Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown issue but laptop is off it's mark.


  • Please log in to reply

#1
Triskelion

Triskelion

    Member

  • Member
  • PipPipPip
  • 663 posts

So I have recently taken over this laptop for work and as I set it up to my own preferences, there seems to be some issues.

The computer has been taking longer than normal to boot and  it seems to really lag at times, especially when I'm opening the browser or different pages.

 

Can someone take a look at this for me?

Please and thank you!

I have posted the OTL logs below;

 

OTL:

 

OTL logfile created on: 2014-06-24 8:49:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Calgary\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
7.19 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 32.29% Memory free
9.32 Gb Paging File | 4.17 Gb Available in Paging File | 44.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 903.81 Gb Total Space | 840.08 Gb Free Space | 92.95% Space Free | Partition Type: NTFS
Drive D: | 26.59 Gb Total Space | 2.64 Gb Free Space | 9.91% Space Free | Partition Type: NTFS
 
Computer Name: CALGARYSHEPARD | User Name: Calgary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-06-24 08:47:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Calgary\Desktop\OTL.exe
PRC - [2014-06-24 08:40:05 | 002,127,952 | ---- | M] () -- C:\Users\Calgary\AppData\Local\Temp\TowerTilt\TowerTilt_Setup.exe
PRC - [2014-06-24 08:36:40 | 000,233,096 | ---- | M] () -- C:\Users\Calgary\AppData\Local\Temp\toolbar79977630.exe
PRC - [2014-06-24 08:36:23 | 006,369,312 | ---- | M] (http://yourfiledownloader.com) -- C:\Users\Calgary\AppData\Local\Temp\update79950875.exe
PRC - [2014-06-24 08:11:42 | 000,317,728 | ---- | M] () -- C:\Program Files (x86)\TowerTilt\updateTowerTilt.exe
PRC - [2014-06-23 11:58:09 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014-06-17 08:55:03 | 000,079,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
PRC - [2014-06-17 08:54:13 | 018,935,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
PRC - [2014-06-05 07:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-05-19 18:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Calgary\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014-05-13 18:33:57 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014-04-30 13:31:08 | 000,950,272 | ---- | M] (Manulife Financial) -- C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe
PRC - [2014-03-07 02:02:08 | 000,267,224 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2014-01-27 19:15:18 | 000,227,904 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2013-12-25 15:20:30 | 001,045,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2013-12-25 15:20:26 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2013-12-12 11:27:52 | 000,186,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2013-08-21 22:17:05 | 000,374,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2013-08-05 01:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012-11-05 17:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012-11-02 15:00:44 | 013,836,984 | ---- | M] (Telus) -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\TelusSecurityAdvisor.exe
PRC - [2012-11-02 14:58:32 | 012,575,752 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\Telus_ServicepointService.exe
PRC - [2012-11-02 14:55:14 | 008,053,032 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\TelusSecurityAdvisorComHandler.exe
PRC - [2012-07-13 16:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011-03-04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007-11-20 20:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-06-24 08:40:14 | 000,011,264 | ---- | M] () -- C:\Users\Calgary\AppData\Local\Temp\nstA5F8.tmp\System.dll
MOD - [2014-06-24 08:40:13 | 000,117,248 | ---- | M] () -- C:\Users\Calgary\AppData\Local\Temp\nstA5F8.tmp\IpConfig.dll
MOD - [2014-06-24 08:40:11 | 000,005,632 | ---- | M] () -- C:\Users\Calgary\AppData\Local\Temp\nstA5F8.tmp\ExecDos.dll
MOD - [2014-06-24 08:40:05 | 002,127,952 | ---- | M] () -- C:\Users\Calgary\AppData\Local\Temp\TowerTilt\TowerTilt_Setup.exe
MOD - [2014-06-24 08:37:56 | 000,117,248 | ---- | M] () -- C:\Users\Calgary\AppData\Local\Temp\nsc8DA7.tmp\IpConfig.dll
MOD - [2014-06-24 08:37:56 | 000,011,264 | ---- | M] () -- C:\Users\Calgary\AppData\Local\Temp\nsc8DA7.tmp\System.dll
MOD - [2014-06-24 08:36:40 | 000,233,096 | ---- | M] () -- C:\Users\Calgary\AppData\Local\Temp\toolbar79977630.exe
MOD - [2014-06-24 08:11:42 | 000,317,728 | ---- | M] () -- C:\Program Files (x86)\TowerTilt\updateTowerTilt.exe
MOD - [2014-06-23 11:58:07 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014-06-23 10:28:42 | 000,043,008 | ---- | M] () -- c:\users\calgary\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgm4uvo.dll
MOD - [2014-06-17 08:54:54 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2014-06-17 08:54:52 | 008,890,536 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll
MOD - [2014-06-17 08:54:06 | 001,032,360 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\ADDINS\UmOutlookAddin.dll
MOD - [2014-06-17 08:51:16 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2014-06-05 07:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014-06-05 07:58:37 | 014,612,296 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
MOD - [2014-06-05 07:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014-06-05 07:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014-06-05 07:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014-06-05 07:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014-05-13 18:33:56 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014-04-23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014-04-23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014-02-16 11:13:57 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\465dac2a0ebb43fd93816404c1b03bc9\System.ServiceProcess.ni.dll
MOD - [2014-02-16 11:13:39 | 000,978,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\97272e5adde36ea896d7216bf0270e15\System.Configuration.ni.dll
MOD - [2014-02-16 11:13:39 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\865b858298279774d2a3c6cecac95124\System.Configuration.Install.ni.dll
MOD - [2014-02-16 01:30:38 | 005,463,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\672138dc2f47a077f59ef14290a6973e\System.Xml.ni.dll
MOD - [2014-02-16 01:30:32 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a673aacf407b499981342bb709cce917\System.Windows.Forms.ni.dll
MOD - [2014-02-16 01:30:23 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d76ae95d56d39a59f727f5518ac8e396\System.Drawing.ni.dll
MOD - [2014-02-16 01:29:47 | 007,993,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\20af51394609c937507288c2b1cf2c8c\System.ni.dll
MOD - [2014-02-16 01:29:41 | 011,499,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3de119146ed0e59408f896aa69cdfc42\mscorlib.ni.dll
MOD - [2014-01-02 19:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Calgary\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013-08-23 13:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Calgary\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013-08-16 18:06:31 | 000,131,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
MOD - [2013-08-05 16:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013-08-05 01:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012-05-22 16:57:24 | 020,758,016 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libcef.dll
MOD - [2012-05-22 16:57:24 | 001,094,158 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avcodec-53.dll
MOD - [2012-05-22 16:57:24 | 000,622,080 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libGLESv2.dll
MOD - [2012-05-22 16:57:24 | 000,183,822 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avformat-53.dll
MOD - [2012-05-22 16:57:24 | 000,117,262 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avutil-51.dll
MOD - [2012-05-22 16:57:24 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libEGL.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-05-21 03:28:26 | 002,279,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014-04-06 05:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014-04-02 20:51:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014-03-23 20:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014-03-23 20:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014-03-14 00:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014-03-07 23:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014-03-06 01:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014-02-22 09:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014-02-22 03:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014-02-22 03:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014-02-22 03:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014-02-22 03:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014-02-22 03:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014-02-06 04:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-01-08 23:39:39 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013-12-13 11:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013-12-10 01:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013-11-22 22:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-10-09 16:52:30 | 001,645,256 | ---- | M] (TELUS security services) [Auto | Running] -- C:\Program Files\TELUS security services\TELUS security services\vsserv.exe -- (VSSERV)
SRV:64bit: - [2013-10-09 16:52:30 | 000,069,392 | ---- | M] (TELUS security services) [Disabled | Stopped] -- C:\Program Files\TELUS security services\TELUS security services\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2013-10-09 16:52:30 | 000,067,320 | ---- | M] (TELUS security services) [Auto | Running] -- C:\Program Files\TELUS security services\TELUS security services\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2013-08-22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013-08-22 05:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013-08-22 05:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013-08-22 05:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013-08-22 05:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013-08-22 05:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013-08-22 04:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013-08-22 04:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013-08-22 03:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013-08-22 03:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013-08-22 03:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-08-22 03:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-08-22 03:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013-08-22 03:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013-08-22 03:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-08-22 03:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013-03-01 16:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2013-02-26 01:31:30 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013-02-19 23:10:00 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2009-11-17 20:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014-06-24 08:11:42 | 000,317,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\TowerTilt\updateTowerTilt.exe -- (Update TowerTilt)
SRV - [2014-06-23 11:58:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-05-13 18:34:09 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-03-14 00:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014-01-27 19:15:18 | 000,227,904 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014-01-08 23:39:40 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2014-01-08 23:39:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2014-01-08 23:39:38 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013-12-25 15:20:26 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2013-08-22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-08-21 21:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-21 20:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012-11-02 14:58:32 | 012,575,752 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\Telus_ServicepointService.exe -- (ServicepointService8)
SRV - [2012-09-27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011-03-04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010-10-12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-05-01 07:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014-04-01 00:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014-03-23 20:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014-03-23 20:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014-03-23 20:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014-03-19 21:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014-03-13 06:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014-03-08 14:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014-03-08 14:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014-02-22 10:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014-02-22 09:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014-02-22 09:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014-02-22 09:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014-02-22 09:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014-02-22 09:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014-02-22 06:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014-02-11 19:00:15 | 000,290,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2014-02-11 18:57:31 | 000,830,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2014-01-27 21:58:37 | 000,041,704 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2014-01-08 23:42:43 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014-01-08 23:42:43 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014-01-08 23:42:43 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013-12-13 11:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013-12-13 11:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013-12-04 12:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013-12-02 10:42:14 | 001,204,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2013-11-26 17:34:34 | 002,483,376 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013-11-14 01:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013-11-14 01:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013-11-14 01:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013-11-14 01:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013-09-08 21:04:56 | 000,023,568 | ---- | M] (Bitdefender) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bdelam.sys -- (bdelam)
DRV:64bit: - [2013-08-23 14:48:49 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013-08-22 07:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013-08-22 07:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013-08-22 06:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-22 06:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013-08-22 06:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-08-22 06:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013-08-22 06:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-08-22 06:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013-08-22 06:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013-08-22 06:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013-08-22 06:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013-08-22 06:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013-08-22 06:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013-08-22 06:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013-08-22 06:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013-08-22 06:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013-08-22 06:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013-08-22 06:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013-08-22 06:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013-08-22 06:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013-08-22 06:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013-08-22 06:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013-08-22 06:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013-08-22 06:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-08-22 06:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013-08-22 06:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013-08-22 06:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013-08-22 06:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013-08-22 06:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013-08-22 05:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013-08-22 05:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013-08-22 05:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013-08-22 05:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013-08-22 05:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013-08-22 05:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013-08-22 05:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013-08-22 05:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-08-22 05:38:30 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2013-08-22 05:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013-08-22 05:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013-08-22 05:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013-08-22 05:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013-08-22 05:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013-08-22 05:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013-08-22 05:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013-08-22 05:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-08-22 05:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-08-22 05:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013-08-22 05:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013-08-22 05:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013-08-22 05:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013-08-22 05:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013-08-22 05:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013-08-22 02:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013-08-12 17:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013-08-09 18:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013-08-07 14:46:28 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013-07-30 12:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013-07-29 17:45:27 | 000,107,008 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\TELUS security services\TELUS security services Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2013-07-25 13:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013-07-24 19:19:21 | 000,098,768 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\TELUS security services\TELUS security services Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2013-07-23 17:50:57 | 000,082,824 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2013-07-19 19:08:08 | 000,601,360 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013-07-19 19:04:54 | 000,727,592 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2013-03-18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013-03-05 13:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013-03-01 16:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2013-03-01 16:40:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2013-02-14 21:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013-02-05 22:54:18 | 000,469,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013-02-05 22:54:16 | 000,031,984 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013-02-05 22:54:16 | 000,028,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012-11-30 03:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012-11-30 03:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012-08-31 10:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012-08-28 09:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012-04-09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2011-03-04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010-02-08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2008-11-16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{3BABA3F4-18AB-461F-BDCB-030F621C999E}: "URL" = http://www.amazon.ca...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...56705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKLM\..\SearchScopes\{3BABA3F4-18AB-461F-BDCB-030F621C999E}: "URL" = http://www.amazon.ca...s={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...56705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002\..\SearchScopes,DefaultScope = {6566C40D-EF72-4B49-B3AC-7E936B478530}
IE - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002\..\SearchScopes\{053A6642-1AB0-40ED-A2A6-4ECC2A1A76A3}: "URL" = http://search.yahoo....petb&type=10803
IE - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002\..\SearchScopes\{3BABA3F4-18AB-461F-BDCB-030F621C999E}: "URL" = http://www.amazon.ca...s={searchTerms}
IE - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002\..\SearchScopes\{6566C40D-EF72-4B49-B3AC-7E936B478530}: "URL" = http://search.findwi...k={searchTerms}
IE - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...56705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B6e84150a-d526-41f1-a480-a67d3fed910d%7D:1.5.6
FF - prefs.js..extensions.enabledAddons: %7B12b6fdcd-4423-4276-82a3-73fdbff5f7e4%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B587cb346-a3d8-4884-b39b-f0ed918b6f96%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA_8,version=1: C:\Program Files (x86)\Telus\security advisor\5.5.12.650\nprpspa.dll (Telus)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA_8,version=1: C:\Program Files (x86)\Telus\security advisor\5.5.12.650\nprpspa.dll (Telus)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Calgary\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Calgary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Calgary\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Calgary\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Calgary\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\hp.com/HPDetect: C:\Users\Calgary\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\TELUS SECURITY SERVICES\TELUS SECURITY SERVICES\BDTBEXT [2013-10-10 15:28:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\TELUS security services\TELUS security services\bdtbext [2013-10-10 15:28:31 | 000,000,000 | ---D | M]
 
[2014-06-10 09:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\Extensions
[2014-06-24 08:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\Firefox\Profiles\swkfz2xp.default\extensions
[2014-06-24 08:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\Firefox\Profiles\swkfz2xp.default\extensions\staged
[2014-06-24 08:42:02 | 000,023,674 | ---- | M] () (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\firefox\profiles\swkfz2xp.default\extensions\{12b6fdcd-4423-4276-82a3-73fdbff5f7e4}.xpi
[2014-06-24 08:11:42 | 000,007,464 | ---- | M] () (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\firefox\profiles\swkfz2xp.default\extensions\{587cb346-a3d8-4884-b39b-f0ed918b6f96}.xpi
[2014-06-20 09:56:26 | 000,111,028 | ---- | M] () (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\firefox\profiles\swkfz2xp.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
[2014-04-30 11:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014-06-23 11:58:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.ca/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: WOT = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.15_0\
CHR - Extension: YouTube = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Google Search = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.7.52_0\
CHR - Extension: IE Tab Multi (Enhance) = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.2.1_0\
CHR - Extension: Hola Better Internet = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.3.630_0\
CHR - Extension: TweetDeck by Twitter = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.7.4_0\
CHR - Extension: Favicon Changer = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo\1.0.3_0\
CHR - Extension: Boomerang for Gmail = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.4_0\
CHR - Extension: Hangouts = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.610.433.2_0\
CHR - Extension: Google Wallet = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: video2mp3 = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\oljlcbniifdjapjocdfamhlnmpkojdkm\1.0.4_1\
CHR - Extension: OneClick Cleaner for Chrome = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh\0.9.0.9_0\
CHR - Extension: Gmail = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014-03-02 11:32:21 | 000,517,700 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 0.0.0.0 fr.a2dfp.net
O1 - Hosts: 0.0.0.0 m.fr.a2dfp.net
O1 - Hosts: 0.0.0.0 mfr.a2dfp.net
O1 - Hosts: 0.0.0.0 ad.a8.net
O1 - Hosts: 0.0.0.0 asy.a8ww.net
O1 - Hosts: 0.0.0.0 abcstats.com
O1 - Hosts: 0.0.0.0 ad4.abradio.cz
O1 - Hosts: 0.0.0.0 a.abv.bg
O1 - Hosts: 0.0.0.0 adserver.abv.bg
O1 - Hosts: 0.0.0.0 adv.abv.bg
O1 - Hosts: 0.0.0.0 bimg.abv.bg
O1 - Hosts: 0.0.0.0 ca.abv.bg
O1 - Hosts: 0.0.0.0 www2.a-counter.kiev.ua
O1 - Hosts: 0.0.0.0 track.acclaimnetwork.com
O1 - Hosts: 0.0.0.0 accuserveadsystem.com
O1 - Hosts: 0.0.0.0 www.accuserveadsystem.com
O1 - Hosts: 0.0.0.0 achmedia.com
O1 - Hosts: 0.0.0.0 csh.actiondesk.com
O1 - Hosts: 0.0.0.0 ads.activepower.net
O1 - Hosts: 0.0.0.0 app.activetrail.com
O1 - Hosts: 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 0.0.0.0 traffic.acwebconnecting.com
O1 - Hosts: 0.0.0.0 office.ad1.ru
O1 - Hosts: 15432 more lines...
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (no name) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - No CLSID value found.
O3 - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002\..\Toolbar\WebBrowser: (no name) - {F258B9BC-B306-4343-9D1C-22EC837B646F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\TELUS security services\TELUS security services\bdagent.exe (TELUS security services)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [DSFMAJAutoService] C:\Desjardins\Accueil\DesjardinsMajAutoFusion.exe (DJSFC)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TelusSecurityAdvisor] C:\Program Files (x86)\Telus\security advisor\5.5.12.650\TelusSecurityAdvisor.exe (Telus)
O4 - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002..\Run: [DiamondView] C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe (Manulife Financial)
O4 - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002..\Run: [GoogleChromeAutoLaunch_FA631E094BF4279435CE920E853E56FF] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002..\Run: [Power2GoExpress8] NA File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Calgary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Calgary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files\TELUS security services\TELUS security services\BdProvider.dll (Bitdefender)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\TELUS security services\TELUS security services\BdProvider32\BdProvider.dll (Bitdefender)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://www.avdlext.com/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23BBA13D-658C-4B98-90BC-CE58CAD114D1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{905D83DC-1F93-46CB-BF84-5CEA204B8E3F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-06-24 08:47:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Calgary\Desktop\OTL.exe
[2014-06-24 08:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader
[2014-06-23 12:36:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014-06-23 12:12:27 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Canada Life
[2014-06-23 12:10:10 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\Client Care
[2014-06-23 12:07:02 | 006,542,336 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\SysNative\cdintf450_64.dll
[2014-06-23 12:07:02 | 004,818,432 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\SysWow64\cdintf450.dll
[2014-06-19 09:02:54 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excellence
[2014-06-19 09:02:49 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\Excellence
[2014-06-19 09:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Excellence
[2014-06-17 14:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software FX Shared
[2014-06-17 14:33:27 | 000,901,120 | ---- | C] (Three |D| Graphics, Inc.) -- C:\WINDOWS\SysWow64\sscsdk32.dll
[2014-06-17 14:33:27 | 000,221,696 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fhtml.dll
[2014-06-17 14:33:27 | 000,201,728 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2ssql.dll
[2014-06-17 14:33:27 | 000,180,736 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fxls.dll
[2014-06-17 14:33:27 | 000,160,768 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2ssyb10.dll
[2014-06-17 14:33:27 | 000,129,024 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2ftext.dll
[2014-06-17 14:33:27 | 000,120,320 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fwordw.dll
[2014-06-17 14:33:27 | 000,113,664 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2frtf.dll
[2014-06-17 14:33:27 | 000,102,912 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dnotes.dll
[2014-06-17 14:33:27 | 000,095,232 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dpost.dll
[2014-06-17 14:33:27 | 000,093,184 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fodbc.dll
[2014-06-17 14:33:27 | 000,092,160 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dvim.dll
[2014-06-17 14:33:27 | 000,075,264 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fwks.dll
[2014-06-17 14:33:27 | 000,074,240 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dmapi.dll
[2014-06-17 14:33:27 | 000,073,728 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fsepv.dll
[2014-06-17 14:33:27 | 000,070,144 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dapp.dll
[2014-06-17 14:33:27 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2frec.dll
[2014-06-17 14:33:27 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fcr.dll
[2014-06-17 14:33:27 | 000,058,880 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2ddisk.dll
[2014-06-17 14:33:27 | 000,056,320 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2l2000.dll
[2014-06-17 14:33:27 | 000,055,808 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u252000.dll
[2014-06-17 14:33:27 | 000,024,576 | ---- | C] (Seagate Software, Inc) -- C:\WINDOWS\SysWow64\u2lcom.dll
[2014-06-17 14:33:26 | 000,693,888 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\SysWow64\SSVBX25.VBX
[2014-06-17 14:33:26 | 000,693,888 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System\SSVBX25.VBX
[2014-06-17 14:33:26 | 000,268,288 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2bxbse.dll
[2014-06-17 14:33:26 | 000,232,208 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\SSDATA2.VBX
[2014-06-17 14:33:26 | 000,232,208 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\SSDATA2.VBX
[2014-06-17 14:33:26 | 000,229,888 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\crpaig32.dll
[2014-06-17 14:33:26 | 000,216,064 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2sora7.dll
[2014-06-17 14:33:26 | 000,208,127 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2bbde.dll
[2014-06-17 14:33:26 | 000,189,952 | ---- | C] (Seagate Software, Inc) -- C:\WINDOWS\SysWow64\p2smon.dll
[2014-06-17 14:33:26 | 000,173,568 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2sifmx.dll
[2014-06-17 14:33:26 | 000,138,240 | ---- | C] (Seagate Software, Inc) -- C:\WINDOWS\SysWow64\p2soledb.dll
[2014-06-17 14:33:26 | 000,129,152 | ---- | C] (VideoSoft) -- C:\WINDOWS\SysWow64\VSVIEW2.VBX
[2014-06-17 14:33:26 | 000,092,176 | ---- | C] (VideoSoft) -- C:\WINDOWS\SysWow64\VSVBX.VBX
[2014-06-17 14:33:26 | 000,092,176 | ---- | C] (VideoSoft) -- C:\WINDOWS\System\VSVBX.VBX
[2014-06-17 14:33:26 | 000,064,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\THREED.VBX
[2014-06-17 14:33:26 | 000,064,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\THREED.VBX
[2014-06-17 14:33:26 | 000,060,416 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\crxlat32.dll
[2014-06-17 14:33:26 | 000,047,472 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\SSDATA1.VBX
[2014-06-17 14:33:26 | 000,047,472 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\SSDATA1.VBX
[2014-06-17 14:33:25 | 000,058,032 | ---- | C] (Crescent division of Progress Software Corporation) -- C:\WINDOWS\SysWow64\QPRO200.DLL
[2014-06-17 14:33:25 | 000,058,032 | ---- | C] (Crescent division of Progress Software Corporation) -- C:\WINDOWS\System\QPRO200.DLL
[2014-06-17 14:33:24 | 000,206,848 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2SODBC.DLL
[2014-06-17 14:33:24 | 000,152,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2BDAO.DLL
[2014-06-17 14:33:24 | 000,112,640 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2IRDAO.DLL
[2014-06-17 14:33:24 | 000,081,408 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2CTDAO.DLL
[2014-06-17 14:33:24 | 000,059,392 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2BBND.DLL
[2014-06-17 14:33:21 | 005,350,912 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\Crpe32.dll
[2014-06-17 14:33:21 | 000,687,800 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\SysWow64\TDBG5_32.OCX
[2014-06-17 14:33:21 | 000,480,032 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GRAPHX.VBX
[2014-06-17 14:33:21 | 000,480,032 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GRAPHX.VBX
[2014-06-17 14:33:21 | 000,475,168 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\SSTABS32.OCX
[2014-06-17 14:33:21 | 000,399,984 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GSW16.EXE
[2014-06-17 14:33:21 | 000,399,984 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GSW16.EXE
[2014-06-17 14:33:21 | 000,174,592 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GSWAG16.DLL
[2014-06-17 14:33:21 | 000,174,592 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GSWAG16.DLL
[2014-06-17 14:33:21 | 000,070,800 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GRAPH.VBX
[2014-06-17 14:33:21 | 000,064,000 | ---- | C] (Desaware Inc.) -- C:\WINDOWS\SysWow64\APIGID32.DLL
[2014-06-17 14:33:21 | 000,050,352 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GSWDLL16.DLL
[2014-06-17 14:33:21 | 000,050,352 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GSWDLL16.DLL
[2014-06-17 14:33:21 | 000,030,448 | ---- | C] (Ed Staffin Software) -- C:\WINDOWS\SysWow64\MSGBLAST.VBX
[2014-06-17 14:33:21 | 000,030,448 | ---- | C] (Ed Staffin Software) -- C:\WINDOWS\System\MSGBLAST.VBX
[2014-06-17 14:33:20 | 004,822,528 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\craxdrt.dll
[2014-06-17 14:33:20 | 000,993,996 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\CRYSTL32.OCX
[2014-06-17 14:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\illustrate inc
[2014-06-17 14:32:58 | 000,663,552 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\SysWow64\TDBG5.OCX
[2014-06-17 14:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ENVISION
[2014-06-17 14:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Empire
[2014-06-17 13:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Novinsoft
[2014-06-17 13:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Great West Life
[2014-06-17 13:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canada Life
[2014-06-17 13:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canada Life
[2014-06-17 13:49:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Great West Life
[2014-06-17 13:49:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Canada Life IG
[2014-06-17 13:49:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Canada Life
[2014-06-17 13:49:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\London Life
[2014-06-17 13:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoomExpressKeyview
[2014-06-17 13:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{28F8033D-7256-4F66-A16C-E080A43797B2}
[2014-06-17 13:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Concourse CL Content
[2014-06-17 13:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Concourse CL App
[2014-06-17 13:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{C0F6CDBD-EEC6-4F06-96E1-02AE8F01B948}
[2014-06-17 13:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMO Insurance
[2014-06-17 13:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BMONET
[2014-06-17 13:37:54 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\3rd Party
[2014-06-17 13:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RBC Illustrations
[2014-06-17 13:36:15 | 001,089,536 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\SysWow64\Roboex32.dll
[2014-06-17 13:36:14 | 000,936,448 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\ApolloSQL61.DLL
[2014-06-17 13:36:14 | 000,327,680 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDENSX61.DLL
[2014-06-17 13:36:14 | 000,323,584 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDECDX61.DLL
[2014-06-17 13:36:14 | 000,290,816 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDENTX61.DLL
[2014-06-17 13:36:12 | 000,229,376 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDE61.DLL
[2014-06-17 13:35:05 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Documents\RBC Illustrations
[2014-06-17 13:35:05 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\RBC Illustrations
[2014-06-17 13:35:02 | 000,778,240 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\rtl70.bpl
[2014-06-17 13:35:02 | 000,264,704 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vcldb70.bpl
[2014-06-17 13:35:02 | 000,257,024 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\dbrtl70.bpl
[2014-06-17 13:35:02 | 000,097,792 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vcljpg70.bpl
[2014-06-17 13:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RBC Illustrations
[2014-06-17 13:35:01 | 001,381,376 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vcl70.bpl
[2014-06-17 13:35:00 | 000,215,040 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vclx70.bpl
[2014-06-17 12:34:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2014-06-17 12:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manulife Financial
[2014-06-17 12:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Manulife Financial
[2014-06-17 12:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014-06-17 12:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Manulife Financial
[2014-06-11 13:13:43 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\Music
[2014-06-11 10:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
[2014-06-10 23:52:29 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014-06-10 23:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-06-10 14:21:49 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\offsync
[2014-06-10 12:48:01 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014-06-10 12:47:33 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\VOPackage
[2014-06-10 12:44:48 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\SearchProtect
[2014-06-10 12:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TowerTilt
[2014-06-10 12:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014-06-10 12:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader Updater
[2014-06-10 12:43:28 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\YourFileDownloader
[2014-06-10 11:34:48 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\Grierson
[2014-06-10 11:34:39 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\Pastor
[2014-06-10 09:51:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Workspace Logs
[2014-06-10 09:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Workspace
[2014-06-10 09:50:25 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Documents\Workspace Logs
[2014-06-10 09:50:24 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\Workspace
[2014-06-03 22:06:24 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\Apple Computer
[2014-06-03 22:06:24 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\Apple Computer
[2014-06-03 22:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014-06-03 22:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014-06-03 22:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014-06-03 22:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014-06-03 22:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014-06-03 22:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014-06-03 22:02:56 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\Apple
[2014-06-03 22:02:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014-06-03 22:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014-06-03 22:01:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014-05-29 10:29:15 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Documents\Outlook Files
[2014-05-29 08:43:47 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\Software
[2014-05-27 18:44:39 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\CSE
 
========== Files - Modified Within 30 Days ==========
 
[2014-06-24 08:47:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Calgary\Desktop\OTL.exe
[2014-06-24 08:35:06 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-06-23 21:48:00 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-06-23 21:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014-06-23 21:27:05 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForCalgary.job
[2014-06-23 21:12:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002UA.job
[2014-06-23 20:54:00 | 000,000,604 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-3432463877-1759428120-2468046901-1002.job
[2014-06-23 19:48:01 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-06-23 11:58:10 | 000,000,030 | ---- | M] () -- C:\WINDOWS\MaritimeLife.ini
[2014-06-23 10:31:31 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014-06-23 10:31:31 | 000,800,408 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014-06-23 10:31:31 | 000,165,436 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014-06-23 10:23:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-06-23 10:23:50 | 1884,295,167 | -HS- | M] () -- C:\hiberfil.sys
[2014-06-20 13:32:11 | 000,043,416 | ---- | M] () -- C:\Users\Calgary\Desktop\TD Jag.pdf
[2014-06-20 10:12:05 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002Core.job
[2014-06-19 11:36:02 | 000,378,443 | ---- | M] () -- C:\Users\Calgary\Desktop\Policy Receipt.pdf
[2014-06-19 11:27:07 | 000,380,858 | ---- | M] () -- C:\Users\Calgary\Desktop\Office Policy_Receipt.pdf
[2014-06-19 10:17:53 | 000,073,461 | ---- | M] () -- C:\Users\Calgary\Desktop\Monnex Coverage.pdf
[2014-06-17 14:35:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\efgtemp.ini
[2014-06-17 14:35:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iireport53.INI
[2014-06-17 14:33:55 | 000,000,156 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2014-06-17 14:33:20 | 000,000,097 | ---- | M] () -- C:\WINDOWS\fdpxld.ini
[2014-06-17 14:33:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\IIREPO~1.INI
[2014-06-17 12:30:43 | 000,000,029 | ---- | M] () -- C:\WINDOWS\MLI.INI
[2014-06-14 14:07:33 | 000,485,720 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014-06-10 23:52:29 | 000,001,291 | ---- | M] () -- C:\Users\Calgary\Desktop\Revo Uninstaller.lnk
[2014-06-10 12:45:58 | 000,000,004 | ---- | M] () -- C:\end
[2014-06-10 09:19:22 | 000,881,306 | ---- | M] () -- C:\Users\Calgary\Desktop\Axis 2013 Financials.pdf
[2014-06-03 21:39:45 | 000,088,555 | ---- | M] () -- C:\Users\Calgary\Desktop\ISI 2014-06-03.pdf
[2014-05-29 10:29:22 | 000,001,079 | ---- | M] () -- C:\Users\Calgary\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014-05-27 18:50:26 | 000,001,115 | ---- | M] () -- C:\Users\Calgary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014-05-27 18:50:11 | 000,001,087 | ---- | M] () -- C:\Users\Calgary\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2014-06-23 11:58:10 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MaritimeLife.ini
[2014-06-20 13:32:10 | 000,043,416 | ---- | C] () -- C:\Users\Calgary\Desktop\TD Jag.pdf
[2014-06-19 11:18:07 | 000,380,858 | ---- | C] () -- C:\Users\Calgary\Desktop\Office Policy_Receipt.pdf
[2014-06-19 11:15:30 | 000,378,443 | ---- | C] () -- C:\Users\Calgary\Desktop\Policy Receipt.pdf
[2014-06-19 10:17:51 | 000,073,461 | ---- | C] () -- C:\Users\Calgary\Desktop\Monnex Coverage.pdf
[2014-06-17 14:35:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iireport53.INI
[2014-06-17 14:33:55 | 000,149,504 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2014-06-17 14:33:55 | 000,000,156 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2014-06-17 14:33:36 | 000,010,912 | ---- | C] () -- C:\WINDOWS\SHARE.EXE
[2014-06-17 14:33:21 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\Csread32.ocx
[2014-06-17 14:33:21 | 000,024,880 | ---- | C] () -- C:\WINDOWS\SysWow64\MDICHILD.VBX
[2014-06-17 14:33:21 | 000,022,776 | ---- | C] () -- C:\WINDOWS\SysWow64\FDPTOOLS.DLL
[2014-06-17 14:33:21 | 000,022,776 | ---- | C] () -- C:\WINDOWS\System\FDPTOOLS.DLL
[2014-06-17 14:33:21 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\Implode.dll
[2014-06-17 14:33:21 | 000,018,688 | ---- | C] () -- C:\WINDOWS\SysWow64\CMDIALOG.VBX
[2014-06-17 14:33:21 | 000,018,688 | ---- | C] () -- C:\WINDOWS\System\CMDIALOG.VBX
[2014-06-17 14:33:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\fdpxld.ini
[2014-06-17 14:33:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\IIREPO~1.INI
[2014-06-17 14:32:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\efgtemp.ini
[2014-06-17 13:36:15 | 000,023,552 | ---- | C] () -- C:\WINDOWS\SysWow64\AppStuff.bpl
[2014-06-17 12:30:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\MLI.INI
[2014-06-10 23:52:29 | 000,001,291 | ---- | C] () -- C:\Users\Calgary\Desktop\Revo Uninstaller.lnk
[2014-06-10 12:43:56 | 000,000,004 | ---- | C] () -- C:\end
[2014-06-10 09:19:47 | 000,881,306 | ---- | C] () -- C:\Users\Calgary\Desktop\Axis 2013 Financials.pdf
[2014-06-03 22:02:56 | 000,002,535 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014-06-03 21:39:44 | 000,088,555 | ---- | C] () -- C:\Users\Calgary\Desktop\ISI 2014-06-03.pdf
[2014-05-29 10:29:22 | 000,001,079 | ---- | C] () -- C:\Users\Calgary\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014-05-21 09:22:18 | 000,002,491 | ---- | C] () -- C:\ProgramData\regid.2012-05.ca.repsource_EC596C15-1BA5-4A0F-8804-4CC5BB52F1EE.swidtag
[2014-04-15 20:46:44 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014-03-17 16:41:59 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014-03-03 20:46:15 | 002,436,794 | ---- | C] () -- C:\ProgramData\1393900866.bdinstall.bin
[2014-02-24 09:05:32 | 000,065,928 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsresfr.dll
[2014-02-24 09:05:32 | 000,065,928 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsreses.dll
[2014-02-24 09:05:32 | 000,065,928 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsresde.dll
[2014-02-24 09:05:32 | 000,056,200 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsresen.dll
[2014-01-08 22:50:48 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014-01-08 22:47:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013-12-13 11:23:56 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013-12-13 11:23:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013-12-13 11:23:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013-12-13 11:23:24 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013-12-13 11:23:24 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013-12-13 11:23:14 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013-10-07 20:40:42 | 000,369,624 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\FW7650.bin
[2013-10-07 20:40:42 | 000,000,313 | ---- | C] () -- C:\WINDOWS\SysWow64\RaCheckBTDev.ini
[2013-08-22 09:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 09:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 08:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-22 01:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-21 21:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-21 17:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-21 17:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012-11-27 01:18:46 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll
[2012-07-25 14:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012-07-25 14:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012-07-25 14:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
 
========== ZeroAccess Check ==========
 
[2014-01-14 18:15:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-04-06 10:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-04-06 09:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 03:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 20:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 03:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014-01-02 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014-04-24 19:01:04 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\CrystalIdea Software
[2014-06-23 10:31:20 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Dropbox
[2014-06-23 10:30:28 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\DropboxMaster
[2014-04-08 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\EPSON
[2014-06-10 09:57:49 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Foxit Software
[2014-02-18 16:31:45 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\HewlettPackard
[2014-01-02 23:37:11 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\PDAppFlex
[2014-03-03 20:41:45 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\QuickScan
[2014-06-17 13:35:05 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\RBC Illustrations
[2014-05-17 11:01:50 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\SketchUp
[2013-12-30 20:51:38 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Synaptics
[2014-03-03 20:35:28 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Telus
[2014-03-03 20:44:44 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\TELUS security services
[2014-06-11 20:34:02 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\VOPackage
[2014-02-05 23:52:08 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\WildTangent
[2014-06-10 12:49:19 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\YourFileDownloader
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Calgary\SkyDrive:ms-properties

< End of report >
 

EXTRAS:

 

OTL Extras logfile created on: 2014-06-24 8:49:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Calgary\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
7.19 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 32.29% Memory free
9.32 Gb Paging File | 4.17 Gb Available in Paging File | 44.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 903.81 Gb Total Space | 840.08 Gb Free Space | 92.95% Space Free | Partition Type: NTFS
Drive D: | 26.59 Gb Total Space | 2.64 Gb Free Space | 9.91% Space Free | Partition Type: NTFS
 
Computer Name: CALGARYSHEPARD | User Name: Calgary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3432463877-1759428120-2468046901-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19F1EB5A-C761-44A0-B700-69B9C7BBA6E5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35C8C3BE-EE57-4AB2-836B-260072EAEED5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{37FD5936-BD25-4F92-A619-4B998B7A4F2C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C94EC34-0192-4513-A67F-72D40051FB19}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8BEAE107-4442-4AED-B63F-DF05664B7F8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E1AA1B2-A951-4CD3-85F4-8643DFC9417A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A0B73DF-563B-4A7A-BFD7-331F00819C27}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E3AD7A6-A05E-41BB-8ADF-93FBB1F49037}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BAFE005B-28A2-46D3-B7D2-E564B4081BEC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BFD44319-A1CD-4970-A521-73C23AC49599}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E50A4C38-17DC-4C70-AE17-C4C8AE60E72F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EC2AADF8-DC4F-4D03-AA41-FD6568C1BE6A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EE5462F7-73F3-4876-9A58-E2D27D956E29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F67DDEC0-49F2-4D04-9C5B-7BC541902A9F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00907908-0D69-45DA-AF9F-A7433B9BCED9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{01C0D443-9DE3-451A-93A3-6CF824D008AF}" = dir=out | name=juniper networks junos pulse |
"{03B8AA23-60D8-468F-8811-4BCF0980BED1}" = dir=in | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
"{0456B75D-69F8-46BB-8735-C4B880EBF71E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{05577BB2-CA33-4700-9CB3-A2D1835ADBB7}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{06EEDEDA-C540-4177-9925-169CF6588A82}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09520117-01C5-4CE4-863F-00CBF9E98071}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{0998C86B-B332-4F6F-98B1-36DD9EA452A5}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{0AC5795C-9812-4288-B0AD-8CF25FA2FCF0}" = dir=out | name=@{microsoft.bingweather_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{0BCB69F6-0521-4ACD-92D6-EA6C7586E33A}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{0FACE1BB-06C0-455E-910E-BAB0FB0F5420}" = dir=in | name=microsoft mahjong |
"{1597D460-138B-435F-9E55-22BEE53A5DCF}" = dir=in | name=@{ad2f1837.gettingstartedwithwindows8_1.5.3.1_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} |
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
"{1937F339-FABE-46F3-A23E-02389A1EEEAE}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{1AFE98D4-B224-4301-B02B-BF9F70C12867}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{1C153857-1AD5-4986-A7A7-E060BEBA5275}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1CF2A4B4-7806-4341-ADB1-43C044A9D279}" = dir=out | name=@{30059jarrey.magiclockscreen_2.1.0.1_x64__2cz0jn84nveec?ms-resource://30059jarrey.magiclockscreen/resources/packagedisplayname} |
"{1DBDE7D1-4400-4FAE-8511-BE9081075371}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2D931C1E-5AC1-4196-8F8E-82F4145B9C69}" = dir=in | name=@{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{2EAEFAA0-01EE-4F69-8F05-8801D269B0E0}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2F5F7DD5-81CD-4769-9084-89B9AE76EEC3}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{2FE0D977-8ECF-4395-91C7-39DCBCB3BFBF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{331C510E-5BD8-4BD4-8D55-518817D2C002}" = dir=in | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
"{33D986DB-C061-4FEB-8937-815E3CE96DFD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{342D0AF9-E38C-43B7-B4D3-1B9999442C72}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{3697E0B4-A874-48EC-87F8-10F07B1CFDC6}" = dir=out | name=microsoft mahjong |
"{36FF89CC-26AE-44BD-B721-AA122478DA64}" = dir=in | app=c:\users\administrator\appdata\local\microsoft\skydrive\skydrive.exe |
"{38BA6EAA-0399-4BA9-A55F-7A715C1794FF}" = protocol=17 | dir=in | app=c:\users\calgary\downloads\foxit_phantom_pdf_activation_key_downloader.exe |
"{39E126F1-0EDC-4D11-A3DE-63E56FDED062}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{3B67A3D2-EDC4-4258-A8CE-804D89D50FCF}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{3BE26973-AB4E-48A6-80ED-A40FD31085C5}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{3E530973-813B-4BBA-9E70-E3BE85F1115C}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{3FE0DC31-6B59-4674-BDCE-8E12D83857FC}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{445C26DA-75B5-48D0-9FFF-DEAA72E7F76D}" = dir=out | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
"{4A6CC6B9-B3F3-4864-92D9-1DFD1906046C}" = dir=in | name=microsoft solitaire collection |
"{4C628FAD-7426-4D3D-95C8-EB925816127C}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe |
"{4CAF4FE1-9902-4B20-9E72-8A0CD0A3BA4C}" = dir=out | name=youcam for hp |
"{503F6B4C-D1E7-4CC4-A904-2827AB5E59F5}" = dir=out | name=@{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{504BB215-A984-4DE0-B58A-5E394A5E69AF}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{52B32E2F-1758-4CA1-8EF7-09B60E49CCFF}" = dir=out | name=hp+ |
"{52F2D942-56E7-4C59-937E-D83E21BE62F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53C2DBB7-DC83-4129-95D0-29E954B0DA72}" = dir=in | name=f5 vpn |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{55C2E2A4-BC95-4F39-A811-D3D71DDB35E5}" = dir=out | name=windows_ie_ac_001 |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{56705BDA-BFDF-4727-8AFC-08601A2128E2}" = dir=out | name=skype |
"{56A5060A-54C1-4546-814F-9E7D3103D71A}" = dir=in | name=torrex pro |
"{5964156C-0112-4945-97B0-4CA686EBF1F0}" = dir=out | name=ebay |
"{5A7A84B3-FE05-44B9-832D-4182F58D667D}" = dir=out | name=@{microsoft.zunevideo_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{5BEAA4E7-7657-4659-B9B9-CA3C2FB527DB}" = protocol=6 | dir=in | app=c:\users\calgary\downloads\foxit_phantom_pdf_activation_key_downloader.exe |
"{5E9B15DC-B5AB-4165-BF57-76B52FD06648}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5EEC6F6C-BADF-4A41-9060-430FA016FC7A}" = dir=in | name=canon office printer utility |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{660D260D-C6EE-485B-8057-E0F092C4A514}" = dir=out | name=torrex pro |
"{6AEC3E31-8BD9-43F0-8861-F43660FEC2AA}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{740846EB-7298-41FA-963C-C8855FEDD8B0}" = dir=out | name=f5 vpn |
"{7645E935-810D-4286-B74E-C6199D11A067}" = dir=out | app=%localappdata%\hpconnectedmusic\application\spotify_helper.exe |
"{76BB6471-483A-4150-9E73-8129FCA2175E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{770F4339-7BC9-43ED-87DC-3EA79746F71A}" = dir=in | app=%localappdata%\hpconnectedmusic\application\hpconnectedmusic.exe |
"{7CE7B442-C042-4D7E-B9F1-45389AE9C74C}" = dir=out | name=hp games |
"{7F6EA649-26FB-4A86-A24E-F19B8BFFF0A6}" = protocol=6 | dir=out | app=system |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{83355486-CB97-4D96-A0C1-3ABC52D0DEB2}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{84C37675-13C0-4E7C-9BD6-159874EBE213}" = dir=in | name=hp+ |
"{8958747C-DD5D-4E15-92A0-15DEA46944D6}" = dir=in | name=check point vpn |
"{8A346D39-374E-49D2-ACC0-B2E6F306FDF8}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{8B6B313E-5E4A-49DE-A6C9-FF1C7D2A2964}" = protocol=6 | dir=in | app=c:\users\calgary\appdata\roaming\dropbox\bin\dropbox.exe |
"{8C046D8A-A2B0-4E2F-8F27-CCC4026CDCDE}" = dir=out | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{8F07C3F5-A50D-4AD4-8117-0D9DF89BC1DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{91CE9238-9035-4D3D-BF7E-58DA2C7E6AF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9289CF51-2A49-4B29-8DF4-33BFB60224AF}" = dir=out | name=@{microsoft.bingsports_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{99E21B1B-DF09-47B0-BF61-18012942CD4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9BEC488B-6493-486C-A558-9A55C905D386}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C7B0B57-4555-49B5-BD83-9093A5A8554D}" = dir=in | name=@{microsoft.skypeapp_1.2.0.129_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{9F07DFD6-166D-4CF0-A51B-610F1E5EE8BB}" = dir=in | name=box |
"{A515B055-DC70-4F4D-B99C-44BA2092D1CE}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{A847DD26-C4BD-4EB4-AF59-C9432065FB81}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{A9FEB88E-16A2-470A-AF6C-7CA3E7AE054E}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{ADA2DBA7-70B3-49F5-A7CC-7403CF0D50B2}" = dir=in | name=juniper networks junos pulse |
"{AE6719BF-E9A2-4B9F-800F-B72155F3DC4D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{B1A9C677-E558-4E30-9769-916FF0353BF0}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{B35DB667-FFD9-4B06-A145-B663A5FC7E06}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{B3AC8F7A-B6FB-4AEE-9A38-F2060D7F872E}" = dir=out | name=check point vpn |
"{B5952A52-77D4-49B3-8212-8C4BFB5D0754}" = dir=out | name=@{microsoft.bingtravel_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{B668DF47-F27C-4D3E-9595-96125881987C}" = dir=out | name=facebook |
"{B6A5D279-C3C3-43AE-8C0A-7A20970F84F7}" = dir=out | name=@{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{B72B26FD-BFCD-449F-92BF-474C757EB5BE}" = dir=in | name=hp all-in-one printer remote |
"{B7C691BF-02D4-490E-8BDD-9473544AE594}" = dir=out | name=@{microsoft.bingnews_3.0.2.261_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{B7EEC0C9-BB70-4AB0-934B-DC8173D92321}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{C374D61C-7611-483F-B43A-1514309F2EC3}" = dir=out | name=@{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{C38F2403-B14D-425C-9130-D2680759BE76}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{CA05684C-0E3F-4DA7-81D2-1F12F153943C}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{CB0DCCAF-CEBE-4D2D-B40F-2ACAD15EBEEA}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{D1290782-4396-4E01-94D9-3AB6AFC9B801}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{D1E91089-1A9B-4A47-BDCB-89D35430E91D}" = dir=out | name=cbc |
"{D26C8D2F-8ED8-4DE6-A38D-355464FF858C}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D37A5BD3-53EA-4B27-9CBE-41D8BE0247CE}" = dir=out | app=c:\program files (x86)\hpconnectedmusic\hpconnectedmusic.exe |
"{D3B370D2-E1DB-4741-B8B9-78259679A0FE}" = dir=out | name=@{ad2f1837.gettingstartedwithwindows8_1.5.3.1_neutral__v10z8vjag6ke6?ms-resource://ad2f1837.gettingstartedwithwindows8/resources/id_app_title} |
"{D3C1BE0C-7C5F-416B-9B00-7DEFD2628049}" = dir=in | name=sonicwall mobile connect |
"{D5DFB9C1-3635-4A3A-B5EB-16FC0DB47B54}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D6A29512-66E3-4897-977A-FB3838B5A635}" = protocol=17 | dir=in | app=c:\program files (x86)\telus\security advisor\5.5.12.650\telus_servicepointservice.exe |
"{D8B0F1CE-37D5-4D8E-B97F-50F1BD73F5CC}" = dir=out | name=hp all-in-one printer remote |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{E3D420F0-72A3-4399-AB89-CF125BEDFB19}" = protocol=6 | dir=in | app=c:\program files (x86)\telus\security advisor\5.5.12.650\telus_servicepointservice.exe |
"{E4F419D3-AFD3-44E3-A96B-9759167BF8FB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7FFAC69-A10A-4851-B13B-16C2E6FA1AC7}" = dir=out | name=box |
"{E876A26D-2CE0-44B9-8D37-7AE357D85878}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{F109BA51-2980-4417-BE40-E9092C446504}" = dir=in | name=hp connected photo |
"{F2D6098C-3E8D-4481-AB6B-89CBB4899A84}" = dir=out | name=hp registration |
"{F5096119-FC7D-4C3B-8989-5426014F9AB6}" = dir=out | name=sonicwall mobile connect |
"{F57F0C3F-ED4F-4953-8723-53E66B38D831}" = dir=out | name=microsoft solitaire collection |
"{F5E29059-B583-4AF5-8CE4-CC4CA79C55AB}" = dir=in | name=skype |
"{F5E820F4-4171-4B86-B51C-9B0EC2F98377}" = dir=out | name=canon office printer utility |
"{F62050C4-FB8A-4AAD-B6F8-D3AAACBA18E9}" = dir=out | name=hp connected photo |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F6B6819F-CDC3-4B0A-901C-60BA6CB48883}" = dir=out | name=windows_ie_ac_001 |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F80BBDE3-CB8D-401E-A37D-E78A492E0FFC}" = dir=out | name=@{microsoft.zunemusic_2.2.903.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{F8E139D9-8586-4ECB-AE1A-43834D5E4F6B}" = dir=out | name=netflix |
"{FF363847-3756-4901-B34F-BEEE1D5517D7}" = protocol=17 | dir=in | app=c:\users\calgary\appdata\roaming\dropbox\bin\dropbox.exe |
"{FFA07B64-9933-4B54-8DA0-0DF00AB17FAD}" = dir=out | name=kindle |
"TCP Query User{64F70F2D-0F2A-4E36-A6D1-8A849E6579C9}C:\users\calgary\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\calgary\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{241708D4-AD0F-48D2-B420-F27892CE38CB}C:\users\calgary\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\calgary\appdata\roaming\dropbox\bin\dropbox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5A68A656-979F-4168-8795-E2E368AA4DC2}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{66D292E3-6228-3AF1-EDED-6D53C63DBCB7}" = Mediatek Bluetooth
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73237EBB-B26F-4628-8754-4EFE563D72E9}" = HP Utility Center
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DF3589E-483F-65F3-32F7-006C0B162891}" = AMD Fuel
"{9E2BF31C-7E39-C549-8AFE-56C3B927BD91}" = AMD Catalyst Install Manager
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AFD060D5-8D37-8B06-6A03-F2C5128496ED}" = ccc-utility64
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D1E8F2D7-7794-4245-B286-87ED86C1893C}" = HP Registration Service
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F2B9FC01-887F-AB28-8880-233894150681}" = AMD Accelerated Video Transcoding
"CutePDF Writer Installation" = CutePDF Writer 3.0
"novaPDF Pro v5_is1" = novaPDF Pro v5 (novaPDF Professional Desktop 5.5  printer)
"O365HomePremRetail - en-us" = Microsoft Office 365 - en-us
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TELUS security services" = TELUS security services
"TowerTilt" = TowerTilt
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{020FF978-7DD6-EEE3-47E3-2F37B6449F54}" = CCC Help Chinese Standard
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08B31070-171E-11D6-BECF-000629F77048}" = MenuFusion
"{0F1D290F-2EF5-4A39-8882-1B28E4B0E421}" = Manulife - Launcher
"{10202EBB-A6E7-4BA2-9E38-8563DB84C28F}" = Manulife - Synergy / Manuvie - Synergie
"{117DF79C-38F1-8A46-A488-365A72C4C1F1}" = CCC Help Finnish
"{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense
"{14025FDE-2A98-4241-9DC5-FA9F5B7A488F}" = CIMS.Net
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{192BFB6B-7E9C-4346-8ECB-2A42DABFF4DB}" = Manulife - Insure Right / Manuvie - Bien s'assurer
"{1AE37508-089E-41AC-95BD-99FF06887C2F}" = HP Recovery Manager
"{1E48910A-F1D9-0526-DF24-8024C3BA7566}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{253FD6A5-CE77-4FBC-A937-202D15808D0C}" = Readiris Pro 14
"{2585840A-1098-A34B-42BD-9422B84602F7}" = CCC Help Polish
"{25EC2D8D-D64D-4EA0-6341-C0F79883FBFE}" = CCC Help Chinese Traditional
"{27916B81-FEDB-43A0-B724-923784B3DAE7}" = Empire Life Envision
"{28BF1FE2-8F54-4356-8404-26EA20E0C1BA}" = Manulife - Term
"{2947B647-40A5-41AD-9833-F414EB32CA34}" = CenoPDF (32-bit)
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{300699CA-B992-4719-0D29-3A33D960D4AC}" = Catalyst Control Center Graphics Previews Common
"{30879FF8-1582-41CB-BCDB-B5DDFF93FD3C}" = GWL Illustrator Par
"{30B2D1D8-0A07-4B71-9553-0710C5D31E35}" = HP Wireless Button Driver
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{32D3C724-3E32-11D9-8211-00B0D075DF5C}" = Diamond View Update
"{37BF8DE6-CB40-4F3C-8A24-6CE6BB1F6A55}" = Manulife - Concepts
"{391FE76E-DC08-180B-61EF-C208698E6199}" = CCC Help Dutch
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"{420106FE-E83B-47C1-87F9-11D263B52C39}" = Cardiris 5.5
"{446a474f-287b-4c98-8036-2dd6bbaf6dfb}" = CenoPDF v3.6.230.0
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{47582F50-3974-4F89-AFEA-468DD33B2EA4}" = GWL Illustrator Par Config
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4F937EE8-09DA-40D7-BDE2-1AC842160809}" = Installation Launcher
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
"{58351B90-FB53-4DCD-87C7-5E86C727133C}" = Concourse 2.1 - Content
"{586FC9AE-F8A1-D397-178A-304F67D4AF18}" = CCC Help English
"{58F9538F-E242-C094-B68D-3A4CB9E3654A}" = CCC Help Danish
"{5905DC5D-00E7-4BEF-A1CD-FCAE05E20DA8}" = GWL Illustrator Term
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{5F0838D9-4EDC-43B1-91B5-D475C5738B06}" = Manulife - Level Gold Investment Account - MLLG
"{600C1E5D-E59E-9B9A-824C-70A3A863DCC9}" = CCC Help Japanese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64B54493-BC68-4D6F-B9EB-214E74CC0647}" = Concourse 1.0
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BE061BE-0474-EA1F-DE33-91826D7868D9}" = CCC Help French
"{6CBC95EF-0185-4C2D-A7EB-F3D2837EED60}" = Manulife - UltraVision
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70867522-4CC7-4BAD-8EBC-048B18807D4D}" = Manulife - Concept slideshows
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7957540D-F97C-409A-80CE-AC021AB96302}" = Pyramide 4.0.2
"{7C07D52A-76F1-4A84-BF24-7B37C49B7B2F}" = Canada Life Reference Material 14.1
"{7CF6604E-BCB8-4B5F-A1CC-1E6DA0C60151}" = MSXML
"{7F149284-BA2D-DB74-0405-EB5D9D2F452C}" = CCC Help Korean
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 6.2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{839B9B4C-7FC7-4F7F-BD31-99AEF07A49F1}" = GWL Illustrator
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8BF1459F-FDDE-673C-2378-A803DC278270}" = CCC Help Turkish
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT3290 802.11bgn Wi-Fi Adapter
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{927CFF8E-A448-46D3-01B9-764FC2A881BA}" = CCC Help Greek
"{96EA5361-BF11-4518-A14A-8FCADEEA7820}" = GWL Illustrator Term Config
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5088FA-8C09-439E-A515-E1957993303F}" = GWL Illustrator Config
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{9E1227EB-BFD6-970B-7867-0658EC53525F}" = CCC Help Hungarian
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A1A9956A-56A2-4933-A4F0-CC236790CC29}" = Diamond View Launcher
"{A34FE6B9-B981-B2F5-DF3D-78D61776EA0C}" = CCC Help Spanish
"{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}" = SketchUp 2014
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE794AB6-424B-31E9-5EA1-968088EFAE06}" = Catalyst Control Center InstallProxy
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B41C6B3F-F752-46EA-BC46-F26D3AD147B8}" = HP Documentation
"{B82085C0-07DD-5E7F-1D48-D63087064524}" = CCC Help Czech
"{BA4355A4-E388-117A-721A-F1B23175B9AD}" = AMD VISION Engine Control Center
"{BB5B11D5-ADC5-9AA2-76D9-8C447C4EC3B7}" = CCC Help German
"{BC63AE56-730A-D46F-27A6-C579E8390CB2}" = CCC Help Swedish
"{C007CFA1-FC3C-49B8-8D30-DB5BF3396632}" = ZoomExpressKeyView14.1
"{C00D40FA-148E-490A-9EC9-5C9DE0826E08}" = Foxit PhantomPDF Business
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}" = Google Talk Plugin
"{C3E46E73-67D3-72FA-0AA9-5A1CBE9CE0DD}" = CCC Help Norwegian
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C54BC404-EA0C-044E-F118-2E02802626F4}" = CCC Help Portuguese
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C631192F-E2DC-4A77-BE81-09972975EEC9}" = Manulife - Limited Pay UL / Manuvie - Vu à prime temporaire
"{C89A97B6-F991-EBB5-77B7-927BCF420EBE}" = OEM Application Profile
"{C8B22494-0B58-4BBB-BDD2-E4EFD378FB0D}" = Manulife - Performax Gold - Performax Or - MLPG
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}" = HPDetect
"{CF09D056-3FFA-11D6-8171-0010B5BCE08C}" = Solo
"{CFD9991F-F7EE-1B2E-F4FE-99E2BC2836CE}" = CCC Help Russian
"{D5C4EC31-0685-4797-8217-1C2A22EEE897}" = The Wave 28.0 Illustration System / Le système d'illustration La Vague 28.0
"{D73E2E92-C6A1-4850-B50D-7CCC9CF81C6E}" = Manulife - Personal Accident/Personal Accident
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{DF9EAF22-8AE3-48CB-901A-AAF31EC1C0C5}" = Manulife Financial - Health and Dental
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E1671AC4-78E1-41BE-BB15-DB31205E2D90}" = Manulife - Universal Life
"{EA92C290-0985-4502-9081-91133A571423}" = Manulife - YRT Gold Investment Account - MLYG
"{ED684F1C-291C-A7BE-D464-8A44717F8F17}" = CCC Help Thai
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EED3CC4B-40BD-11D6-8171-0010B5BCE08C}" = Sommum / Pace / Traditionnel
"{EEEDA52B-3C42-4BD7-BE42-FDB596EAFCEF}" = Catalyst Control Center - Branding
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}" = Citrix Online Launcher
"{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}" = HP System Event Utility
"{F4E3A754-5569-4E1C-BF99-B3CC2BDFDEFB}" = Manulife - Living Benefits
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F90A86C9-7779-47DD-AC06-8EE832C55F55}" = HP 3D DriveGuard
"{FA26FB8C-5FC4-0EA8-EED9-32AE23A2DCCA}" = Catalyst Control Center Localization All
"{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}" = Energy Star
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BroadGun pdfMachine" = BroadGun pdfMachine
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EFR_is1" = EFR 3.14 (2013-11)
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = Cyberlink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Radialpoint_8_Spd_is1" = TELUS security advisor 5.5.12
"RBC Illustrations System 8.0" = RBC Illustrations System 8.0
"Revo Uninstaller" = Revo Uninstaller 1.95
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"VOPackage" = Installer
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3432463877-1759428120-2468046901-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 6.3.0.1440
"HPConnectedMusic" = HP Connected Music (Meridian - player)
"OneDriveSetup.exe" = Microsoft OneDrive
"YourFileDownloaderUpdater" = Feature Update Service (YFD)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2014-06-24 11:06:00 AM | Computer Name = CalgaryShepard | Source = ESENT | ID = 476
Description = svchost (1800) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat"
 at offset 1241088 (0x000000000012f000) (database page 302 (0x12E)) for 4096 (0x00001000)
 bytes failed verification because it contains no page data.  The read operation
 will fail with error -1019 (0xfffffc05).  If this condition persists then please
 restore the database from a previous backup. This problem is likely due to faulty
 hardware. Please contact your hardware vendor for further assistance diagnosing
 the problem.
 
Error - 2014-06-24 11:06:00 AM | Computer Name = CalgaryShepard | Source = ESENT | ID = 474
Description = svchost (1800) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat"
 at offset 1220608 (0x000000000012a000) (database page 297 (0x129)) for 4096 (0x00001000)
 bytes failed verification due to a page checksum mismatch.  The stored checksum
 was [000000db00000005] and the computed checksum was [0ee10ee1017ffac6].  The read
 operation will fail with error -1018 (0xfffffc06).  If this condition persists
then please restore the database from a previous backup.  This problem is likely
 due to faulty hardware. Please contact your hardware vendor for further assistance
 diagnosing the problem.
 
Error - 2014-06-24 11:07:00 AM | Computer Name = CalgaryShepard | Source = ESENT | ID = 476
Description = svchost (1800) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat"
 at offset 1253376 (0x0000000000132000) (database page 305 (0x131)) for 4096 (0x00001000)
 bytes failed verification because it contains no page data.  The read operation
 will fail with error -1019 (0xfffffc05).  If this condition persists then please
 restore the database from a previous backup. This problem is likely due to faulty
 hardware. Please contact your hardware vendor for further assistance diagnosing
 the problem.
 
Error - 2014-06-24 11:07:00 AM | Computer Name = CalgaryShepard | Source = ESENT | ID = 474
Description = svchost (1800) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat"
 at offset 1306624 (0x000000000013f000) (database page 318 (0x13E)) for 4096 (0x00001000)
 bytes failed verification due to a page checksum mismatch.  The stored checksum
 was [0775001000001047] and the computed checksum was [0000013e3418fc66].  The read
 operation will fail with error -1018 (0xfffffc06).  If this condition persists
then please restore the database from a previous backup.  This problem is likely
 due to faulty hardware. Please contact your hardware vendor for further assistance
 diagnosing the problem.
 
Error - 2014-06-24 11:07:00 AM | Computer Name = CalgaryShepard | Source = ESENT | ID = 476
Description = svchost (1800) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat"
 at offset 1241088 (0x000000000012f000) (database page 302 (0x12E)) for 4096 (0x00001000)
 bytes failed verification because it contains no page data.  The read operation
 will fail with error -1019 (0xfffffc05).  If this condition persists then please
 restore the database from a previous backup. This problem is likely due to faulty
 hardware. Please contact your hardware vendor for further assistance diagnosing
 the problem.
 
Error - 2014-06-24 11:07:00 AM | Computer Name = CalgaryShepard | Source = ESENT | ID = 474
Description = svchost (1800) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat"
 at offset 1220608 (0x000000000012a000) (database page 297 (0x129)) for 4096 (0x00001000)
 bytes failed verification due to a page checksum mismatch.  The stored checksum
 was [000000db00000005] and the computed checksum was [0ee10ee1017ffac6].  The read
 operation will fail with error -1018 (0xfffffc06).  If this condition persists
then please restore the database from a previous backup.  This problem is likely
 due to faulty hardware. Please contact your hardware vendor for further assistance
 diagnosing the problem.
 
Error - 2014-06-24 11:08:00 AM | Computer Name = CalgaryShepard | Source = ESENT | ID = 476
Description = svchost (1800) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat"
 at offset 1253376 (0x0000000000132000) (database page 305 (0x131)) for 4096 (0x00001000)
 bytes failed verification because it contains no page data.  The read operation
 will fail with error -1019 (0xfffffc05).  If this condition persists then please
 restore the database from a previous backup. This problem is likely due to faulty
 hardware. Please contact your hardware vendor for further assistance diagnosing
 the problem.
 
Error - 2014-06-24 11:08:00 AM | Computer Name = CalgaryShepard | Source = ESENT | ID = 474
Description = svchost (1800) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat"
 at offset 1306624 (0x000000000013f000) (database page 318 (0x13E)) for 4096 (0x00001000)
 bytes failed verification due to a page checksum mismatch.  The stored checksum
 was [0775001000001047] and the computed checksum was [0000013e3418fc66].  The read
 operation will fail with error -1018 (0xfffffc06).  If this condition persists
then please restore the database from a previous backup.  This problem is likely
 due to faulty hardware. Please contact your hardware vendor for further assistance
 diagnosing the problem.
 
Error - 2014-06-24 11:08:00 AM | Computer Name = CalgaryShepard | Source = ESENT | ID = 476
Description = svchost (1800) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat"
 at offset 1241088 (0x000000000012f000) (database page 302 (0x12E)) for 4096 (0x00001000)
 bytes failed verification because it contains no page data.  The read operation
 will fail with error -1019 (0xfffffc05).  If this condition persists then please
 restore the database from a previous backup. This problem is likely due to faulty
 hardware. Please contact your hardware vendor for further assistance diagnosing
 the problem.
 
Error - 2014-06-24 11:08:00 AM | Computer Name = CalgaryShepard | Source = ESENT | ID = 474
Description = svchost (1800) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat"
 at offset 1220608 (0x000000000012a000) (database page 297 (0x129)) for 4096 (0x00001000)
 bytes failed verification due to a page checksum mismatch.  The stored checksum
 was [000000db00000005] and the computed checksum was [0ee10ee1017ffac6].  The read
 operation will fail with error -1018 (0xfffffc06).  If this condition persists
then please restore the database from a previous backup.  This problem is likely
 due to faulty hardware. Please contact your hardware vendor for further assistance
 diagnosing the problem.
 
[ System Events ]
Error - 2014-05-29 10:40:00 AM | Computer Name = CalgaryShepard | Source = NetBT | ID = 4321
Description = The name "WORKGROUP      :1d" could not be registered on the interface
 with IP address 192.168.1.134.  The computer with the IP address 192.168.1.1 did
not allow the name to be claimed by  this computer.
 
Error - 2014-06-02 4:01:26 PM | Computer Name = CalgaryShepard | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Search service to connect.
 
Error - 2014-06-02 4:01:26 PM | Computer Name = CalgaryShepard | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
   %%1053
 
Error - 2014-06-02 4:01:26 PM | Computer Name = CalgaryShepard | Source = DCOM | ID = 10005
Description =
 
Error - 2014-06-03 11:55:46 AM | Computer Name = CalgaryShepard | Source = DCOM | ID = 10001
Description =
 
Error - 2014-06-03 11:55:48 AM | Computer Name = CalgaryShepard | Source = DCOM | ID = 10001
Description =
 
Error - 2014-06-04 1:04:05 PM | Computer Name = CalgaryShepard | Source = DCOM | ID = 10001
Description =
 
Error - 2014-06-07 9:59:30 PM | Computer Name = CalgaryShepard | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network.  The IP address
 of  the computer that sent the message is in the data. Use nbtstat -n in a  command
 window to see which name is in the Conflict state.
 
Error - 2014-06-07 9:59:32 PM | Computer Name = CalgaryShepard | Source = bowser | ID = 8003
Description =
 
Error - 2014-06-08 12:27:57 PM | Computer Name = CalgaryShepard | Source = DCOM | ID = 10001
Description =
 
 
< End of report >
 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts

Hello,

 

Sorry we missed you.

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

 

Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

 

 

In your next reply post:

1- AdwCleaner .txt Log

2- JRT .txt log

 

Thanks

Joe :)


  • 0

#3
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts

Hello Zep. No worries... I know how busy you guys are!

 

Here are the logs you asked for...

 

ADWcleaner:

 

# AdwCleaner v3.214 - Report created 08/07/2014 at 13:38:10
# Updated 29/06/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Calgary - CALGARYSHEPARD
# Running from : C:\Users\Calgary\Desktop\adwcleaner_3.214.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update TowerTilt
[#] Service Deleted : Util TowerTilt

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\TowerTilt
Folder Deleted : C:\Program Files (x86)\YourFileDownloader Updater
Folder Deleted : C:\Program Files (x86)\YourFileDownloader
Folder Deleted : C:\Users\Calgary\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Calgary\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Calgary\AppData\Roaming\YourFileDownloader
Folder Deleted : C:\Users\Calgary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Calgary\Documents\Optimizer Pro
File Deleted : C:\END
File Deleted : C:\Users\Calgary\AppData\Roaming\Mozilla\Firefox\Profiles\swkfz2xp.default\user.js
File Deleted : C:\WINDOWS\System32\Tasks\YourFile DownloaderUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatealbrechto_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatealbrechto_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\TowerTilt
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\TowerTilt
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TowerTilt

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Calgary\AppData\Roaming\Mozilla\Firefox\Profiles\swkfz2xp.default\prefs.js ]


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [3628 octets] - [08/07/2014 13:32:18]
AdwCleaner[S0].txt - [3522 octets] - [08/07/2014 13:38:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3582 octets] ##########
 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Calgary on 2014-07-08 at 13:54:54.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BABA3F4-18AB-461F-BDCB-030F621C999E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3BABA3F4-18AB-461F-BDCB-030F621C999E}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Calgary\AppData\Roaming\mozilla\firefox\profiles\swkfz2xp.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-07-08 at 14:06:57.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts

Next

We need to do a fix to delete some files using OTL

 

  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    [2014-06-24 08:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\Firefox\Profiles\swkfz2xp.default\extensions
    [2014-06-24 08:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\Firefox\Profiles\swkfz2xp.default\extensions\staged
    [2014-06-24 08:42:02 | 000,023,674 | ---- | M] () (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\firefox\profiles\swkfz2xp.default\extensions\{12b6fdcd-4423-4276-82a3-73fdbff5f7e4}.xpi
    [2014-06-24 08:11:42 | 000,007,464 | ---- | M] () (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\firefox\profiles\swkfz2xp.default\extensions\{587cb346-a3d8-4884-b39b-f0ed918b6f96}.xpi
    [2014-06-20 09:56:26 | 000,111,028 | ---- | M] () (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\firefox\profiles\swkfz2xp.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
    O3 - HKLM\..\Toolbar: (no name) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - No CLSID value found.
    O3 - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002\..\Toolbar\WebBrowser: (no name) - {F258B9BC-B306-4343-9D1C-22EC837B646F} - No CLSID value found.
    O4 - HKU\S-1-5-21-3432463877-1759428120-2468046901-1002..\Run: [Power2GoExpress8] NA File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18:64bit: - Protocol\Handler\osf - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    [2014-06-24 08:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader
    [2014-06-10 12:47:33 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\VOPackage
    [2014-06-10 12:44:48 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\SearchProtect
    [2014-06-10 12:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TowerTilt
    [2014-06-10 12:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
    [2014-06-10 12:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YourFileDownloader Updater
    [2014-06-10 12:43:28 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\YourFileDownloader
    
    :Files
    netsh int ip reset c:\resetlog.txt /c
    ipconfig /flushdns /c
    ipconfig /release /c
    ipconfig /renew /c
    C:\Users\Calgary\AppData\Roaming\VOPackage
    C:\Users\Calgary\AppData\Local\Temp\TowerTilt\TowerTilt_Setup.exe
    C:\Users\Calgary\AppData\Local\Temp\toolbar79977630.exe
    C:\Users\Calgary\AppData\Local\Temp\update79950875.exe
    C:\Program Files (x86)\TowerTilt\updateTowerTilt.exe
    C:\Users\Calgary\AppData\Local\Temp\nstA5F8.tmp\System.dll
    C:\Users\Calgary\AppData\Local\Temp\nstA5F8.tmp\IpConfig.dll
    C:\Users\Calgary\AppData\Local\Temp\nstA5F8.tmp\ExecDos.dll
    C:\Users\Calgary\AppData\Roaming\YourFileDownloader
    
    :Commands
    [emptytemp]
    [resethosts]
    
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

 

In your next reply post:
1-The OTL Fix log, that pops up in front of you after you run the fix on reboot
2-New OTL after a quick is run.

 

Thanks
Joe :)


  • 0

#5
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts

Hi Joe;

 

So I ran the fix, but no report appeared at the end.

I also couldn't find the report in the Moved Files dir,

I rebooted the computer and when I did, I can't open OTL now to run quick scan.

It appears to be running when I open task manager, but the prograam isn't opening.


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts

You can right click it in the task manager and choose "End Task"

 

Delete the OTL  Icon on the desktop and re- download it. See it that helps.


  • 0

#7
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts

Nope... :no:


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts

Reboot the computer.


  • 0

#9
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts

Negative


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Does the computer reboot to the operating system ?
  • 0

Advertisements


#11
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts

The computer reboots fine, I just still can't open OTL.


  • 0

#12
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts

Okay, I tried again and after like 5 min, A log popped up. I have tried to post it below, but the post seems to hang?

maybe the log is too big?

 

Anyways, I can open OTL now and am running quick scan.


  • 0

#13
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts

Here is the results from the quick scan

 

OTL logfile created on: 2014-07-09 9:53:49 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Calgary\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
7.19 Gb Total Physical Memory | 3.42 Gb Available Physical Memory | 47.49% Memory free
9.32 Gb Paging File | 4.24 Gb Available in Paging File | 45.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 903.81 Gb Total Space | 840.82 Gb Free Space | 93.03% Space Free | Partition Type: NTFS
Drive D: | 26.59 Gb Total Space | 2.64 Gb Free Space | 9.91% Space Free | Partition Type: NTFS
 
Computer Name: CALGARYSHEPARD | User Name: Calgary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-07-08 21:03:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Calgary\Desktop\OTL.exe
PRC - [2014-06-23 11:58:09 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014-06-17 08:55:03 | 000,079,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
PRC - [2014-06-17 08:54:13 | 018,935,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
PRC - [2014-06-05 07:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-05-19 18:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Calgary\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014-04-14 14:30:02 | 007,157,824 | ---- | M] (Foxit Corporation) -- C:\Users\Calgary\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
PRC - [2014-03-26 15:35:26 | 000,475,448 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2014-03-26 15:35:26 | 000,469,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2014-03-07 02:02:08 | 000,267,224 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2013-08-05 01:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012-11-05 17:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012-11-02 15:00:44 | 013,836,984 | ---- | M] (Telus) -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\TelusSecurityAdvisor.exe
PRC - [2012-11-02 14:58:32 | 012,575,752 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\Telus_ServicepointService.exe
PRC - [2012-07-13 16:50:00 | 000,093,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011-03-04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007-11-20 20:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-07-08 21:15:54 | 000,043,008 | ---- | M] () -- c:\users\calgary\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbpdtdu.dll
MOD - [2014-06-23 11:58:07 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014-06-17 08:54:54 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2014-06-17 08:54:06 | 001,032,360 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\ADDINS\UmOutlookAddin.dll
MOD - [2014-06-17 08:51:16 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2014-06-05 07:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014-06-05 07:58:37 | 014,612,296 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
MOD - [2014-06-05 07:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014-06-05 07:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014-06-05 07:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014-06-05 07:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014-05-23 10:30:24 | 000,321,704 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\msfad.dll
MOD - [2014-04-23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014-04-23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014-01-02 19:09:26 | 003,610,624 | ---- | M] () -- C:\Users\Calgary\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013-08-23 13:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Calgary\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013-08-05 16:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013-08-05 01:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012-05-22 16:57:24 | 020,758,016 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libcef.dll
MOD - [2012-05-22 16:57:24 | 001,094,158 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avcodec-53.dll
MOD - [2012-05-22 16:57:24 | 000,622,080 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libGLESv2.dll
MOD - [2012-05-22 16:57:24 | 000,183,822 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avformat-53.dll
MOD - [2012-05-22 16:57:24 | 000,117,262 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\avutil-51.dll
MOD - [2012-05-22 16:57:24 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\libEGL.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-05-21 03:28:26 | 002,279,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014-04-06 05:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014-04-02 20:51:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014-03-23 20:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014-03-23 20:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014-03-14 00:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014-03-07 23:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014-03-06 01:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014-02-22 09:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014-02-22 03:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014-02-22 03:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014-02-22 03:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014-02-22 03:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014-02-22 03:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014-02-06 04:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-01-08 23:39:39 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013-12-13 11:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013-12-10 01:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013-11-22 22:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-10-09 16:52:30 | 001,645,256 | ---- | M] (TELUS security services) [Auto | Running] -- C:\Program Files\TELUS security services\TELUS security services\vsserv.exe -- (VSSERV)
SRV:64bit: - [2013-10-09 16:52:30 | 000,069,392 | ---- | M] (TELUS security services) [Disabled | Stopped] -- C:\Program Files\TELUS security services\TELUS security services\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2013-10-09 16:52:30 | 000,067,320 | ---- | M] (TELUS security services) [Auto | Running] -- C:\Program Files\TELUS security services\TELUS security services\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2013-08-22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013-08-22 05:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013-08-22 05:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013-08-22 05:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013-08-22 05:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013-08-22 05:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013-08-22 04:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013-08-22 04:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013-08-22 04:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013-08-22 03:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013-08-22 03:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013-08-22 03:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-08-22 03:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-08-22 03:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013-08-22 03:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013-08-22 03:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-08-22 03:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013-03-01 16:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2013-02-26 01:31:30 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2013-02-19 23:10:00 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2009-11-17 20:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014-07-08 10:34:30 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-06-23 11:58:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-03-26 15:35:26 | 000,469,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2014-03-14 00:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014-01-27 19:15:18 | 000,227,904 | ---- | M] (WildTangent) [Auto | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014-01-08 23:39:40 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2014-01-08 23:39:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2014-01-08 23:39:38 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013-08-22 06:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-08-21 21:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-21 20:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2012-11-02 14:58:32 | 012,575,752 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files (x86)\Telus\security advisor\5.5.12.650\Telus_ServicepointService.exe -- (ServicepointService8)
SRV - [2012-09-27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011-03-04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010-10-12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-05-01 07:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014-04-01 00:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014-03-23 20:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014-03-23 20:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014-03-23 20:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014-03-19 21:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014-03-13 06:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014-03-08 14:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014-03-08 14:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014-02-22 10:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014-02-22 09:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014-02-22 09:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014-02-22 09:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014-02-22 09:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014-02-22 09:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014-02-22 06:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014-02-11 19:00:15 | 000,290,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2014-02-11 18:57:31 | 000,830,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2014-01-27 21:58:37 | 000,041,704 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2014-01-08 23:42:43 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014-01-08 23:42:43 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014-01-08 23:42:43 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013-12-13 11:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013-12-13 11:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013-12-04 12:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013-12-02 10:42:14 | 001,204,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2013-11-26 17:34:34 | 002,483,376 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013-11-14 01:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013-11-14 01:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013-11-14 01:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013-11-14 01:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013-09-08 21:04:56 | 000,023,568 | ---- | M] (Bitdefender) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bdelam.sys -- (bdelam)
DRV:64bit: - [2013-08-23 14:48:49 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013-08-22 07:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013-08-22 07:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013-08-22 06:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-22 06:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013-08-22 06:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-08-22 06:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013-08-22 06:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-08-22 06:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013-08-22 06:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013-08-22 06:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013-08-22 06:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013-08-22 06:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013-08-22 06:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013-08-22 06:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013-08-22 06:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013-08-22 06:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013-08-22 06:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013-08-22 06:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013-08-22 06:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013-08-22 06:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013-08-22 06:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013-08-22 06:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013-08-22 06:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013-08-22 06:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-08-22 06:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013-08-22 06:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013-08-22 06:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013-08-22 06:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013-08-22 06:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013-08-22 05:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013-08-22 05:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013-08-22 05:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013-08-22 05:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013-08-22 05:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013-08-22 05:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013-08-22 05:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013-08-22 05:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-08-22 05:38:30 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2013-08-22 05:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013-08-22 05:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013-08-22 05:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013-08-22 05:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013-08-22 05:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013-08-22 05:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013-08-22 05:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013-08-22 05:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-08-22 05:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-08-22 05:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013-08-22 05:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013-08-22 05:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013-08-22 05:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013-08-22 05:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013-08-22 05:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013-08-22 02:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013-08-12 17:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013-08-09 18:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013-08-07 14:46:28 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013-07-30 12:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013-07-29 17:45:27 | 000,107,008 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\TELUS security services\TELUS security services Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2013-07-25 13:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013-07-24 19:19:21 | 000,098,768 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\TELUS security services\TELUS security services Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2013-07-23 17:50:57 | 000,082,824 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2013-07-19 19:08:08 | 000,601,360 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013-07-19 19:04:54 | 000,727,592 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2013-03-18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013-03-05 13:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013-03-01 16:40:02 | 000,043,320 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2013-03-01 16:40:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2013-02-14 21:41:14 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013-02-05 22:54:18 | 000,469,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013-02-05 22:54:16 | 000,031,984 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013-02-05 22:54:16 | 000,028,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012-11-30 03:31:02 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012-11-30 03:31:00 | 000,080,552 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012-08-31 10:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012-08-28 09:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012-04-09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2011-03-04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010-02-08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2008-11-16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{3BABA3F4-18AB-461F-BDCB-030F621C999E}: "URL" = http://www.amazon.ca...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...56705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...56705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{053A6642-1AB0-40ED-A2A6-4ECC2A1A76A3}: "URL" = http://search.yahoo....petb&type=10803
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\..\SearchScopes\{6566C40D-EF72-4B49-B3AC-7E936B478530}: "URL" = http://search.findwi...k={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...56705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: trustmyweb.addons.firefox%40hotmail.com:1.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA_8,version=1: C:\Program Files (x86)\Telus\security advisor\5.5.12.650\nprpspa.dll (Telus)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA_8,version=1: C:\Program Files (x86)\Telus\security advisor\5.5.12.650\nprpspa.dll (Telus)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Calgary\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Calgary\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Calgary\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Calgary\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Calgary\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\hp.com/HPDetect: C:\Users\Calgary\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\TELUS SECURITY SERVICES\TELUS SECURITY SERVICES\BDTBEXT [2013-10-10 15:28:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\TELUS security services\TELUS security services\bdtbext [2013-10-10 15:28:31 | 000,000,000 | ---D | M]
 
[2014-06-10 09:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\Extensions
[2014-07-09 14:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\Firefox\Profiles\swkfz2xp.default\extensions
[2014-07-09 14:09:19 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Calgary\AppData\Roaming\mozilla\Firefox\Profiles\swkfz2xp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014-07-09 14:09:19 | 000,022,470 | ---- | M] () (No name found) -- C:\Users\Calgary\AppData\Roaming\mozilla\firefox\profiles\swkfz2xp.default\extensions\[email protected]
[2014-04-30 11:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014-06-23 11:58:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.ca/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: WOT = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.15_0\
CHR - Extension: YouTube = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Google Search = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: IE Tab Multi (Enhance) = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.2.1_0\
CHR - Extension: Hola Better Internet = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.3.704_0\
CHR - Extension: TweetDeck by Twitter = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.7.4_0\
CHR - Extension: TweetDeck by Twitter = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.8.1_0\
CHR - Extension: Favicon Changer = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijaabbaphikljkkcbgpbaljfjpflpeoo\1.0.3_0\
CHR - Extension: Boomerang for Gmail = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.4_0\
CHR - Extension: Hangouts = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.625.433.1_0\
CHR - Extension: Google Wallet = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: video2mp3 = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\oljlcbniifdjapjocdfamhlnmpkojdkm\1.0.4_1\
CHR - Extension: OneClick Cleaner for Chrome = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh\0.9.0.9_0\
CHR - Extension: Gmail = C:\Users\Calgary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014-07-08 19:39:10 | 000,000,002 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\TELUS security services\TELUS security services\bdagent.exe (TELUS security services)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [DSFMAJAutoService] C:\Desjardins\Accueil\DesjardinsMajAutoFusion.exe (DJSFC)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TelusSecurityAdvisor] C:\Program Files (x86)\Telus\security advisor\5.5.12.650\TelusSecurityAdvisor.exe (Telus)
O4 - HKCU..\Run: [DiamondView] C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe (Manulife Financial)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_FA631E094BF4279435CE920E853E56FF] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Calgary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Calgary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://www.avdlext.com/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23BBA13D-658C-4B98-90BC-CE58CAD114D1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{905D83DC-1F93-46CB-BF84-5CEA204B8E3F}: DhcpNameServer = 192.168.1.254 75.153.176.9
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-07-08 21:03:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Calgary\Desktop\OTL.exe
[2014-07-08 19:31:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-07-08 13:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014-07-08 13:32:56 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\SysWow64\sqlite3.dll
[2014-07-08 13:32:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-07-08 13:29:41 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Calgary\Desktop\JRT.exe
[2014-07-02 20:53:30 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\DFS
[2014-07-02 20:49:58 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\ISI
[2014-06-29 22:29:22 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\Foxit PhantomPDF
[2014-06-23 12:12:27 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Canada Life
[2014-06-23 12:07:02 | 006,542,336 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\SysNative\cdintf450_64.dll
[2014-06-23 12:07:02 | 004,818,432 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\SysWow64\cdintf450.dll
[2014-06-19 09:02:54 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excellence
[2014-06-19 09:02:49 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\Excellence
[2014-06-19 09:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Excellence
[2014-06-17 14:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software FX Shared
[2014-06-17 14:33:27 | 000,901,120 | ---- | C] (Three |D| Graphics, Inc.) -- C:\WINDOWS\SysWow64\sscsdk32.dll
[2014-06-17 14:33:27 | 000,221,696 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fhtml.dll
[2014-06-17 14:33:27 | 000,201,728 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2ssql.dll
[2014-06-17 14:33:27 | 000,180,736 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fxls.dll
[2014-06-17 14:33:27 | 000,160,768 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2ssyb10.dll
[2014-06-17 14:33:27 | 000,129,024 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2ftext.dll
[2014-06-17 14:33:27 | 000,120,320 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fwordw.dll
[2014-06-17 14:33:27 | 000,113,664 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2frtf.dll
[2014-06-17 14:33:27 | 000,102,912 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dnotes.dll
[2014-06-17 14:33:27 | 000,095,232 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dpost.dll
[2014-06-17 14:33:27 | 000,093,184 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fodbc.dll
[2014-06-17 14:33:27 | 000,092,160 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dvim.dll
[2014-06-17 14:33:27 | 000,075,264 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fwks.dll
[2014-06-17 14:33:27 | 000,074,240 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dmapi.dll
[2014-06-17 14:33:27 | 000,073,728 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fsepv.dll
[2014-06-17 14:33:27 | 000,070,144 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2dapp.dll
[2014-06-17 14:33:27 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2frec.dll
[2014-06-17 14:33:27 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2fcr.dll
[2014-06-17 14:33:27 | 000,058,880 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2ddisk.dll
[2014-06-17 14:33:27 | 000,056,320 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\u2l2000.dll
[2014-06-17 14:33:27 | 000,055,808 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64┠00.dll
[2014-06-17 14:33:27 | 000,024,576 | ---- | C] (Seagate Software, Inc) -- C:\WINDOWS\SysWow64\u2lcom.dll
[2014-06-17 14:33:26 | 000,693,888 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\SysWow64\SSVBX25.VBX
[2014-06-17 14:33:26 | 000,693,888 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System\SSVBX25.VBX
[2014-06-17 14:33:26 | 000,268,288 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2bxbse.dll
[2014-06-17 14:33:26 | 000,232,208 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\SSDATA2.VBX
[2014-06-17 14:33:26 | 000,232,208 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\SSDATA2.VBX
[2014-06-17 14:33:26 | 000,229,888 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\crpaig32.dll
[2014-06-17 14:33:26 | 000,216,064 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2sora7.dll
[2014-06-17 14:33:26 | 000,208,127 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2bbde.dll
[2014-06-17 14:33:26 | 000,189,952 | ---- | C] (Seagate Software, Inc) -- C:\WINDOWS\SysWow64\p2smon.dll
[2014-06-17 14:33:26 | 000,173,568 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\p2sifmx.dll
[2014-06-17 14:33:26 | 000,138,240 | ---- | C] (Seagate Software, Inc) -- C:\WINDOWS\SysWow64\p2soledb.dll
[2014-06-17 14:33:26 | 000,129,152 | ---- | C] (VideoSoft) -- C:\WINDOWS\SysWow64\VSVIEW2.VBX
[2014-06-17 14:33:26 | 000,092,176 | ---- | C] (VideoSoft) -- C:\WINDOWS\SysWow64\VSVBX.VBX
[2014-06-17 14:33:26 | 000,092,176 | ---- | C] (VideoSoft) -- C:\WINDOWS\System\VSVBX.VBX
[2014-06-17 14:33:26 | 000,064,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\THREED.VBX
[2014-06-17 14:33:26 | 000,064,432 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\THREED.VBX
[2014-06-17 14:33:26 | 000,060,416 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\crxlat32.dll
[2014-06-17 14:33:26 | 000,047,472 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\SSDATA1.VBX
[2014-06-17 14:33:26 | 000,047,472 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System\SSDATA1.VBX
[2014-06-17 14:33:25 | 000,058,032 | ---- | C] (Crescent division of Progress Software Corporation) -- C:\WINDOWS\SysWow64\QPRO200.DLL
[2014-06-17 14:33:25 | 000,058,032 | ---- | C] (Crescent division of Progress Software Corporation) -- C:\WINDOWS\System\QPRO200.DLL
[2014-06-17 14:33:24 | 000,206,848 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2SODBC.DLL
[2014-06-17 14:33:24 | 000,152,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2BDAO.DLL
[2014-06-17 14:33:24 | 000,112,640 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2IRDAO.DLL
[2014-06-17 14:33:24 | 000,081,408 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2CTDAO.DLL
[2014-06-17 14:33:24 | 000,059,392 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\WINDOWS\SysWow64\P2BBND.DLL
[2014-06-17 14:33:21 | 005,350,912 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\Crpe32.dll
[2014-06-17 14:33:21 | 000,687,800 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\SysWow64\TDBG5_32.OCX
[2014-06-17 14:33:21 | 000,480,032 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GRAPHX.VBX
[2014-06-17 14:33:21 | 000,480,032 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GRAPHX.VBX
[2014-06-17 14:33:21 | 000,475,168 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\SSTABS32.OCX
[2014-06-17 14:33:21 | 000,399,984 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GSW16.EXE
[2014-06-17 14:33:21 | 000,399,984 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GSW16.EXE
[2014-06-17 14:33:21 | 000,174,592 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GSWAG16.DLL
[2014-06-17 14:33:21 | 000,174,592 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GSWAG16.DLL
[2014-06-17 14:33:21 | 000,070,800 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GRAPH.VBX
[2014-06-17 14:33:21 | 000,064,000 | ---- | C] (Desaware Inc.) -- C:\WINDOWS\SysWow64\APIGID32.DLL
[2014-06-17 14:33:21 | 000,050,352 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\SysWow64\GSWDLL16.DLL
[2014-06-17 14:33:21 | 000,050,352 | ---- | C] (Bits Per Second Ltd) -- C:\WINDOWS\System\GSWDLL16.DLL
[2014-06-17 14:33:21 | 000,030,448 | ---- | C] (Ed Staffin Software) -- C:\WINDOWS\SysWow64\MSGBLAST.VBX
[2014-06-17 14:33:21 | 000,030,448 | ---- | C] (Ed Staffin Software) -- C:\WINDOWS\System\MSGBLAST.VBX
[2014-06-17 14:33:20 | 004,822,528 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\craxdrt.dll
[2014-06-17 14:33:20 | 000,993,996 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\SysWow64\CRYSTL32.OCX
[2014-06-17 14:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\illustrate inc
[2014-06-17 14:32:58 | 000,663,552 | ---- | C] (APEX Software Corporation) -- C:\WINDOWS\SysWow64\TDBG5.OCX
[2014-06-17 14:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ENVISION
[2014-06-17 14:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Empire
[2014-06-17 13:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Novinsoft
[2014-06-17 13:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Great West Life
[2014-06-17 13:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canada Life
[2014-06-17 13:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canada Life
[2014-06-17 13:49:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Great West Life
[2014-06-17 13:49:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Canada Life IG
[2014-06-17 13:49:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Canada Life
[2014-06-17 13:49:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\London Life
[2014-06-17 13:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoomExpressKeyview
[2014-06-17 13:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{28F8033D-7256-4F66-A16C-E080A43797B2}
[2014-06-17 13:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Concourse CL Content
[2014-06-17 13:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Concourse CL App
[2014-06-17 13:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{C0F6CDBD-EEC6-4F06-96E1-02AE8F01B948}
[2014-06-17 13:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMO Insurance
[2014-06-17 13:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BMONET
[2014-06-17 13:37:54 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\3rd Party
[2014-06-17 13:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RBC Illustrations
[2014-06-17 13:36:15 | 001,089,536 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\SysWow64\Roboex32.dll
[2014-06-17 13:36:14 | 000,936,448 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\ApolloSQL61.DLL
[2014-06-17 13:36:14 | 000,327,680 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDENSX61.DLL
[2014-06-17 13:36:14 | 000,323,584 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDECDX61.DLL
[2014-06-17 13:36:14 | 000,290,816 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDENTX61.DLL
[2014-06-17 13:36:12 | 000,229,376 | ---- | C] (Vista Software) -- C:\WINDOWS\SysWow64\SDE61.DLL
[2014-06-17 13:35:05 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Documents\RBC Illustrations
[2014-06-17 13:35:05 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\RBC Illustrations
[2014-06-17 13:35:02 | 000,778,240 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\rtl70.bpl
[2014-06-17 13:35:02 | 000,264,704 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vcldb70.bpl
[2014-06-17 13:35:02 | 000,257,024 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\dbrtl70.bpl
[2014-06-17 13:35:02 | 000,097,792 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vcljpg70.bpl
[2014-06-17 13:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RBC Illustrations
[2014-06-17 13:35:01 | 001,381,376 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vcl70.bpl
[2014-06-17 13:35:00 | 000,215,040 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\SysWow64\vclx70.bpl
[2014-06-17 12:34:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2014-06-17 12:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manulife Financial
[2014-06-17 12:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Manulife Financial
[2014-06-17 12:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014-06-17 12:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Manulife Financial
[2014-06-11 13:13:43 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Desktop\Music
[2014-06-11 10:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
[2014-06-10 23:52:29 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014-06-10 23:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-06-10 14:21:49 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\offsync
[2014-06-10 09:51:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Workspace Logs
[2014-06-10 09:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Workspace
[2014-06-10 09:50:25 | 000,000,000 | ---D | C] -- C:\Users\Calgary\Documents\Workspace Logs
[2014-06-10 09:50:24 | 000,000,000 | ---D | C] -- C:\Users\Calgary\AppData\Local\Workspace
 
========== Files - Modified Within 30 Days ==========
 
[2014-07-09 21:54:00 | 000,000,604 | ---- | M] () -- C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-3432463877-1759428120-2468046901-1002.job
[2014-07-09 21:48:00 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-07-09 21:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014-07-09 21:18:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002UA1cf8fe8c3cd5081.job
[2014-07-09 21:12:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002UA.job
[2014-07-09 19:48:00 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-07-09 17:19:01 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-07-09 14:18:01 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002Core1cf8fe8bfefb087.job
[2014-07-09 14:04:46 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014-07-09 14:04:46 | 000,800,408 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014-07-09 14:04:46 | 000,165,436 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014-07-08 21:25:43 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForCalgary.job
[2014-07-08 21:15:31 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
[2014-07-08 21:03:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Calgary\Desktop\OTL.exe
[2014-07-08 20:05:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-07-08 20:05:35 | 1884,295,167 | -HS- | M] () -- C:\hiberfil.sys
[2014-07-08 19:39:10 | 000,000,002 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\Hosts
[2014-07-08 13:29:50 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Calgary\Desktop\JRT.exe
[2014-07-08 13:26:19 | 001,346,519 | ---- | M] () -- C:\Users\Calgary\Desktop\adwcleaner_3.214.exe
[2014-07-08 10:12:21 | 000,364,824 | ---- | M] () -- C:\Users\Calgary\Desktop\Shepard IATS Signed Pages.pdf
[2014-07-08 10:09:56 | 001,180,255 | ---- | M] () -- C:\Users\Calgary\Desktop\CDN - Complete Mapped Application  - Calgary Shepard Conservative Association.pdf
[2014-07-02 09:31:51 | 000,489,896 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014-06-25 18:00:59 | 000,286,551 | ---- | M] () -- C:\Users\Calgary\Desktop\Shane005.pdf
[2014-06-25 17:59:20 | 000,289,898 | ---- | M] () -- C:\Users\Calgary\Desktop\Richard004.pdf
[2014-06-25 17:57:03 | 000,264,752 | ---- | M] () -- C:\Users\Calgary\Desktop\Evangeline003.pdf
[2014-06-24 12:10:51 | 000,396,680 | ---- | M] () -- C:\Users\Calgary\Desktop\Azuridge confirmation.pdf
[2014-06-23 11:58:10 | 000,000,030 | ---- | M] () -- C:\WINDOWS\MaritimeLife.ini
[2014-06-20 10:12:05 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002Core.job
[2014-06-17 14:35:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\efgtemp.ini
[2014-06-17 14:35:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iireport53.INI
[2014-06-17 14:33:55 | 000,000,156 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2014-06-17 14:33:20 | 000,000,097 | ---- | M] () -- C:\WINDOWS\fdpxld.ini
[2014-06-17 14:33:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\IIREPO~1.INI
[2014-06-17 12:30:43 | 000,000,029 | ---- | M] () -- C:\WINDOWS\MLI.INI
[2014-06-10 23:52:29 | 000,001,291 | ---- | M] () -- C:\Users\Calgary\Desktop\Revo Uninstaller.lnk
 
========== Files Created - No Company Name ==========
 
[2014-07-08 13:26:08 | 001,346,519 | ---- | C] () -- C:\Users\Calgary\Desktop\adwcleaner_3.214.exe
[2014-07-08 10:12:20 | 000,364,824 | ---- | C] () -- C:\Users\Calgary\Desktop\Shepard IATS Signed Pages.pdf
[2014-07-08 10:09:56 | 001,180,255 | ---- | C] () -- C:\Users\Calgary\Desktop\CDN - Complete Mapped Application  - Calgary Shepard Conservative Association.pdf
[2014-06-25 18:00:58 | 000,286,551 | ---- | C] () -- C:\Users\Calgary\Desktop\Shane005.pdf
[2014-06-25 17:59:20 | 000,289,898 | ---- | C] () -- C:\Users\Calgary\Desktop\Richard004.pdf
[2014-06-25 17:57:03 | 000,264,752 | ---- | C] () -- C:\Users\Calgary\Desktop\Evangeline003.pdf
[2014-06-24 14:13:29 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002UA1cf8fe8c3cd5081.job
[2014-06-24 14:13:23 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3432463877-1759428120-2468046901-1002Core1cf8fe8bfefb087.job
[2014-06-24 12:10:49 | 000,396,680 | ---- | C] () -- C:\Users\Calgary\Desktop\Azuridge confirmation.pdf
[2014-06-23 11:58:10 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MaritimeLife.ini
[2014-06-17 14:35:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iireport53.INI
[2014-06-17 14:33:55 | 000,149,504 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2014-06-17 14:33:55 | 000,000,156 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2014-06-17 14:33:36 | 000,010,912 | ---- | C] () -- C:\WINDOWS\SHARE.EXE
[2014-06-17 14:33:21 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\Csread32.ocx
[2014-06-17 14:33:21 | 000,024,880 | ---- | C] () -- C:\WINDOWS\SysWow64\MDICHILD.VBX
[2014-06-17 14:33:21 | 000,022,776 | ---- | C] () -- C:\WINDOWS\SysWow64\FDPTOOLS.DLL
[2014-06-17 14:33:21 | 000,022,776 | ---- | C] () -- C:\WINDOWS\System\FDPTOOLS.DLL
[2014-06-17 14:33:21 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\Implode.dll
[2014-06-17 14:33:21 | 000,018,688 | ---- | C] () -- C:\WINDOWS\SysWow64\CMDIALOG.VBX
[2014-06-17 14:33:21 | 000,018,688 | ---- | C] () -- C:\WINDOWS\System\CMDIALOG.VBX
[2014-06-17 14:33:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\fdpxld.ini
[2014-06-17 14:33:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\IIREPO~1.INI
[2014-06-17 14:32:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\efgtemp.ini
[2014-06-17 13:36:15 | 000,023,552 | ---- | C] () -- C:\WINDOWS\SysWow64\AppStuff.bpl
[2014-06-17 12:30:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\MLI.INI
[2014-06-10 23:52:29 | 000,001,291 | ---- | C] () -- C:\Users\Calgary\Desktop\Revo Uninstaller.lnk
[2014-05-21 09:22:18 | 000,002,491 | ---- | C] () -- C:\ProgramData\regid.2012-05.ca.repsource_EC596C15-1BA5-4A0F-8804-4CC5BB52F1EE.swidtag
[2014-04-15 20:46:44 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014-03-17 16:41:59 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014-03-03 20:46:15 | 002,436,794 | ---- | C] () -- C:\ProgramData\1393900866.bdinstall.bin
[2014-02-24 09:05:32 | 000,065,928 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsresfr.dll
[2014-02-24 09:05:32 | 000,065,928 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsreses.dll
[2014-02-24 09:05:32 | 000,065,928 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsresde.dll
[2014-02-24 09:05:32 | 000,056,200 | ---- | C] () -- C:\WINDOWS\SysWow64\bgsresen.dll
[2014-01-08 22:50:48 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014-01-08 22:47:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013-12-13 11:23:56 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013-12-13 11:23:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013-12-13 11:23:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013-12-13 11:23:24 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013-12-13 11:23:24 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013-12-13 11:23:14 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013-10-07 20:40:42 | 000,369,624 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\FW7650.bin
[2013-10-07 20:40:42 | 000,000,313 | ---- | C] () -- C:\WINDOWS\SysWow64\RaCheckBTDev.ini
[2013-08-22 09:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013-08-22 09:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013-08-22 08:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013-08-22 01:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013-08-21 21:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013-08-21 17:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013-08-21 17:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012-11-27 01:18:46 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll
[2012-07-25 14:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012-07-25 14:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012-07-25 14:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
 
========== ZeroAccess Check ==========
 
[2014-01-14 18:15:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-04-06 10:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-04-06 09:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 03:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 20:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 03:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014-01-02 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014-04-24 19:01:04 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\CrystalIdea Software
[2014-07-09 14:06:49 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Dropbox
[2014-07-08 21:16:11 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\DropboxMaster
[2014-04-08 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\EPSON
[2014-06-10 09:57:49 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Foxit Software
[2014-02-18 16:31:45 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\HewlettPackard
[2014-01-02 23:37:11 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\PDAppFlex
[2014-03-03 20:41:45 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\QuickScan
[2014-06-17 13:35:05 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\RBC Illustrations
[2014-05-17 11:01:50 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\SketchUp
[2013-12-30 20:51:38 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Synaptics
[2014-03-03 20:35:28 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\Telus
[2014-03-03 20:44:44 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\TELUS security services
[2014-02-05 23:52:08 | 000,000,000 | ---D | M] -- C:\Users\Calgary\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\Calgary\SkyDrive:ms-properties

< End of report >
 


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts

Ok
  • 0

#15
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts

Do you have what you need from the above Quick Scan?

Or.. would you like me to attach the .log for you in a post.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP