Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknown issue but laptop is off it's mark.


  • Please log in to reply

#16
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Thanks,

I have what I need, I'm running a bit behind.

What issues remain with the computer? I'm currently reviewing the log.

Joe
  • 0

Advertisements


#17
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

The one thing I noticed from the log I was  unable to send you is that all the attempts to move all the files from your previous fix failed.

I have to assume that's not good.

 

I also still think the computer is lagging more than it should, but I'm not sure if that's just me or not?

 

I'll see what you come up with from the OTL log.

 

Cheers Joe.. and thanks!


  • 0

#18
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,
 

The one thing I noticed from the log I was unable to send you is that all the attempts to move all the files from your previous fix failed.

I have to assume that's not good.


Those files were removed so the fix ran ok.

Lets run an on line scan to double check things, this scan could take a while

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Post the ESET Log in your next reply. Find it here->C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt)
  • 0

#19
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

Hey Joe;

 

Here is the ESET Log

 

[email protected] as downloader log:
all ok
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b238181d68a17a4aa97fcd2fb6dae3ca
# engine=19169
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-14 05:32:14
# local_time=2014-07-14 11:32:14 (-0700, Mountain Daylight Time)
# country="Canada"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4264725 12763855 0 0
# scanned=94350
# found=15
# cleaned=0
# scan_time=7138
sh=97CC4FF0C33EF8BDF9073C2BA97F8E6420E79501 ft=1 fh=da9a2c112570c33a vn="a variant of Win32/BrowseFox.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\updateTowerTilt.exe.vir"
sh=2CC5034CD4E4484E92AB6394953E946EF0C1F512 ft=1 fh=d9e83627e125fcdc vn="a variant of Win32/BrowseFox.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\tmpDCAD.tmp.vir"
sh=97CC4FF0C33EF8BDF9073C2BA97F8E6420E79501 ft=1 fh=da9a2c112570c33a vn="a variant of Win32/BrowseFox.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\utilTowerTilt.exe.vir"
sh=FF300A68A61953159E53C1796D4945EA86CFA96B ft=1 fh=86c8183b0244fb63 vn="a variant of Win32/BrowseFox.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\{587cb346-a3d8-4884-b39b-f0ed918b6f96}.dll.vir"
sh=F4FAB36646B79BF3BA1817456D7A2539DB5BC302 ft=1 fh=e36fbf49bad77ea5 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\plugins\TowerTilt.Bromon.dll.vir"
sh=E520F349A82A57C98DF192C085FC4917E26F4033 ft=1 fh=794518ad9a30e6f1 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\plugins\TowerTilt.BroStats.dll.vir"
sh=234502DDB06738F51A72478DF46E79F72372DE9B ft=1 fh=9c55057af3707e77 vn="probably a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\plugins\TowerTilt.BrowserAdapterS.dll.vir"
sh=E9A245B6BDBA8C7AED8CA97660E815F7454FF4E9 ft=1 fh=810a3368aabe0702 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\plugins\TowerTilt.CompatibilityChecker.dll.vir"
sh=B3457A78EFC8BBBFDB214CD1CB9FFF77FCE4DB7D ft=1 fh=116d1133794a2c11 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\plugins\TowerTilt.PurBrowse.dll.vir"
sh=6A6306759D43398B2503CDC5AA416E285906B6FF ft=1 fh=bf2584f58f554c8f vn="Win32/ExpressDownloader.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YourFileDownloader\Downloader.exe.vir"
sh=946C6D775385138168AC1E9A7CD0D92E68292313 ft=1 fh=6d1c50d5739df3f8 vn="Win32/ExpressDownloader.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YourFileDownloader\YourFile.exe.vir"
sh=424155708BE8C8F3105F5082CEFD42069E3DA1A7 ft=1 fh=5145e834fed818b1 vn="a variant of Win32/ExpressDownloader.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YourFileDownloader Updater\uninstall.exe.vir"
sh=E52A4762CFD4C84AFD6F911889F55206A112D344 ft=1 fh=71e17c1609972e73 vn="a variant of Win32/YourFileDownloader.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe.vir"
sh=4F7293AF2B37CFAE153D96FDDB2011638A26BD00 ft=1 fh=0c867f66d5bc5174 vn="Win32/VOPackage.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Calgary\AppData\Roaming\VOPackage\runasu.exe.vir"
sh=1D43CA41BC64FAFC2E8F96644419643E77893798 ft=1 fh=6d4eeea321572fc7 vn="Win32/VOPackage.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Calgary\AppData\Roaming\VOPackage\Uninstall.exe.vir"
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b238181d68a17a4aa97fcd2fb6dae3ca
# engine=19169
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-15 02:48:14
# local_time=2014-07-14 08:48:14 (-0700, Mountain Daylight Time)
# country="Canada"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4298085 12797215 0 0
# scanned=232142
# found=21
# cleaned=0
# scan_time=33303
sh=97CC4FF0C33EF8BDF9073C2BA97F8E6420E79501 ft=1 fh=da9a2c112570c33a vn="a variant of Win32/BrowseFox.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\updateTowerTilt.exe.vir"
sh=2CC5034CD4E4484E92AB6394953E946EF0C1F512 ft=1 fh=d9e83627e125fcdc vn="a variant of Win32/BrowseFox.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\tmpDCAD.tmp.vir"
sh=97CC4FF0C33EF8BDF9073C2BA97F8E6420E79501 ft=1 fh=da9a2c112570c33a vn="a variant of Win32/BrowseFox.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\utilTowerTilt.exe.vir"
sh=FF300A68A61953159E53C1796D4945EA86CFA96B ft=1 fh=86c8183b0244fb63 vn="a variant of Win32/BrowseFox.K potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\{587cb346-a3d8-4884-b39b-f0ed918b6f96}.dll.vir"
sh=F4FAB36646B79BF3BA1817456D7A2539DB5BC302 ft=1 fh=e36fbf49bad77ea5 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\plugins\TowerTilt.Bromon.dll.vir"
sh=E520F349A82A57C98DF192C085FC4917E26F4033 ft=1 fh=794518ad9a30e6f1 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\plugins\TowerTilt.BroStats.dll.vir"
sh=234502DDB06738F51A72478DF46E79F72372DE9B ft=1 fh=9c55057af3707e77 vn="probably a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\plugins\TowerTilt.BrowserAdapterS.dll.vir"
sh=E9A245B6BDBA8C7AED8CA97660E815F7454FF4E9 ft=1 fh=810a3368aabe0702 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\plugins\TowerTilt.CompatibilityChecker.dll.vir"
sh=B3457A78EFC8BBBFDB214CD1CB9FFF77FCE4DB7D ft=1 fh=116d1133794a2c11 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\TowerTilt\bin\plugins\TowerTilt.PurBrowse.dll.vir"
sh=6A6306759D43398B2503CDC5AA416E285906B6FF ft=1 fh=bf2584f58f554c8f vn="Win32/ExpressDownloader.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YourFileDownloader\Downloader.exe.vir"
sh=946C6D775385138168AC1E9A7CD0D92E68292313 ft=1 fh=6d1c50d5739df3f8 vn="Win32/ExpressDownloader.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YourFileDownloader\YourFile.exe.vir"
sh=424155708BE8C8F3105F5082CEFD42069E3DA1A7 ft=1 fh=5145e834fed818b1 vn="a variant of Win32/ExpressDownloader.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YourFileDownloader Updater\uninstall.exe.vir"
sh=E52A4762CFD4C84AFD6F911889F55206A112D344 ft=1 fh=71e17c1609972e73 vn="a variant of Win32/YourFileDownloader.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YourFileDownloader Updater\YourFileUpdater.exe.vir"
sh=4F7293AF2B37CFAE153D96FDDB2011638A26BD00 ft=1 fh=0c867f66d5bc5174 vn="Win32/VOPackage.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Calgary\AppData\Roaming\VOPackage\runasu.exe.vir"
sh=1D43CA41BC64FAFC2E8F96644419643E77893798 ft=1 fh=6d4eeea321572fc7 vn="Win32/VOPackage.J potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Calgary\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=1BDAF580DFEFA75E5A6B1EF229E0F1C9194F05D0 ft=1 fh=1c5729fcc1d6cd22 vn="a variant of Win32/ELEX.AJ potentially unwanted application" ac=I fn="C:\Users\Calgary\AppData\Local\Temp\toolbar79981818.exe"
sh=8A92628F48FBDA28ED8852714431AFE985DAC5D8 ft=1 fh=5b745fe1b7a6940c vn="Win32/MyPCBackup.A potentially unwanted application" ac=I fn="C:\Users\Calgary\AppData\Local\Temp\toolbar79994514.exe"
sh=946C6D775385138168AC1E9A7CD0D92E68292313 ft=1 fh=6d1c50d5739df3f8 vn="Win32/ExpressDownloader.I potentially unwanted application" ac=I fn="C:\Users\Calgary\AppData\Local\Temp\uninstall2253419681.exe"
sh=CCD90EE6E9B1ADFF9657E8F2C126BC6CB5C2EB24 ft=1 fh=91473923cd86549e vn="a variant of Win32/SProtector.E potentially unwanted application" ac=I fn="C:\Users\Calgary\AppData\Local\Temp\is-R0KUM.tmp\OptProCrash.dll"
sh=D792999D32739844062335B44BA591F78E82D7BA ft=1 fh=371466adb3877be5 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Calgary\Downloads\CuteWriter.exe"
sh=552EE561D8139652C463D602B88E506BF506F26A ft=1 fh=f5b5e2caec27b99c vn="a variant of Win32/ExpressDownloader.I potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07082014_193129\C_Users\Calgary\AppData\Local\Temp\update79950875.exe"
 


  • 0

#20
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

Thanks for that log report and only a few items need taken care of, the rest listed are already in Quarantine. When we clean up our tools the Quarantine files will also get deleted.

We will use OTL to delete those ESET files

Next

We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    
    :Files
    C:\Users\Calgary\AppData\Local\Temp\toolbar79981818.exe
    C:\Users\Calgary\AppData\Local\Temp\toolbar79994514.exe
    C:\Users\Calgary\AppData\Local\Temp\uninstall2253419681.exe
    C:\Users\Calgary\AppData\Local\Temp\is-R0KUM.tmp\OptProCrash.dll
    C:\Users\Calgary\Downloads\CuteWriter.exe
    
    
    :Commands
    
    [emptytemp]
    
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
Thanks
Joe :)
  • 0

#21
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

Hey Joe;

 

It seems again the OTL Fix log was too big to copy/paste. Suggestions?

 

Here is the log from Quickscan:

 

OTL logfile created on: 2014-07-15 3:05:55 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Calgary\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
7.19 Gb Total Physical Memory | 5.30 Gb Available Physical Memory | 73.63% Memory free
9.32 Gb Paging File | 7.12 Gb Available in Paging File | 76.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 903.81 Gb Total Space | 841.61 Gb Free Space | 93.12% Space Free | Partition Type: NTFS
Drive D: | 26.59 Gb Total Space | 2.64 Gb Free Space | 9.91% Space Free | Partition Type: NTFS
 
Computer Name: CALGARYSHEPARD | User Name: Calgary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-07-08 21:03:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Calgary\Desktop\OTL.exe
PRC - [2014-06-23 11:58:09 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014-06-05 07:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-06-03 02:38:32 | 000,449,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
PRC - [2014-05-19 18:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Calgary\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014-03-26 15:35:26 | 000,475,448 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2014-03-26 15:35:26 | 000,469,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2014-03-12 00:34:30 | 000,179,976 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video.exe
PRC - [2014-03-07 02:02:08 | 000,267,224 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2014-01-27 19:15:18 | 000,227,904 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2013-08-21 22:17:05 | 000,374,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2013-08-05 01:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012-11-05 17:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012-11-02 15:00:44 | 013,836,984 | ---- | M] (Telus) -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\TelusSecurityAdvisor.exe
PRC - [2012-11-02 14:58:32 | 012,575,752 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\Telus_ServicepointService.exe
PRC - [2012-07-13 16:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011-03-04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007-11-20 20:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-07-15 15:04:43 | 000,043,008 | ---- | M] () -- c:\users\calgary\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprf8pjy.dll
MOD - [2014-06-23 11:58:07 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014-06-17 08:51:16 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2014-06-05 07:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014-06-05 07:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014-06-05 07:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014-06-05 07:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014-06-05 07:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014-04-23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014-04-23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014-03-12 00:34:54 | 000,866,056 | ---- | M] () -- C:\Program Files (x86)\CyberLink\YouCam\subsys\BigBang\Runtime\UNO.dll
MOD - [2014-01-02 19:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Calgary\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013-12-17 04:19:01 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\CyberLink\YouCam\subsys\YouCam\XUControl.dll
MOD - [2013-08-23 13:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Calgary\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013-08-05 16:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013-08-05 01:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012-05-22 16:57:24 | 020,758,016 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libcef.dll
MOD - [2012-05-22 16:57:24 | 001,094,158 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avcodec-53.dll
MOD - [2012-05-22 16:57:24 | 000,622,080 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libGLESv2.dll
MOD - [2012-05-22 16:57:24 | 000,183,822 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avformat-53.dll
MOD - [2012-05-22 16:57:24 | 000,117,262 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avutil-51.dll
MOD - [2012-05-22 16:57:24 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libEGL.dll
MOD - [2011-08-23 20:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\YouCam\Koan\_ssl.pyd
MOD - [2011-08-23 20:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\YouCam\Koan\_ctypes.pyd
MOD - [2011-08-23 20:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\YouCam\Koan\_socket.pyd
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-06-19 03:56:34 | 002,356,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014-04-06 05:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014-04-02 20:51:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014-03-23 20:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014-03-23 20:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014-03-14 00:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014-03-07 23:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014-03-06 01:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014-02-22 09:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014-02-22 03:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014-02-22 03:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014-02-22 03:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014-02-22 03:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014-02-22 03:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014-02-06 04:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-01-08 23:39:39 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013-12-13 11:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013-12-10 01:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013-11-22 22:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-10-09 16:52:30 | 001,645,256 | ---- | M] (TELUS security services) [Auto | Running] -- C:\Program Files\TELUS security services\TELUS security services\vsserv.exe -- (VSSERV)
SRV:64bit: - [2013-10-09 16:52:30 | 000,069,392 | ---- | M] (TELUS security services) [Disabled | Stopped] -- C:\Program Files\TELUS security services\TELUS security services\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2013-10-09 16:52:30 | 000,067,320 | ---- | M] (TELUS security services) [Auto | Running] -- C:\Program Files\TELUS security services\TELUS security services\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2013-08-22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013-08-22 05:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013-08-22 05:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013-08-22 05:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013-08-22 05:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013-08-22 05:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013-08-22 04:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013-08-22 04:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013-08-22 03:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013-08-22 03:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013-08-22 03:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-08-22 03:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-08-22 03:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013-08-22 03:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013-08-22 03:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-08-22 03:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013-03-01 16:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2013-02-26 01:31:30 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013-02-19 23:10:00 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2009-11-17 20:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014-07-08 10:34:30 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-06-23 11:58:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-03-26 15:35:26 | 000,469,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2014-03-14 00:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014-01-27 19:15:18 | 000,227,904 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014-01-08 23:39:40 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2014-01-08 23:39:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2014-01-08 23:39:38 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013-08-22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-08-21 21:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-21 20:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012-11-02 14:58:32 | 012,575,752 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\Telus_ServicepointService.exe -- (ServicepointService8)
SRV - [2012-09-27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011-03-04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010-10-12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-05-01 07:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014-04-01 00:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014-03-29 14:18:04 | 002,510,536 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2014-03-23 20:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014-03-23 20:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014-03-23 20:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014-03-19 21:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014-03-13 06:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014-03-08 14:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014-03-08 14:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014-02-22 10:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014-02-22 09:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014-02-22 09:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014-02-22 09:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014-02-22 09:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014-02-22 09:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014-02-22 06:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014-02-11 19:00:15 | 000,290,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2014-02-11 18:57:31 | 000,830,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2014-01-27 21:58:37 | 000,041,704 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2014-01-08 23:42:43 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014-01-08 23:42:43 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014-01-08 23:42:43 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013-12-13 11:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013-12-13 11:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013-12-04 12:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013-12-02 10:42:14 | 001,204,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2013-11-14 01:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013-11-14 01:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013-11-14 01:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013-11-14 01:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013-09-08 21:04:56 | 000,023,568 | ---- | M] (Bitdefender) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bdelam.sys -- (bdelam)
DRV:64bit: - [2013-08-23 14:48:49 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013-08-22 07:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013-08-22 07:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013-08-22 06:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-22 06:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013-08-22 06:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-08-22 06:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013-08-22 06:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-08-22 06:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013-08-22 06:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013-08-22 06:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013-08-22 06:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013-08-22 06:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013-08-22 06:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013-08-22 06:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013-08-22 06:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013-08-22 06:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013-08-22 06:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013-08-22 06:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013-08-22 06:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013-08-22 06:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013-08-22 06:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013-08-22 06:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013-08-22 06:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013-08-22 06:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-08-22 06:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013-08-22 06:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013-08-22 06:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013-08-22 06:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013-08-22 06:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013-08-22 05:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013-08-22 05:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013-08-22 05:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013-08-22 05:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013-08-22 05:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013-08-22 05:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013-08-22 05:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013-08-22 05:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-08-22 05:38:30 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2013-08-22 05:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013-08-22 05:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013-08-22 05:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013-08-22 05:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013-08-22 05:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013-08-22 05:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013-08-22 05:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013-08-22 05:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-08-22 05:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-08-22 05:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013-08-22 05:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013-08-22 05:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013-08-22 05:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013-08-22 05:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013-08-22 05:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013-08-22 02:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013-08-12 17:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013-08-09 18:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013-08-07 14:46:28 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013-07-30 12:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013-07-29 17:45:27 | 000,107,008 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\TELUS security services\TELUS security services Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2013-07-25 13:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013-07-24 19:19:21 | 000,098,768 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\TELUS security services\TELUS security services Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2013-07-23 17:50:57 | 000,082,824 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2013-07-19 19:08:08 | 000,601,360 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013-07-19 19:04:54 | 000,727,592 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2013-03-18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013-03-05 13:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013-03-01 16:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2013-03-01 16:40:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2013-02-14 21:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013-02-05 22:54:18 | 000,469,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013-02-05 22:54:16 | 000,031,984 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013-02-05 22:54:16 | 000,028,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012-11-30 03:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012-11-30 03:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012-08-31 10:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012-08-28 09:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012-04-09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2011-03-04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010-02-08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2008-11-16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{3BABA3F4-18AB-461F-BDCB-030F621C999E}: "URL" = http://www.amazon.ca...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...56705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...56705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{053A6642-1AB0-40ED-A2A6-4ECC2A1A76A3}: "URL" = http://search.yahoo....petb&type=10803
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\..\SearchScopes\{6566C40D-EF72-4B49-B3AC-7E936B478530}: "URL" = http://search.findwi...k={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...56705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: trustmyweb.addons.firefox%40hotmail.com:1.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA_8,version=1: C:\Program Files (x86)\Telus\security advisor\5.5.12.650\nprpspa.dll (Telus)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA_8,version=1: C:\Program Files (x86)\Telus\security advisor\5.5.12.650\nprpspa.dll (Telus)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Calgary\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Calgary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Calgary\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Calgary\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Calgary\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\hp.com/HPDetect: C:\Users\Calgary\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\TELUS SECURITY SERVICES\TELUS SECURITY SERVICES\BDTBEXT [2013-10-10 15:28:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\TELUS security services\TELUS security services\bdtbext [2013-10-10 15:28:31 | 000,000,000 | ---D | M]
 
[2014-06-10 09:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\Extensions
[2014-07-09 14:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\Firefox\Profiles\swkfz2xp.default\extensions
[2014-07-09 14:09:19 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Calgary\AppData\Roaming\mozilla\Firefox\Profiles\swkfz2xp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014-07-09 14:09:19 | 000,022,470 | ---- | M] () (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\firefox\profiles\swkfz2xp.default\extensions\[email protected]
[2014-04-30 11:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014-06-23 11:58:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.ca/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: WOT = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.15_0\
CHR - Extension: YouTube = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Google Search = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: IE Tab Multi (Enhance) = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.2.1_0\
CHR - Extension: Hola Better Internet = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.3.704_0\
CHR - Extension: TweetDeck by Twitter = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.8.2_0\
CHR - Extension: Favicon Changer = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo\1.0.3_0\
CHR - Extension: Boomerang for Gmail = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.4_0\
CHR - Extension: Hangouts = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.710.434.3_0\
CHR - Extension: Google Wallet = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: video2mp3 = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\oljlcbniifdjapjocdfamhlnmpkojdkm\1.0.4_1\
CHR - Extension: OneClick Cleaner for Chrome = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh\0.9.0.9_0\
CHR - Extension: Gmail = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014-07-08 19:39:10 | 000,000,002 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\TELUS security services\TELUS security services\bdagent.exe (TELUS security services)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [DSFMAJAutoService] C:\Desjardins\Accueil\DesjardinsMajAutoFusion.exe (DJSFC)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TelusSecurityAdvisor] C:\Program Files (x86)\Telus\security advisor\5.5.12.650\TelusSecurityAdvisor.exe (Telus)
O4 - HKCU..\Run: [DiamondView] C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe (Manulife Financial)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_FA631E094BF4279435CE920E853E56FF] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Calgary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Calgary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://www.avdlext.com/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23BBA13D-658C-4B98-90BC-CE58CAD114D1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{905D83DC-1F93-46CB-BF84-5CEA204B8E3F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-07-13 22:04:43 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\CompatTel
[2014-07-12 23:37:04 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\ElevatedDiagnostics
[2014-07-08 21:03:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Calgary\Desktop\OTL.exe
[2014-07-08 19:31:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-07-08 13:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014-07-08 13:32:56 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\SysWow64\sqlite3.dll
[2014-07-08 13:32:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-07-08 13:29:41 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Calgary\Desktop\JRT.exe
[2014-07-02 20:53:30 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\DFS
[2014-07-02 20:49:58 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\ISI
[2014-06-29 22:29:22 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\Foxit PhantomPDF
[2014-06-23 12:12:27 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Canada Life
[2014-06-23 12:07:02 | 006,542,336 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\SysNative\cdintf450_64.dll
[2014-06-23 12:07:02 | 004,818,432 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\SysWow64\cdintf450.dll
[2014-06-19 09:02:54 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excellence
[2014-06-19 09:02:49 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\Excellence
[2014-06-19 09:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Excellence
[2014-06-17 14:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software FX Shared
[2014-06-17 14:33:27 | 000,901,120 | ---- | C] (Three |D| Graphics, Inc.) -- C:\WINDOWS\SysWow64\sscsdk32.dll
[2014-06-17 14:33:27 | 000,221,696 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fhtml.dll
[2014-06-17 14:33:27 | 000,201,728 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2ssql.dll
[2014-06-17 14:33:27 | 000,180,736 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fxls.dll
[2014-06-17 14:33:27 | 000,160,768 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2ssyb10.dll
[2014-06-17 14:33:27 | 000,129,024 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2ftext.dll
[2014-06-17 14:33:27 | 000,120,320 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fwordw.dll
[2014-06-17 14:33:27 | 000,113,664 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2frtf.dll
[2014-06-17 14:33:27 | 000,102,912 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dnotes.dll
[2014-06-17 14:33:27 | 000,095,232 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dpost.dll
[2014-06-17 14:33:27 | 000,093,184 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fodbc.dll
[2014-06-17 14:33:27 | 000,092,160 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dvim.dll
[2014-06-17 14:33:27 | 000,075,264 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fwks.dll
[2014-06-17 14:33:27 | 000,074,240 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dmapi.dll
[2014-06-17 14:33:27 | 000,073,728 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fsepv.dll
[2014-06-17 14:33:27 | 000,070,144 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dapp.dll
[2014-06-17 14:33:27 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2frec.dll
[2014-06-17 14:33:27 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fcr.dll
[2014-06-17 14:33:27 | 000,058,880 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2ddisk.dll
[2014-06-17 14:33:27 | 000,056,320 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2l2000.dll
[2014-06-17 14:33:27 | 000,055,808 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64┠00.dll
[2014-06-17 14:33:27 | 000,024,576 | ---- | C] (Seagate Software, Inc) -- C:\WINDOWS\SysWow64\u2lcom.dll
[2014-06-17 14:33:26 | 000,693,888 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\SysWow64\SSVBX25.VBX
[2014-06-17 14:33:26 | 000,693,888 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System\SSVBX25.VBX
[2014-06-17 14:33:26 | 000,268,288 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2bxbse.dll
[2014-06-17 14:33:26 | 000,232,208 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\SSDATA2.VBX
[2014-06-17 14:33:26 | 000,232,208 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\SSDATA2.VBX
[2014-06-17 14:33:26 | 000,229,888 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\crpaig32.dll
[2014-06-17 14:33:26 | 000,216,064 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2sora7.dll
[2014-06-17 14:33:26 | 000,208,127 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2bbde.dll
[2014-06-17 14:33:26 | 000,189,952 | ---- | C] (Seagate Software, Inc) -- C:\WINDOWS\SysWow64\p2smon.dll
[2014-06-17 14:33:26 | 000,173,568 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2sifmx.dll
[2014-06-17 14:33:26 | 000,138,240 | ---- | C] (Seagate Software, Inc) -- C:\WINDOWS\SysWow64\p2soledb.dll
[2014-06-17 14:33:26 | 000,129,152 | ---- | C] (VideoSoft) -- C:\WINDOWS\SysWow64\VSVIEW2.VBX
[2014-06-17 14:33:26 | 000,092,176 | ---- | C] (VideoSoft) -- C:\WINDOWS\SysWow64\VSVBX.VBX
[2014-06-17 14:33:26 | 000,092,176 | ---- | C] (VideoSoft) -- C:\WINDOWS\System\VSVBX.VBX
[2014-06-17 14:33:26 | 000,064,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\THREED.VBX
[2014-06-17 14:33:26 | 000,064,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\THREED.VBX
[2014-06-17 14:33:26 | 000,060,416 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\crxlat32.dll
[2014-06-17 14:33:26 | 000,047,472 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\SSDATA1.VBX
[2014-06-17 14:33:26 | 000,047,472 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\SSDATA1.VBX
[2014-06-17 14:33:25 | 000,058,032 | ---- | C] (Crescent division of Progress Software Corporation) -- C:\WINDOWS\SysWow64\QPRO200.DLL
[2014-06-17 14:33:25 | 000,058,032 | ---- | C] (Crescent division of Progress Software Corporation) -- C:\WINDOWS\System\QPRO200.DLL
[2014-06-17 14:33:24 | 000,206,848 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2SODBC.DLL
[2014-06-17 14:33:24 | 000,152,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2BDAO.DLL
[2014-06-17 14:33:24 | 000,112,640 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2IRDAO.DLL
[2014-06-17 14:33:24 | 000,081,408 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2CTDAO.DLL
[2014-06-17 14:33:24 | 000,059,392 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2BBND.DLL
[2014-06-17 14:33:21 | 005,350,912 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\Crpe32.dll
[2014-06-17 14:33:21 | 000,687,800 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\SysWow64\TDBG5_32.OCX
[2014-06-17 14:33:21 | 000,480,032 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GRAPHX.VBX
[2014-06-17 14:33:21 | 000,480,032 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GRAPHX.VBX
[2014-06-17 14:33:21 | 000,475,168 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\SSTABS32.OCX
[2014-06-17 14:33:21 | 000,399,984 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GSW16.EXE
[2014-06-17 14:33:21 | 000,399,984 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GSW16.EXE
[2014-06-17 14:33:21 | 000,174,592 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GSWAG16.DLL
[2014-06-17 14:33:21 | 000,174,592 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GSWAG16.DLL
[2014-06-17 14:33:21 | 000,070,800 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GRAPH.VBX
[2014-06-17 14:33:21 | 000,064,000 | ---- | C] (Desaware Inc.) -- C:\WINDOWS\SysWow64\APIGID32.DLL
[2014-06-17 14:33:21 | 000,050,352 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GSWDLL16.DLL
[2014-06-17 14:33:21 | 000,050,352 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GSWDLL16.DLL
[2014-06-17 14:33:21 | 000,030,448 | ---- | C] (Ed Staffin Software) -- C:\WINDOWS\SysWow64\MSGBLAST.VBX
[2014-06-17 14:33:21 | 000,030,448 | ---- | C] (Ed Staffin Software) -- C:\WINDOWS\System\MSGBLAST.VBX
[2014-06-17 14:33:20 | 004,822,528 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\craxdrt.dll
[2014-06-17 14:33:20 | 000,993,996 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\CRYSTL32.OCX
[2014-06-17 14:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\illustrate inc
[2014-06-17 14:32:58 | 000,663,552 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\SysWow64\TDBG5.OCX
[2014-06-17 14:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ENVISION
[2014-06-17 14:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Empire
[2014-06-17 13:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Novinsoft
[2014-06-17 13:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Great West Life
[2014-06-17 13:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canada Life
[2014-06-17 13:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canada Life
[2014-06-17 13:49:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Great West Life
[2014-06-17 13:49:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Canada Life IG
[2014-06-17 13:49:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Canada Life
[2014-06-17 13:49:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\London Life
[2014-06-17 13:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoomExpressKeyview
[2014-06-17 13:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{28F8033D-7256-4F66-A16C-E080A43797B2}
[2014-06-17 13:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Concourse CL Content
[2014-06-17 13:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Concourse CL App
[2014-06-17 13:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{C0F6CDBD-EEC6-4F06-96E1-02AE8F01B948}
[2014-06-17 13:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMO Insurance
[2014-06-17 13:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BMONET
[2014-06-17 13:37:54 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\3rd Party
[2014-06-17 13:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RBC Illustrations
[2014-06-17 13:36:15 | 001,089,536 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\SysWow64\Roboex32.dll
[2014-06-17 13:36:14 | 000,936,448 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\ApolloSQL61.DLL
[2014-06-17 13:36:14 | 000,327,680 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDENSX61.DLL
[2014-06-17 13:36:14 | 000,323,584 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDECDX61.DLL
[2014-06-17 13:36:14 | 000,290,816 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDENTX61.DLL
[2014-06-17 13:36:12 | 000,229,376 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDE61.DLL
[2014-06-17 13:35:05 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Documents\RBC Illustrations
[2014-06-17 13:35:05 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\RBC Illustrations
[2014-06-17 13:35:02 | 000,778,240 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\rtl70.bpl
[2014-06-17 13:35:02 | 000,264,704 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vcldb70.bpl
[2014-06-17 13:35:02 | 000,257,024 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\dbrtl70.bpl
[2014-06-17 13:35:02 | 000,097,792 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vcljpg70.bpl
[2014-06-17 13:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RBC Illustrations
[2014-06-17 13:35:01 | 001,381,376 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vcl70.bpl
[2014-06-17 13:35:00 | 000,215,040 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vclx70.bpl
[2014-06-17 12:34:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2014-06-17 12:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manulife Financial
[2014-06-17 12:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Manulife Financial
[2014-06-17 12:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014-06-17 12:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Manulife Financial
 
========== Files - Modified Within 30 Days ==========
 
[2014-07-15 15:12:12 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002UA.job
[2014-07-15 15:00:48 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-07-15 15:00:35 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-07-15 14:58:44 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-07-15 14:58:38 | 1884,295,167 | -HS- | M] () -- C:\hiberfil.sys
[2014-07-15 14:54:00 | 000,000,604 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-3432463877-1759428120-2468046901-1002.job
[2014-07-15 14:48:51 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-07-15 14:33:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014-07-15 14:18:47 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002Core1cf8fe8bfefb087.job
[2014-07-15 14:18:45 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002UA1cf8fe8c3cd5081.job
[2014-07-15 12:10:30 | 000,032,038 | ---- | M] () -- C:\Users\Calgary\Desktop\AB Plate.jpg
[2014-07-15 11:17:15 | 000,009,857 | ---- | M] () -- C:\Users\Calgary\Desktop\Obrien Ribbon.jpg
[2014-07-15 10:12:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002Core.job
[2014-07-13 22:09:26 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForCalgary.job
[2014-07-13 22:08:55 | 000,489,896 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014-07-11 10:57:11 | 000,276,732 | ---- | M] () -- C:\Users\Calgary\Desktop\SupplementaryVerificationOfIdentityForm.pdf
[2014-07-09 14:04:46 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014-07-09 14:04:46 | 000,800,408 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014-07-09 14:04:46 | 000,165,436 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014-07-08 21:15:31 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2014-07-08 21:03:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Calgary\Desktop\OTL.exe
[2014-07-08 19:39:10 | 000,000,002 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\Hosts
[2014-07-08 13:29:50 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Calgary\Desktop\JRT.exe
[2014-07-08 13:26:19 | 001,346,519 | ---- | M] () -- C:\Users\Calgary\Desktop\adwcleaner_3.214.exe
[2014-07-08 10:09:56 | 001,180,255 | ---- | M] () -- C:\Users\Calgary\Desktop\CDN - Complete Mapped Application  - Calgary Shepard Conservative Association.pdf
[2014-06-25 18:00:59 | 000,286,551 | ---- | M] () -- C:\Users\Calgary\Desktop\Shane005.pdf
[2014-06-25 17:59:20 | 000,289,898 | ---- | M] () -- C:\Users\Calgary\Desktop\Richard004.pdf
[2014-06-25 17:57:03 | 000,264,752 | ---- | M] () -- C:\Users\Calgary\Desktop\Evangeline003.pdf
[2014-06-23 11:58:10 | 000,000,030 | ---- | M] () -- C:\WINDOWS\MaritimeLife.ini
[2014-06-17 14:35:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\efgtemp.ini
[2014-06-17 14:35:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iireport53.INI
[2014-06-17 14:33:55 | 000,000,156 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2014-06-17 14:33:20 | 000,000,097 | ---- | M] () -- C:\WINDOWS\fdpxld.ini
[2014-06-17 14:33:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\IIREPO~1.INI
[2014-06-17 12:30:43 | 000,000,029 | ---- | M] () -- C:\WINDOWS\MLI.INI
 
========== Files Created - No Company Name ==========
 
[2014-07-15 12:10:30 | 000,032,038 | ---- | C] () -- C:\Users\Calgary\Desktop\AB Plate.jpg
[2014-07-15 11:17:15 | 000,009,857 | ---- | C] () -- C:\Users\Calgary\Desktop\Obrien Ribbon.jpg
[2014-07-12 23:37:07 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\HPCeeScheduleForCalgary.job
[2014-07-10 13:28:22 | 000,276,732 | ---- | C] () -- C:\Users\Calgary\Desktop\SupplementaryVerificationOfIdentityForm.pdf
[2014-07-08 13:26:08 | 001,346,519 | ---- | C] () -- C:\Users\Calgary\Desktop\adwcleaner_3.214.exe
[2014-07-08 10:09:56 | 001,180,255 | ---- | C] () -- C:\Users\Calgary\Desktop\CDN - Complete Mapped Application  - Calgary Shepard Conservative Association.pdf
[2014-06-25 18:00:58 | 000,286,551 | ---- | C] () -- C:\Users\Calgary\Desktop\Shane005.pdf
[2014-06-25 17:59:20 | 000,289,898 | ---- | C] () -- C:\Users\Calgary\Desktop\Richard004.pdf
[2014-06-25 17:57:03 | 000,264,752 | ---- | C] () -- C:\Users\Calgary\Desktop\Evangeline003.pdf
[2014-06-24 14:13:29 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002UA1cf8fe8c3cd5081.job
[2014-06-24 14:13:23 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002Core1cf8fe8bfefb087.job
[2014-06-23 11:58:10 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MaritimeLife.ini
[2014-06-17 14:35:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iireport53.INI
[2014-06-17 14:33:55 | 000,149,504 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2014-06-17 14:33:55 | 000,000,156 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2014-06-17 14:33:36 | 000,010,912 | ---- | C] () -- C:\WINDOWS\SHARE.EXE
[2014-06-17 14:33:21 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\Csread32.ocx
[2014-06-17 14:33:21 | 000,024,880 | ---- | C] () -- C:\WINDOWS\SysWow64\MDICHILD.VBX
[2014-06-17 14:33:21 | 000,022,776 | ---- | C] () -- C:\WINDOWS\SysWow64\FDPTOOLS.DLL
[2014-06-17 14:33:21 | 000,022,776 | ---- | C] () -- C:\WINDOWS\System\FDPTOOLS.DLL
[2014-06-17 14:33:21 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\Implode.dll
[2014-06-17 14:33:21 | 000,018,688 | ---- | C] () -- C:\WINDOWS\SysWow64\CMDIALOG.VBX
[2014-06-17 14:33:21 | 000,018,688 | ---- | C] () -- C:\WINDOWS\System\CMDIALOG.VBX
[2014-06-17 14:33:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\fdpxld.ini
[2014-06-17 14:33:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\IIREPO~1.INI
[2014-06-17 14:32:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\efgtemp.ini
[2014-06-17 13:36:15 | 000,023,552 | ---- | C] () -- C:\WINDOWS\SysWow64\AppStuff.bpl
[2014-06-17 12:30:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\MLI.INI
[2014-05-21 09:22:18 | 000,002,491 | ---- | C] () -- C:\ProgramData\regid.2012-05.ca.repsource_EC596C15-1BA5-4A0F-8804-4CC5BB52F1EE.swidtag
[2014-04-15 20:46:44 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014-03-17 16:41:59 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014-03-03 20:46:15 | 002,436,794 | ---- | C] () -- C:\ProgramData\1393900866.bdinstall.bin
[2014-02-24 09:05:32 | 000,065,928 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsresfr.dll
[2014-02-24 09:05:32 | 000,065,928 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsreses.dll
[2014-02-24 09:05:32 | 000,065,928 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsresde.dll
[2014-02-24 09:05:32 | 000,056,200 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsresen.dll
[2014-01-08 22:50:48 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014-01-08 22:47:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013-12-13 11:23:56 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013-12-13 11:23:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013-12-13 11:23:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013-12-13 11:23:24 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013-12-13 11:23:24 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013-12-13 11:23:14 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013-10-07 20:40:42 | 000,369,624 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\FW7650.bin
[2013-10-07 20:40:42 | 000,000,313 | ---- | C] () -- C:\WINDOWS\SysWow64\RaCheckBTDev.ini
[2013-08-22 09:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 09:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 08:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-22 01:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-21 21:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-21 17:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-21 17:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012-11-27 01:18:46 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll
[2012-07-25 14:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012-07-25 14:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012-07-25 14:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
 
========== ZeroAccess Check ==========
 
[2014-01-14 18:15:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-04-06 10:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-04-06 09:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 03:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 20:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 03:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014-01-02 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014-04-24 19:01:04 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\CrystalIdea Software
[2014-07-15 15:06:45 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Dropbox
[2014-07-15 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\DropboxMaster
[2014-04-08 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\EPSON
[2014-06-10 09:57:49 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Foxit Software
[2014-02-18 16:31:45 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\HewlettPackard
[2014-01-02 23:37:11 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\PDAppFlex
[2014-03-03 20:41:45 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\QuickScan
[2014-06-17 13:35:05 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\RBC Illustrations
[2014-05-17 11:01:50 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\SketchUp
[2013-12-30 20:51:38 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Synaptics
[2014-03-03 20:35:28 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Telus
[2014-03-03 20:44:44 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\TELUS security services
[2014-02-05 23:52:08 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Calgary\SkyDrive:ms-properties

< End of report >
 


  • 0

#22
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
You can try an post half at a time, but I'm pretty confident those files are gone.

Tell me about this program:
O4 - HKLM..\Run: [TelusSecurityAdvisor] C:\Program Files (x86)\Telus\security advisor\5.5.12.650\TelusSecurityAdvisor.exe (Telus)

I'm unfamiliar with it.

Joe
  • 0

#23
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

That program is part of Telus' AV. It's a way to child protect your computer.

Pretty useless for my laptop... I've thought about getting rid of it.


  • 0

#24
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

I also ran a virus scan and it came up with a suspicious file. Thought I should let you know.

 

It says it is an Adware.Dropper.J

 

File: C:\Users\Calgary\AppData\Local\Temp\toolbar79996014.exe=>(NSIS o)=>zlib_nsis0000


  • 0

#25
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts

That program is part of Telus' AV. It's a way to child protect your computer.

Pretty useless for my laptop... I've thought about getting rid of it.


Lets uninstall it now.

File: C:\Users\Calgary\AppData\Local\Temp\toolbar79996014.exe

Can you navigate to that file (toolbar79996014.exe) and delete it.

After you do that post a new OTL, so we can see that Telus is gone.

Joe
  • 0

Advertisements


#26
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

Tried navigating to the file and it says that it doesn't exist? Weird

See if it turns up in the OTL scan.

 

Log:

 

OTL logfile created on: 2014-07-16 10:36:04 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Calgary\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
7.19 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 38.54% Memory free
9.32 Gb Paging File | 4.34 Gb Available in Paging File | 46.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 903.81 Gb Total Space | 840.36 Gb Free Space | 92.98% Space Free | Partition Type: NTFS
Drive D: | 26.59 Gb Total Space | 2.64 Gb Free Space | 9.91% Space Free | Partition Type: NTFS
 
Computer Name: CALGARYSHEPARD | User Name: Calgary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-07-08 21:03:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Calgary\Desktop\OTL.exe
PRC - [2014-06-23 11:58:09 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014-06-10 02:39:39 | 018,938,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
PRC - [2014-06-10 02:39:25 | 001,923,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\winword.exe
PRC - [2014-06-05 07:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-06-03 02:42:06 | 000,079,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
PRC - [2014-05-19 18:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Calgary\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014-04-14 14:30:02 | 007,157,824 | ---- | M] (Foxit Corporation) -- C:\Users\Calgary\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
PRC - [2014-03-26 15:35:26 | 000,475,448 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2014-03-26 15:35:26 | 000,469,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2014-03-07 02:02:08 | 000,267,224 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2014-01-27 19:15:18 | 000,227,904 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2013-08-21 22:17:05 | 000,374,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2013-08-05 01:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012-11-05 17:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012-11-02 15:00:44 | 013,836,984 | ---- | M] (Telus) -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\TelusSecurityAdvisor.exe
PRC - [2012-11-02 14:58:32 | 012,575,752 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\Telus_ServicepointService.exe
PRC - [2012-11-02 14:55:14 | 008,053,032 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\TelusSecurityAdvisorComHandler.exe
PRC - [2012-07-13 16:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011-03-04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007-11-20 20:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-07-15 15:04:43 | 000,043,008 | ---- | M] () -- c:\users\calgary\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprf8pjy.dll
MOD - [2014-07-08 08:18:04 | 014,663,856 | ---- | M] () -- C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
MOD - [2014-06-23 11:58:07 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014-06-17 08:54:54 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2014-06-17 08:51:16 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2014-06-05 07:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014-06-05 07:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014-06-05 07:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014-06-05 07:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014-06-05 07:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014-06-03 02:41:54 | 001,032,360 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\ADDINS\umoutlookaddin.dll
MOD - [2014-05-20 18:33:02 | 000,389,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Dynamic\93aa8a60d293a05752aca14646afe6d2\System.Dynamic.ni.dll
MOD - [2014-05-20 18:33:00 | 001,609,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\004d51a9ac1d91d6537ad572591ebbd3\Microsoft.CSharp.ni.dll
MOD - [2014-05-20 04:11:16 | 008,892,072 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\grooveintlresource.dll
MOD - [2014-04-23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014-04-23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014-04-20 19:19:03 | 000,196,264 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\IEAWSDC.DLL
MOD - [2014-04-17 19:34:38 | 007,802,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\77bc1a994f64193efc124c297b93fdb7\System.Xml.ni.dll
MOD - [2014-04-17 19:34:31 | 012,856,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\635558b506364815e8348217e86fdf99\System.Windows.Forms.ni.dll
MOD - [2014-04-17 19:33:43 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\ddb52221ad0200b7c2e0a308e47d5c7c\System.Drawing.ni.dll
MOD - [2014-04-17 19:33:36 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\c5bf2f5c3e13726b3984a900221e1778\System.Configuration.ni.dll
MOD - [2014-04-17 19:33:08 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\c1194e56644c7688e7eb0f68a57dcc30\System.Core.ni.dll
MOD - [2014-04-17 19:33:01 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c24d08cc4e93fc4f6f15a637b00a2721\System.ni.dll
MOD - [2014-01-27 05:52:41 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2014-01-02 19:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Calgary\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013-08-23 13:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Calgary\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013-08-05 16:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013-08-05 01:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012-05-22 16:57:24 | 020,758,016 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libcef.dll
MOD - [2012-05-22 16:57:24 | 001,094,158 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avcodec-53.dll
MOD - [2012-05-22 16:57:24 | 000,622,080 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libGLESv2.dll
MOD - [2012-05-22 16:57:24 | 000,183,822 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avformat-53.dll
MOD - [2012-05-22 16:57:24 | 000,117,262 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avutil-51.dll
MOD - [2012-05-22 16:57:24 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libEGL.dll
MOD - [2007-07-11 14:59:38 | 000,056,200 | ---- | M] () -- C:\Windows\SysWOW64\bgsresen.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-06-19 03:56:34 | 002,356,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014-04-06 05:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014-04-02 20:51:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014-03-23 20:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014-03-23 20:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014-03-14 00:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014-03-07 23:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014-03-06 01:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014-02-22 09:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014-02-22 03:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014-02-22 03:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014-02-22 03:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014-02-22 03:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014-02-22 03:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014-02-06 04:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-01-08 23:39:39 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013-12-13 11:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013-12-10 01:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013-11-22 22:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-10-09 16:52:30 | 001,645,256 | ---- | M] (TELUS security services) [Auto | Running] -- C:\Program Files\TELUS security services\TELUS security services\vsserv.exe -- (VSSERV)
SRV:64bit: - [2013-10-09 16:52:30 | 000,069,392 | ---- | M] (TELUS security services) [Disabled | Stopped] -- C:\Program Files\TELUS security services\TELUS security services\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2013-10-09 16:52:30 | 000,067,320 | ---- | M] (TELUS security services) [Auto | Running] -- C:\Program Files\TELUS security services\TELUS security services\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2013-08-22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013-08-22 05:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013-08-22 05:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013-08-22 05:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013-08-22 05:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013-08-22 05:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013-08-22 04:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013-08-22 04:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013-08-22 03:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013-08-22 03:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013-08-22 03:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-08-22 03:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-08-22 03:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013-08-22 03:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013-08-22 03:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-08-22 03:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013-03-01 16:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2013-02-26 01:31:30 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013-02-19 23:10:00 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2009-11-17 20:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014-07-08 10:34:30 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-06-23 11:58:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-03-26 15:35:26 | 000,469,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2014-03-14 00:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014-01-27 19:15:18 | 000,227,904 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014-01-08 23:39:40 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2014-01-08 23:39:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2014-01-08 23:39:38 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013-08-22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-08-21 21:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-21 20:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012-11-02 14:58:32 | 012,575,752 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\Telus_ServicepointService.exe -- (ServicepointService8)
SRV - [2012-09-27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011-03-04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010-10-12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-05-01 07:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014-04-01 00:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014-03-29 14:18:04 | 002,510,536 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2014-03-23 20:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014-03-23 20:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014-03-23 20:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014-03-19 21:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014-03-13 06:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014-03-08 14:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014-03-08 14:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014-02-22 10:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014-02-22 09:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014-02-22 09:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014-02-22 09:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014-02-22 09:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014-02-22 09:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014-02-22 06:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014-02-11 19:00:15 | 000,290,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2014-02-11 18:57:31 | 000,830,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2014-01-27 21:58:37 | 000,041,704 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2014-01-08 23:42:43 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014-01-08 23:42:43 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014-01-08 23:42:43 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013-12-13 11:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013-12-13 11:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013-12-04 12:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013-12-02 10:42:14 | 001,204,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2013-11-14 01:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013-11-14 01:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013-11-14 01:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013-11-14 01:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013-09-08 21:04:56 | 000,023,568 | ---- | M] (Bitdefender) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bdelam.sys -- (bdelam)
DRV:64bit: - [2013-08-23 14:48:49 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013-08-22 07:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013-08-22 07:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013-08-22 06:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-22 06:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013-08-22 06:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-08-22 06:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013-08-22 06:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-08-22 06:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013-08-22 06:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013-08-22 06:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013-08-22 06:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013-08-22 06:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013-08-22 06:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013-08-22 06:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013-08-22 06:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013-08-22 06:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013-08-22 06:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013-08-22 06:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013-08-22 06:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013-08-22 06:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013-08-22 06:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013-08-22 06:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013-08-22 06:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013-08-22 06:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-08-22 06:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013-08-22 06:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013-08-22 06:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013-08-22 06:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013-08-22 06:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013-08-22 05:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013-08-22 05:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013-08-22 05:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013-08-22 05:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013-08-22 05:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013-08-22 05:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013-08-22 05:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013-08-22 05:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-08-22 05:38:30 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2013-08-22 05:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013-08-22 05:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013-08-22 05:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013-08-22 05:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013-08-22 05:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013-08-22 05:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013-08-22 05:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013-08-22 05:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-08-22 05:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-08-22 05:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013-08-22 05:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013-08-22 05:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013-08-22 05:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013-08-22 05:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013-08-22 05:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013-08-22 02:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013-08-12 17:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013-08-09 18:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013-08-07 14:46:28 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013-07-30 12:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013-07-29 17:45:27 | 000,107,008 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\TELUS security services\TELUS security services Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2013-07-25 13:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013-07-24 19:19:21 | 000,098,768 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\TELUS security services\TELUS security services Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2013-07-23 17:50:57 | 000,082,824 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2013-07-19 19:08:08 | 000,601,360 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013-07-19 19:04:54 | 000,727,592 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2013-03-18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013-03-05 13:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013-03-01 16:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2013-03-01 16:40:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2013-02-14 21:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013-02-05 22:54:18 | 000,469,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013-02-05 22:54:16 | 000,031,984 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013-02-05 22:54:16 | 000,028,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012-11-30 03:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012-11-30 03:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012-08-31 10:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012-08-28 09:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012-04-09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2011-03-04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010-02-08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2008-11-16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{3BABA3F4-18AB-461F-BDCB-030F621C999E}: "URL" = http://www.amazon.ca...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...56705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...56705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{053A6642-1AB0-40ED-A2A6-4ECC2A1A76A3}: "URL" = http://search.yahoo....petb&type=10803
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\..\SearchScopes\{6566C40D-EF72-4B49-B3AC-7E936B478530}: "URL" = http://search.findwi...k={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...56705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: trustmyweb.addons.firefox%40hotmail.com:1.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA_8,version=1: C:\Program Files (x86)\Telus\security advisor\5.5.12.650\nprpspa.dll (Telus)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA_8,version=1: C:\Program Files (x86)\Telus\security advisor\5.5.12.650\nprpspa.dll (Telus)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Calgary\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Calgary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Calgary\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Calgary\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Calgary\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\hp.com/HPDetect: C:\Users\Calgary\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\TELUS SECURITY SERVICES\TELUS SECURITY SERVICES\BDTBEXT [2013-10-10 15:28:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\TELUS security services\TELUS security services\bdtbext [2013-10-10 15:28:31 | 000,000,000 | ---D | M]
 
[2014-06-10 09:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\Extensions
[2014-07-16 22:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\Firefox\Profiles\swkfz2xp.default\extensions
[2014-07-09 14:09:19 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Calgary\AppData\Roaming\mozilla\Firefox\Profiles\swkfz2xp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014-07-09 14:09:19 | 000,022,470 | ---- | M] () (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\firefox\profiles\swkfz2xp.default\extensions\[email protected]
[2014-04-30 11:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014-06-23 11:58:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.ca/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: WOT = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.15_0\
CHR - Extension: YouTube = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Google Search = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: IE Tab Multi (Enhance) = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.2.1_0\
CHR - Extension: Hola Better Internet = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.3.704_0\
CHR - Extension: TweetDeck by Twitter = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.8.2_0\
CHR - Extension: Favicon Changer = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo\1.0.3_0\
CHR - Extension: Boomerang for Gmail = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.4_0\
CHR - Extension: Hangouts = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.710.434.3_0\
CHR - Extension: Google Wallet = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: video2mp3 = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\oljlcbniifdjapjocdfamhlnmpkojdkm\1.0.4_1\
CHR - Extension: OneClick Cleaner for Chrome = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh\0.9.0.9_0\
CHR - Extension: Gmail = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014-07-08 19:39:10 | 000,000,002 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\TELUS security services\TELUS security services\bdagent.exe (TELUS security services)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [DSFMAJAutoService] C:\Desjardins\Accueil\DesjardinsMajAutoFusion.exe (DJSFC)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TelusSecurityAdvisor] C:\Program Files (x86)\Telus\security advisor\5.5.12.650\TelusSecurityAdvisor.exe (Telus)
O4 - HKCU..\Run: [DiamondView] C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe (Manulife Financial)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_FA631E094BF4279435CE920E853E56FF] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Calgary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Calgary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://www.avdlext.com/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23BBA13D-658C-4B98-90BC-CE58CAD114D1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{905D83DC-1F93-46CB-BF84-5CEA204B8E3F}: DhcpNameServer = 192.168.1.254 75.153.176.9
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-07-16 11:17:12 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\IE Tab
[2014-07-13 22:04:43 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysNative\CompatTel
[2014-07-12 23:37:04 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\ElevatedDiagnostics
[2014-07-08 21:03:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Calgary\Desktop\OTL.exe
[2014-07-08 19:31:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-07-08 13:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014-07-08 13:32:56 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\SysWow64\sqlite3.dll
[2014-07-08 13:32:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-07-08 13:29:41 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Calgary\Desktop\JRT.exe
[2014-07-02 20:53:30 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\DFS
[2014-07-02 20:49:58 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\ISI
[2014-06-29 22:29:22 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\Foxit PhantomPDF
[2014-06-23 12:12:27 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Canada Life
[2014-06-23 12:07:02 | 006,542,336 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\SysNative\cdintf450_64.dll
[2014-06-23 12:07:02 | 004,818,432 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\SysWow64\cdintf450.dll
[2014-06-19 09:02:54 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excellence
[2014-06-19 09:02:49 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\Excellence
[2014-06-19 09:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Excellence
[2014-06-17 14:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software FX Shared
[2014-06-17 14:33:27 | 000,901,120 | ---- | C] (Three |D| Graphics, Inc.) -- C:\WINDOWS\SysWow64\sscsdk32.dll
[2014-06-17 14:33:27 | 000,221,696 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fhtml.dll
[2014-06-17 14:33:27 | 000,201,728 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2ssql.dll
[2014-06-17 14:33:27 | 000,180,736 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fxls.dll
[2014-06-17 14:33:27 | 000,160,768 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2ssyb10.dll
[2014-06-17 14:33:27 | 000,129,024 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2ftext.dll
[2014-06-17 14:33:27 | 000,120,320 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fwordw.dll
[2014-06-17 14:33:27 | 000,113,664 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2frtf.dll
[2014-06-17 14:33:27 | 000,102,912 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dnotes.dll
[2014-06-17 14:33:27 | 000,095,232 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dpost.dll
[2014-06-17 14:33:27 | 000,093,184 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fodbc.dll
[2014-06-17 14:33:27 | 000,092,160 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dvim.dll
[2014-06-17 14:33:27 | 000,075,264 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fwks.dll
[2014-06-17 14:33:27 | 000,074,240 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dmapi.dll
[2014-06-17 14:33:27 | 000,073,728 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fsepv.dll
[2014-06-17 14:33:27 | 000,070,144 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dapp.dll
[2014-06-17 14:33:27 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2frec.dll
[2014-06-17 14:33:27 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fcr.dll
[2014-06-17 14:33:27 | 000,058,880 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2ddisk.dll
[2014-06-17 14:33:27 | 000,056,320 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2l2000.dll
[2014-06-17 14:33:27 | 000,055,808 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64┠00.dll
[2014-06-17 14:33:27 | 000,024,576 | ---- | C] (Seagate Software, Inc) -- C:\WINDOWS\SysWow64\u2lcom.dll
[2014-06-17 14:33:26 | 000,693,888 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\SysWow64\SSVBX25.VBX
[2014-06-17 14:33:26 | 000,693,888 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System\SSVBX25.VBX
[2014-06-17 14:33:26 | 000,268,288 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2bxbse.dll
[2014-06-17 14:33:26 | 000,232,208 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\SSDATA2.VBX
[2014-06-17 14:33:26 | 000,232,208 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\SSDATA2.VBX
[2014-06-17 14:33:26 | 000,229,888 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\crpaig32.dll
[2014-06-17 14:33:26 | 000,216,064 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2sora7.dll
[2014-06-17 14:33:26 | 000,208,127 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2bbde.dll
[2014-06-17 14:33:26 | 000,189,952 | ---- | C] (Seagate Software, Inc) -- C:\WINDOWS\SysWow64\p2smon.dll
[2014-06-17 14:33:26 | 000,173,568 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2sifmx.dll
[2014-06-17 14:33:26 | 000,138,240 | ---- | C] (Seagate Software, Inc) -- C:\WINDOWS\SysWow64\p2soledb.dll
[2014-06-17 14:33:26 | 000,129,152 | ---- | C] (VideoSoft) -- C:\WINDOWS\SysWow64\VSVIEW2.VBX
[2014-06-17 14:33:26 | 000,092,176 | ---- | C] (VideoSoft) -- C:\WINDOWS\SysWow64\VSVBX.VBX
[2014-06-17 14:33:26 | 000,092,176 | ---- | C] (VideoSoft) -- C:\WINDOWS\System\VSVBX.VBX
[2014-06-17 14:33:26 | 000,064,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\THREED.VBX
[2014-06-17 14:33:26 | 000,064,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\THREED.VBX
[2014-06-17 14:33:26 | 000,060,416 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\crxlat32.dll
[2014-06-17 14:33:26 | 000,047,472 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\SSDATA1.VBX
[2014-06-17 14:33:26 | 000,047,472 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\SSDATA1.VBX
[2014-06-17 14:33:25 | 000,058,032 | ---- | C] (Crescent division of Progress Software Corporation) -- C:\WINDOWS\SysWow64\QPRO200.DLL
[2014-06-17 14:33:25 | 000,058,032 | ---- | C] (Crescent division of Progress Software Corporation) -- C:\WINDOWS\System\QPRO200.DLL
[2014-06-17 14:33:24 | 000,206,848 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2SODBC.DLL
[2014-06-17 14:33:24 | 000,152,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2BDAO.DLL
[2014-06-17 14:33:24 | 000,112,640 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2IRDAO.DLL
[2014-06-17 14:33:24 | 000,081,408 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2CTDAO.DLL
[2014-06-17 14:33:24 | 000,059,392 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2BBND.DLL
[2014-06-17 14:33:21 | 005,350,912 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\Crpe32.dll
[2014-06-17 14:33:21 | 000,687,800 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\SysWow64\TDBG5_32.OCX
[2014-06-17 14:33:21 | 000,480,032 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GRAPHX.VBX
[2014-06-17 14:33:21 | 000,480,032 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GRAPHX.VBX
[2014-06-17 14:33:21 | 000,475,168 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\SSTABS32.OCX
[2014-06-17 14:33:21 | 000,399,984 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GSW16.EXE
[2014-06-17 14:33:21 | 000,399,984 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GSW16.EXE
[2014-06-17 14:33:21 | 000,174,592 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GSWAG16.DLL
[2014-06-17 14:33:21 | 000,174,592 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GSWAG16.DLL
[2014-06-17 14:33:21 | 000,070,800 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GRAPH.VBX
[2014-06-17 14:33:21 | 000,064,000 | ---- | C] (Desaware Inc.) -- C:\WINDOWS\SysWow64\APIGID32.DLL
[2014-06-17 14:33:21 | 000,050,352 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GSWDLL16.DLL
[2014-06-17 14:33:21 | 000,050,352 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GSWDLL16.DLL
[2014-06-17 14:33:21 | 000,030,448 | ---- | C] (Ed Staffin Software) -- C:\WINDOWS\SysWow64\MSGBLAST.VBX
[2014-06-17 14:33:21 | 000,030,448 | ---- | C] (Ed Staffin Software) -- C:\WINDOWS\System\MSGBLAST.VBX
[2014-06-17 14:33:20 | 004,822,528 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\craxdrt.dll
[2014-06-17 14:33:20 | 000,993,996 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\CRYSTL32.OCX
[2014-06-17 14:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\illustrate inc
[2014-06-17 14:32:58 | 000,663,552 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\SysWow64\TDBG5.OCX
[2014-06-17 14:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ENVISION
[2014-06-17 14:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Empire
[2014-06-17 13:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Novinsoft
[2014-06-17 13:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Great West Life
[2014-06-17 13:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canada Life
[2014-06-17 13:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canada Life
[2014-06-17 13:49:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Great West Life
[2014-06-17 13:49:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Canada Life IG
[2014-06-17 13:49:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Canada Life
[2014-06-17 13:49:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\London Life
[2014-06-17 13:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoomExpressKeyview
[2014-06-17 13:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{28F8033D-7256-4F66-A16C-E080A43797B2}
[2014-06-17 13:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Concourse CL Content
[2014-06-17 13:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Concourse CL App
[2014-06-17 13:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{C0F6CDBD-EEC6-4F06-96E1-02AE8F01B948}
[2014-06-17 13:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMO Insurance
[2014-06-17 13:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BMONET
[2014-06-17 13:37:54 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\3rd Party
[2014-06-17 13:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RBC Illustrations
[2014-06-17 13:36:15 | 001,089,536 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\SysWow64\Roboex32.dll
[2014-06-17 13:36:14 | 000,936,448 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\ApolloSQL61.DLL
[2014-06-17 13:36:14 | 000,327,680 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDENSX61.DLL
[2014-06-17 13:36:14 | 000,323,584 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDECDX61.DLL
[2014-06-17 13:36:14 | 000,290,816 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDENTX61.DLL
[2014-06-17 13:36:12 | 000,229,376 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDE61.DLL
[2014-06-17 13:35:05 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Documents\RBC Illustrations
[2014-06-17 13:35:05 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\RBC Illustrations
[2014-06-17 13:35:02 | 000,778,240 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\rtl70.bpl
[2014-06-17 13:35:02 | 000,264,704 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vcldb70.bpl
[2014-06-17 13:35:02 | 000,257,024 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\dbrtl70.bpl
[2014-06-17 13:35:02 | 000,097,792 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vcljpg70.bpl
[2014-06-17 13:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RBC Illustrations
[2014-06-17 13:35:01 | 001,381,376 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vcl70.bpl
[2014-06-17 13:35:00 | 000,215,040 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vclx70.bpl
[2014-06-17 12:34:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2014-06-17 12:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manulife Financial
[2014-06-17 12:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Manulife Financial
[2014-06-17 12:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014-06-17 12:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Manulife Financial
[1 C:\Users\Calgary\Desktop\*.tmp files -> C:\Users\Calgary\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014-07-16 22:01:14 | 000,746,450 | ---- | M] () -- C:\Users\Calgary\Desktop\Cam Davies Endorsement.pdf
[2014-07-16 22:00:18 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014-07-16 22:00:18 | 000,800,408 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014-07-16 22:00:18 | 000,165,436 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014-07-16 19:45:43 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-07-16 07:54:01 | 000,000,604 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-3432463877-1759428120-2468046901-1002.job
[2014-07-16 07:48:10 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-07-16 07:18:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002UA1cf8fe8c3cd5081.job
[2014-07-16 07:12:16 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002UA.job
[2014-07-15 22:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014-07-15 17:49:30 | 000,190,968 | ---- | M] () -- C:\Users\Calgary\Desktop\but60Rc.jpg
[2014-07-15 15:00:35 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-07-15 14:58:44 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-07-15 14:58:38 | 1884,295,167 | -HS- | M] () -- C:\hiberfil.sys
[2014-07-15 14:18:47 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002Core1cf8fe8bfefb087.job
[2014-07-15 12:10:30 | 000,032,038 | ---- | M] () -- C:\Users\Calgary\Desktop\AB Plate.jpg
[2014-07-15 11:17:15 | 000,009,857 | ---- | M] () -- C:\Users\Calgary\Desktop\Obrien Ribbon.jpg
[2014-07-15 10:12:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002Core.job
[2014-07-13 22:09:26 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForCalgary.job
[2014-07-13 22:08:55 | 000,489,896 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014-07-11 10:57:11 | 000,276,732 | ---- | M] () -- C:\Users\Calgary\Desktop\SupplementaryVerificationOfIdentityForm.pdf
[2014-07-08 21:15:31 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2014-07-08 21:03:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Calgary\Desktop\OTL.exe
[2014-07-08 19:39:10 | 000,000,002 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\Hosts
[2014-07-08 13:29:50 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Calgary\Desktop\JRT.exe
[2014-07-08 13:26:19 | 001,346,519 | ---- | M] () -- C:\Users\Calgary\Desktop\adwcleaner_3.214.exe
[2014-07-08 10:09:56 | 001,180,255 | ---- | M] () -- C:\Users\Calgary\Desktop\CDN - Complete Mapped Application  - Calgary Shepard Conservative Association.pdf
[2014-06-25 18:00:59 | 000,286,551 | ---- | M] () -- C:\Users\Calgary\Desktop\Shane005.pdf
[2014-06-25 17:59:20 | 000,289,898 | ---- | M] () -- C:\Users\Calgary\Desktop\Richard004.pdf
[2014-06-25 17:57:03 | 000,264,752 | ---- | M] () -- C:\Users\Calgary\Desktop\Evangeline003.pdf
[2014-06-23 11:58:10 | 000,000,030 | ---- | M] () -- C:\WINDOWS\MaritimeLife.ini
[2014-06-17 14:35:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\efgtemp.ini
[2014-06-17 14:35:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iireport53.INI
[2014-06-17 14:33:55 | 000,000,156 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2014-06-17 14:33:20 | 000,000,097 | ---- | M] () -- C:\WINDOWS\fdpxld.ini
[2014-06-17 14:33:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\IIREPO~1.INI
[2014-06-17 12:30:43 | 000,000,029 | ---- | M] () -- C:\WINDOWS\MLI.INI
[1 C:\Users\Calgary\Desktop\*.tmp files -> C:\Users\Calgary\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014-07-16 22:01:12 | 000,746,450 | ---- | C] () -- C:\Users\Calgary\Desktop\Cam Davies Endorsement.pdf
[2014-07-15 17:49:30 | 000,190,968 | ---- | C] () -- C:\Users\Calgary\Desktop\but60Rc.jpg
[2014-07-15 12:10:30 | 000,032,038 | ---- | C] () -- C:\Users\Calgary\Desktop\AB Plate.jpg
[2014-07-15 11:17:15 | 000,009,857 | ---- | C] () -- C:\Users\Calgary\Desktop\Obrien Ribbon.jpg
[2014-07-12 23:37:07 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\HPCeeScheduleForCalgary.job
[2014-07-10 13:28:22 | 000,276,732 | ---- | C] () -- C:\Users\Calgary\Desktop\SupplementaryVerificationOfIdentityForm.pdf
[2014-07-08 13:26:08 | 001,346,519 | ---- | C] () -- C:\Users\Calgary\Desktop\adwcleaner_3.214.exe
[2014-07-08 10:09:56 | 001,180,255 | ---- | C] () -- C:\Users\Calgary\Desktop\CDN - Complete Mapped Application  - Calgary Shepard Conservative Association.pdf
[2014-06-25 18:00:58 | 000,286,551 | ---- | C] () -- C:\Users\Calgary\Desktop\Shane005.pdf
[2014-06-25 17:59:20 | 000,289,898 | ---- | C] () -- C:\Users\Calgary\Desktop\Richard004.pdf
[2014-06-25 17:57:03 | 000,264,752 | ---- | C] () -- C:\Users\Calgary\Desktop\Evangeline003.pdf
[2014-06-24 14:13:29 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002UA1cf8fe8c3cd5081.job
[2014-06-24 14:13:23 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002Core1cf8fe8bfefb087.job
[2014-06-23 11:58:10 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MaritimeLife.ini
[2014-06-17 14:35:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iireport53.INI
[2014-06-17 14:33:55 | 000,149,504 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2014-06-17 14:33:55 | 000,000,156 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2014-06-17 14:33:36 | 000,010,912 | ---- | C] () -- C:\WINDOWS\SHARE.EXE
[2014-06-17 14:33:21 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\Csread32.ocx
[2014-06-17 14:33:21 | 000,024,880 | ---- | C] () -- C:\WINDOWS\SysWow64\MDICHILD.VBX
[2014-06-17 14:33:21 | 000,022,776 | ---- | C] () -- C:\WINDOWS\SysWow64\FDPTOOLS.DLL
[2014-06-17 14:33:21 | 000,022,776 | ---- | C] () -- C:\WINDOWS\System\FDPTOOLS.DLL
[2014-06-17 14:33:21 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\Implode.dll
[2014-06-17 14:33:21 | 000,018,688 | ---- | C] () -- C:\WINDOWS\SysWow64\CMDIALOG.VBX
[2014-06-17 14:33:21 | 000,018,688 | ---- | C] () -- C:\WINDOWS\System\CMDIALOG.VBX
[2014-06-17 14:33:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\fdpxld.ini
[2014-06-17 14:33:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\IIREPO~1.INI
[2014-06-17 14:32:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\efgtemp.ini
[2014-06-17 13:36:15 | 000,023,552 | ---- | C] () -- C:\WINDOWS\SysWow64\AppStuff.bpl
[2014-06-17 12:30:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\MLI.INI
[2014-05-21 09:22:18 | 000,002,491 | ---- | C] () -- C:\ProgramData\regid.2012-05.ca.repsource_EC596C15-1BA5-4A0F-8804-4CC5BB52F1EE.swidtag
[2014-04-15 20:46:44 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014-03-17 16:41:59 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014-03-03 20:46:15 | 002,436,794 | ---- | C] () -- C:\ProgramData\1393900866.bdinstall.bin
[2014-02-24 09:05:32 | 000,065,928 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsresfr.dll
[2014-02-24 09:05:32 | 000,065,928 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsreses.dll
[2014-02-24 09:05:32 | 000,065,928 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsresde.dll
[2014-02-24 09:05:32 | 000,056,200 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsresen.dll
[2014-01-08 22:50:48 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014-01-08 22:47:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013-12-13 11:23:56 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013-12-13 11:23:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013-12-13 11:23:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013-12-13 11:23:24 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013-12-13 11:23:24 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013-12-13 11:23:14 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013-10-07 20:40:42 | 000,369,624 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\FW7650.bin
[2013-10-07 20:40:42 | 000,000,313 | ---- | C] () -- C:\WINDOWS\SysWow64\RaCheckBTDev.ini
[2013-08-22 09:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 09:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 08:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-22 01:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-21 21:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-21 17:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-21 17:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012-11-27 01:18:46 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll
[2012-07-25 14:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012-07-25 14:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012-07-25 14:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
 
========== ZeroAccess Check ==========
 
[2014-01-14 18:15:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-04-06 10:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-04-06 09:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 03:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 20:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 03:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014-01-02 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014-04-24 19:01:04 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\CrystalIdea Software
[2014-07-16 21:17:21 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Dropbox
[2014-07-15 15:06:02 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\DropboxMaster
[2014-04-08 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\EPSON
[2014-06-10 09:57:49 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Foxit Software
[2014-02-18 16:31:45 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\HewlettPackard
[2014-01-02 23:37:11 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\PDAppFlex
[2014-03-03 20:41:45 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\QuickScan
[2014-06-17 13:35:05 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\RBC Illustrations
[2014-05-17 11:01:50 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\SketchUp
[2013-12-30 20:51:38 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Synaptics
[2014-03-03 20:35:28 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Telus
[2014-03-03 20:44:44 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\TELUS security services
[2014-02-05 23:52:08 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Calgary\SkyDrive:ms-properties

< End of report >
 


  • 0

#27
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

Sorry I missed you

Did you uninstall Telus Security Services ?

You're using Bitdefender Anti Virus correct ?

Kind of confusing Telus Security Services uses the same module Bitdefender does.

Please follow the instructions Here under Vista. Use the removal tool on that page.

Post a new OTL Please
  • 0

#28
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

No. Telus is my AV. Not using Bitdefender.

 

You still want another OTL?


  • 0

#29
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
No don't need an OTL.

How are things running.
  • 0

#30
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 652 posts

Once my browser [FF or Chrome] opens, it's better. But there still seems to be quite the lag or stall, if you will, when I start it up.

 

You seeing anything of interest anymore?

 

- T


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP