.dll
MOD - [2014/11/09 00:20:17 | 011,027,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1799dc618cfa61adb75b82311884c3d\PresentationCore.ni.dll
MOD - [2014/11/09 00:20:03 | 003,957,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\b8e2e79f70d09551560548cda72e2c51\WindowsBase.ni.dll
MOD - [2014/11/09 00:19:55 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\483443985708dc5439abe7fd6350abe4\System.Core.ni.dll
MOD - [2014/11/09 00:19:46 | 010,030,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll
MOD - [2014/09/24 02:24:28 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2014/04/14 13:17:38 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2014/04/14 13:17:14 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2014/02/17 22:46:30 | 000,643,948 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2013/07/03 14:39:08 | 007,342,080 | ---- | M] () -- C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/10/30 23:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/16 17:13:48 | 000,272,776 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe -- (LSCWinService)
SRV:64bit: - [2014/10/06 20:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/09/24 03:16:43 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/09/24 02:50:29 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/09/24 02:50:27 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/09/24 02:33:15 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/09/24 02:24:03 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/09/24 02:24:02 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/09/24 02:23:54 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/09/24 02:23:52 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/09/24 02:23:51 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/09/24 02:23:47 | 000,399,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/09/21 22:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/21 22:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/15 19:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/15 19:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/12/15 10:23:04 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/05/23 15:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/04/18 14:19:54 | 000,103,424 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe -- (AdaptiveSleepService)
SRV:64bit: - [2013/04/18 14:18:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013/03/04 19:25:20 | 000,202,400 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2012/12/14 00:18:48 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV - [2014/11/11 14:40:07 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/11 01:46:53 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/10/30 12:24:49 | 000,166,296 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2014/09/24 03:16:42 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/02/28 20:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/12/14 00:18:54 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/03/28 07:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/24 14:21:46 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/10/09 20:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/09/24 03:46:53 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/09/24 02:50:37 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/09/24 02:50:30 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/09/24 02:50:28 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/09/24 02:33:00 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/09/24 02:32:54 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/09/24 02:32:54 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/09/24 02:23:53 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/09/24 02:23:48 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/09/24 02:23:32 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/09/24 02:23:31 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/09/24 02:23:31 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/09/24 02:23:31 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/09/24 02:23:31 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/09/24 02:23:31 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/09/24 02:23:30 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/09/24 02:23:30 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/09/24 02:23:30 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/09/24 01:53:09 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/09/21 22:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/21 22:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/21 21:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/08/14 19:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/12/15 10:23:06 | 000,624,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/12/15 10:23:04 | 013,203,456 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/01 11:50:06 | 008,536,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL63a.SYS -- (BCM43XX)
DRV:64bit: - [2013/06/18 09:44:59 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2013/05/31 14:19:53 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2013/05/31 14:19:53 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2013/04/18 09:04:28 | 000,219,360 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2013/04/04 09:56:56 | 000,495,344 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/03/04 19:25:18 | 001,680,992 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2013/03/01 04:26:40 | 001,045,248 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/14 06:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/02/07 17:45:32 | 000,017,504 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdAS4.sys -- (AmdAS4)
DRV:64bit: - [2013/01/15 04:37:12 | 000,327,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/11/30 01:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/11/30 01:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/08/28 07:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/06/13 19:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5385CBC3-42D4-43F3-9A93-0AF3AC11F149}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{5385CBC3-42D4-43F3-9A93-0AF3AC11F149}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {5385CBC3-42D4-43F3-9A93-0AF3AC11F149}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5385CBC3-42D4-43F3-9A93-0AF3AC11F149}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...82390F1D3&SSPV=
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Trovi search"
FF - prefs.js..browser.search.selectedEngine: "Trovi search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.trovi.com...2390F1D3&SSPV="
FF - prefs.js..extensions.enabledAddons: feedly%40devhd:16.0.528
FF - prefs.js..extensions.enabledAddons: %7Be36db930-f18d-4449-b45f-e286cfb9e03a%7D:4.0.11120600
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:1.0.2
FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:11.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Angela\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/thinkorswim: C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/tossc: C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/03/26 11:23:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.17.1\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2013/11/21 18:07:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.17.1\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/11/21 14:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Extensions
[2014/10/16 16:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\3qar24mm.default-1375034615876\extension-data
[2014/10/16 16:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\3qar24mm.default-1375034615876\extension-data\[email protected]
[2014/11/13 15:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\3qar24mm.default-1375034615876\extensions
[2014/04/07 06:16:57 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\3qar24mm.default-1375034615876\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2013/11/21 17:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\gtar0ss4.default\extensions
[2013/11/15 13:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\Firefox\Profiles\y0vwe7me.default-1383676348612\extensions
[2013/11/21 18:07:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\SeaMonkey\Profiles\0eahbu6m.default\extensions
[2014/09/14 00:49:56 | 000,148,695 | ---- | M] () (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\3qar24mm.default-1375034615876\extensions\[email protected]
[2013/11/16 20:31:28 | 000,027,050 | ---- | M] () (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\3qar24mm.default-1375034615876\extensions\[email protected]
[2014/07/30 08:30:08 | 000,773,823 | ---- | M] () (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\3qar24mm.default-1375034615876\extensions\[email protected]
[2014/11/13 15:23:24 | 000,169,027 | ---- | M] () (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\3qar24mm.default-1375034615876\extensions\[email protected]
[2014/11/12 21:17:06 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\3qar24mm.default-1375034615876\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/09/27 21:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/11 01:46:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE (Vimicro)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AmazonMP3DownloaderHelper] C:\Users\Angela\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
O4 - HKCU..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKCU..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E694C85E-FF44-45D1-A9F3-6D4CD5FDCF63}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/24 14:29:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/11/24 12:08:45 | 000,000,000 | ---D | C] -- C:\Downloaded Videos
[2014/11/24 12:05:53 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Pro_PC_Cleaner
[2014/11/24 12:05:45 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\ProPCCleaner
[2014/11/24 12:04:52 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Itibiti
[2014/11/24 12:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
[2014/11/24 12:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Itibiti Soft Phone
[2014/11/24 11:00:15 | 000,000,000 | ---D | C] -- C:\Users\Angela\Desktop\Data
[2014/11/24 10:55:13 | 001,409,896 | ---- | C] (PortableApps.com) -- C:\Users\Angela\Desktop\GoogleChromePortable_39.0.2171.65_online.paf.exe
[2014/11/24 10:26:32 | 000,000,000 | ---D | C] -- C:\Users\Angela\Desktop\GoogleChromePortable
[2014/11/24 10:17:26 | 000,000,000 | ---D | C] -- C:\Users\Angela\Desktop\stuff stuff
[2014/11/23 18:51:59 | 000,000,000 | ---D | C] -- C:\Users\Angela\Desktop\Thingys
[2014/11/14 23:32:29 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/14 23:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/14 23:31:22 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2014/11/14 23:31:22 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2014/11/14 23:31:22 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2014/11/14 13:00:24 | 000,000,000 | -HSD | C] -- C:\Users\Angela\AppData\Local\EmieUserList
[2014/11/14 13:00:24 | 000,000,000 | -HSD | C] -- C:\Users\Angela\AppData\Local\EmieSiteList
[2014/11/14 13:00:24 | 000,000,000 | -HSD | C] -- C:\Users\Angela\AppData\Local\EmieBrowserModeList
[2014/11/14 12:55:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMIG
[2014/11/14 05:00:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2014/11/13 22:29:54 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Canon
[2014/11/13 22:29:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJQuickMenu
[2014/11/13 22:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2014/11/13 22:26:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJFAX
[2014/11/13 22:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX920 series User Registration
[2014/11/13 22:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2014/11/13 22:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2014/11/13 22:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2014/11/13 22:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX920 series Manual
[2014/11/13 22:16:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2014/11/13 22:16:02 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2014/11/13 22:15:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\STRING
[2014/11/13 22:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2014/11/13 22:12:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJETV
[2014/11/13 22:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2014/11/13 18:04:00 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\UserTesting
[2014/11/13 17:58:36 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\UserTestingPlugin
[2014/11/12 00:31:31 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\ElevatedDiagnostics
[2014/11/11 01:44:09 | 000,000,000 | ---D | C] -- C:\Users\Angela\Desktop\Kitchen Decor Unused Pics
[2014/11/08 23:49:38 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Email Hacking Incidents
[2014/11/08 23:23:10 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Journal
[2014/11/08 23:03:37 | 000,000,000 | ---D | C] -- C:\Users\Angela\Documents\Alcoholics Anonymous
[2014/11/08 21:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
[2014/11/08 21:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell
[2014/11/05 01:22:12 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/11/05 01:22:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2014/11/05 01:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2014/11/05 01:18:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2014/11/05 01:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/11/05 01:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/11/04 23:09:25 | 000,000,000 | ---D | C] -- C:\AMD
[2014/11/04 23:05:06 | 000,000,000 | ---D | C] -- C:\Users\Angela\OneDrive
[2014/11/04 23:00:47 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Identities
[2014/11/04 22:31:29 | 000,000,000 | --SD | C] -- C:\Users\Angela\AppData\Roaming\Microsoft
[2014/11/04 22:31:29 | 000,000,000 | R--D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/11/04 22:31:29 | 000,000,000 | R--D | C] -- C:\Users\Angela\Favorites
[2014/11/04 22:31:29 | 000,000,000 | R--D | C] -- C:\Users\Angela\Documents
[2014/11/04 22:31:29 | 000,000,000 | R--D | C] -- C:\Users\Angela\Desktop
[2014/11/04 22:31:29 | 000,000,000 | R--D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/11/04 22:31:29 | 000,000,000 | R--D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\AppData\Local\Temporary Internet Files
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Templates
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Start Menu
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\SendTo
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Recent
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\PrintHood
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\NetHood
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Documents\My Videos
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Documents\My Pictures
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Documents\My Music
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\My Documents
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Local Settings
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\AppData\Local\History
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Cookies
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\Application Data
[2014/11/04 22:31:29 | 000,000,000 | -HSD | C] -- C:\Users\Angela\AppData\Local\Application Data
[2014/11/04 22:31:29 | 000,000,000 | -H-D | C] -- C:\Users\Angela\AppData
[2014/11/04 22:31:29 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Temp
[2014/11/04 22:31:29 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Local\Microsoft
[2014/11/04 22:31:29 | 000,000,000 | ---D | C] -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/11/04 22:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2014/11/04 22:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
[2014/11/04 22:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2014/11/04 22:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2014/11/04 22:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Camera
[2014/11/04 22:23:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2014/10/29 20:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
[2014/10/29 20:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dolby Advanced Audio v2
[2014/10/29 20:48:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\AutoUpdateLicense
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/24 14:39:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/11/24 14:21:46 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/24 14:02:40 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/11/24 14:01:49 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2014/11/24 14:00:34 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/11/24 14:00:29 | 2960,556,032 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/24 12:42:18 | 008,200,459 | ---- | M] () -- C:\Users\Angela\Documents\100-6088_UHC_Admin_Guide_2014_hires.pdf
[2014/11/24 12:04:36 | 000,001,117 | ---- | M] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\KNCTR.lnk
[2014/11/24 12:01:42 | 001,824,731 | ---- | M] (                                                            ) -- C:\Users\Angela\Desktop\pegasus memory cleaner.exe
[2014/11/24 10:55:14 | 001,409,896 | ---- | M] (PortableApps.com) -- C:\Users\Angela\Desktop\GoogleChromePortable_39.0.2171.65_online.paf.exe
[2014/11/23 18:51:33 | 000,291,702 | ---- | M] () -- C:\Users\Angela\Desktop\Thingys.zip
[2014/11/18 14:41:07 | 000,141,776 | ---- | M] () -- C:\Users\Angela\Desktop\printscreen of paypal account showing payment in availa balance from collection agency charge.png
[2014/11/18 14:39:51 | 000,377,882 | ---- | M] () -- C:\Users\Angela\Desktop\pay pal showing balance after AFS collection agency payment 11_18_2014.oxps
[2014/11/18 07:49:52 | 000,485,415 | ---- | M] () -- C:\Users\Angela\Desktop\house for sale london road asheville.jpg
[2014/11/18 03:05:32 | 000,336,853 | ---- | M] () -- C:\Users\Angela\Desktop\manufactured housing appreciation stereotypes and data.pdf
[2014/11/16 16:25:33 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/11/16 16:25:33 | 000,731,650 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/11/16 16:25:33 | 000,135,726 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/11/15 23:12:40 | 000,212,467 | ---- | M] () -- C:\Users\Angela\Desktop\trazodone mayo clinic not with maoi.pdf
[2014/11/15 23:07:26 | 000,532,773 | ---- | M] () -- C:\Users\Angela\Desktop\trazodone mayo clinic not with maoi.oxps
[2014/11/15 01:16:14 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/15 01:16:13 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/14 19:49:29 | 000,357,129 | ---- | M] () -- C:\Users\Angela\Desktop\az for free program.oxps
[2014/11/14 19:48:23 | 000,435,172 | ---- | M] () -- C:\Users\Angela\Documents\list of meds qualify for az for free.oxps
[2014/11/14 19:39:16 | 000,492,710 | ---- | M] () -- C:\Users\Angela\Documents\seroquel sr savings program.oxps
[2014/11/14 19:35:39 | 000,295,291 | ---- | M] () -- C:\Users\Angela\Documents\campral non generic prices.oxps
[2014/11/14 19:34:31 | 000,290,089 | ---- | M] () -- C:\Users\Angela\Documents\Campral generic prices.oxps
[2014/11/14 12:09:34 | 000,362,544 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/11/13 22:24:31 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2014/11/11 20:10:03 | 000,023,936 | ---- | M] () -- C:\Users\Angela\Desktop\Letter to buncombe county ems.odt
[2014/11/09 17:53:13 | 000,262,455 | ---- | M] () -- C:\Users\Angela\Documents\lifetime likelihood of being victimized by crime March 1987 USDOJ.pdf
[2014/11/09 17:05:26 | 000,127,865 | ---- | M] () -- C:\Users\Angela\Documents\LockBumpingFactSheet  Home invasion figures.pdf
[2014/11/04 23:09:29 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SysNative\spu_storage.bin
[2014/11/04 22:48:11 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2014/11/04 22:48:11 | 000,020,958 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2014/11/04 22:47:52 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/11/04 22:24:49 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2014/11/04 22:24:49 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2014/11/04 22:24:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2014/11/02 16:27:31 | 003,752,104 | ---- | M] () -- C:\Users\Angela\Documents\The_World_Rebuilt-Peter_Howland-1951-253pgs-POL-PSY.sml Frank Buchman.pdf
[2014/10/30 16:51:47 | 002,917,600 | ---- | M] () -- C:\Users\Angela\Documents\SR400 photon counter manual.pdf
[2014/10/30 00:50:52 | 435,284,302 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2014/11/24 12:41:59 | 008,200,459 | ---- | C] () -- C:\Users\Angela\Documents\100-6088_UHC_Admin_Guide_2014_hires.pdf
[2014/11/24 12:04:36 | 000,001,117 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\KNCTR.lnk
[2014/11/24 12:01:41 | 001,824,731 | ---- | C] (                                                            ) -- C:\Users\Angela\Desktop\pegasus memory cleaner.exe
[2014/11/23 18:51:31 | 000,291,702 | ---- | C] () -- C:\Users\Angela\Desktop\Thingys.zip
[2014/11/18 14:41:07 | 000,141,776 | ---- | C] () -- C:\Users\Angela\Desktop\printscreen of paypal account showing payment in availa balance from collection agency charge.png
[2014/11/18 14:39:43 | 000,377,882 | ---- | C] () -- C:\Users\Angela\Desktop\pay pal showing balance after AFS collection agency payment 11_18_2014.oxps
[2014/11/18 07:49:52 | 000,485,415 | ---- | C] () -- C:\Users\Angela\Desktop\house for sale london road asheville.jpg
[2014/11/18 03:05:32 | 000,336,853 | ---- | C] () -- C:\Users\Angela\Desktop\manufactured housing appreciation stereotypes and data.pdf
[2014/11/15 23:12:40 | 000,212,467 | ---- | C] () -- C:\Users\Angela\Desktop\trazodone mayo clinic not with maoi.pdf
[2014/11/15 23:07:22 | 000,532,773 | ---- | C] () -- C:\Users\Angela\Desktop\trazodone mayo clinic not with maoi.oxps
[2014/11/14 19:49:25 | 000,357,129 | ---- | C] () -- C:\Users\Angela\Desktop\az for free program.oxps
[2014/11/14 19:48:19 | 000,435,172 | ---- | C] () -- C:\Users\Angela\Documents\list of meds qualify for az for free.oxps
[2014/11/14 19:39:13 | 000,492,710 | ---- | C] () -- C:\Users\Angela\Documents\seroquel sr savings program.oxps
[2014/11/14 19:35:36 | 000,295,291 | ---- | C] () -- C:\Users\Angela\Documents\campral non generic prices.oxps
[2014/11/14 19:34:27 | 000,290,089 | ---- | C] () -- C:\Users\Angela\Documents\Campral generic prices.oxps
[2014/11/13 22:26:35 | 000,098,048 | ---- | C] () -- C:\WINDOWS\SysWow64\CNC176BD.TBL
[2014/11/13 22:24:31 | 000,002,048 | ---- | C] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2014/11/12 11:44:56 | 000,389,176 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/11/11 16:46:13 | 000,023,936 | ---- | C] () -- C:\Users\Angela\Desktop\Letter to buncombe county ems.odt
[2014/11/09 17:53:13 | 000,262,455 | ---- | C] () -- C:\Users\Angela\Documents\lifetime likelihood of being victimized by crime March 1987 USDOJ.pdf
[2014/11/09 17:05:26 | 000,127,865 | ---- | C] () -- C:\Users\Angela\Documents\LockBumpingFactSheet  Home invasion figures.pdf
[2014/11/06 13:52:59 | 000,050,745 | ---- | C] () -- C:\WINDOWS\SysNative\srms.dat
[2014/11/04 23:00:53 | 000,001,453 | ---- | C] () -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/11/04 22:47:52 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2014/11/04 22:38:05 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/11/04 22:31:29 | 000,000,369 | ---- | C] () -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[2014/11/04 22:31:29 | 000,000,369 | ---- | C] () -- C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[2014/11/04 22:31:29 | 000,000,352 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/11/04 22:31:29 | 000,000,334 | ---- | C] () -- C:\Users\Angela\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/11/04 22:31:15 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2014/11/04 22:31:15 | 000,020,958 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2014/11/04 22:24:49 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job
[2014/11/04 22:24:49 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2014/11/04 22:24:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2014/11/04 22:24:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysNative\spu_storage.bin
[2014/11/02 16:27:29 | 003,752,104 | ---- | C] () -- C:\Users\Angela\Documents\The_World_Rebuilt-Peter_Howland-1951-253pgs-POL-PSY.sml Frank Buchman.pdf
[2014/10/30 16:51:46 | 002,917,600 | ---- | C] () -- C:\Users\Angela\Documents\SR400 photon counter manual.pdf
[2014/10/28 14:35:58 | 000,010,777 | ---- | C] () -- C:\WINDOWS\SysNative\AutoconfigV2.cab
[2014/10/28 14:35:57 | 000,581,016 | ---- | C] () -- C:\WINDOWS\SysNative\AutoUpdate.exe
[2014/09/24 02:24:06 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/09/24 02:23:34 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/04/12 20:55:57 | 000,002,186 | ---- | C] () -- C:\Users\Angela\AppData\Local\recently-used.xbel
[2014/03/31 10:20:59 | 000,000,056 | ---- | C] () -- C:\Users\Angela\AppData\Roaming\mbam.context.scan
[2013/12/15 10:22:26 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013/11/26 13:18:10 | 000,007,650 | ---- | C] () -- C:\Users\Angela\AppData\Local\Resmon.ResmonCfg
[2013/11/21 14:37:00 | 000,131,584 | ---- | C] () -- C:\WINDOWS\SysWow64\SpoonUninstall.exe
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/05/31 13:57:04 | 000,001,677 | ---- | C] () -- C:\WINDOWS\vm331Rmv.ini
[2013/05/31 13:57:04 | 000,001,677 | ---- | C] () -- C:\WINDOWS\SysWow64\vm331Rmv.ini
[2013/05/31 13:55:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/04/28 19:29:42 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013/04/28 19:29:42 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013/04/28 19:29:41 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013/04/28 19:29:38 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013/04/28 19:29:37 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\SysWow64\pthreadVC.dll
[2012/11/27 03:18:46 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll
 
========== ZeroAccess Check ==========
 
[2014/11/04 23:10:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/30 19:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 17:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/20 21:11:14 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Amazon
[2013/11/22 19:40:06 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Barnes & Noble
[2014/11/14 12:54:47 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Canon
[2014/11/24 12:48:14 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\ClassicShell
[2014/02/22 16:24:01 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\FreeFileViewer
[2014/11/24 12:04:52 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Itibiti
[2014/07/28 15:20:13 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Lenovo
[2014/11/11 23:53:30 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\LSC
[2014/11/24 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\NetSpeedMonitor
[2014/11/11 23:48:54 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Nitro PDF
[2013/11/25 15:54:48 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\OpenOffice
[2013/11/21 16:53:49 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Opera
[2014/03/08 13:00:36 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Oracle
[2014/03/26 11:24:16 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Thunderbird
[2014/07/30 08:26:38 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\WebApp
[2013/11/21 19:11:41 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\WinPatrol
[2013/11/21 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\Worldwinner
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Angela\OneDrive:ms-properties

< End of report >

  Thanks!


  • 0

Advertisements

#2
emeraldnzl
Posted 25 November 2014 - 06:06 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello SallyMae,

 

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 


  • 0

#3
SallyMae
Posted 28 November 2014 - 06:55 PM

SallyMae

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Thank you for your response.  Unfortunately I now have another problem that is interfering with my ability to follow these directions.  Somehow my internet connection states that it has been set to connect to a wireless connection named ATT416.  There is no network in the area by this name and this is not the original nor renamed name of my wireless internet connection.  I cannot connect to my internet right now.


  • 0

#4
emeraldnzl
Posted 28 November 2014 - 10:27 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Are you able to use another computer to download tools to a USB stick or some such and transfer that to the compromised computer?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP